Daily December 2018

daily@lists.cert.at

2 participants
18 discussions

Tageszusammenfassung - 11.12.2018
by Daily end-of-shift report 11 Dec '18

11 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 10-12-2018 18:00 − Dienstag 11-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MySQL-Frontend: Lücke in PhpMyAdmin erlaubt Datendiebstahl ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im MySQL-Frontend PhpMyAdmin erlaubt es, lokale Dateien auszulesen. Dafür benötigt man jedoch einen bereits existierenden Login. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/mysql-frontend-luecke-in-phpmyadmin-erlaubt-daten… ∗∗∗ Warnung vor schlossauf.at ∗∗∗ --------------------------------------------- Die Website schlossauf.at wirbt mit einem seriösen und preiswerter Schlüsseldienst, der in 20min vor Ort bei Kund/innen ist. Konsument/innen, die den Dienst nutzen, nehmen in Wahrheit Kontakt mit der deutschen Gesellschaft MK Notservice GmbH auf. Sie vermittelt Schlosser/innen. Die Dienste vor Ort sind laut Kund/innenmeinungen mit langen Wartezeiten verbunden und sehr teuer. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-schlossaufat/ ∗∗∗ Augen auf beim digitale Vignetten-Kauf! ∗∗∗ --------------------------------------------- Die digitale Vignette können Sie an unterschiedlichsten Stellen erstehen. Neben der ASFINAG, dem ÖAMTC oder dem ARBÖ vertreiben nämlich auch andere unbekanntere Anbieter die digitale Vignette. Achtung: Hier werden zum Teil zusätzliche Kosten verrechnet, die Sie leicht vermeiden können, indem Sie einen kurzen Vergleich anstellen. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-digitale-vignetten-ka… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB18-41). The updates referenced in the bulletin address critical and important vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1674 ∗∗∗ Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018-071 ∗∗∗ --------------------------------------------- Project: Decoupled RouterVersion: 8.x-1.18.x-1.0Date: 2018-October-31Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label.The module doesnt sufficiently check access before displaying entity labels. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-071 ∗∗∗ TYPO3 9.5.2, 8.7.21 and 7.6.32 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: * TYPO3 9.5.2 LTS * TYPO3 8.7.21 LTS * TYPO3 7.6.32 LTS All versions are security releases and contain important security fixes. --------------------------------------------- https://typo3.org/article/typo3-952-8721-and-7632-security-releases-publish… ∗∗∗ SAP Security Patch Day – December 2018 ∗∗∗ --------------------------------------------- On 11th of December 2018, SAP Security Patch Day saw the release of 9 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php7.0), Fedora (keepalived, kernel, kernel-headers, kernel-tools, mingw-uriparser, and uriparser), openSUSE (pdns-recursor), Oracle (kernel), SUSE (compat-openssl098, glibc, java-1_8_0-ibm, kernel, opensc, python, python-base, python-cryptography, python-pyOpenSSL, samba, and soundtouch), and Ubuntu (cups). --------------------------------------------- https://lwn.net/Articles/774590/ ∗∗∗ SSA-982399: Missing Authentication in TIM 1531 IRC Modules ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-982399.txt ∗∗∗ SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ SSA-674165: Vulnerability in McAfee MACC product for SINAMICS PERFECT HARMONY GH180 drives ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-674165.txt ∗∗∗ SSA-170881: Vulnerabilities in SINUMERIK Controllers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-170881.txt ∗∗∗ IBM Security Bulletin: Open Source Python-paramiko vulnerability affects IBM Netezza Host Management. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-python-pa… ∗∗∗ IBM Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… ∗∗∗ IBM Security Bulletin: Vulnerability in BIND affects Power Hardware Management Console (CVE-2018-5740) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a glibc vulnerability (CVE-2017-15670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-access-m… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0732, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-manager-wit… ∗∗∗ glibc vulnerability CVE-2017-16997 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43546166 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.12.2018
by Daily end-of-shift report 10 Dec '18

