Daily December 2018

daily@lists.cert.at

2 participants
18 discussions

Tageszusammenfassung - 28.12.2018
by Daily end-of-shift report 28 Dec '18

28 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-12-2018 18:00 − Freitag 28-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ BUNDESGESETZBLATT FÜR DIE REPUBLIK ÖSTERREICH ∗∗∗ --------------------------------------------- 111. Bundesgesetz, mit dem das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz – NISG) erlassen und das Telekommunikationsgesetz 2003 geändert wird --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2018_I_111/BGBLA_2018_I_… ∗∗∗ 35C3: Hacker zeigt Schwachstellen in IoT-Netzwerk Sigfox auf ∗∗∗ --------------------------------------------- Die Datenkommunikation über das Sigfox-Funknetz, das auf das Internet der Dinge ausgerichtet ist, lässt sich momentan bei vielen Geräten recht einfach abhören. --------------------------------------------- http://heise.de/-4259662 ∗∗∗ Warnung vor elektro-hilfe.at ∗∗∗ --------------------------------------------- Bei elektro-hilfe.at handelt es sich um einen 24h-Elektriker-Notdienst, der verspricht, Pannen und Schäden die durch Wasserrohrbrüche, verstopfte Leitungen u.Ä. verursacht wurden, zu beheben. Verlockend klingen vor allem auch die günstigen Preise, mit denen auf der Website geworben wird. Der Anbieter ist nicht vertrauenswürdig, denn vor Ort werden überhöhte Preise verrechnet. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-elektro-hilfeat/ ∗∗∗ Hijacking Online Accounts Via Hacked Voicemail Systems ∗∗∗ --------------------------------------------- Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services. --------------------------------------------- https://threatpost.com/hijacking-online-accounts-via-hacked-voicemail-syste… ∗∗∗ Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage ∗∗∗ --------------------------------------------- The home surveillance cams have hard-coded credentials. --------------------------------------------- https://threatpost.com/guardzilla-cameras-flaw/140415/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript, graphicsmagick, libarchive, libsndfile, libvncserver, ruby-sanitize, and wireshark), Fedora (mosquitto and tinc), Mageia (monit, sqlite3, and thunderbird), and SUSE (openssl). --------------------------------------------- https://lwn.net/Articles/775635/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libphp-phpmailer), Fedora (mosquitto and tinc), and Mageia (ruby-i18n and tcpdump). --------------------------------------------- https://lwn.net/Articles/775670/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-apache-to… ∗∗∗ BIG-IP APM portal access may potentially leak host name information for back-end servers ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31333705 ∗∗∗ BIG-IP APM webtop vulnerability CVE-2018-15334 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74114570 ∗∗∗ BIG-IP ARM BGP vulnerability CVE-2018-17539 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K17264695 ∗∗∗ The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95010813 ∗∗∗ BIG-IP vulnerability CVE-2018-15333 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53620021 ∗∗∗ BIG-IP APM OAuth failure response message vulnerability CVE-2018-15335 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27617652 Next End-of-Day report: 2019-01-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2018
by Daily end-of-shift report 27 Dec '18

