January 2018 - Daily

Tageszusammenfassung - 31.01.2018
by Daily end-of-shift report 31 Jan '18

31 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-01-2018 18:00 − Mittwoch 31-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Drops the Hammer on Coercive Registry Cleaners & System Optimizers ∗∗∗ --------------------------------------------- Starting March 1st 2018, Windows Defender and other Microsoft products will begin to remove programs that display coercive behavior. This includes registry cleaners and system optimizers that offer free scans, display alarming messages, and then require the user to purchase it.before fixing anything. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-drops-the-hammer-… ∗∗∗ Google hat 2017 mehr als 700.000 bösartige Apps aus Google Play verbannt ∗∗∗ --------------------------------------------- In einem Jahresbericht führt Google aus, wie sicher der eigene Android-App-Store Google Play doch ist. Aufgrund einiger Vorfälle wirkt die Argumentation stellenweise jedoch nicht ganz glaubwürdig. --------------------------------------------- https://www.heise.de/meldung/Google-hat-2017-mehr-als-700-000-boesartige-Ap… ∗∗∗ Kritische Sicherheitslücke in Mozilla Firefox - Patch verfügbar ∗∗∗ --------------------------------------------- Mozilla hat einen Out-of-Band Patch für eine kritische Sicherheitslücke im Webbrowser Firefox veröffentlicht. Auswirkungen Durch Ausnützen dieser Lücke kann ein Angreifer beliebigen Code auf betroffenen Systemen, mit den Rechten des angemeldeten Benutzers, ausführen. Dazu reicht es, den Browser zum Anzeigen einer entsprechend präparierten Webseite .. --------------------------------------------- http://www.cert.at/warnings/all/20180131.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4102 thunderbird - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4102 ∗∗∗ PHOENIX CONTACT mGuard ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01 ∗∗∗ Siemens TeleControl Server Basic ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02 ∗∗∗ WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN30636823/ ∗∗∗ Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2018
by Daily end-of-shift report 30 Jan '18

30 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 29-01-2018 18:00 − Dienstag 30-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IBM-Studie: Viele Nutzer halten biometrische Anmeldung für sicher ∗∗∗ --------------------------------------------- Gerade junge Leute wollen sich heutzutage keine Passwörter mehr merken: Eine IBM-Studie untersucht Vorlieben von Nutzern aller Altersgruppen. Teilnehmer ab 55 Jahren hingegen merken sich viele verschiedene Passwörter auf einmal - auch ohne Passwort-Manager. --------------------------------------------- https://www.golem.de/news/ibm-studie-viele-nutzer-halten-biometrische-anmel… ∗∗∗ Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery ∗∗∗ --------------------------------------------- Of course this does nothing for victims encrypted files Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets. --------------------------------------------- theregister.com/feed/www.theregister.co.uk/2018/01/30/ransomware_diversions/ ∗∗∗ Chrome Extension Malware Has Evolved ∗∗∗ --------------------------------------------- While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data. --------------------------------------------- https://www.wired.com/story/chrome-extension-malware ∗∗∗ ENISA organises cyber-exercise to boost CSIRT cooperation ∗∗∗ --------------------------------------------- On 30 January 2018, the EU Cybersecurity Agency ENISA organised ‘Cyber SOPEx’, the first cooperation exercise of the CSIRTs Network. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-organises-cyber-exercise-… ∗∗∗ E-Mail-Betrug: Vorarlberger Firma zahlt 150.000 Euro ∗∗∗ --------------------------------------------- Mitarbeiterin überwies knapp 150.000 Euro ins Ausland – 83.000 Euro konnten zurückgeholt werden --------------------------------------------- http://derstandard.at/2000073288109 ∗∗∗ "spotzi" und "bier1": Cybasar-Leak zeigt die unsicheren Passwörter der Österreicher ∗∗∗ --------------------------------------------- Viele Kennwörter offenbaren fahrlässigen Umgang mit eigenen Informationen im Netz – auch von Behördenmitarbeitern --------------------------------------------- http://derstandard.at/2000073316365 ∗∗∗ 2017 in Snort Signatures. ∗∗∗ --------------------------------------------- This post was written by Martin Lee and Vanja Svajcer.2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact .. --------------------------------------------- http://blog.talosintelligence.com/2018/01/2017-in-snort-signatures.html ∗∗∗ Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗ --------------------------------------------- Cisco hat ein Advisory zu einer kritischen Sicherheitslücke in Cisco ASA Software veröffentlicht. Die Lücke befindet sich im Code, der für das "webvpn"-Feature zuständig .. --------------------------------------------- http://www.cert.at/warnings/all/20180130.html ===================== = Vulnerabilities = ===================== ∗∗∗ [20180103] - Core - XSS vulnerability in Uri class ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/721-20180103-core-xss-vulnerab… ∗∗∗ [20180102] - Core - XSS vulnerability in com_fields ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/720-20180102-core-xss-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2018
by Daily end-of-shift report 29 Jan '18

29 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-01-2018 18:00 − Montag 29-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Cyberattacken auf niederländische Banken: Netbanking weg ∗∗∗ --------------------------------------------- Die drei größten Banken der Niederlande hatten am Wochenende mit Cyberangriffen zu kämpfen. Teilweise fiel auch das Online-Banking aus. --------------------------------------------- https://futurezone.at/digital-life/cyberattacken-auf-niederlaendische-banke… ∗∗∗ Coincheck: Kryptowährung im Wert von 429 Millionen Euro gestohlen ∗∗∗ --------------------------------------------- Für das Unternehmen Coincheck war es ein schwarzer Freitag: Eine große Menge der Kryptowährung NEM wurde gestohlen. Der Kurs sank dadurch um elf Prozent. Auch Bitcoin und Etherium waren davon betroffen. Der Angriff ist für einige ein Anlass zur Kritik an Japans Regulierung des Kryptohandels. --------------------------------------------- https://www.golem.de/news/coincheck-kryptowaehrung-im-wert-von-429-milliard… ∗∗∗ Security: Lenovo gesteht Sicherheitslücken im Fingerprint Manager ein ∗∗∗ --------------------------------------------- Die Software Fingerprint Manager Pro speichert biometrische Daten auf dem Gerät. Allerdings sagt selbst Lenovo, dass das unsicher sei und rät daher zu einem Update. Windows-10-Geräte sind davon jedoch nicht betroffen. --------------------------------------------- https://www.golem.de/news/security-lenovo-gesteht-sicherheitsluecken-im-fin… ∗∗∗ Meltdown & Spectre: Windows-Update deaktiviert Schutz gegen Spectre V2 ∗∗∗ --------------------------------------------- Ein aktuelles Windows-Update schaltet den Schutz gegen Spectre Variant 2 ab, um Instabilitäten des Systems vorzubeugen. --------------------------------------------- https://www.heise.de/newsticker/meldung/Meltdown-Spectre-Windows-Update-dea… ∗∗∗ First 'Jackpotting' Attacks Hit U.S. ATMs ∗∗∗ --------------------------------------------- ATM "jackpotting" - a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand - has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United [...] --------------------------------------------- https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/ ∗∗∗ Cybasar.at gehackt: 70.000 österreichische Log-ins im Netz aufgetaucht ∗∗∗ --------------------------------------------- Hunderte E-Mails und Passwörter von offiziellen Stellen enthalten – Daten stammen von Gebrauchtwagenplattform Cybasar --------------------------------------------- http://derstandard.at/2000073253135 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4099 ffmpeg - security update ∗∗∗ --------------------------------------------- Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed. --------------------------------------------- https://www.debian.org/security/2018/dsa-4099 ∗∗∗ DSA-4101 wireshark - security update ∗∗∗ --------------------------------------------- It was discovered that wireshark, a network protocol analyzer, containedseveral vulnerabilities in the dissectors/file parsers for IxVeriWave,WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial ofservice or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2018/dsa-4101 ∗∗∗ DFN-CERT-2018-0020 ∗∗∗ --------------------------------------------- Auf diesem Wege noch einmal der Hinweis, dass wir unsere Security Advisories zu #Spectre und #Meltdown (DFN-CERT-2018-0020) sowie Spectre 2 (DFN-CERT-2018-0019) beinahe täglich aktualisieren. Bleiben Sie via @DFNCERT_ADV auf dem neuesten Stand. --------------------------------------------- https://twitter.com/DFNCERT/status/956906148388536321 ∗∗∗ DFN-CERT-2018-0196: VMware AirWatch Console (AWC): Eine Schwachstelle ermöglicht einen Cross-Site-Request-Forgery-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0196/ ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180129-… ∗∗∗ IBM Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.a… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012707 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.01.2018
by Daily end-of-shift report 26 Jan '18