10 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-12-2018 18:00 − Montag 10-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gefälschte T-Mobile-Nachricht fordert Auskunft ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte T-Mobile-Nachricht. Darin behaupten sie, dass Kund/innen im Zusammenhang mit der Nutzung von Diensten persönliche Daten bekannt geben und ihre Telefonnummer bestätigen müssen. Das soll auf einer gefälschten T-Mobile-Website geschehen. Konsument/innen, die die von Ihnen verlangten Informationen bekannt geben, werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-t-mobile-nachricht-forde… ∗∗∗ Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans ∗∗∗ --------------------------------------------- Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sextortion-emails-now-leadin… ∗∗∗ How can businesses get the most out of pentesting? ∗∗∗ --------------------------------------------- More than 4.5 billion data records were compromised in the first half of this year. If you still feel like your enterprise is secure after reading that statistic, you’re one of the few. Hackers utilizing high-profile exploits to victimize organizations is becoming an almost daily occurrence, with 18,000 to 19,000 new vulnerabilities estimated to show up in 2018. Here’s the thing though – we can still address the situation and make the current threat landscape [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/12/10/get-the-most-out-of-pentesting/ ∗∗∗ Mac malware combines EmPyre backdoor and XMRig miner ∗∗∗ --------------------------------------------- New Mac malware is using the EmPyre backdoor and the XMRig cryptominer to drain processor power—and possibly worse. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/12/mac-malware-combines-… ∗∗∗ Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix ∗∗∗ --------------------------------------------- Bug dealt with in Chrome and Edge, but still a problem for Firefox users. --------------------------------------------- https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml). --------------------------------------------- https://lwn.net/Articles/774489/ ∗∗∗ WPForms <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9164 ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-s, 1801-t and 1801-u ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a stored cross-site scripting vulnerability (CVE-2018-1900) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains an open redirect vulnerability (CVE-2018-1654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for libcURL (CVE-2018-14618) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from OpenSSL (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2018
by Daily end-of-shift report 07 Dec '18

07 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-12-2018 18:00 − Freitag 07-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Using Fuzzing to Mine for Zero-Days ∗∗∗ --------------------------------------------- Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in todays security landscape. --------------------------------------------- https://threatpost.com/using-fuzzing-to-mine-for-zero-days/139683/ ∗∗∗ Is it Time to Uninstall Flash? (If you havent already) ∗∗∗ --------------------------------------------- If you havent uninstalled Flash yet, maybe today should be that day. The update posted yesterday has a remote code exec proof-of-concept already here: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+have… ∗∗∗ Array string obfuscation ∗∗∗ --------------------------------------------- We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method has been increasingly utilized: [...] --------------------------------------------- http://labs.sucuri.net/?note=2018-12-06 ===================== = Vulnerabilities = ===================== ∗∗∗ Philips HealthSuite Health Android App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an inadequate encryption strength vulnerability in Philips HealthSuite Health Android App. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01 ∗∗∗ GE Proficy GDS ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper restriction of XML external entity reference vulnerability in GEs Proficy GDS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01 ∗∗∗ Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules ∗∗∗ --------------------------------------------- This advisory contains mitigations for a missing authentication vulnerability in the Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02 ∗∗∗ watchOS 5.1.2 ∗∗∗ --------------------------------------------- This document describes the security content of watchOS 5.1.2. --------------------------------------------- https://support.apple.com/en-us/HT209343 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack). --------------------------------------------- https://lwn.net/Articles/774270/ ∗∗∗ Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN89767228/ ∗∗∗ IBM Security Bulletin: Potential information disclosure in WebSphere Application Server (CVE-2018-1957) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-information… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple openssl vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-social-program-ma… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2018
by Daily end-of-shift report 06 Dec '18

06 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-12-2018 18:00 − Donnerstag 06-12-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 2: Fun with FaceTime ∗∗∗ --------------------------------------------- FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the .. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Data Exfiltration in Penetration Tests ∗∗∗ --------------------------------------------- In many penetration tests, therell be a point where you need to exfiltrate some data. Sometimes this is a situation of "OK, we got the crown jewels, lets get the data off premise". Or sometimes in .. --------------------------------------------- https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24… ∗∗∗ Campaign evolution: Hancitor changes its Word macros ∗∗∗ --------------------------------------------- Todays diary reviews trends in recent malicious spam (malspam) pushing Hancitor. --------------------------------------------- https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+changes+its+W… ∗∗∗ MikroTik: Hunderttausende Router schürfen heimlich Kryptogeld ∗∗∗ --------------------------------------------- Eine im August bekannt gewordenen Schwachstelle in den Geräten wird momentan öfter angegriffen denn je. --------------------------------------------- http://heise.de/-4243857 ∗∗∗ Linux: Besserer Spectre-V2-Schutz jetzt im Kernel, kaum Geschwindigkeitsverlust ∗∗∗ --------------------------------------------- Nach einem abgelehnten Patch haben die Linux-Entwickler den Schutz gegen die CPU-Lücke Spectre V2 in den Kerneln 4.14.86 und 4.19.7 verbessert. --------------------------------------------- http://heise.de/-4244052 ∗∗∗ Betrügerischer Sicherheitsalarm im Postfach ∗∗∗ --------------------------------------------- Konsument/innen finden in ihrem E-Mailpostfach eine Nachricht mit dem Betreff „Sicherheitsalarm. Hacker kennen das Passwort vom (E-Mailadresse)“. In dem Schreiben behaupten Kriminelle .. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3205&tx… ∗∗∗ konsolensultan.de ist ein Fake-Shop ∗∗∗ --------------------------------------------- Bestellen Sie nicht bei konsolensultan.de, es handelt sich um einen unseriösen Anbieter. Die gewünschten Spielkonsolen und Controller werden Sie nie erreichen. Sie verlieren Ihr Geld. --------------------------------------------- https://www.watchlist-internet.at/news/konsolensultande-ist-ein-fake-shop/ ∗∗∗ A botnet of over 20,000 WordPress sites is attacking other WordPress sites ∗∗∗ --------------------------------------------- Botnet is still up and running but law enforcement has been notified. --------------------------------------------- https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-41) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, December 11, 2018. We will continue to provide updates on the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1669 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin). --------------------------------------------- https://lwn.net/Articles/774089/ ∗∗∗ MISP 2.4.99 released (aka API/UI fixes and critical security vulnerability fixed) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.Thanks to Francois-Xavier Stellamans from NCI Agency Cyber Security who reported a critical vulnerability in the STIX 1 import code. The vulnerability allows a malicious authenticated user to inject commands via .. --------------------------------------------- https://www.misp-project.org/2018/12/06/MISP.2.4.99.released.html ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Mul… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-5407 and CVE-2018-0734 in OpenSSL affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1896) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-could-… ∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a downgrade vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2018
by Daily end-of-shift report 05 Dec '18