27 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-12-2018 18:00 − Donnerstag 27-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-02) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB19-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, January 03, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1680 ∗∗∗ 5 Steps to Mitigate Endpoint Security Incidents ∗∗∗ --------------------------------------------- Endpoint security may be the best investment you have ever made. According to a Ponemon survey – The 2017 State of Endpoint Security Risk – the average cost to an organization of attacks that managed to breach endpoint security was $5 million. In this article, we will look at what you need to know about [...] --------------------------------------------- https://resources.infosecinstitute.com/5-steps-to-mitigate-endpoint-securit… ∗∗∗ Warnung vor Auresoil Sensi & Secure ∗∗∗ --------------------------------------------- Auf einem erfundenen österreichischen Medizinportal behaupten Unbekannte, dass es mit Auresoil Sensi & Secure möglich sei, „das Hörvermögen zu 100% wiederherzustellen“. Das Produkt können Interessent/innen um 57 Euro auf bestmarkethub.com/43/auresoil-med/gps erwerben. Davon raten wir ab, denn die medizinische Wirkung von Auresoil Sensi & Secure ist unklar und kann schädlich sein. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-auresoil-sensi-secure/ ∗∗∗ Nicht bei der Knurf GmbH & Co. KG bewerben ∗∗∗ --------------------------------------------- Die betrügerische Knurf GmbH & Co. KG sucht über knurf.net Proband/innen, die Produkte oder Dienstleitungen testen sollen. Die Aufgabe von Interessent/innen besteht letzen Endes darin, dass sie ein Online-Konto eröffnen und ihre Zugangsdaten an das erfundene Unternehmen senden. Damit ist es den Kriminellen möglich, Verbrechen und Geldwäscherei unter dem Namen ihrer Opfer zu begehen. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bei-der-knurf-gmbh-co-kg-bewer… ===================== = Vulnerabilities = ===================== ∗∗∗ spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials ∗∗∗ --------------------------------------------- An authenticated user can visit the page spaces.htm, for example, http://victime_ip/spaces.htm, and obtain clear text password of user admin [...] --------------------------------------------- https://seclists.org/fulldisclosure/2018/Dec/45 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (ghostscript, libarchive, openjpeg2, and sqlite3), Fedora (krb5, mariadb, mariadb-connector-c, mingw-openjpeg2, openjpeg2, phpMyAdmin, python-lxml, spatialite-tools, sqlite, and squid), Mageia (kernel), openSUSE (bluez, git, go1.10, libnettle, libqt5-qtbase, ovmf, pdns, perl, tcpdump, tiff, tryton, and yast2-rmt), Slackware (netatalk), and SUSE (buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, [...] --------------------------------------------- https://lwn.net/Articles/775549/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libextractor and nagios3) and Fedora (adplug, mingw-podofo, and podofo). --------------------------------------------- https://lwn.net/Articles/775584/ ∗∗∗ Synology-SA-18:63 DS File ∗∗∗ --------------------------------------------- A vulnerability allows local users to obtain sensitive information via a susceptible version of Android DS File. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_63 ∗∗∗ Synology-SA-18:64 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_64 ∗∗∗ Synology-SA-18:65 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_65 ∗∗∗ Vuln: McAfee Application and Change Control Multiple Security Bypass Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106282 ∗∗∗ Vuln: Kibana CVE-2018-17246 Local File Include Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106285 ∗∗∗ diverse Router: Schwachstelle ermöglicht Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1200 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ja… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-12882) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-classific… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2018
by Daily end-of-shift report 21 Dec '18

21 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-12-2018 18:00 − Freitag 21-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers ∗∗∗ --------------------------------------------- Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmati… ∗∗∗ Warnung vor Phishing-Mails mit Adresse help(a)orf.at ∗∗∗ --------------------------------------------- Seit einigen Stunden sind Phishing-Mails in Umlauf, die als Reply-Adresse help(a)orf.at eingetragen haben. ORF.at weist ausdrücklich darauf hin, dass von der Konsumentenredaktion des ORF-Radio keinerlei Mails ausgeschickt werden und warnt davor, solche Mails zu öffnen. --------------------------------------------- https://orf.at/stories/3105176 ∗∗∗ Betrügerische WhatsApp-Nachrichten beim Privatverkauf ∗∗∗ --------------------------------------------- Privatverkäufer/innen erhalten von einer Nummer mit der Vorwahl „+1“ eine WhatsApp-Nachricht. Darin erkundigen sich Kriminelle nach dem Produktpreis und schlagen die Kaufabwicklung mit der EMS Shipping Company vor. Sie bestätigt einen überhöhten Zahlungseingang. Verkäufer/innen sollen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie beides. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-… ===================== = Vulnerabilities = ===================== ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in Horner Automation’s Cscape, a Control System Application programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01 ∗∗∗ Schneider Electric EcoStruxure ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an open redirect vulnerability in Schneider Electric’s EcoStruxure, an IoT-enabled architecture and platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-354-02 ∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗ --------------------------------------------- Project: JSON:APIDate: 2018-December-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities.The module doesnt sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-081 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libapache-mod-jk, libav, and netatalk), Fedora (kernel-headers, kernel-tools, and phpMyAdmin), Gentoo (go), Mageia (netty, jctools, php, and phpmyadmin), openSUSE (keepalived), Scientific Linux (ntp), SUSE (enigmail, libqt5-qtbase, mariadb, netatalk, and yast2-rmt), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-aws-hwe, [...] --------------------------------------------- https://lwn.net/Articles/775420/ ∗∗∗ Synology-SA-18:62 Netatalk ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM) and Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_62 ∗∗∗ Vuln: Ghostscript CVE-2018-19134 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106278 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-cpu-hardware-utiliz… ∗∗∗ December 20, 2018 TNS-2018-17 [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-17 ∗∗∗ TMM vulnerability CVE-2018-15330 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23328310 ∗∗∗ BIG-IP AAM DCDB vulnerability CVE-2018-15331 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54843525 ∗∗∗ TMUI vulnerability CVE-2018-15329 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61620494 Next End-of-Day report: 2018-12-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2018
by Daily end-of-shift report 20 Dec '18

