Daily February 2018

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - 28.02.2018
by Daily end-of-shift report 28 Feb '18

28 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-02-2018 18:00 − Mittwoch 28-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Free Decrypter Available for GandCrab Ransomware Victims ∗∗∗ --------------------------------------------- Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-decrypter-available-for… ∗∗∗ Dissecting Hancitor’s Latest 2018 Packer ∗∗∗ --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/02/unit42-dissecting-hanci… ∗∗∗ Sicherheits-Netzbetriebssystem: Fortinet präsentiert FortiOS 6.0 ∗∗∗ --------------------------------------------- Auf seiner Hausveranstaltung Accelerate 18 hat Fortinet Version 6.0 seines Security-Network-Betriebssystems FortiOS vorgestellt. Das Update umfasst über 200 Aktualisierungen. --------------------------------------------- https://www.heise.de/meldung/Sicherheits-Netzbetriebssystem-Fortinet-praese… ∗∗∗ Electra: Erster umfassender Jailbreak für iOS 11 erschienen ∗∗∗ --------------------------------------------- Ein neuer Jailbreak soll erstmals den alternativen App Store Cydia auf iOS 11 bringen. Dafür wird der Exploit eines Google-Sicherheitsforschers eingesetzt, der allerdings nur in älteren Versionen des Betriebssystems funktioniert. --------------------------------------------- https://www.heise.de/meldung/Electra-Erster-umfassender-Jailbreak-fuer-iOS-… ∗∗∗ Who Wasn’t Responsible for Olympic Destroyer? ∗∗∗ --------------------------------------------- This blog post is authored by Paul Rascagneres and Martin Lee.SummaryAbsent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The threat actor responsible for the attack has purposefully included .. --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/VvKIOSM9n5Y/who-wasnt-re… ∗∗∗ First true native IPv6 DDoS attack spotted in wild ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/first-true-native-ipv6-ddos-attack-spotte… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson ControlWave Micro Process Automation Controller ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in the Emerson ControlWave Micro Process Automation Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-03 ∗∗∗ Delta Electronics WPLSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow, heap-based buffer overflow, out-of-bounds write vulnerabilities in the Delta Electronics WPLSoft PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 ∗∗∗ Medtronic 2090 Carelink Programmer Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in Medtronic’s 2090 CareLink Programmer and its accompanying software deployment network. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01 ∗∗∗ Philips Intellispace Portal ISP Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in the Philips’ IntelliSpace Portal (ISP), an advanced visualization and image analysis system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 ∗∗∗ Siemens SIMATIC Industrial PCs ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013543 ∗∗∗ IBM Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013436 ∗∗∗ Insecure Direct Object Reference in TestLink Open Source Test Management ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/insecure-direct-object-refer… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2018
by Daily end-of-shift report 27 Feb '18

27 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-02-2018 18:00 − Dienstag 27-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SAML Vulnerability Lets Attackers Log in as Other Users ∗∗∗ --------------------------------------------- Security researchers from Duo Labs and the US Computer Emergency Response Team (US-CERT) will release security advisories today detailing a new SAML vulnerability that allows malicious attackers to authenticate as legitimate users without knowledge of the victims password. --------------------------------------------- https://www.bleepingcomputer.com/news/security/saml-vulnerability-lets-atta… ∗∗∗ New Guide on How to Clean a Hacked Website ∗∗∗ --------------------------------------------- Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are eager to share with you some tips on how to clean your hacked website. We are happy to help the community learn the steps they can follow to get rid of a website hack. You can find all our guides to website security in a section of our website dedicated to providing concise and comprehensive tips on different areas of --------------------------------------------- https://blog.sucuri.net/2018/02/new-guide-clean-hacked-website.html ∗∗∗ Memcached Amplification Attack: Neuer DDoS-Angriffsvektor aufgetaucht ∗∗∗ --------------------------------------------- Öffentlich erreichbare Memcached-Installationen werden von Angreifern für mächtige DDoS-Attacken missbraucht. Die Besitzer dieser Server wissen oft nicht, dass sie dabei helfen, Webseiten aus dem Internet zu spülen. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Attack-Neuer-… ===================== = Vulnerabilities = ===================== ∗∗∗ OS command injection, arbitrary file upload & SQL injection in ClipBucket ∗∗∗ --------------------------------------------- Critical security issues such as OS command injection or arbitrary file upload allow an attacker to fully compromise the web server which has the video and media management solution “ClipBucket” installed. Potentially sensitive data might get exposed through this attack. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitra… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (exim, irssi, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, phpMyAdmin, and seamonkey), Mageia (cups, flatpak, golang, jhead, and qpdf), Oracle (gcab, java-1.7.0-openjdk, and kernel), Red Hat (gcab, java-1.7.0-openjdk, and java-1.8.0-ibm), Scientific Linux (gcab and java-1.7.0-openjdk), and Ubuntu (sensible-utils). --------------------------------------------- https://lwn.net/Articles/748179/ ∗∗∗ DFN-CERT-2018-0389: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0389/ ∗∗∗ IBM Security Bulletin: Potential hard-coded password vulnerability affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013961 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010869 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a Public disclosed vulnerability from Apache Struts vulnerability (CVE-2017-15707) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013305 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012547 ∗∗∗ GNU C Library vulnerability CVE-2018-6551 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11274054 ∗∗∗ XSA-256 - x86 PVH guest without LAPIC may DoS the host ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-256.html ∗∗∗ XSA-255 - grant table v2 -> v1 transition may crash Xen ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-255.html ∗∗∗ XSA-252 - DoS via non-preemptable L3/L4 pagetable freeing ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-252.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2018
by Daily end-of-shift report 26 Feb '18

