Daily November 2018

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 16.11.2018
by Daily end-of-shift report 16 Nov '18

16 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-11-2018 18:00 − Freitag 16-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Serverüberwachungssoftware Nagios XI: Mehrere Schlupflöcher für Angreifer ∗∗∗ --------------------------------------------- Nagios XI ist angreifbar und gefährdet IT-Infrastrukturen. Eine abgesicherte Version ist verfügbar. --------------------------------------------- http://heise.de/-4222806 ∗∗∗ Warnung vor Gelenkcreme Artrovex ∗∗∗ --------------------------------------------- Kriminelle geben sich als Bundesministerium für Arbeit, Soziales, Gesundheit und Konsumentenschutz aus und behaupten, dass die österreichische Regierung bei Gelenkschmerzen die Creme Artrovex empfiehlt. Das ist erfunden. Konsument/innen dürfen Artrovex nicht bestellen, denn die Creme hat keine medizinische Wirkung. Ebenso übermitteln Käufer/innen damit persönliche Daten an Unbekannte. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gelenkcreme-artrovex/ ∗∗∗ tRat Emerges as New Pet for APT Group TA505 ∗∗∗ --------------------------------------------- The modular malware seems to be in a testing phase, but TA505s interest made researchers take note. --------------------------------------------- https://threatpost.com/trat-emerges-as-new-pet-for-apt-group-ta505/139136/ ∗∗∗ Lock-Screen Bypass Bug Quietly Patched in Handsets ∗∗∗ --------------------------------------------- The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds. --------------------------------------------- https://threatpost.com/lock-screen-bypass-bug-quietly-patched-in-handsets/1… ∗∗∗ Hacking Connected Home Alarm Systems – The Expensive [part 2] ∗∗∗ --------------------------------------------- TL;DR: We were wondering whether price affects the security of IoT appliances. So we verified the security of two differently priced connected home alarm systems. Both IoT alarms are marketed as an easy solution to protect your home. Unfortunately we find this not to be the case as we identified multiple critical vulnerabilities in both systems. --------------------------------------------- https://blog.nviso.be/2018/11/15/hacking-connected-home-alarm-systems-the-e… ∗∗∗ 0-Day in ELBA5's Network Installation: Overtaking your company's bank account ∗∗∗ --------------------------------------------- This blog post is about a previously unknown critical vulnerability in the Austrian electronic banking application ELBA5. The issue discussed here could be abused to gain full control over any ELBA5 database server as well as the underlying operating system. It has a confirmed CVSSv3 score of 10.0. --------------------------------------------- https://bogner.sh/2018/11/0-day-in-elba5s-network-installation-overtaking-y… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (lldpad, pdns, and php), Mageia (flash-player-plugin, gdal, mutt, patch, php-pear-CAS, postgresql9.4|6, ruby-rack, and teeworlds), SUSE (kernel-rt, postgresql10, and squid), and Ubuntu (openjdk-7). --------------------------------------------- https://lwn.net/Articles/772259/ ∗∗∗ Multiple critical vulnerabilities in Miss Marple Enterprise Edition ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-1841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for Email, IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime Version 8 SR4FP10 affect IBM Notes and Domino ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-10892) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2018
by Daily end-of-shift report 15 Nov '18

15 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-11-2018 18:00 − Donnerstag 15-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now ∗∗∗ --------------------------------------------- A security researcher has discovered a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for --------------------------------------------- https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html ∗∗∗ Patchday: Schwerwiegende Sicherheitslücke in SAP HANA Streaming Analytics ∗∗∗ --------------------------------------------- SAP hat Updates veröffentlicht, die unter anderem eine kritische Schwachstelle im Software-Portfolio des Herstellers schließen. --------------------------------------------- http://heise.de/-4221574 ∗∗∗ Achtung: Rechnungs-Trojaner vom Kollegen ∗∗∗ --------------------------------------------- Mit einem miesen Trick versuchen Kriminelle, unvorsichtige Anwender mit Online-Banking-Trojanern zu infizieren. --------------------------------------------- http://heise.de/-4221813 ∗∗∗ Sicherheitsupdate: Skype kann an Emojis ersticken ∗∗∗ --------------------------------------------- Zu viele Emojis in Chat-Nachrichten können Skype for Business und Lync 2013 zum Erliegen