05 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-12-2018 18:00 − Mittwoch 05-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 1: The Wild World of WebRTC ∗∗∗ --------------------------------------------- Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. While a lot of research has been done into the cryptographic and privacy properties of video conferencing, there is limited information available about the attack surface of these platforms [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Notfallpatch: Exploit-Code für kritische Flash-Lücke im Umlauf ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für Adobes Flash Player. Nutzer sollten es dringend installieren. --------------------------------------------- http://heise.de/-4242328 ∗∗∗ SplitSpectre: Neue Methode macht Prozessor-Angriffe einfacher ∗∗∗ --------------------------------------------- Eine neue Abwandlung des Spectre-V1-Angriffs macht solche Attacken auf CPUs realistischer. Sie lässt sich über die JavaScript-Engine eines Browsers ausführen. --------------------------------------------- http://heise.de/-4241478 ∗∗∗ Achtung Dynamit-Phishing: Gefährliche Trojaner-Welle legt ganze Firmen lahm ∗∗∗ --------------------------------------------- BSI, CERT-Bund und Cybercrime-Spezialisten der LKAs sehen eine akute Welle von Infektionen mit Emotet, die Millionenschäden anrichtet. --------------------------------------------- http://heise.de/-4241424 ∗∗∗ The Dark Side of the ForSSHe ∗∗∗ --------------------------------------------- ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, "The Dark Side of the ForSSHe", they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats --------------------------------------------- https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/ ∗∗∗ Achtung: Gefälschte PayPal-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Konsument/innen wird per E-Mail eine angebliche Rechnung von PayPal zugesandt - für ein Produkt, das nie bestellt wurde. Um die Rechnung zu stornieren, soll man einem Link folgen und dort seine persönlichen Daten und Zahlungsinformationen bekannt geben. Wer der Aufforderung nachkommt, wird Opfer eines Datendiebstahls und ermöglicht Kriminellen Zahlungen im eigenen Namen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-gefaelschte-paypal-rechnunge… ∗∗∗ It looked like a Citrix ShareFile phishing attack, but wasn’t ∗∗∗ --------------------------------------------- Guest contributor Bob Covello isn’t happy about a password reset email that Citrix has been sending its customers.If you’re a company contacting your customers via email, please make sure it doesn’t look phishy. --------------------------------------------- https://www.grahamcluley.com/citrix-sharefile-not-phishing-email/ ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-One ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and use after free vulnerabilities in Omrons CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01 ∗∗∗ SpiderControl SCADA WebServer ∗∗∗ --------------------------------------------- This advisory includes mitigations for a reflected cross-site scripting vulnerability in SpiderControls SCADA WebServer software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 ∗∗∗ Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018 ∗∗∗ --------------------------------------------- Version 1.15: Final --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Inadequate cryptography implementation in Kerio Control VPN protocol ∗∗∗ --------------------------------------------- A vulnerability in the Kerio Control VPN protocol allowed an attacker to modify data transferred through the VPN. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/inadequate-cryptography-impl… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby). --------------------------------------------- https://lwn.net/Articles/773964/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1935) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Financial Transaction Manager for Check Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-17/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-im… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a XSS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2018
by Daily end-of-shift report 04 Dec '18