26 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-01-2018 18:00 − Freitag 26-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Virenscanner: ClamAV hat zahlreiche Schwachstellen ∗∗∗ --------------------------------------------- Nutzer von ClamAV sollten so schnell wie möglich auf die aktuelle Version der Software wechseln. Denn Sicherheitslücken ermöglichen Angreifern, zum Beispiel mit einem zugeschickten PDF Code auf dem Rechner der Nutzer auszuführen. --------------------------------------------- https://www.golem.de/news/virenscanner-clamav-hat-zahlreiche-schwachstellen… ∗∗∗ Niederländische Geheimdienste hackten russische Hacker ∗∗∗ --------------------------------------------- Russisches Eindringen in digitale Systeme der US-Regierung festgestellt – Hackergruppe "Cozy Beer" jahrelang observiert --------------------------------------------- http://derstandard.at/2000073070848 ∗∗∗ London wirft Moskau Ausspähen strategischer Infrastruktur vor ∗∗∗ --------------------------------------------- Verteidigungsminister Williamson: Totales Chaos mit abertausenden Toten möglich --------------------------------------------- http://derstandard.at/2000073086515 ===================== = Vulnerabilities = ===================== ∗∗∗ Nari PCS-9611 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-025-01 ∗∗∗ Siemens Desigo PXC ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02 ∗∗∗ Philips IntelliSpace Cardiovascular System Vulnerability ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-025-01 ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by an XML External Entity Injection (XXE) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012595 ∗∗∗ Linux RPM vulnerability CVE-2017-7501 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K03710547 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.01.2018
by Daily end-of-shift report 25 Jan '18

25 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-01-2018 18:00 − Donnerstag 25-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack ∗∗∗ --------------------------------------------- The worlds largest container shipping company â€”A.P. MÃ¸ller-Maerskâ€” said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pc… ∗∗∗ BSI-Richtlinie: Der streng geheime Streit über die Routersicherheit ∗∗∗ --------------------------------------------- Das BSI will in den kommenden Monaten eine Technische Richtlinie für Heimrouter herausgeben. Vor allem die Kabelnetzbetreiber halten nichts davon, für möglichst viel Sicherheit bei den Geräten zu sorgen. Der CCC spricht von "Lobbying-Sabotage". --------------------------------------------- https://www.golem.de/news/bsi-richtlinie-der-streng-geheime-streit-ueber-di… ∗∗∗ Windows 10: Microsoft will aufzeigen, was an Gerätedaten gesammelt wird ∗∗∗ --------------------------------------------- Sprachdaten, Positionsdaten und Browserverlauf: Nutzer sollen künftig einen besseren Überblick über gesammelte Daten in Windows 10 bekommen. Dazu stellt Microsoft ein Dashboard für Microsoft-Accounts und einen Diagnostic Viewer für Geräteinformation zur Verfügung. (Microsoft, Datenschutz) --------------------------------------------- https://www.golem.de/news/windows-10-microsoft-will-aufzeigen-was-an-geraet… ∗∗∗ Cloudflare[.]solutions Keylogger Returns on New Domains ∗∗∗ --------------------------------------------- A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains. Keylogger Spreads to New Domains A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken [...] --------------------------------------------- https://blog.sucuri.net/2018/01/cloudflare-solutions-keylogger-returns-on-n… ∗∗∗ libcurl has had auth leak bug since the first commit we recorded ∗∗∗ --------------------------------------------- Fixed in 7.58.0 If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/01/25/curl_carrie… ∗∗∗ Healthcare CERTs highlight the need for security guidance for specific sectors ∗∗∗ --------------------------------------------- A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/01/healthcare-certs-show-need-s… ∗∗∗ Announcing turndown of the deprecated Google Safe Browsing APIs ∗∗∗ --------------------------------------------- Posted by Alex Wozniak, Software Engineer, Safe Browsing TeamIn May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect over 3 billion devices from unsafe web resources.Coupled with that announcement was the deprecation of legacy Safe Browsing APIs, v2 and v3. Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must [...] --------------------------------------------- https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.h… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4096 firefox-esr - security update ∗∗∗ --------------------------------------------- Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees, integeroverflows and other implementation errors may lead to the execution ofarbitrary code, denial of service or URL spoofing. --------------------------------------------- https://www.debian.org/security/2018/dsa-4096 ∗∗∗ Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified ∗∗∗ --------------------------------------------- Update 1/25/18: Blender has released version 2.79a to address these issues Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since its free and open-source software. However, this also make it an attractive target for adversaries to audit and find vulnerabilities. Given the user base of Blender, exploiting these vulnerabilities to [...] --------------------------------------------- http://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html ∗∗∗ DFN-CERT-2018-0177: Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0177/ ∗∗∗ IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026853 ∗∗∗ IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026733 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026732 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Portable Runtime affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026735 ∗∗∗ IBM Security Bulletin: A vulnerability in procmail affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026736 ∗∗∗ IBM Security Bulletin: A vulnerability in curl affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026734 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026731 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007398 ∗∗∗ IBM Security Bulletin: Rational DOORS is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012789 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.01.2018
by Daily end-of-shift report 24 Jan '18

24 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-01-2018 18:00 − Mittwoch 24-01-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Skype, Signal, Slack, other apps inherit Electron vuln ∗∗∗ --------------------------------------------- If youve built a Windows application on Electron, check to see if its subject to a just-announced remote code execution vulnerability. ... Slack users should update to version 3.0.3 or better, and the latest version of Skype for Windows is protected --------------------------------------------- https://www.theregister.co.uk/2018/01/24/skype_signal_slack_nherit_electron… ∗∗∗ [papers] Hardcore SAP Penetration Testing ∗∗∗ --------------------------------------------- http://www.exploit-db.com/docs/english/43859-hardcore-sap-penetration-testi… ∗∗∗ 14 flaws found that could take over industrial control systems ∗∗∗ --------------------------------------------- Licence management systems used in industrial control systems are plagued with vulnerabilities - contain 14 flaws could enable hackers to take control of systems and carry out DoS attacks --------------------------------------------- https://www.scmagazineuk.com/news/14-flaws-found-that-could-take-over-indus… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory contains mitigation details for path traversal and SQL injection vulnerabilities in Advantech’s WebAccess/SCADA software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (smarty3), Fedora (bind, bind-dyndb-ldap, dnsperf, glibc, kernel, libtasn1, libvpx, mariadb, python-bottle, ruby, and sox), Red Hat (rh-eclipse46-jackson-databind), SUSE (kernel), and Ubuntu (kernel, linux, linux-aws, linux-euclid, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync). --------------------------------------------- https://lwn.net/Articles/745165/rss ∗∗∗ Apple Updates Everything, Again, (Tue, Jan 23rd) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/23269 ∗∗∗ Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102765 ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180124-… ∗∗∗ Security Advisory - Two Vulnerabilities in MGCP Protocol of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012739 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012712 ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in MyFaces for WebSphere Application Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012737 ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in Apache MyFaces ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012735 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012623 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012627 ∗∗∗ SSA-824231 (Last Update 2018-01-24): Unauthenticated Firmware Upload Vulnerability in Desigo PXC ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.01.2018
by Daily end-of-shift report 23 Jan '18

