Daily October 2018

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 02.10.2018
by Daily end-of-shift report 02 Oct '18

02 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 01-10-2018 18:00 − Dienstag 02-10-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Security Update for Foxit PDF Reader Fixes 118 Vulnerabilities ∗∗∗ --------------------------------------------- It has not been a good week for PDF programs. We had an Adobe Acrobat & Reader update released yesterday that fixed 86 vulnerabilities, including numerous critical ones. Not to be beaten, an update for Foxit PDF Reader and Foxit PhantomPDF was released last Friday that fixes a whopping 116 vulnerabilities. --------------------------------------------- https://www.bleepingcomputer.com/news/security/security-update-for-foxit-pd… ∗∗∗ Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack ∗∗∗ --------------------------------------------- Rated as high-risk vulnerabilities, these privilege-escalation flaws could allow an unauthenticated attacker to access protected content. --------------------------------------------- https://threatpost.com/nine-nas-bugs-open-lenovoemc-iomega-devices-to-attac… ∗∗∗ Keine Rechnung von ibostream.de und sobastream.de zahlen ∗∗∗ --------------------------------------------- Die Abo-Fallen ibostream.de und sobastream.de sehen für ihre Nutzung eine kostenlose Registrierung vor. Fünf Tagen nach der Registrierung erhalten Konsument/innen von der Ibo Das Limited oder der Stream It Limited eine Rechnung von 359,88- Euro. Nutzer/innen müssen die Summe nicht bezahlen, denn zwischen ihnen und ibostream.de oder sobastream.de gibt es keinen Vertrag. --------------------------------------------- https://www.watchlist-internet.at/news/keine-rechnung-von-ibostreamde-und-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücken in Adobe Acrobat und Reader - Patches verfügbar ∗∗∗ --------------------------------------------- Adobe hat ausserhalb des monatlichen Patch-Zyklus Updates für Acrobat und Reader veröffentlicht, mit denen teils kritische Sicherheitslücken geschlossen werden. --------------------------------------------- https://www.cert.at/warnings/all/20181002.html ∗∗∗ Android Security Bulletin - October 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. [...] The most severe of these issues is a critical security vulnerability in Framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-10-01.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-libxml2, libxml2, mosquitto, and ntp), Debian (kernel and strongswan), Fedora (firefox), openSUSE (zsh), Oracle (kernel), Red Hat (ceph-iscsi-cli), SUSE (openssl-1_0_0), and Ubuntu (kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, and strongswan). --------------------------------------------- https://lwn.net/Articles/767467/ ∗∗∗ Vuln: LibTIFF CVE-2018-17795 Heap Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105445 ∗∗∗ Red Hat JBoss A-MQ, Red Hat JBoss Fuse: Eine Schwachstelle ermöglicht das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1989/ ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in GSKit used by Edge Caching proxy of WebSphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732391 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in OAuth ear in WebSphere Application Server (CVE-2018-1794) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729571 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in SAML ear in WebSphere Application Server (CVE-2018-1793) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729563 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (CVE-2018-0739,CVE-2017-17512, CVE-2018-1000122) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719199 ∗∗∗ IBM Security Bulletin: IBM b-type Network/Storage switches are affected by Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN (openssl ,redhat,openVPN) vulnerabilities. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010724 ∗∗∗ Password disclosure vulnerability & XSS in PTC ThingWorx ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/password-disclosure-vulnerab… ∗∗∗ HPESBHF03897 rev.1 - HPE Switches and Routers using OpenSSL, and Intelligent Management Center (iMC) PLAT, Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.10.2018
by Daily end-of-shift report 01 Oct '18