20 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-12-2018 18:00 − Donnerstag 20-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ On VBScript ∗∗∗ --------------------------------------------- Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default. Yet this did not deter attackers .. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html ∗∗∗ Rise of the Webminers ∗∗∗ --------------------------------------------- About a year ago webminers began to appear on more and more website. It was popularized by CoinHive and a couple of high-profile scandals revolving around ThePirateBay and Showtime and, in .. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rise-of-the… ∗∗∗ WPA3 WLAN Encryption: All Good Things Come In 3s! ∗∗∗ --------------------------------------------- The current protocol WPA2 (WiFi Protected Access) from 2004 is getting on in years. In early 2018, the WiFi Alliance (WFA) announced an update at the Consumer Electronics Show in Las Vegas. WPA3 is the designated successor, which should eliminate weak points as well as the comfort and the security would clearly increase. In the last .. --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/wpa3-wlan-encrypti… ∗∗∗ Kritische Sicherheitslücke in Internet Explorer - Patches verfügbar ∗∗∗ --------------------------------------------- Microsoft hat ausserhalb des monatlichen Patch-Zyklus Updates für den Internet Explorer veröffentlicht, mit denen eine kritische Sicherheitslücke geschlossen wird. Diese Schwachstelle soll bereits aktiv .. --------------------------------------------- http://www.cert.at/warnings/all/20181219.html ∗∗∗ sgifashop.com ist unseriös ∗∗∗ --------------------------------------------- Der Online-Shop sgifashop.com ist mit seinem Sortiment sehr breit aufgestellt, so ist auch bestimmt für Sie das gewünschte Produkt dabei. Der Alleskönner ist jedoch betrügerisch und liefert .. --------------------------------------------- https://www.watchlist-internet.at/news/sgifashopcom-ist-unserioes/ ∗∗∗ Researcher publishes PoC for new Windows zero-day ∗∗∗ --------------------------------------------- This is the third Windows zero-day the researcher dumps online in the last five months. --------------------------------------------- https://www.zdnet.com/article/researcher-publishes-poc-for-new-windows-zero… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4355 openssl1.0 - security update ∗∗∗ --------------------------------------------- Several local side channel attacks and a denial of service via largeDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. --------------------------------------------- https://www.debian.org/security/2018/dsa-4355 ∗∗∗ Vuln: Jenkins Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106176 ∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-081 ∗∗∗ E-Sign - Moderately critical - Cross site scripting - SA-CONTRIB-2018-080 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-080 ∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1849) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1191 ∗∗∗ FreeBSD OS: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1192 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2018
by Daily end-of-shift report 19 Dec '18