23 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 22-01-2018 18:00 − Dienstag 23-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Newsletter-Dienst: Mailchimp verrät E-Mail-Adressen von Newsletter-Abonnenten ∗∗∗ --------------------------------------------- Spezifische Referrer für jeden Newsletter-Nutzer haben dazu geführt, dass Webseitenbetreiber die E-Mail-Adressen von Mailchimp-Nutzern herausfinden konnten. Das Problem wurde nach Meldung an den Anbieter mittlerweile behoben. --------------------------------------------- https://www.golem.de/news/newsletter-dienst-mailchimp-verraet-e-mail-adress… ∗∗∗ Just Keep Swimming: How to Avoid Phishing on Social Media ∗∗∗ --------------------------------------------- >From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell? Phishing attacks attempt to steal .. --------------------------------------------- https://www.webroot.com/blog/2018/01/22/how-to-avoid-phishing-social-media/ ∗∗∗ "MaMi": MacOS-Malware hört User ab und manipuliert Datenverkehr ∗∗∗ --------------------------------------------- Schädling leitet Traffic über von Unbekannten kontrollierte DNS-Server um --------------------------------------------- http://derstandard.at/2000072382780 ∗∗∗ Millionen PCs verwundbar: Forscher deckt Lücke in allen Blizzard-Games auf ∗∗∗ --------------------------------------------- Konzern arbeitet bereits an Lösung – Problem bei Client --------------------------------------------- http://derstandard.at/2000072835431 ∗∗∗ Achtung: Whatsapp Abo-Betrug kursiert derzeit per Mail ∗∗∗ --------------------------------------------- "Konto ist abgelaufen" – ehemaliges Abomodell von Whatsapp wird instrumentalisiert um Kreditkartendaten zu ergattern --------------------------------------------- http://derstandard.at/2000072831670 ∗∗∗ SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks ∗∗∗ --------------------------------------------- This post was written by Vitor VenturaIntroductionTalos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do not appear to be highly targeted, and appear to be more opportunistic in nature.Given SamSams victimology, its impacts are not just felt within the business world, they are also impacting people, --------------------------------------------- http://blog.talosintelligence.com/2018/01/samsam-evolution-continues-nettin… ===================== = Vulnerabilities = ===================== ∗∗∗ HTTP Host header attacks against web proxy disclaimer response webpage ∗∗∗ --------------------------------------------- The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim.In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-262 ∗∗∗ VMSA-2018-0002.3 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0002.html ∗∗∗ JSA10836 - 2018-01 Security Bulletin: SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836 ∗∗∗ XXE & Reflected XSS in Oracle Financial Services Analytical Applications ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/xxe-reflected-xss-in-oracle-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.01.2018
by Daily end-of-shift report 22 Jan '18

22 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-01-2018 18:00 − Montag 22-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hacker One: Nur 20 Prozent der Bounty-Jäger hacken in Vollzeit ∗∗∗ --------------------------------------------- Das US-Unternehmen Hacker One hat aktuelle Zahlen vorgestellt: Die meisten Bounties werden nach wie vor von US-Unternehmen gezahlt. Die Daten zeigen außerdem, dass das Finden von Schwachstellen für die meisten ein Nebenberuf oder Hobby ist. --------------------------------------------- https://www.golem.de/news/hacker-one-nur-20-prozent-der-bounty-jaeger-hacke… ∗∗∗ Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017 ∗∗∗ --------------------------------------------- The Skygofree spyware analyzed by Kaspersky today was first spotted by the researcher Lukas Stefanko and the first analysis was published last year by the experts of CSE Cybsec ZLab. The Skygofree .. --------------------------------------------- http://resources.infosecinstitute.com/powerful-skygofree-spyware-already-re… ∗∗∗ Apple Preps ChaiOS iMessage Bug Fix, Report ∗∗∗ --------------------------------------------- A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources. --------------------------------------------- http://threatpost.com/apple-preps-chaios-imessage-bug-fix-report/129544/ ∗∗∗ Followup to IPv6 brute force and IPv6 blocking ∗∗∗ --------------------------------------------- My diary earlier this week led to some good discussion in the comments and on twitter. I want to, first off, apologize for not responding as much or as quickly as I would have liked, I&#;x26;#;39;ve actually been ill most of this week since posting the previous diary (and signing up for this slot as handler on duty). Having said that, .. --------------------------------------------- https://isc.sans.edu/diary/23253 ∗∗∗ Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining ∗∗∗ --------------------------------------------- Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnu… ∗∗∗ Dark Caracal: Good News and Bad News ∗∗∗ --------------------------------------------- Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer .. --------------------------------------------- https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news ∗∗∗ DarkComet upload vulnerability ∗∗∗ --------------------------------------------- This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability. A quick disclaimer before we go into the actual matter: Hacking a C&C server might seem morally justified but it is still illegal. Don’t do it. --------------------------------------------- https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/ ∗∗∗ Zweiter Faktor: Nur wenige User sichern ihren Google-Account zusätzlich ab ∗∗∗ --------------------------------------------- Laut Google wird Zwei-Faktor-Authentifizierung gerade einmal von zehn Prozent alle Nutzer eingesetzt --------------------------------------------- http://derstandard.at/2000072757014 ∗∗∗ 2018 ICS Security Predictions ∗∗∗ --------------------------------------------- We just closed another year in the ICS security industry, one filled with advanced (and exciting) product developments. We also saw an increased market awareness, with growing a emphasis on protecting industrial infrastructure. --------------------------------------------- https://www.bayshorenetworks.com/blog/ics-security-2018-predictions ∗∗∗ Cryptocurrency Hacks and Heists in 2017 ∗∗∗ --------------------------------------------- The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the .. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9013 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.01.2018
by Daily end-of-shift report 19 Jan '18

19 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-01-2018 18:00 − Freitag 19-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Magento: Kreditkartendaten von bis zu 40.000 Oneplus-Käufern kopiert ∗∗∗ --------------------------------------------- Oneplus hat seine Untersuchung zu kopierten Kreditkarten abgeschlossen. Angreifer konnten wohl eine Schwachstelle für Cross-Site-Scripting ausnutzen. --------------------------------------------- https://www.golem.de/news/magento-kreditkartendaten-von-bis-zu-40-000-onepl… ∗∗∗ NCSC Releases Security Advisory ∗∗∗ --------------------------------------------- Original release date: January 18, 2018 The United Kingdoms National Cyber Security Centre (NCSC) has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. NCCIC/US-CERT encourages users and administrators to review the NCSC advisory to access the report and for more information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/18/NCSC-Releases-Secu… ∗∗∗ 2018: Vierfach-Jubiläum für Österreichs Internet ∗∗∗ --------------------------------------------- Nicht nur die Republik begeht im heurigen Jahr mehrere Jahrestage, auch Österreichs Internet hat 2018 mehrfachen Grund zu feiern: Vor genau dreißig Jahren wurde die Internet-Endung .at ins weltweite Domain Name System eingetragen, 1998 wurden die Vergabestelle nic.at und die Online-Meldestelle Stopline ins Leben gerufen. Das CERT.at, Österreichs nationales Computer Emergency Response Team, feiert 2018 seinen zehnten Geburtstag. --------------------------------------------- https://www.nic.at/de/news/pressemeldungen/2018-vierfach-jubilaum-fur-oster… ∗∗∗ Militärs, Journalisten, Aktivisten: Libanesische Hacker vergaßen Daten auf offenem Server ∗∗∗ --------------------------------------------- Libanesischer Geheimdienst GDGS als Urheber des Leaks vermutet – Betroffene aus über 20 Ländern --------------------------------------------- http://derstandard.at/2000072593892 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: January 17, 2018 | Last revised: January 18, 2018 Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/17/Cisco-Releases-Sec… ∗∗∗ Filr 3.0 - Security Update 3 ∗∗∗ --------------------------------------------- Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360950Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:readme_filr_3su3.txt (2.68 kB)Products:Filr 3 Standard EditionFilr 3 Advanced EditionSuperceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=4_X7yeGlMKg~ ∗∗∗ Filr 2.0 - Security Update 4 ∗∗∗ --------------------------------------------- Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360930Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:Search-2.0.0.423.HP.zip (157.55 MB)MySQL-2.0.0.205.HP.zip (157.55 MB)Filr-2.0.0.494.HP.zip (157.55 MB)Products:Filr 2Superceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=h0wMCm1OqIU~ ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001), Citrix has superseded these hotfixes with new hotfixes listed below. Customers are strongly recommended to apply these new hotfixes. --------------------------------------------- https://support.citrix.com/article/CTX231390 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, irssi, nrpe, perl-xml-libxml, and transmission-cli), CentOS (java-1.8.0-openjdk), Debian (awstats, libgd2, mysql-5.5, rsync, smarty3, and transmission), Fedora (keycloak-httpd-client-install and rootsh), and Red Hat (java-1.7.0-oracle and java-1.8.0-oracle). --------------------------------------------- https://lwn.net/Articles/744791/rss ∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0136: Symantec Advanced Secure Gateway, ProxySG: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0136/ ∗∗∗ CPU hardware vulnerable to Meltdown and Spectre attacks ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-18-002 ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012718 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for IBM Cloud October 2017 CPU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011913 ∗∗∗ IBM Security Bulletin: September 2016 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010852 ∗∗∗ BIG-IP AFM vulnerability CVE-2017-6142 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20682450 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.01.2018
by Daily end-of-shift report 18 Jan '18