bringen. --------------------------------------------- http://heise.de/-4221978 ∗∗∗ Kauf bei potenzmittel-apotheke.eu schädigt Brieftasche und Gesundheit ∗∗∗ --------------------------------------------- Bei potenzmittel-apotheke.eu finden Kund/innen rezeptfreie Potenzmittel und ersparen sich die unangenehme Erfahrung, dieses Medikament auf herkömmlichen Weg, nämlich über Rezept, zu erwerben. potenzmittel-apotheke.eu ist jedoch eine illegale Versandapotheke, Sie verlieren Ihr Geld und spielen Betrüger/innen persönliche Daten in die Hände! --------------------------------------------- https://www.watchlist-internet.at/news/kauf-bei-potenzmittel-apothekeeu-sch… ∗∗∗ Gefälschte Gemeinde-Rechnungen verbreiten Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Gemeinde-Rechnungen mit der Adress-Endung gv.at. Darin behaupten sie, dass Unternehmen eine offene Rechnung haben und der Verwaltung noch Geld schulden. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gemeinde-rechnungen-verb… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (kde-connect, mingw-SDL2_image, SDL2_image, and subscription-manager), Red Hat (flash-plugin), SUSE (openssh-openssl1, systemd, and thunderbird), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-azure, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, [...] --------------------------------------------- https://lwn.net/Articles/772103/ ∗∗∗ Digium Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2347/ ∗∗∗ IBM Security Bulletin: Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-directory-t… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (CVE-2018-0732, CVE-2018-12115, CVE-2018-7166, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-1639) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2018
by Daily end-of-shift report 14 Nov '18

14 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-11-2018 18:00 − Mittwoch 14-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers Change WordPress Siteurl to Pastebin ∗∗∗ --------------------------------------------- Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn't work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend [...] --------------------------------------------- https://blog.sucuri.net/2018/11/hackers-change-wordpress-siteurl-to-pastebi… ∗∗∗ Want to hack an ATM for free cash? Its as easy as Windows XP ∗∗∗ --------------------------------------------- Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash. --------------------------------------------- https://www.theregister.co.uk/2018/11/14/atm_security_lousy/ ∗∗∗ November 2018 Microsoft Patch Tuesday ∗∗∗ --------------------------------------------- This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. [...] The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. [...] Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild. --------------------------------------------- https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/243… ∗∗∗ Patchday bei Adobe: Nicht kritisch, aber wichtig ∗∗∗ --------------------------------------------- Sicherheitsupdates von Adobe schließen Lücken in Acrobat, Flash, Photoshop CC und Reader. Keine Schwachstelle gilt als "kritisch". --------------------------------------------- http://heise.de/-4220586 ∗∗∗ Generalschlüssel für Fingerabdruckscanner: Master-Prints entsperren Smartphones ∗∗∗ --------------------------------------------- Mit KI-Methoden erstellten Forscher Fingerabdrücke, die als eine Art Generalschlüssel für Fingerabdruckscanner fungieren und damit etwa Smartphones entsperren. --------------------------------------------- http://heise.de/-4220782 ∗∗∗ Prozessor-Sicherheit: Sieben neue Varianten von Spectre-Lücken ∗∗∗ --------------------------------------------- Die Spectre-Sicherheitslücken in Prozessoren lassen sich angeblich noch anders nutzen, als bisher bekannt; Intel gibt allerdings Entwarnung. --------------------------------------------- http://heise.de/-4220854 ∗∗∗ Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies ∗∗∗ --------------------------------------------- You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really dont like? Logging on to Report URI and being greeted with something like this: [...] --------------------------------------------- https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2018-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- This advisory covers a problem with a data migration discovered in the OTRS framework. --------------------------------------------- https://community.otrs.com/security-advisory-2018-10-security-update-for-ot… ∗∗∗ VMSA-2018-0028 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight updates address an authorization bypass vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0028.html ∗∗∗ November 2018 Office Update Release ∗∗∗ --------------------------------------------- The November 2018 Public Update releases for Office are now available! This month, there are 29 security updates and 16 non-security updates. All of the security and non-security updates are listed in KB article 4469617. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/11/13… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), Debian (ceph and spamassassin), Fedora (feh, flatpak, and xen), Red Hat (kernel, kernel-rt, openstack-cinder, python-cryptography, and Red Hat Single Sign-On 7.2.5), and Ubuntu (python2.7, python3.4, python3.5). --------------------------------------------- https://lwn.net/Articles/771881/ ∗∗∗ Security Advisory - Information Leakage Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ Denial of Service Vulnerability in Microsoft Skype for Business / Lync ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerability-in-skype-for-b… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2018
by Daily end-of-shift report 13 Nov '18

13 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-11-2018 18:00 − Dienstag 13-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Trojaner: Der Banking-Trojaner Trickbot hat neue Tricks gelernt ∗∗∗ --------------------------------------------- Vor zwei Jahren hatte es Trickbot nur auf Bankdaten abgesehen. Nun ist eine neue Variante des Trojaners im Umlauf, die auch Passwörter aus anderen Anwendungen abgreifen kann. (Malware, Spam) --------------------------------------------- https://www.golem.de/news/trojaner-der-banking-trojaner-trickbot-hat-neue-t… ∗∗∗ Blockverschlüsselung: Verschlüsselungsmodus OCB2 gebrochen ∗∗∗ --------------------------------------------- Im Verschlüsselungsmodus OCB2 wurden in kurzer Abfolge zahlreiche Sicherheitsprobleme gefunden. Breite Verwendung findet dieser Modus nicht, obwohl er Teil eines ISO-Standards ist. (Verschlüsselung, Applikationen) --------------------------------------------- https://www.golem.de/news/blockverschluesselung-verschluesselungsmodus-ocb2… ∗∗∗ Should You Send Your Pen Test Report to the MSRC? ∗∗∗ --------------------------------------------- Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/11/12/should-you-send-your-pe… ∗∗∗ Why Google Internet Traffic Rerouted Through China and Russia ∗∗∗ --------------------------------------------- For two hours Monday, Google internet traffic rerouted through China, Russia, and elsewhere. Heres why. --------------------------------------------- https://www.wired.com/story/google-internet-traffic-china-russia-rerouted ∗∗∗ TLS-Aufschlüsselung: Malware und Angriffe in verschlüsselten Datenströmen erkennen ∗∗∗ --------------------------------------------- Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten. --------------------------------------------- http://heise.de/-4219047 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1648 ∗∗∗ SAP Security Patch Day - November 2018 ∗∗∗ --------------------------------------------- On 13th of November 2018, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd). --------------------------------------------- https://lwn.net/Articles/771697/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ RSA BSAFE Micro Edition Suite Lets Remote Users Cause the Target Service to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042057 ∗∗∗ SSA-113131 (Last Update: 2018-11-13): Denial-of-Service Vulnerabilities in S7-400 CPUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt ∗∗∗ SSA-233109 (Last Update: 2018-11-13): Web Vulnerabilities in SIMATIC Panels ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-233109.txt ∗∗∗ SSA-242982 (Last Update: 2018-11-13): Cross-Site Scripting Vulnerability in SCALANCE S ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-242982.txt ∗∗∗ SSA-584286 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-584286.txt ∗∗∗ SSA-621493 (Last Update: 2018-11-13): Password Storage Vulnerability in SIMATIC STEP7 (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-621493.txt ∗∗∗ SSA-886615 (Last Update: 2018-11-13): Vulnerability in SIMATIC IT Production Suite ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-886615.txt ∗∗∗ SSA-944083 (Last Update: 2018-11-13): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-944083.txt ∗∗∗ SSA-168644 (Last Update: 2018-11-13): Spectre and Meltdown Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt ∗∗∗ SSA-179516 (Last Update: 2018-11-13): OpenSSL Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt ∗∗∗ SSA-254686 (Last Update: 2018-11-13): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ SSA-268644 (Last Update: 2018-11-13): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt ∗∗∗ SSA-293562 (Last Update: 2018-11-13): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-293562.txt ∗∗∗ SSA-346262 (Last Update: 2018-11-13): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt ∗∗∗ SSA-348629 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-348629.txt ∗∗∗ SSA-901333 (Last Update: 2018-11-13): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt ∗∗∗ SSA-159860 (Last Update: 2018-11-13): Access Control Vulnerability in IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-159860.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.11.2018