01 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-09-2018 18:00 − Montag 01-10-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IC3 Issues Alert Regarding Remote Desktop Protocol (RDP) Attacks ∗∗∗ --------------------------------------------- The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, have issued a security alert regarding attacks being conducted through the Windows Remote Desktop Protocol. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-r… ∗∗∗ FBI löst Rätsel um 15 Jahre alte Malware ∗∗∗ --------------------------------------------- Jahrelang spionierte die Fruitfly-Malware unbemerkt Mac-User aus. Nun wurde bekannt, wie die Schadsoftware verbreitet wurde. --------------------------------------------- https://futurezone.at/digital-life/fbi-loest-raetsel-um-15-jahre-alte-malwa… ∗∗∗ Dark Web Azorult Generator Offers Free Binaries to Cybercrooks ∗∗∗ --------------------------------------------- The Gazorp online builder makes it easy to start stealing passwords, credit-card information, cryptocurrency wallet data and more. --------------------------------------------- https://threatpost.com/dark-web-azorult-generator-offers-free-binaries-to-c… ∗∗∗ 70+ different types of home routers(all together 100,000+) are being hijacked by GhostDNS ∗∗∗ --------------------------------------------- note:We have informed various ISPs on the IoC list, and OVH, ORACLE, Google have taken down the related IPs and some others are working on it (Thanks!)Background introductionDNSchanger is not something new and was quite active years ago [1], we occasionally encountered one every once in a [...] --------------------------------------------- http://blog.netlab.360.com/70-different-types-of-home-routers-all-together-… ∗∗∗ Oktober ist Cyber Security-Monat! ∗∗∗ --------------------------------------------- Unter dem Titel "Cyber Security is a Shared Responsibility" findet im Oktober die inzwischen 7. Kampagne der EU zur Verbesserung der allgemeinen Informationssicherheit statt: Der Europäische Cybersicherheitsmonat (ECSM) ist ein breit koordiniertes und umfangreich aufgestelltes Veranstaltungsformat, das Bewusstsein fördern und Kenntnisse vermitteln will. So werden Schritte aufzeigt, die alle Bürger*innen und Organisationen zum Schutz von persönlichen, finanziellen [...] --------------------------------------------- https://www.ikarussecurity.com/at/ueber-ikarus/security-blog/oktober-ist-cy… ∗∗∗ Facebook-Hack: Kombination aus mehreren Software-Lücken war schuld ∗∗∗ --------------------------------------------- Drei Lücken exponierten Millionen Facebook-Konten, darunter das von Mark Zuckerberg. Womöglich waren auch Drittanbieter-Dienste per Facebook-Login betroffen. --------------------------------------------- https://heise.de/-4178569 ∗∗∗ Explosion of look-alike domains aims to steal sensitive data from online shoppers ∗∗∗ --------------------------------------------- Venafi released research on the explosion of look-alike domains, which are routinely used to steal sensitive data from online shoppers. Venafi's research analyzed suspicious domains targeting the top 20 retailers in five key markets: the U.S., U.K., France, Germany and Australia. --------------------------------------------- https://www.helpnetsecurity.com/2018/10/01/look-alike-domains/ ∗∗∗ Erpressung mit intimen Videomaterial ∗∗∗ --------------------------------------------- Kriminelle versenden eine E-Mail, in der es heißt, dass sie das Empfänger/innen-Konto übernommen haben und sein Passwort kennen. Opfer sollen 600 US-Dollar in Bitcoins zahlen, damit die Verbrecher/innen kein intimes Videomaterial veröffentlichen. Konsument/innen können die Nachricht ignorieren und müssen nur ihr Passwort ändern. Eine Zahlung ist nicht erforderlich. --------------------------------------------- https://www.watchlist-internet.at/news/erpressung-mit-intimen-videomaterial/ ===================== = Vulnerabilities = ===================== ∗∗∗ Skype On Debian Microsoft Apt Repo Addition ∗∗∗ --------------------------------------------- Topic: Skype On Debian Microsoft Apt Repo Addition Risk: High Text:Level: Critical Description: The Skype debian packege for Skype (even when not installed via their offical repo) [...] --------------------------------------------- https://cxsecurity.com/issue/WLB-2018090274 ∗∗∗ UPDATED: Security Bulletins Posted ∗∗∗ --------------------------------------------- [...] UPDATE: As of September 28, Adobe is aware of a report that CVE-2018-15961 is being actively exploited in the wild. The updates for ColdFusion 2018 and ColdFusion 2016 announced in APSB18-33 have been elevated to Priority 1, and Adobe recommends customers update to the latest version as soon as possible. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1607 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (mediawiki), CentOS (389-ds-base, firefox, flatpak, kernel, mod_perl, nss, spice and spice-gtk, and spice-gtk and spice-server), Debian (389-ds-base, ghostscript, mosquitto, and python3.5), Fedora (ca-certificates, firefox, glusterfs, kernel-headers, kernel-tools, libxkbcommon, udisks2, and zchunk), Mageia (firefox), openSUSE (gd, gnutls, mgetty, openssl, and yast2-smt), Oracle (firefox and kernel), Scientific Linux (firefox), SUSE (libX11 and [...] --------------------------------------------- https://lwn.net/Articles/767373/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability in MyCloud APP of Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180930-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Publicly disclosed Apache Struts vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732783 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731329 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732785 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10732477 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733457 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730313 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Improper Certificate Validation vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10730321 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730329 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Missing Security Control vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730323 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Password in Clear Text vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730317 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily October 2018