18 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-01-2018 18:00 − Donnerstag 18-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ How I exploited ACME TLS-SNI-01 issuing Lets Encrypt SSL-certs for any domain using shared hosting ∗∗∗ --------------------------------------------- TL;DR: I was able to issue SSL certificates I was not supposed to be able to. AWS CloudFront and Heroku were among the affected. The issue was in the specification of ACME TLS-SNI-01 in combination with shared hosting providers. To be clear, Let’s Encrypt only followed the specification, they did nothing wrong here. Quite the opposite I would say. --------------------------------------------- https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issui… ∗∗∗ Some Basic Rules for Securing Your IoT Stuff ∗∗∗ --------------------------------------------- Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured "Internet of Things" or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldnt begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and "smart" lightbulbs. Throughout 2016 and 2017, [...] --------------------------------------------- https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-… ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities (Update B) ∗∗∗ --------------------------------------------- This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01A Meltdown and Spectre Vulnerabilities that was published January 16, 2018, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01B ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- Due to concerns about the robustness of some of the Intel microcode updates included in the hotfixes below, Citrix recommends that customers ... --------------------------------------------- https://support.citrix.com/article/CTX231390 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (linux-firmware and microcode_ctl), Fedora (icecat and transmission), Oracle (java-1.8.0-openjdk and microcode_ctl), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), Slackware (bind), SUSE (kernel), and Ubuntu (eglibc). --------------------------------------------- https://lwn.net/Articles/744713/rss ∗∗∗ Bugtraq: [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541694 ∗∗∗ DFN-CERT-2018-0111: GitLab: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0111/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012552 ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012696 ∗∗∗ SSA-284673 (Last Update 2018-01-18): Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673… ∗∗∗ SSA-275839 (Last Update 2018-01-18): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-346262 (Last Update 2018-01-18): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262… ∗∗∗ SSA-701708 (Last Update 2018-01-18): Local Privilege Escalation in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… ∗∗∗ SSA-127490 (Last Update 2018-01-18): Vulnerabilities in SIMATIC WinCC Add-Ons ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-127490… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.01.2018
by Daily end-of-shift report 17 Jan '18

17 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-01-2018 18:00 − Mittwoch 17-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Linux-Kernel 4.15 schützt vor Meltdown und Spectre ∗∗∗ --------------------------------------------- Das noch diesen Monat erwartete Linux 4.15 versucht, die Prozessor-Sicherheitslücken Meltdown und Spectre im Zaum zu halten. Ohne Performance-Verlust geht das aber auch bei Linux nicht – und vollständig sind die Gegenmaßnahmen auch noch nicht. --------------------------------------------- https://heise.de/-3900646 ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities (Update A) ∗∗∗ --------------------------------------------- This updated alert is a follow-up to the original alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities that was published January 11, 2018, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01A ∗∗∗ Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the administrative shell of the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Oracle Critical Patch Update Advisory - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ Critical Patch Update - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ Solaris Third Party Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinjan2018-4181198.h… ∗∗∗ Oracle Linux Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2018-4214… ∗∗∗ Oracle VM Server for x86 Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjan2018-421464… ∗∗∗ WordPress 4.9.2 Security and Maintenance Release ∗∗∗ --------------------------------------------- https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.01.2018
by Daily end-of-shift report 16 Jan '18

16 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 15-01-2018 18:00 − Dienstag 16-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Skygofree: Kaspersky findet mutmaßlichen Staatstrojaner ∗∗∗ --------------------------------------------- Ein Unternehmen aus Italien soll hinter einer Android-Malware stecken, die seit Jahren verteilt wird. Interessant ist dabei die Vielzahl an Kontrollmöglichkeiten der Angreifer - von HTTP über XMPP und die Firebase-Dienste. --------------------------------------------- https://www.golem.de/news/skygofree-kaspersky-findet-mutmasslichen-staatstr… ∗∗∗ WhatsApp und Signal: Forscher beschreiben Schwächen verschlüsselter Gruppenchats ∗∗∗ --------------------------------------------- Zwar ist die Ende-zu-Ende-Verschlüsselung bei WhatsApp und Signal sicher, das Drumherum lässt aber eventuell zu wünschen übrig. So wird ein von Spionen gekaperter Kontrollserver mitunter zur Schwachstelle. --------------------------------------------- https://heise.de/-3942046 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ca-certificates, gdk-pixbuf, and graphicsmagick), Fedora (qtpass), openSUSE (python-openpyxl and syncthing), Slackware (kernel), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/744503/rss ∗∗∗ BlackBerry powered by Android Security Bulletin – January 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Vuln: Atlassian JIRA CVE-2017-16862 Cross Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102506 ∗∗∗ Vuln: Atlassian JIRA CVE-2017-16864 Cross Site Scripting Vulnerabiliy ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102505 ∗∗∗ IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012528 ∗∗∗ IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011808 ∗∗∗ IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011816 ∗∗∗ IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21982952 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012619 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010868 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012476 ∗∗∗ IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011203 ∗∗∗ IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011720 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099753 ∗∗∗ [R1] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2017-16 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.01.2018
by Daily end-of-shift report 15 Jan '18

15 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-01-2018 18:00 − Montag 15-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ List of Links: BIOS Updates for the Meltdown and Spectre Patches ∗∗∗ --------------------------------------------- As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-f… ∗∗∗ Lenovo findet Backdoor in eigenen Netzwerk-Switches ∗∗∗ --------------------------------------------- Die kompromitierten Switch-Modelle, die nun zu Lenovos Portfolio gehören, hatte ursprünglich der längst aufgelöste Netzwerk-Zulieferer Nortel entwickelt. --------------------------------------------- https://heise.de/-3940562 ∗∗∗ Intel AMT: Exploit hebelt Zugangsschutz von Firmen-Notebooks aus ∗∗∗ --------------------------------------------- F-Secure berichtet über eine potenzielle Sicherheitslücke in Intel AMT, die es Angreifern ermöglicht, sämtliche gängigen Zugangsschutzmaßnahmen vieler Firmen-Notebooks auszuhebeln. --------------------------------------------- https://heise.de/-3940637 ∗∗∗ Personal Cloud: Seagate sichert NAS gegen Fernzugriff ab ∗∗∗ --------------------------------------------- In Netzwerkspeichern des Herstellers Seagate stecken Bugs, die mit einigem Aufwand für den Remote-Zugriff missbraucht werden können. Ein Firmware-Update behebt das Problem. --------------------------------------------- https://heise.de/-3941451 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates für VMware Workstation, Player, Fusion und ESXi ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/01/warn… ∗∗∗ DSA-4086 libxml2 - security update ∗∗∗ --------------------------------------------- Nick Wellnhofer discovered that certain function calls inside XPathpredicates can lead to use-after-free and double-free errors whenexecuted by libxml2s XPath engine via an XSLT transformation. --------------------------------------------- https://www.debian.org/security/2018/dsa-4086 ∗∗∗ DSA-4087 transmission - security update ∗∗∗ --------------------------------------------- Tavis Ormandy discovered a vulnerability in the Transmission BitTorrentclient; insecure RPC handling between the Transmission daemon and theclient interface(s) may result in the execution of arbitrary code if auser visits a malicious website while Transmission is running. --------------------------------------------- https://www.debian.org/security/2018/dsa-4087 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (qtpass), Debian (libkohana2-php, libxml2, transmission, and xmltooling), Fedora (kernel and qpid-cpp), Gentoo (PolarSSL and xen), Mageia (flash-player-plugin, irssi, kernel, kernel-linus, kernel-tmb, libvorbis, microcode, nvidia-current, php & libgd, poppler, webkit2, and wireshark), openSUSE (gifsicle, glibc, GraphicsMagick, gwenhywfar, ImageMagick, libetpan, mariadb, pngcrush, postgresql94, rsync, tiff, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/744398/rss ∗∗∗ DFN-CERT-2018-0084: XMLTooling, Shibboleth Service Provider (SP): Eine Schwachstelle ermöglicht u.a. die Übernahme einer Identität ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0084/ ∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026811 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012518 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012519 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2015-8982 CVE-2015-8983 CVE-2015-8984 CVE-2015-8985) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012428 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012517 ∗∗∗ IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022433 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022429 ∗∗∗ IBM Security Bulletin: Vulnerabilities in WebSphere eXtreme Scale Version 8.6.0.8 Libraries Affect IBM B2B Advanced Communications (CVE-2015-4936) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012332 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache HTTP Components Libraries Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012312 ∗∗∗ Palo Alto PAN-OS RSA TLS Implementation Lets Remote Users Decrypt Data Communicated By the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040149 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040148 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040147 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.01.2018
by Daily end-of-shift report 12 Jan '18