by Daily end-of-shift report 12 Nov '18

12 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-11-2018 18:00 − Montag 12-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Linux CryptoMiners Are Now Using Rootkits to Stay Hidden ∗∗∗ --------------------------------------------- To make it harder to spot a cryptominer process that is utilizing all of the CPU, a new variant has been discovered for Linux that attempts to hide its presence by utilizing a rootkit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-cryptominers-are-now-u… ∗∗∗ DSGVO: Sicherheitslücke in Wordpress-Addon ermöglicht Admin-Rechte ∗∗∗ --------------------------------------------- Durch eine fehlende Identitätsabfrage in einem DSGVO-Plugin für Wordpress können sich Angreifer Administratorkonten für Webseiten anlegen und dann beliebige Schadsoftware verteilen. Die Lücke wird bereits ausgenutzt. (Wordpress, PHP) --------------------------------------------- https://www.golem.de/news/dsgvo-sicherheitsluecke-in-wordpress-addon-ermoeg… ∗∗∗ Virtualisierung: Update behebt Schwachstelle in VMware Player und Workstation ∗∗∗ --------------------------------------------- Eine Sicherheitslücke betrifft die beliebten Virtualisierungsprogramme VMware Player und Workstation. Angreifer können darüber Code auf dem Hostsystem ausführen, was die Lücken recht kritisch macht. Das von VMware verteilte Update sollte schnell installiert werden. (VMware, Virtualisierung) --------------------------------------------- https://www.golem.de/news/virtualisierung-update-behebt-schwachstelle-in-vm… ∗∗∗ Trojaner: Achtung bei angeblichen Rechnungen ∗∗∗ --------------------------------------------- Vetrauenswürdiger Absender, glaubhafter Text in gutem Deutsch – und trotzdem handelt es sich bei der angehängten Rechnung um einen Trojaner. --------------------------------------------- http://heise.de/-4219043 ∗∗∗ Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems ∗∗∗ --------------------------------------------- Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/triton-malware-spearheads-l… ∗∗∗ Betrugsversuch beim Privatverkauf ∗∗∗ --------------------------------------------- Kriminelle senden Privatverkäufer/innen über WhatsApp Kaufangebote. Sie geben vor, dass sie im Ausland sind und schlagen die Vertragsabwicklung über eine Spedition vor. Dazu versenden sie gefälschte Überweisungsbelege. Verkäufer/innen sollen sowohl die Ware als auch zu viel transferierte Geldbeträge ins Ausland überweisen. Sie verlieren beides und erhalten nicht den Kaufpreis. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsversuch-beim-privatverkauf/ ∗∗∗ Schadsoftware-Mails von Paymorrow Gbr und Volkswagen VTI GmbH! ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Betrüger/innen versenden Mails mit angeblichen Rechnungen im .zip-Dateiformat. Die enthaltenen ausführbaren Files dürfen auf keinen Fall geöffnet werden, denn sie infizieren Ihr Gerät oder das Firmennetzwerk mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-mails-von-paymorrow-gb… ∗∗∗ How my personal Bug Bounty Program turned into a Free Security Audit for the Serendipity Blog ∗∗∗ --------------------------------------------- HackerOne is currently one of the most popular bug bounty program platforms. While the usual providers of bug bounty programs are companies, w while ago I noted that some people were running bug bounty programs on Hacker One for their private projects without payouts. It made me curious, so I decided to start one with some of my private web pages in scope. --------------------------------------------- https://blog.hboeck.de:443/archives/896-How-my-personal-Bug-Bounty-Program-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, systemd, and thunderbird), Debian (ansible, ghostscript, qemu, thunderbird, and xen), Fedora (community-mysql, gettext, links, mysql-connector-java, xen, and zchunk), Gentoo (icecast, libde265, okular, pango, and PHProjekt), Mageia (ansible, audiofile, iniparser, libtiff, mercurial, opencc, and python-dulwich), openSUSE (accountsservice, apache2, [...] --------------------------------------------- https://lwn.net/Articles/771574/ ∗∗∗ IBM Security Bulletin: IBM MQ can allow an attacker to execute a privilege escalation attack on a local machine. (CVE-2018-1792) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-allow-an-a… ∗∗∗ IBM Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2018-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIG-IP iControl and tmsh vulnerability CVE-2018-15325 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77313277 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2018