04 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 03-12-2018 18:00 − Dienstag 04-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KoffeyMaker: notebook vs. ATM ∗∗∗ --------------------------------------------- Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack. --------------------------------------------- https://securelist.com/koffeymaker-notebook-vs-atm/89161/ ∗∗∗ SamSam Ransomware ∗∗∗ --------------------------------------------- Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide.NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information. This product is provided subject to this --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/03/SamSam-Ransomware ∗∗∗ App-Store-Betrug mit Touch-ID-Geräten ∗∗∗ --------------------------------------------- Verschiedene Entwickler versuchen, Nutzer zum Kauf teurer In-App-Angebote zu bringen – mittels "Fingerabdruckklau". Apple reagiert. --------------------------------------------- http://heise.de/-4239342 ∗∗∗ Kubernetes: Kritisches Update für Container-Verwaltung ∗∗∗ --------------------------------------------- In Kubernetes steckt eine gefährliche Sicherheitslücke, über die unangemeldete Angreifer Code mit Admin-Rechten im Cluster ausführen können. --------------------------------------------- http://heise.de/-4240804 ∗∗∗ Gebietskörperschaften erhalten gefälschte Geschäftskorrespondenz ∗∗∗ --------------------------------------------- Betrüger/innen schreiben Gebietskörperschaften an und geben sich als Geschäftspartner/innen des Bundes, der Länder oder der Gemeinden aus. Sie erfinden einen Grund, der es angeblich notwendig macht, dass sie die Vertragskopie für ein Rechtsgeschäft erhalten. In diese fügen sie neue Bankdaten ein und fordern die Geldüberweisung auf ein neues Konto. Beamt/innen und Vertragsbedienstete, die die Transaktion durchführen, überweisen Geld an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gebietskoerperschaften-erhalten-gefa… ∗∗∗ In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct ∗∗∗ --------------------------------------------- Since we began reporting on online card skimming, we have noted consistent evolutions in modus operandi of the various Magecart groups, and even the Magecart phenomenon itself. The web-skimming ecosystem has exploded, spawning multiple groups that want a piece of the action, many of which we reported on in our recent report “Inside Magecart.” […]The post In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct appeared first on RiskIQ. --------------------------------------------- https://www.riskiq.com/blog/labs/magecart-vision-direct/ ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-12-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2018-12-01.html ∗∗∗ Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is [...] --------------------------------------------- https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injectio… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/773826/ ∗∗∗ Cisco Energy Management Suite Default PostgreSQL Password Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ TMM vulnerability CVE-2018-5535 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19634255 ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM WebSphere Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-15/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Transparent Cloud Tiering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-14/ ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: QRadar Advisor with Watson ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-13/ ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Apache PDFBox as used in IBM QRadar Incident Forensics is vulnerable to Publicly disclosed vulnerability. (CVE-2018-8036) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-as-used… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.12.2018
by Stephan Richter 03 Dec '18

03 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗ --------------------------------------------- Industrial Control Systems (ICS) are expected to be installed and left isolated for a long time. Technical changes and the necessity of reducing operating costs led to this equipment being left in operation longer than expected, exposing it to a broad range of cyber-threats. Malware designed to compromise [...] --------------------------------------------- https://resources.infosecinstitute.com/who-is-targeting-industrial-faciliti… ∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗ --------------------------------------------- I’m writing this quick wrap-up in Vienna, Austria where I attended my first DeepSec conference. This event was already on my schedule for a while but I never had a chance to come. This year, I submitted a training and I was accepted! Good opportunity to visit the beautiful city [...] --------------------------------------------- https://blog.rootshell.be/2018/11/30/deepsec-2018-wrap-up/ ∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS Implementations ∗∗∗ --------------------------------------------- In this whitepaper*, nine different implementations of TLS were tested against cache attacks and seven were found to be vulnerable: [...] --------------------------------------------- https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-c… ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗ --------------------------------------------- In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes (PP) for a few different reasons. This blog seeks to remedy this omission and provide details of how I was able to also hijack a full PP-WindowsTCB process without requiring administrator privileges. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-… ∗∗∗ What the Marriott Breach Says About Security ∗∗∗ --------------------------------------------- We dont yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. --------------------------------------------- https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-sec… ∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗ --------------------------------------------- Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben, denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird nie verschickt! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-iphone-gewinn-sms-von-bi… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope ∗∗∗ --------------------------------------------- A digital oscilloscope by Siglent Technologies is affected by multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication. The vendor was unresponsive and did not provide a patch. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws). --------------------------------------------- https://lwn.net/Articles/773437/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/773650/ ∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106059 ∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in [...] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vu… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1138

1 0

Tageszusammenfassung - 03.12.2018
by Daily end-of-shift report 03 Dec '18

03 Dec '18

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2018