12 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-01-2018 18:00 − Freitag 12-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AMD Will Release CPU Microcode Updates for Spectre Flaw This Week ∗∗∗ --------------------------------------------- AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw. --------------------------------------------- https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microco… ∗∗∗ PowerStager Analysis ∗∗∗ --------------------------------------------- Unit 42 analyzes PowerStager and the unique obfuscation technique it was employing for its PowerShell segments --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-anal… ∗∗∗ Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search ∗∗∗ --------------------------------------------- In this part we will demonstrate that sometimes traditional approach does not work. If SAP pentesters know a number of SAP vulnerabilities and downloaded free tools from the Internet, they won’t be able to hack a system because some companies have applied the latest patches and they don’t have at least the most common issues (e.g. Gateway bypass, Verb Tampering, or default passwords). [...] This article will show what we did to break the walls. --------------------------------------------- https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-… ∗∗∗ Vorsicht vor Fake-Mails vom BSI mit angeblichen Meltdown-/Spectre-Patches ∗∗∗ --------------------------------------------- Betrügerische Mails im Namen des Bundesamt für Sicherheit in der Informationstechnik wollen Opfern einen als Meltdown-/Spectre-Patch getarnten Trojaner unterjubeln. --------------------------------------------- https://www.heise.de/security/meldung/Vorsicht-vor-Fake-Mails-vom-BSI-mit-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities ∗∗∗ --------------------------------------------- NCCIC/ICS-CERT is referencing CERT/CC’s vulnerability note VU#584653 CPU hardware vulnerable to side-channel attacks to enhance the awareness of critical infrastructure asset owners/operators and to identify affected product vendors that have contacted ICS-CERT for help disseminating customer notifications/recommendations to mitigate the risk associated with cache side-channel attacks known as Meltdown and Spectre. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01 ∗∗∗ Advantech WebAccess (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, improper input validation, unrestricted upload of file with dangerous type, and use after free vulnerabilities in Advantech’s WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based and heap-based buffer overflow vulnerabilities in the WECON LeviStudio HMI Editor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unquoted search path or element vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authorization and information exposure vulnerabilities in the PHOENIX CONTACT FL SWITCH. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (intel-ucode), Debian (gifsicle), Fedora (awstats and kernel), Gentoo (icoutils, pysaml2, and tigervnc), Mageia (dokuwiki and poppler), Oracle (kernel), SUSE (glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu (intel-microcode). --------------------------------------------- https://lwn.net/Articles/744175/rss ∗∗∗ DFN-CERT-2018-0080: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0080/ ∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012454 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012458 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012358 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012355 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012406 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008807 ∗∗∗ Critical Patch Update - January 2018 - Pre-Release Announcement ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ SSB-068644 (Last Update 2018-01-11): General Customer Information for Spectre and Meltdown ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-068644… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2018
by Daily end-of-shift report 11 Jan '18

11 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-01-2018 18:00 − Donnerstag 11-01-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ mitm6 – compromising IPv4 networks via IPv6 ∗∗∗ --------------------------------------------- ... most companies are unaware that while IPv6 might not be actively in use, all Windows versions since Windows Vista (including server variants) have IPv6 enabled and prefer it over IPv4. In this blog, an attack is presented that abuses the default IPv6 configuration in Windows networks to spoof DNS replies by acting as a malicious DNS servers and redirect traffic to an attacker specified endpoint. --------------------------------------------- https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv… ===================== = Vulnerabilities = ===================== ∗∗∗ SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software ∗∗∗ --------------------------------------------- The Simple Network Management Protocol(SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0073/">Juniper Networks ScreenOS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann die Schwachstelle in ScreenOS, die auch unter dem Namen 'Etherleak' geführt wird, ausnutzen, um Informationen auszuspähen. Der Hersteller veröffentlicht die ScreenOS Version 6.3.0r25 zur Behebung der Schwachstelle. Alle nachfolgenden ScreenOS Versionen sind über diese Schwachstelle ebenfalls nicht mehr verwundbar. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0073/ ∗∗∗ DFN-CERT-2018-0077/">Juniper Junos Space: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- Es existieren mehrere Schwachstellen im Junos Space Security Director and Log Collector, in Junos Space sowie den enthaltenen Komponenten Apache Commons Collections, Apache HTTP-Server (httpd), Apache Log4, Apache Tomcat, JBoss Enterprise Application Platform (EAP), dessen Webkonsole, dem JGroups Framework, dem Linux-Kernel, OpenSSH und rpcbind. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0077/ ∗∗∗ DFN-CERT-2018-0071/">Juniper Junos OS: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Für einige der genannten Schwachstellen stehen Workarounds zur Mitigation zur Verfügung. Die Hinweise dazu finden sich in den einzelnen Security Bulletins. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0071/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0001 ∗∗∗ --------------------------------------------- Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the speculative execution by utilizing branch target injection. Description: Security improvements are included to mitigate the effects. --------------------------------------------- https://www.securityfocus.com/archive/1/541659 ∗∗∗ Spectre-Lücke: Auch Server mit IBM POWER, Fujitsu SPARC und ARMv8 betroffen ∗∗∗ --------------------------------------------- IBM stellt Firmware-Updates für Server mit POWER7+, POWER8 und POWER9 bereit, Fujitsu will einige SPARC-M10- und -M12-Server patchen; zu ARM-SoCs für Server fehlen Infos. --------------------------------------------- https://heise.de/-3938749 ∗∗∗ VMSA-2018-0005 ∗∗∗ --------------------------------------------- VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0005.html ∗∗∗ January 2018 Office Update Release ∗∗∗ --------------------------------------------- The January 2018 Public Update releases for Office are now available! This month, there are 36 security updates and 25 non-security updates. All of the security and non-security updates are listed in KB article 4058103. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/01/09… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (glibc and lib32-glibc), Debian (ming and poco), Fedora (electron-cash, electrum, firefox, heketi, microcode_ctl, and python-jsonrpclib), openSUSE (clamav-database and ucode-intel), Red Hat (flash-plugin), SUSE (OBS toolchain), and Ubuntu (webkit2gtk). --------------------------------------------- https://lwn.net/Articles/744075/rss ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011739 ∗∗∗ IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009368 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2018
by Daily end-of-shift report 10 Jan '18