by Daily end-of-shift report 09 Nov '18

09 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-11-2018 18:00 − Freitag 09-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Root-Zertifikat: Sennheiser-Software hebelt HTTPS-Sicherheit aus ∗∗∗ --------------------------------------------- Eine Software für Headsets des Herstellers Sennheiser installiert ein Root-Zertifikat und sorgt damit dafür, dass HTTPS-Verbindungen nicht mehr sicher sind. In neueren Versionen ist die Lücke etwas weniger schlimm, einen Fix gibt es bisher nicht. (TLS, Sound-Hardware) --------------------------------------------- https://www.golem.de/news/root-zertifikat-sennheiser-software-hebelt-https-… ∗∗∗ Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets ∗∗∗ --------------------------------------------- Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. More than 75% of [...] --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-mal… ∗∗∗ AR18-312A: JexBoss – JBoss Verify and EXploitation Tool ∗∗∗ --------------------------------------------- JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as "red teams") and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server [...] --------------------------------------------- https://www.us-cert.gov/ncas/analysis-reports/AR18-312A ∗∗∗ Passive DNS for the Bad ∗∗∗ --------------------------------------------- Passive DNS is not a new technique but, for the last months, there was more and more noise around it. Passive DNS is a technique used to record all resolution requests performed by DNS resolvers (bigger they are, bigger they will collect) and then allow to search for historical data. --------------------------------------------- https://blog.rootshell.be/2018/11/09/passive-dns-for-the-bad/ ∗∗∗ UAC Bypass by Mocking Trusted Directories ∗∗∗ --------------------------------------------- During research for some new User Account Control (UAC) bypass techniques, I discovered what I believe to be a new bypass method (at the time of this writing). It is worth mentioning that Microsoft doesnt consider UAC a security boundary, however we still reported the bug to Microsoft and want to share its details here. --------------------------------------------- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directori… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips iSite and IntelliSpace PACS ∗∗∗ --------------------------------------------- This medical device advisory includes mitigations for a weak password Requirements vulnerability in the Philips iSite and IntelliSpace PACS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01 ∗∗∗ PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released ∗∗∗ --------------------------------------------- There is a whole new set of PostgreSQL releases out there, the main purpose of which is to include an important security fix. "Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs `pg_upgrade` on the database or during a pg_dump dump/restore cycle. This attack requires [...] --------------------------------------------- https://lwn.net/Articles/771145/ ∗∗∗ VMSA-2018-0027 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0027.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nginx), Fedora (icu, java-1.8.0-openjdk-aarch32, libgit2, php-pear-CAS, roundcubemail, and ruby), Gentoo (firefox, libX11, openssl, and python), openSUSE (thunderbird), Oracle (java-11-openjdk, kernel, and spice-server), Red Hat (java-1.8.0-ibm and thunderbird), Scientific Linux (spice-server), SUSE (curl, libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1, libxkbcommon, openssh, and [...] --------------------------------------------- https://lwn.net/Articles/771324/ ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-40) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1654 ∗∗∗ Roche Diagnostics Point of Care Handheld Medical Devices (Update A) ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Security Updates for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-09-security-update-for-ot… https://community.otrs.com/security-advisory-2018-08-security-update-for-ot… https://community.otrs.com/security-advisory-2018-07-security-update-for-ot… ∗∗∗ Field Notice: FN - 70319 - ASA and FXOS Software - Change in Root Certificate Might Affect Smart Licensing and Smart Call Home Functionality - Software Upgrade Recommended ∗∗∗ --------------------------------------------- https://www.cisco.com/c/en/us/support/docs/field-notices/703/fn70319.html ∗∗∗ IBM Security Bulletin: Denial of Service vulnerability affects IBM Spectrum Protect Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1786) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerability in FreeBSD affects AIX (CVE-2018-6922) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-free… ∗∗∗ IBM Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology Affect IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Bulletin: A Zip Slip vulnerability is exposed in Case Manager (CVE-2018-1884) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-a-z… ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Contact Optimization (CVE-2016-8610) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2018