19 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-12-2018 18:00 − Mittwoch 19-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gefälschte Energie AG-Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden ein gefälschtes Energie AG-Schreiben. Darin behaupten sie, dass Kund/innen ihre aktuelle Rechnung herunterladen und ausdrucken können. Dazu sollen sie eine unbekannte Website aufrufen und eine ZIP-Datei öffnen. Diese verbirgt Schadsoftware. Konsument/innen, die die vermeintliche Rechnung öffnen, installieren diese auf ihrem Computer. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-energie-ag-rechnung-verb… ∗∗∗ Searching statically-linked vulnerable library functions in executable code ∗∗∗ --------------------------------------------- Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-… ∗∗∗ Das letzte Silvester für PHP 5.6 ∗∗∗ --------------------------------------------- PHP 5.6 steht kurz vor dem Ende seiner Lebenszeit. Mit 31.12.2018 endet der Security-Support für die letzte Version der PHP 5 Familie, ab dann wird nur noch PHP 7 weiterentwickelt. Das bedeutet, dass ab dem Jahreswechsel neu entdeckte Sicherheitslücken in PHP 5.6 Upstream nicht mehr gepatcht werden. Die uns zur Verfügung stehenden Daten von Shodan zeigen, dass derzeit die Mehrheit der Server in Österreich noch PHP 5 im [...] --------------------------------------------- http://www.cert.at/services/blog/20181219120223-2326.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript), Fedora (ansible and wireshark), openSUSE (go1.11, pdns, and pdns-recursor), Oracle (firefox), Red Hat (java-1.8.0-ibm), Scientific Linux (firefox), and SUSE (crash, libqt5-qtbase, perl, and qemu). --------------------------------------------- https://lwn.net/Articles/775230/ ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability identified in Advantechs WebAccess/SCADA software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 Products ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper access control vulnerability identified in the 3S-Smart Software Solutions CODESYS Control V3 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Products ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities identified in the 3S-Smart Software Solutions GmbH CODESYS V3 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 ∗∗∗ BSRT-2018-005 Vulnerabilities in Management Console Impact Affected Versions of BlackBerry UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN99810718/ ∗∗∗ Vuln: Symfony Local File Include and Open Redirection Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106249 ∗∗∗ Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement on Information Leak Vulnerability in Huawei HG Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20181219-01-… ∗∗∗ IBM Security Bulletin: Privilege Escalation in Notes System Diagnostic Service of both IBM Notes and Domino (CVE-2018-1771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical privilege escalation vulnerability in Kubernetes (CVE-2018-1002105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 – Admin Users Can Elevate Own Permissions (CVE-2018-1973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-ad… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by authentication bypass vulnerability in LoopBack (CVE-2018-1778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from Network Time Protocol (NTP) (CVE-2018-12327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a Denial of Service vulnerability (CVE-2018-1677) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a CSRF vulnerability (CVE-2018-1661) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2018
by Daily end-of-shift report 18 Dec '18

18 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 17-12-2018 18:00 − Dienstag 18-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hidden Code in Memes Instruct Malware via Twitter ∗∗∗ --------------------------------------------- Analysts discover malicious code embedded in tweeted images. --------------------------------------------- https://threatpost.com/hidden-code-in-memes-instruct-malware-via-twitter/14… ∗∗∗ Sneaky phishing campaign beats two-factor authentication ∗∗∗ --------------------------------------------- Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn’t mean every method for doing this is equally secure. --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/18/sneaky-phishing-campaign-beats-… ∗∗∗ Your trust, our signature ∗∗∗ --------------------------------------------- Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario [...] --------------------------------------------- https://blog.fox-it.com/2018/12/18/your-trust-our-signature/ ∗∗∗ Clever SEO Spam Injection ∗∗∗ --------------------------------------------- It's very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I'll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. --------------------------------------------- https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html ∗∗∗ Erpressungstrojaner Everbe, Hidden Tear und InsaneCrypt kostenlos entschlüsseln ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat für verschiedene Verschlüsselungstrojaner Gratis-Entschlüsselungstools veröffentlicht. --------------------------------------------- http://heise.de/-4254364 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate, 14.12.18 ∗∗∗ --------------------------------------------- [...] haben wir eine potenzielle Sicherheitsschwachstelle in unserer iCal-Feed-Funktion festgestellt, in dem durch vom Benutzer manuelles Manipulieren von Teilen der Feed-URL es theoretisch möglich gewesen wäre, zufällig auf die iCal-Feeds anderer TimeTac-Benutzer zugreifen zu können. [...] Dieses Problem wurde unmittelbar nach Bekanntwerden durch ein Sicherheitsupdate behoben und bei allen theoretisch betroffenen TimeTac-Kundenkonten ausgerollt. --------------------------------------------- https://support.timetac.com/de/changelog-de/sicherheitsupdate-14-12-18/ ∗∗∗ Razer Cortex Debugger Remote Command Execution ∗∗∗ --------------------------------------------- Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on... --------------------------------------------- https://cxsecurity.com/issue/WLB-2018120170 ∗∗∗ VMSA-2018-0031 ∗∗∗ --------------------------------------------- vRealize Operations updates address a local privilege escalation vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0031.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libapache-mod-jk and sleuthkit), Fedora (kernel, kernel-headers, mbedtls, php, php-symfony, php-symfony3, php-symfony4, and wireshark), openSUSE (pdns, pdns-recursor, and salt), Oracle (firefox and ghostscript), Red Hat (ansible, firefox, ghostscript, and kernel), Scientific Linux (firefox and ghostscript), and SUSE (ovmf). --------------------------------------------- https://lwn.net/Articles/775172/ ∗∗∗ Synology-SA-18:61 Magellan ∗∗∗ --------------------------------------------- Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_61 ∗∗∗ libexif: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1182 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1180 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu… ∗∗∗ IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-kr… ∗∗∗ IBM Security Bulletin: A vulnerability in git affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-gi… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ IBM Security Bulletin: A vulnerability in wpa_supplicant affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-wp… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.12.2018
by Daily end-of-shift report 17 Dec '18