10 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-01-2018 18:00 − Mittwoch 10-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Let’s Encrypt: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure ∗∗∗ --------------------------------------------- At approximately 5 p.m. Pacific time on January 9, 2018, we received a report from Frans Rosén of Detectify outlining a method of exploiting some shared hosting infrastructures to obtain certificates for domains he did not control, by making use of the ACME TLS-SNI-01 challenge type. We quickly confirmed the issue and mitigated it by entirely disabling TLS-SNI-01 validation in Let’s Encrypt --------------------------------------------- https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-sh… ===================== = Vulnerabilities = ===================== ∗∗∗ January 2018 security update release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this months security updates can be found in the Security Update Guide. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/01/09/january-2018-security-u… ∗∗∗ Bugtraq: [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. ∗∗∗ --------------------------------------------- On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. --------------------------------------------- http://www.securityfocus.com/archive/1/541654 ∗∗∗ DFN-CERT-2018-0065/">Irssi: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Irssi ermöglichen auch einem entfernten, einfach authentisierten Angreifer verschiedene Denial-of-Service (DoS)-Angriffe. Das Irssi-Projekt stellt die Version 1.0.6 von Irssi im Quellcode zur Verfügung, um die Schwachstellen zu schließen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0065/ ∗∗∗ Blue Coat ProxySG Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks and Obtain Authentication Information ∗∗∗ --------------------------------------------- Several vulnerabilities were reported in Blue Coat ProxySG. A remote user can redirect the target user's browser to an arbitrary site. A remote user can obtain authentication information on the target system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1040138 ∗∗∗ VMSA-2018-0004 ∗∗∗ --------------------------------------------- VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0004.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (awstats, gdk-pixbuf, plexus-utils, and plexus-utils2), Fedora (asterisk, gimp, heimdal, libexif, linux-firmware, mupdf, poppler, thunderbird, webkitgtk4, wireshark, and xrdp), openSUSE (diffoscope, irssi, and qemu), SUSE (java-1_7_0-ibm, kernel-firmware, and qemu), and Ubuntu (irssi, kernel, linux, linux-aws, linux-euclid, linux-kvm, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-lts-xenial, linux-aws, --------------------------------------------- https://lwn.net/Articles/743903/rss ∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1361) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22012409 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012420 ∗∗∗ IBM Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012366 ∗∗∗ IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012372 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012374 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1478) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2018
by Daily end-of-shift report 09 Jan '18

09 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 08-01-2018 18:00 − Dienstag 09-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VirusTotal Graph ∗∗∗ --------------------------------------------- [...] It is a visualization tool built on top of VirusTotals data set. It understands the relationship between files, URLs, domains and IP addresses and it provides an easy interface to pivot and navigate over them. --------------------------------------------- http://blog.virustotal.com/2018/01/virustotal-graph.html ∗∗∗ Bitcoin- und Litecoin-Klau bei Electrum, Electron Cash und Electrum-LTC möglich ∗∗∗ --------------------------------------------- Eine von außen ausnutzbare Sicherheitslücke gefährdet Nutzer der Wallet-Programme Electrum (Bitcoin), Electron Cash (Bitcoin Cash) und Electrum-LTC (Litecoin). Angreifer könnten den Anwender deanonymisieren und im Extremfall das Guthaben stehlen. --------------------------------------------- https://heise.de/-3936813 ∗∗∗ Amazon-Händler/innen erhalten Phishingmails ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Amazon Seller Center-Nachrichten. Darin fordern sie Händler/innen dazu auf, eine Website aufzurufen und ihre persönlichen Daten zu aktualisieren. Verkäufer/innen, die das tun, übermitteln ihr Passwort an Betrüger/innen. Dadurch können diese auf das fremde Shop-Konto zugreifen und es für Verbrechen nutzen. --------------------------------------------- https://www.watchlist-internet.at/phishing/amazon-haendlerinnen-erhalten-ph… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Flash Player (APSB18-01) ∗∗∗ --------------------------------------------- A Security Bulletin (APSB18-01) has been published regarding security updates for Adobe Flash Player. These updates address an important out-of-bounds read vulnerability that could lead to information disclosure, and Adobe recommends users update their product installations to the latest versions --------------------------------------------- https://blogs.adobe.com/psirt/?p=1517 ∗∗∗ DSA-4081 php5 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language: --------------------------------------------- https://www.debian.org/security/2018/dsa-4081 ∗∗∗ DSA-4080 php7.0 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language: --------------------------------------------- https://www.debian.org/security/2018/dsa-4080 ∗∗∗ First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services ∗∗∗ --------------------------------------------- We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has 1,000-5,000 installs as of writing, is capable of remote command execution, information theft, SMS sending, URL forwarding, and click ad --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/COv5LfcpYs8/ ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: January 08, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:macOS High Sierra 10.13.2OS X El Capitan 10.11.6 and macOS Sierra 10.12.6iPhone 5s and later, iPad Air and later, and iPod touch 6th generation --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/08/Apple-Releases-Mul… ∗∗∗ Patch gegen Spectre: Aktualisierte Nvidia-Grafiktreiber für GeForce und Quadro, Tesla-Treiber später ∗∗∗ --------------------------------------------- Nutzer von Nvidia-Grafikkarten sollten die neuen Grafiktreiber schnellstmöglich installieren. Sie enthalten Patches, die die Anfälligkeit für erfolgreiche Spectre-Attacken senken. --------------------------------------------- https://heise.de/-3937247 ∗∗∗ SAP Security Patch Day - January 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that --------------------------------------------- https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (graphicsmagick and linux-lts), CentOS (thunderbird), Debian (kernel, opencv, php5, and php7.0), Fedora (electrum), Gentoo (libXfont), openSUSE (gimp, java-1_7_0-openjdk, and libvorbis), Oracle (thunderbird), Slackware (irssi), SUSE (kernel, kernel-firmware, and kvm), and Ubuntu (awstats, nvidia-graphics-drivers-384, python-pysaml2, and tomcat7, tomcat8). --------------------------------------------- https://lwn.net/Articles/743700/rss ∗∗∗ IBM Security Bulletin: Information disclosure in Liberty for Java for IBM Bluemix (CVE-2017-1681, CVE-2013-6440) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011863 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by GnuTLS vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012330 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011802 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011803 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011804 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011805 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2018
by Daily end-of-shift report 08 Jan '18

08 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-01-2018 18:00 − Montag 08-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Meltdown and Spectre: clearing up the confusion, (Mon, Jan 8th) ∗∗∗ --------------------------------------------- Unless youve been living under a rock (or on a remote island, with no Internet connection), youve heard about the latest vulnerabilities that impact modern processors. Im sure that most of our readers are scrambling in order to assess the risk, patch systems and what not, so we have decided to write a diary that will clear the confusion a bit and point out some important things that people might not be aware of. --------------------------------------------- https://isc.sans.edu/diary/rss/23197 ∗∗∗ Meltdown und Spectre: Die Sicherheitshinweise und Updates von Hardware- und Software-Herstellern ∗∗∗ --------------------------------------------- Hersteller von Hard- und Software sind von den Sicherheitslücken Meltdown und Spectre gleichermaßen betroffen. Eine Linkübersicht zu Stellungnahmen, weiterführenden Informationen und Update-Hinweisen. --------------------------------------------- https://heise.de/-3936141 ===================== = Vulnerabilities = ===================== ∗∗∗ Backdoor Account Removed from Western Digital NAS Hard Drives ∗∗∗ --------------------------------------------- A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/backdoor-account-removed-fro… ∗∗∗ AMD PSP fTPM Remote Code Execution ∗∗∗ --------------------------------------------- Topic: AMD PSP fTPM Remote Code Execution Risk: High Text:Introduction AMD PSP [1] is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isola... --------------------------------------------- https://cxsecurity.com/issue/WLB-2018010061 ∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products, including the Cisco bug ID for each affected product. ----- Vulnerable Products Cisco 800 Industrial Integrated Services Routers Cisco UCS B-Series M2 Blade Servers Cisco UCS B-Series M3 Blade Servers Cisco UCS B-Series M4 Blade Servers (except B260, B460) Cisco UCS B-Series M5 Blade Servers Cisco UCS B260 M4 Blade Server Cisco UCS B460 M4 Blade Server Cisco UCS C-Series M2 Rack Servers Cisco UCS C-Series M3 Rack Servers Cisco UCS C-Series M4 Rack Servers Cisco UCS C-Series M5 Rack Servers Cisco UCS C460 M4 Rack Server --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Juniper: Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method ∗∗∗ --------------------------------------------- The following products may be impacted if deployed in a way that allows unsigned code execution: Junos OS based platforms Junos Space appliance Qfabric Director CTP Series NSMXpress/NSM3000/NSM4000 appliances STRM/Juniper Secure Analytics (JSA) appliances SRC/C Series The following products are not impacted: ScreenOS / Netscreen platforms JUNOSe / E Series platforms BTI platforms --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=RSS ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware, --------------------------------------------- https://lwn.net/Articles/743575/rss ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting. (CVE-2017-1623) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012344 ∗∗∗ IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to sensitive information leakage. (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012301 ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2016-9722) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012293 ∗∗∗ IBM Security Bulletin: Vulnerability in NSS affects Power Hardware Management Console (CVE-2017-7805) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022320 ∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022321 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1459) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012331 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an open redirect vulnerability (CVE-2017-1534) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008936 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site scripting vulnerability (CVE-2017-1533) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012327 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011534 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.01.2018
by Daily end-of-shift report 05 Jan '18