by Daily end-of-shift report 08 Nov '18

08 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-11-2018 18:00 − Donnerstag 08-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Beginner’s Guide to Open Source Intrusion Detection (IDS) Tools ∗∗∗ --------------------------------------------- Originally written by Joe Schreiber Re-written and edited by Trevor Giffen (Editorial Contractor) Re-re edited and expanded by Rich Langston Whether you need to monitor hosts or the networks connecting them to identify the .. --------------------------------------------- https://feeds.feedblitz.com/~/579108152/0/alienvault-blogs~Beginner%e2%80%9… ∗∗∗ DJI Patches Forum Bug That Allowed Drone Account Takeovers ∗∗∗ --------------------------------------------- Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers. --------------------------------------------- https://threatpost.com/dji-patches-forum-bug-that-allowed-drone-account-tak… ∗∗∗ Sicherheitsupdates: Cisco entfernt Backdoor aus Business Switches ∗∗∗ --------------------------------------------- Es gibt wichtige Patches zu Absicherung von Hard- und Software von Cisco. --------------------------------------------- http://heise.de/-4216400 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python-paramiko and thunderbird), Debian (firefox-esr, libdatetime-timezone-perl, and mariadb-10.0), Fedora (curl, NetworkManager, and xorg-x11-server), openSUSE (kernel), Oracle (java-1.7.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/771129/ ∗∗∗ Synology-SA-18:58 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_58 ∗∗∗ Synology-SA-18:59 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_59 ∗∗∗ BlackBerry powered by Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9144 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1872) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5740 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is susceptible to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-node-js-as-used-in-ib… ∗∗∗ IBM Security Bulletin: An XML External Entity (XXE) processing vulnerability is exposed in Case Manager administration client (CVE-2018-1844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-xml-external-entit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2018
by Daily end-of-shift report 07 Nov '18

07 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-11-2018 18:00 − Mittwoch 07-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Oracle: Verärgerter Forscher veröffentlicht Exploit für Virtualbox ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Zero-Day-Lücke für Virtualbox veröffentlicht, die einen Ausbruch aus dem Gastsystem auf das Host-System ermöglicht. Der Forscher sei frustriert darüber, .. --------------------------------------------- https://www.golem.de/news/oracle-veraergerter-forscher-veroeffentlicht-expl… ∗∗∗ BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers ∗∗∗ --------------------------------------------- This article was co-authored by Hui Wang and RootKiter.Since September 2018, 360Netlab Scanmon has detected multiple scan spikes on TCP port 5431, each time the system logged more than 100k scan .. --------------------------------------------- http://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers… ∗∗∗ ADV180028 | Guidance for configuring BitLocker to enforce software encryption ∗∗∗ --------------------------------------------- Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain .. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028 ∗∗∗ WordPress Design Flaw Leads to WooCommerce RCE ∗∗∗ --------------------------------------------- A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million .. --------------------------------------------- https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-r… ∗∗∗ Vorsicht! Neue betrügerische Bewerbungsmail mit Erpressungstrojaner im Umlauf ∗∗∗ --------------------------------------------- Derzeit kursiert eine gefakte Bewerbung von "Peter Reif" im Internet. Nach dem Öffnen des Dateianhangs verschlüsselt ein Schädling Daten und fordert Lösegeld. --------------------------------------------- http://heise.de/-4214191 ∗∗∗ Attackers breached Statcounter to steal cryptocurrency from gate.io users ∗∗∗ --------------------------------------------- Web analytics company Statcounter and cryptocurrency exchange gate.io have been compromised in another supply-chain attack, which resulted in an unknown number of gate.io customers getting their money stolen,.. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/07/statcounter-gate-io-compromised/ ∗∗∗ Keine FLIXGLADE und FLIX FORGE LTD- Rechnungen bezahlen! ∗∗∗ --------------------------------------------- Auf der Suche nach kostenlosen Filmen im Internet stoßen Konsument/innen auf flixman.de und inflix.de. Es handelt sich um kriminelle Plattformen, die ihren Opfern keine Leistung erbringen, .. --------------------------------------------- https://www.watchlist-internet.at/news/keine-flixglade-und-flix-forge-ltd-r… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) inspectionengine of Cisco Adaptive Security Appliance (ASA) Software and CiscoFirepower Threat Defense (FTD) Software could allow an unauthenticated, .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin:Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system and The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java does not protect against CVE-2018-1656 and CVE-2018-12539 ∗∗∗ --------------------------------------------- The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletineclipse-openj9-could-a… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Cassandra affects IBM Operations Analytics Predictive Insights (CVE-2018-8016) ∗∗∗ --------------------------------------------- Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Apache Cassandra within IBM Operations .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Python within IBM Operations Analytics .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ Roche Point of Care Handheld Medical Devices ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Express Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory 282 - guest use of HLE constructs may lock up host ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-282.html ∗∗∗ Red Hat JBoss EAP RichFaces Access Control Bug Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042037 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.11.2018
by Daily end-of-shift report 06 Nov '18

06 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-11-2018 18:00 − Dienstag 06-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SSD: Forscher umgehen Passwörter bei verschlüsselten Festplatten ∗∗∗ --------------------------------------------- Bei manchen SSDs mit Hardwareverschlüsselung konnten Forscher die Firmware so manipulieren, dass sie beliebige Passwörter akzeptierte. Das war nicht das einzige Problem, das sie fanden. (Solid State Drive, Speichermedien) --------------------------------------------- https://www.golem.de/news/ssd-forscher-umgehen-passwoerter-bei-verschluesse… ∗∗∗ Malicious Powershell Script Dissection, (Tue, Nov 6th) ∗∗∗ --------------------------------------------- Here is another example of malicious Powershell script found while hunting. Such scripts remain a common attack vector and many of them can be easily detected just by looking for some specific strings. Here is an example of YARA rule [...] --------------------------------------------- https://isc.sans.edu/diary/rss/24282 ∗∗∗ Struts 2.3 Vulnerable to Two Year old File Upload Flaw ∗∗∗ --------------------------------------------- Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2 version of commons-fileupload. In November of 2016, a deserialization vulnerability was disclosed and patched in commons-fileupload [2]. The vulnerability can lead to arbitrary remote code execution. --------------------------------------------- https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File… ∗∗∗ GPU side channel attacks can enable spying on web activity, password stealing ∗∗∗ --------------------------------------------- Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/ ∗∗∗ Gefälschte Zahlungsanweisung an die Buchhaltung ∗∗∗ --------------------------------------------- Kriminelle geben sich als Geschäftsführung eines Unternehmens aus und versenden eine E-Mail an die Buchhaltung. Darin fordern sie die Mitarbeiter/innen dazu auf, dass sie einen hohen Geldbetrag ins Ausland überweisen. Angestellte, die die Zahlungsanweisung nicht als betrügerisch erkennen, transferieren die geforderte Summe an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-zahlungsanweisung-an-die… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-11-05 or later address all of these issues. [...] The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-11-01.html ∗∗∗ libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018 ∗∗∗ --------------------------------------------- Cisco has investigated its product line and has determined that no products or services are known to be affected by this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5). --------------------------------------------- https://lwn.net/Articles/770856/ ∗∗∗ IBM Security Bulletin: IBM API Connect is vulnerable to CSV Injection (CVE-2018-1774) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-vu… ∗∗∗ IBM Security Bulletin: IBM MQ can cause a Denial of Service attack to connecting MQTT clients (CVE-2018-1684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-cause-a-de… ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-expe… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Server Side Input Validation Vulnerability Affects IBM Campaign (CVE-2016-9749) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-server-side-input-v… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.11.2018