17 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-12-2018 18:00 − Montag 17-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shamoon Disk Wiper Returns with Second Sample Uncovered this Month ∗∗∗ --------------------------------------------- Shamoons comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/shamoon-disk-wiper-returns-w… ∗∗∗ Datenbank: Fehler in SQLite ermöglichte Codeausführung ∗∗∗ --------------------------------------------- Anwendungen, die SQLite einsetzen und von außen SQL-Zugriff darauf bieten, sind offenbar von einem Fehler betroffen, der eine beliebige Codeausführung ermöglicht. Dazu gehören unter anderem Browser auf Chromium-Basis, für die inzwischen Updates bereitstehen. (Security, Browser) --------------------------------------------- https://www.golem.de/news/datenbank-fehler-in-sqlite-ermoeglichte-codeausfu… ∗∗∗ Worst passwords list is out, but this time we’re not scolding users ∗∗∗ --------------------------------------------- This is on you, makers of sites and services that allow users to create passwords like "password." You can do better! --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but… ∗∗∗ The GPS 2019 Week Rollover - What You Need to Know ∗∗∗ --------------------------------------------- The Global Positioning System provides accurate timing information to many of our critical systems - power grid, communications, financial markets, emergency services, and industrial control to name a few. [...] The next time the counter will reach week 1023 and rollover to zero is on April 6, 2019. --------------------------------------------- https://spectracom.com/resources/blog/lisa-perdue/2018/gps-2019-week-rollov… ∗∗∗ Intels NUCs: Viele Mini-PCs mit fehlerhaftem BIOS-Schutz ∗∗∗ --------------------------------------------- Bei einigen Mini-PCs aus Intels NUC-Reihe lässt sich das BIOS mit manipuliertem Code überschreiben, etwa um eine Backdoor einzupflanzen. --------------------------------------------- http://heise.de/-4251738 ∗∗∗ Betrügerische Androhung von Pfändungsterminen ∗∗∗ --------------------------------------------- Konsument/innen erhalten von erfundenen Inkassobüros und Rechtsanwält/innen letzte Zahlungsaufforderungen in Höhe von 479,16 Euro. Darin heißt es, dass es zu einer Pfändung ihrer Wertgegenstände komme, wenn sie den geforderten Geldbetrag nicht bezahlen. Empfänger/innen können das Schreiben ignorieren und müssen keine Überweisung tätigen. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-androhung-von-pfaendu… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php5, poppler, and samba), Fedora (firefox, mbedtls, nbdkit, pdns-recursor, php, php-symfony, php-symfony3, and php-symfony4), Gentoo (CouchDB, scala, and spamassassin), Mageia (firefox, libwpd, nss, and thunderbird), openSUSE (Chromium, cups, ghostscript, kernel, openvswitch, phpMyAdmin, qemu, and tcpdump), Red Hat (RHGS WA), and SUSE (ansible, openldap2, openvswitch, qemu, and tcpdump). --------------------------------------------- https://lwn.net/Articles/775102/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gs… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-nt… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability. (CVE-2018-1667) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential redirection to external site when using the the IBM Event Streams API (CVE-2018-1833) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-redirection… ∗∗∗ NodeJS vulnerability CVE-2018-12120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37111863 ∗∗∗ OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43741620 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2018
by Daily end-of-shift report 14 Dec '18