05 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-01-2018 18:00 − Freitag 05-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks ∗∗∗ --------------------------------------------- Google has published details about a new coding technique created by the companys engineers that any developer can deploy and prevent Spectre attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/google/google-unveils-new-retpoline-c… ∗∗∗ Microsoft could soon be “password free” ∗∗∗ --------------------------------------------- Is it the beginning of the end for passwords? --------------------------------------------- https://nakedsecurity.sophos.com/2018/01/05/microsoft-could-soon-be-passwor… ∗∗∗ How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws ∗∗∗ --------------------------------------------- [...] An editorial-form article is probably not the best format to give advice, so were going to present a simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsofts overly complicated announcement. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-win… ∗∗∗ How a researcher hacked his own computer and found worst chip flaw ∗∗∗ --------------------------------------------- FRANKFURT (Reuters) - Daniel Gruss didn’t sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel Corp (INTC.O). --------------------------------------------- https://www.reuters.com/article/us-cyber-intel-researcher/how-a-researcher-… ∗∗∗ Meltdown und Spectre: Alle Macs und iOS-Geräte betroffen ∗∗∗ --------------------------------------------- Apple hat sich endlich zu der Chiplücke in ARM- und Intel-Prozessoren geäußert. Demnach sind alle aktuellen Produkte des Konzerns angreifebar – die Apple Watch nicht mit Meltdown. Erste Bugfixes existieren. --------------------------------------------- https://heise.de/-3934477 ∗∗∗ XeroxDay: Zero-Day-Schwachstelle bei Xerox Alto gefunden!!!1elf ∗∗∗ --------------------------------------------- Der Passwortschutz der 14-Zoll-Disketten für Xerox Alto lässt sich im Handumdrehen aushebeln. Ein Fix ist nicht in Sicht. Vom Produktiveinsatz mit sensiblen Daten sollte daher Abstand genommen werden. --------------------------------------------- https://heise.de/-3934443 ∗∗∗ Prozessor-Lücken Meltdown und Spectre: Intel und ARM führen betroffene Prozessoren auf, Nvidia analysiert noch ∗∗∗ --------------------------------------------- Betroffen sind unter anderem sämtliche Intel-Core-Prozessoren bis zurück zum Jahr 2008 sowie eine Vielzahl von ARM-Cortex-CPUs. Nvidia glaubt, dass die CUDA-GPUs nicht anfällig sind und analysiert noch seine Tegra-Prozessoren. --------------------------------------------- https://heise.de/-3934667 ∗∗∗ Trackmageddon: GPS-Tracking-Services ermöglichen unbefugten Zugriff ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Schwachstellen in zahlreichen Online-Tracking-Services entdeckt, die Angreifern unter anderem das Abrufen von GPS-Daten ermöglichen. Eine Liste der verwundbaren Services ist online verfügbar. --------------------------------------------- https://heise.de/-3934328 ∗∗∗ Jetzt patchen: Kritische Lücken in Dell EMC Data Protection Suite ∗∗∗ --------------------------------------------- Einige Dell-EMC-Produkte sind anfällig für Angriffe, die im schlimmsten Fall die vollständige Systemkompromittierung ermöglichen. Patches stehen bereit. --------------------------------------------- https://heise.de/-3935063 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4078 linux - security update ∗∗∗ --------------------------------------------- Multiple researchers have discovered a vulnerability in Intel processors,enabling an attacker controlling an unprivileged process to read memory fromarbitrary addresses, including from the kernel and all other processes runningon the system. --------------------------------------------- https://www.debian.org/security/2018/dsa-4078 ∗∗∗ Delta Electronics Delta Industrial Automation Screen Editor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow, use-after-free, out-of-bounds write, and type confusion vulnerabilities in the Delta Electronics Delta Industrial Automation Screen Editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, and improper input validation vulnerabilities in Advantech’s WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 ∗∗∗ Intel-SA-00086 Security Review Cumulative Update ∗∗∗ --------------------------------------------- Intel recently released a security update (Intel-SA-00086), regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products.The following Firmware are impacted:Intel Management Engine (ME) Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20Intel Server Platform Services (SPS) Firmware version 4.0Intel Trusted Execution Engine (TXE) version 3.0And the following Intel products are affected:6th, 7th & 8th Generation Intel Core Processor FamilyIntel Xeon Processor E3-1200 v5 & v6 Product --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-271 ∗∗∗ VMSA-2018-0003 ∗∗∗ --------------------------------------------- vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0003.html ∗∗∗ Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 ∗∗∗ --------------------------------------------- A new class of issues has been identified in common CPU architectures. The presently known issues could allow unprivileged [...] --------------------------------------------- https://support.citrix.com/article/CTX231399 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel), CentOS (kernel, libvirt, microcode_ctl, and qemu-kvm), Debian (kernel and xen), Fedora (kernel), Mageia (backintime, erlang, and wildmidi), openSUSE (kernel and ucode-intel), Oracle (kernel, libvirt, microcode_ctl, and qemu-kvm), Red Hat (kernel, kernel-rt, libvirt, microcode_ctl, qemu-kvm, and qemu-kvm-rhev), Scientific Linux (libvirt and qemu-kvm), SUSE (kvm and qemu), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/743242/rss ∗∗∗ Three new stable kernels ∗∗∗ --------------------------------------------- Greg Kroah-Hartman has announced the release of the 4.14.12, 4.9.75, and 4.4.110 stable kernels. The bulk of thechanges are either to fix the mitigations for Meltdown/Spectre (in 4.14.12) or to backportthose mitigations (in the two older kernels). There are apparently known (orsuspected) problems with each of the releases, which Kroah-Hartman is hoping to get shaken out inthe near term. For example, the 4.4.110 announcement warns: "But becareful, there have been some reports of problems [...] --------------------------------------------- https://lwn.net/Articles/743246/rss ∗∗∗ Bugtraq: SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541633 ∗∗∗ DFN-CERT-2018-0035: Ruby: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0035/ ∗∗∗ DFN-CERT-2018-0029: Mozilla Firefox, Spectre: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0029/ ∗∗∗ HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011668 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010680 ∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011978 ∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling File Gateway ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012006 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by XML External Entity Injection (XXE) attack (CVE-2017-1666) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011970 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by SQL injection (CVE-2017-1670 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012009 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Spoofing through URL Redirection (CVE-2017-1668) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012010 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Path Traversal vulnerability (CVE-2017-1671) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011967 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012324 ∗∗∗ IBM Security Bulletin: Authenticated Users Can Gain Privilege in IBM UrbanCode Deploy (CVE-2017-1493) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000367 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.01.2018
by Daily end-of-shift report 04 Jan '18