by Daily end-of-shift report 05 Nov '18

05 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-11-2018 18:00 − Montag 05-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Microsoft Edge Browser Zero-Day RCE Exploit in the Works ∗∗∗ --------------------------------------------- Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-z… ∗∗∗ Neue Schwachstelle in Intel-CPUs: Hyper-Threading anfällig für Datenleck ∗∗∗ --------------------------------------------- Forscher demonstrieren einen neuen CPU-Bug bei aktuellen Intel-Prozessoren, über den sich Daten aus einem benachbarten Thread auslesen lassen. --------------------------------------------- http://heise.de/-4210282 ∗∗∗ Streaming-Server Icecast: Angreifer könnten Online-Radiosender ausknipsen ∗∗∗ --------------------------------------------- In der aktuellen Version von Icecast haben die Entwickler eine Sicherheitslücke geschlossen. --------------------------------------------- http://heise.de/-4210875 ∗∗∗ Heres Why [Insert Thing Here] Is Not a Password Killer ∗∗∗ --------------------------------------------- These days, I get a lot of messages from people on security related things. Often its related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. But on a fairly regular basis, [...] --------------------------------------------- https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-kill… ∗∗∗ Finger weg vom Fake-Shop gaming-ez.com! ∗∗∗ --------------------------------------------- Kaufen Sie nicht auf gaming-ez.com ein. Die Playstation 4 Pro-, Xbox One- oder Nintendo Switch- Angebote sind zwar verlockend, werden aber nie geliefert. Überwiesenes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-vom-fake-shop-gaming-ezco… ∗∗∗ Datendiebstahl mit gefälschtem AirAsia-Ticket ∗∗∗ --------------------------------------------- Konsument/innen erhalten ein gefälschtes AirAsia-Ticket für einen Flug von Hong Kong nach Kuala Lumpur. Sie können es stornieren, indem sie die Website eines Payment Center aufrufen. Dieses fragt PayPal-Zugangsdaten sowie Kreditkarten- und Bankinformationen ab. Ebenfalls ist eine persönliche Identifizierung vorgesehen. Kund/innen, die die gewünschten Informationen bekannt geben, werden Opfer eines Daten- und Identitätsdiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschtem-aira… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):IBM Cloud Application Performance Management, Base Private IBM Cloud Application Performance Management, Advanced Private IBM Cloud Application Performance Management --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability found by vFinder (CVE-2018-14883 and CVE-2018-14851) ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Affected Product NameAffected VersionsIBM Lotus Protector for Mail Security2.8.3.0IBM Lotus Protector for Mail Security2.8.1.0 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Zookeeper could affect IBM Performance Management products (CVE-2018-8012) ∗∗∗ --------------------------------------------- Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Rational Publishing Engine 2.1.0 Rational Publishing Engine 2.1.1 Rational Publishing Engine 2.1.2 Rational Publishing Engine 6.0.5 Rational Publishing Engine 6.0.6 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- Security vulnerabilities affect multiple products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM). --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, icecast2, mupdf, and ruby2.3), Fedora (lldpad, NetworkManager, python-django, roundcubemail, thunderbird, webkit2gtk3, xen, and xorg-x11-server), Mageia (axis, cimg, gmic, dnsmasq, gitolite, gnutls, java-1.8.0-openjdk, lighttpd, mbedtls, mediawiki, perl-Dancer2, python-cryptography, and virtualbox), Red Hat (openvswitch, Red Hat Virtualization, and thunderbird), SUSE (curl, ffmpeg, and soundtouch), and Ubuntu (network-manager and systemd). --------------------------------------------- https://lwn.net/Articles/770744/ ∗∗∗ ZDI-18-1336: (0Day) Juuko JK-800 Replay Attack Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1336/ ∗∗∗ Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181105-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily November 2018