14 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-12-2018 18:00 − Freitag 14-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ The economics of vulnerability disclosure ∗∗∗ --------------------------------------------- A new ENISA report aims to provide a glimpse into the costs, incentives, and impact related to discovering and disclosing vulnerabilities in information security. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-economics-of-vulnerability-… ∗∗∗ How to protect yourself as the threat of scam apps grows ∗∗∗ --------------------------------------------- As the threat of bogus apps continues, what can we do to protect ourselves against these fraudulent practices? --------------------------------------------- https://www.welivesecurity.com/2018/12/14/protect-yourself-threat-scam-apps… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Logitech Keystroke Injection Flaw Went Unaddressed for Months ∗∗∗ --------------------------------------------- The flaw allows a remote attacker to gain full access over a machine. --------------------------------------------- https://threatpost.com/logitech-keystroke-injection-flaw/139928/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript, git, java-1.7.0-openjdk, java-11-openjdk, kernel, NetworkManager, python-paramiko, ruby, sos-collector, thunderbird, and xorg-x11-server), Debian (gcc-4.9), and SUSE (amanda, ntfs-3g_ntfsprogs, and tiff). --------------------------------------------- https://lwn.net/Articles/774940/ ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE identifiers: CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0009.html ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1175 ∗∗∗ Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01 ∗∗∗ Schneider Electric GUIcon Eurotherm ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-01 ∗∗∗ Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-02 ∗∗∗ Geutebrück GmbH E2 Series IP Cameras ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03 ∗∗∗ GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04 ∗∗∗ Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN87535892/ ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – Cross-site scripting (CVE-2018-18997) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005753… ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – No Access Control (CVE-2018-18995) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005751… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-st… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerability in user login vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-1656; CVE-2018-2973; CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a public disclosed vulnerability from Apache ZooKeeper ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2018
by Daily end-of-shift report 13 Dec '18

13 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-12-2018 18:00 − Donnerstag 13-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Captchas are dead...ish. ∗∗∗ --------------------------------------------- According to a recently published research paper, some types of Captchas are now obsolete. The reason: machines have learned to solve those Captchas. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/12/31374-captchas-are-dead-ish ∗∗∗ OWASP Top 10 Security Risks – Part III ∗∗∗ --------------------------------------------- Today, we are going to explore items 5 and 6: broken access control and security misconfigurations. --------------------------------------------- https://blog.sucuri.net/2018/12/owasp-top-10-security-risks-part-iii.html ∗∗∗ Wichtiges Sicherheitsupdate: WordPress 5.0.1 ist da ∗∗∗ --------------------------------------------- Aufgrund von mehreren Sicherheitslücken könnten Angreifer mit WordPress erstellte Websites attackieren. Eine fehlerbereinigte Version steht bereit. --------------------------------------------- http://heise.de/-4249500 ∗∗∗ Scanning for Flaws, Scoring for Security ∗∗∗ --------------------------------------------- Is it fair to judge an organizations information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. --------------------------------------------- https://krebsonsecurity.com/2018/12/scanning-for-flaws-scoring-for-security/ ∗∗∗ Vorsicht bei gamestar4.com ∗∗∗ --------------------------------------------- Der Online-Shop gamestar4.com, mit angeblichem Sitz in Wien, ist betrügerisch. Auf gamestar4.com finden Sie neben Haushaltszubehör und Elektrogeräten, billige Spielkonsolen, die als Wochendeals beworben werden. Bestellen Sie bei gamestar4.com, verlieren Sie Ihr Geld, übermitteln Betrüger/innen sensible Daten und erhalten keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-gamestar4com/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (singularity), openSUSE (compat-openssl098, cups, firefox, mozilla-nss, and xen), and SUSE (cups, exiv2, ghostscript, and git). --------------------------------------------- https://lwn.net/Articles/774845/ ∗∗∗ Linux kernel vulnerability CVE-2018-5390 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95343321 ∗∗∗ IBM Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-contains-a-de… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1848) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Potential MITM attack in Apache CXF used by IBM Event Streams (CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-mitm-attack… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by multiple vulnerabilities in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by a vulnerability in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2018
by Daily end-of-shift report 12 Dec '18