04 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-01-2018 18:00 − Donnerstag 04-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates ∗∗∗ --------------------------------------------- This article contains an continuously updated list of advisories, bulletins, and software updates related to the Meltdown and Spectre vulnerabilities discovered in modern processors. The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre… ∗∗∗ BeA: Noch mehr Sicherheitslücken im Anwaltspostfach ∗∗∗ --------------------------------------------- Das besondere elektronische Anwaltspostfach hat mehr als nur eine Sicherheitslücke. Die Probleme reichen von einer falschen Ende-zu-Ende-Verschlüsselung über Cross Site Scripting bis hin zu ROBOT und veralteten Java-Libraries. Dabei hat die Firma SEC Consult einen Sicherheitsaudit durchgeführt. --------------------------------------------- https://www.golem.de/news/bea-noch-mehr-sicherheitsluecken-im-anwaltspostfa… ∗∗∗ SWIFT framework took effect Jan. 1 ∗∗∗ --------------------------------------------- While organizations often drag their feet in adopting new cyber requirements, playing the odds that either they wont be breached or found out by regulators, a banks compliance with the SWIFT framework is transparent to other members of the global messaging platform. --------------------------------------------- https://www.scmagazine.com/swift-framework-took-effect-jan-1/article/734615/ ∗∗∗ TU Graz-Forscher entdecken schwere IT-Sicherheitslücke ∗∗∗ --------------------------------------------- Mit "Meltdown" und "Spectre" deckte ein internationales Team - darunter Forscher der TU Graz – schwere Sicherheitslücken in Computer-Prozessoren auf. Betroffen sind PCs, Server und Cloud-Dienste. Ein Patch soll helfen. --------------------------------------------- https://www.tugraz.at/tu-graz/services/news-stories/tu-graz-news/einzelansi… ∗∗∗ Android-Patchday: Google schließt 38 Sicherheitslücken ∗∗∗ --------------------------------------------- Im Rahmen seiner monatlichen Update-Routine schließt Google im Januar 38 Android-Lücken, von denen fünf als kritisch gelten. Für Pixel- und Nexus-Geräte gibt es wieder zusätzliche Sicherheitspatches. --------------------------------------------- https://heise.de/-3933932 ∗∗∗ WordPress Supply Chain Attacks: An Emerging Threat ∗∗∗ --------------------------------------------- In the last few months, we have discovered a number of supply chain attacks targeting WordPress plugins. In this post, we explain what a supply chain attack is, why WordPress is an attractive target for them, and what you can do to protect your site. What Is a Supply Chain Attack? In the software industry, [...] --------------------------------------------- https://www.wordfence.com/blog/2018/01/wordpress-supply-chain-attacks/ ∗∗∗ Wartungsarbeiten Dienstag, 9.1.2018 ∗∗∗ --------------------------------------------- Am Dienstag, 9. Jänner 2018, ab etwa 18:00, werden wir Wartungsarbeiten (ausserhalb des regulären Wartungsfensters, vgl. https://www.cert.at/services/blog/20170609114214-2029.html) an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (z.B. Mail, Webserver, Mailinglisten) führen, diese können jeweils mehrere Minuten andauern. Es gehen dabei keine Daten (z.B. Emails) [...] --------------------------------------------- http://www.cert.at/services/blog/20180104144006-2108.html ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541628 ∗∗∗ DFN-CERT-2018-0023: Microsoft Internet Explorer: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0023/ ∗∗∗ DFN-CERT-2018-0021: Microsoft Edge: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0021/ ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011428 ∗∗∗ IBM Security Bulletin: IBM WebSphere MQ is affected by a privilege escalation vulnerability (CVE-2017-1612) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009918 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ (CVE-2017-3735 CVE-2017-3736) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22009850 ∗∗∗ VMSA-2018-0002 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0002.html ∗∗∗ Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91229003 ∗∗∗ XSA-254 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-254.html ∗∗∗ XSA-253 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-253.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2018
by Daily end-of-shift report 03 Jan '18

03 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-01-2018 18:00 − Mittwoch 03-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 9% of Popular Websites Use Anti-Adblock Scripts ∗∗∗ --------------------------------------------- Around 9% of todays most popular websites deployed or are deploying anti-adblock scripts in an effort to maintain advertising revenues and fight off the rise in the adoption of ad-blocking extensions. --------------------------------------------- https://www.bleepingcomputer.com/news/technology/9-percent-of-popular-websi… ∗∗∗ VMware Issues 3 Critical Patches for vSphere Data Protection ∗∗∗ --------------------------------------------- VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. --------------------------------------------- http://threatpost.com/vmware-issues-3-critical-patches-for-vsphere-data-pro… ∗∗∗ Massive Lücke in Intel-CPUs erfordert umfassende Patches ∗∗∗ --------------------------------------------- Derzeit arbeiten Linux- und Windows-Entwickler mit Hochdruck an umfangreichen Sicherheits-Patches, die Angriffe auf Kernel-Schwachstellen verhindern sollen. Grund für die Eile: eine Intel-spezifische Sicherheitslücke. --------------------------------------------- https://heise.de/-3931562 ∗∗∗ Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes ∗∗∗ --------------------------------------------- The individual who allegedly made a fake emergency call to Kansas police last week that summoned them to shoot and kill an unarmed local man has claimed credit for raising dozens of these dangerous false .. --------------------------------------------- https://krebsonsecurity.com/2018/01/serial-swatter-swautistic-bragged-he-hi… ∗∗∗ Android-Update: Google räumt zahlreiche Sicherheitslücken aus ∗∗∗ --------------------------------------------- Media Framework bleibt problematischster Bereich – Update für Pixel- und Nexus-Devices begonnen --------------------------------------------- http://derstandard.at/2000071414985 ∗∗∗ Cybersecurity stand im Fokus eines Sicherheitsgipfels in St. Pölten ∗∗∗ --------------------------------------------- Behördliches Krisen- und Katastrophenmanagement soll u.a. weiter ausgebaut werden – Nächstes Treffen im Herbst --------------------------------------------- http://derstandard.at/2000071416550 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ PMASA-2017-9 ∗∗∗ --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2017-9/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2018
by Daily end-of-shift report 02 Jan '18

02 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-12-2017 18:00 − Dienstag 02-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ I Am Dave ∗∗∗ --------------------------------------------- This cartoon has been making the rounds on the internet for a long time. It depicts how all security technologies and efforts can be undone by "Dave" the 'stupid user'. I can't think of many (well no) real industries that treat their users, peers, and customers with the same level of disdain. Imagine the automotive industry pushing a similar message. 'On one hand we have seatbelts, ABS, airbags, five star safety features... and on the other hand we [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/i-am-dave ∗∗∗ Scripts spionieren im Browser gespeicherte Login-Daten aus ∗∗∗ --------------------------------------------- Wer Nutzernamen und Passwörter direkt im Browser abspeichert, könnte dadurch ausspioniert werden, wie Sicherheitsforscher warnen. --------------------------------------------- https://futurezone.at/digital-life/scripts-spionieren-im-browser-gespeicher… ∗∗∗ The mysterious case of the Linux Page Table Isolation patches ∗∗∗ --------------------------------------------- tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. --------------------------------------------- http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-… ∗∗∗ IOHIDeous: Zero-Day-Exploit für macOS veröffentlicht ∗∗∗ --------------------------------------------- Eine seit wohl 15 Jahren bestehende Schwachstelle kann es einem Angreifer ermöglichen, die Kontrolle über den Mac zu übernehmen. Der nun veröffentlichte Kernel-Exploit funktioniert in macOS bis hin zu 10.13 High Sierra. --------------------------------------------- https://heise.de/-3929556 ∗∗∗ Gefälschte Raiffeisenbank-Sicherheits-App im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Raiffeisenbank-Nachricht. Darin behaupten sie, dass Kund/innen eine Sicherheits-App installieren müssen. Sie sei notwendig dafür, dass diese weiterhin ihr ELBA-Internet nützen können. In Wahrheit ist die Anwendung Schadsoftware. Sie ermöglicht es Datendieb/innen, dass Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-raiffeisenbank-siche… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0003: Asterisk: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0003/ ∗∗∗ DFN-CERT-2018-0004: GIMP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung von Denial-of-Service-Angriffen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0004/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily January 2018