12 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-12-2018 18:00 − Mittwoch 12-12-2018 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Logitech Options: Logitech-Software ermöglicht bösartige Codeausführung ∗∗∗ --------------------------------------------- In einer Software zur Konfiguration von Logitech-Tastaturen und Mäusen klafft ein riesiges Sicherheitsloch. Nutzer von Logitech Options sollten es vorerst deinstallieren: Bisher gibt es keinen Fix. (Logitech, Eingabegerät) --------------------------------------------- https://www.golem.de/news/logitech-options-logitech-software-ermoeglicht-bo… ∗∗∗ Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project ZeroWhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC project. I fuzzed this implementation to see if it had similar results to WebRTC and FaceTime.Fuzzing Set-upPJSIP is open source, so it was easy to identify the PJSIP code in the Android WhatsApp binary [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ A bug in Microsoft’s login system made it easy to hijack anyone’s Office account ∗∗∗ --------------------------------------------- A string of bugs when chained together created the perfect attack to gain access to someones Microsoft account - simply by tricking a user into clicking a link. --------------------------------------------- https://techcrunch.com/2018/12/11/microsoft-login-bug-hijack-office-account… ∗∗∗ Patchday: Attacken auf Windows-Kernel-Lücke ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehrere Schwachstellen gelten als kritisch. --------------------------------------------- http://heise.de/-4248309 ∗∗∗ Sicherheitsupdates: Angreifer könnten IP-Kameras von Bosch übernehmen ∗∗∗ --------------------------------------------- Einige IP-Kamera-Modelle von Bosch sind über eine als kritisch eingestufte Sicherheitslücke attackierbar. Updates schaffen Abhilfe. --------------------------------------------- http://heise.de/-4248751 ∗∗∗ Bitcoin Profit ist Betrug ∗∗∗ --------------------------------------------- Auf einer gefälschten orf.at-Website bewerben Kriminelle die Trading-Plattform Bitcoin Profit. In dem irreführenden Beitrag behaupten sie, dass es damit sehr einfach sei, sehr hohe Gewinne zu erzielen. Über die Werbung gelangen Leser/innen auf btcprofitnow.pro. Melden sie sich auf der Website für Bitcoin Profit an und überweisen sie ihr Geld an Kriminelle, verlieren sie es und ihre Daten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-profit-ist-betrug/ ∗∗∗ Schadsoftware in gefälschter DHL-Sendungsbenachrichtigung ∗∗∗ --------------------------------------------- Zur Weihnachtszeit ist es leicht möglich, dass Sie Versandbenachrichtigungen in Ihrem E-Mail-Posteingang erwarten. Dennoch überrascht Sie dort womöglich eine gefälschte DHL-Nachricht. Die Mail gibt vor, Sie über eine anstehende Lieferung zu informieren, die gar nicht existiert. Wenn Sie auf den Link in der Nachricht klicken, wird versucht eine Datei herunterzuladen. Vorsicht! Diese vermeintliche Word-Datei enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-in-gefaelschter-dhl-se… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, lib32-openssl, lib32-openssl-1.0, openssl, openssl-1.0, texlive-bin, and wireshark-cli), Fedora (perl), openSUSE (pdns), Oracle (kernel), Red Hat (kernel), Slackware (mozilla), SUSE (kernel, postgresql10, qemu, and xen), and Ubuntu (firefox, freerdp, freerdp2, pixman, and poppler). --------------------------------------------- https://lwn.net/Articles/774731/ ∗∗∗ Security Advisory - Cache Timing Vulnerability in OpenSSL RSA Key Generation ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181212-… ∗∗∗ IBM Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, CVE-2018-5407) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Vulnerability in Xorg affects AIX (CVE-2018-14665) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-xorg… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in Oracle Solaris affects AIX (CVE-2017-3623) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-orac… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2018