26 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-02-2018 18:00 − Montag 26-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Incident Response: Social Engineering funktioniert als Angriffsvektor weiterhin ∗∗∗ --------------------------------------------- Was passiert, nachdem ein Unternehmen gehackt wurde - und welche Mechanismen werden dafür genutzt? Das Sicherheitsunternehmen F-Secure hat Zahlen des eigenen Incident-Response-Teams veröffentlicht und stellt fest: Besonders im Gaming-Sektor und bei Behörden gibt es gezielte Angriffe. --------------------------------------------- https://www.golem.de/news/incident-response-social-engineering-funktioniert… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0384/">Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht authentisierten Angreifer für verschiedene Denial-of-Service (DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen erfordert die Verarbeitung speziell präparierter Datenpakete oder Packet-Trace-Dateien. Der Hersteller stellt Wireshark 2.2.13 und 2.4.5 als Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0384/ ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. ... Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-wavpack, phpmyadmin, unixodbc, and wavpack), Debian (drupal7, golang, imagemagick, libdatetime-timezone-perl, libvpx, and tzdata), Fedora (exim, irssi, kernel, milkytracker, qt5-qtwebengine, seamonkey, and suricata), Mageia (advancecomp, apache-commons-email, freetype2, ghostscript, glpi, jackson-databind, kernel, mariadb, and postgresql), openSUSE (dhcp, GraphicsMagick, lame, php5, phpMyAdmin, timidity, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/748073/ ∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1416) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013706 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013753 ∗∗∗ IBM Security Bulletin:IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities (CVE-2016-1000220, CVE-2017-11479) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013921 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Inadequate Encryption Strength vulnerability (CVE-2018-1425) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013751 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Weak password policy vulnerability (CVE-2018-1372) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013832 ∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013094 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security is affected by a publicly disclosed vulnerability in BIND ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013558 ∗∗∗ IBM Security Bulletin: IBM Protector is affected by Open Source XMLsoft Libxml2 Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013890 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.02.2018
by Daily end-of-shift report 23 Feb '18

23 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-02-2018 18:00 − Freitag 23-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Botched npm Update Crashes Linux Systems, Forces Users to Reinstall ∗∗∗ --------------------------------------------- A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. --------------------------------------------- https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linu… ∗∗∗ Android P Will Block Background Apps from Accessing Phones Camera & Microphone ∗∗∗ --------------------------------------------- Android P, the next major version of the Android operating system, will block idle (background) applications from accessing a smartphones camera or microphone. --------------------------------------------- https://www.bleepingcomputer.com/news/mobile/android-p-will-block-backgroun… ∗∗∗ Pwned Passwords: Troy Hunt veröffentlicht eine halbe Milliarde Passworthashes ∗∗∗ --------------------------------------------- Bei HaveIBeenPwned können Nutzer aktuell rund eine halbe Milliarde Passwort-Hashes herunterladen. Damit könnten sie Dienste in die Lage versetzen, geleakte Passwörter abzulehnen. --------------------------------------------- https://www.golem.de/news/pwned-passwords-troy-hunt-veroeffentlicht-eine-ha… ∗∗∗ Mitm6 - Pwning IPv4 Via IPv6 ∗∗∗ --------------------------------------------- Mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server [...] --------------------------------------------- https://www.kitploit.com/2018/02/mitm6-pwning-ipv4-via-ipv6.html ∗∗∗ Versionsverwaltung: GitLab 10.5 integriert Verschlüsselung mit Lets Encrypt ∗∗∗ --------------------------------------------- Insgesamt 26 Neuerungen bringt die neue Version von GitLab mit. Spannend sind vor allem die Verschlüsselung mit Lets Encrypt, externe Daten in CI/CD-Pipelines, und der Einzug von Gemnasium in die Versionsverwaltung. --------------------------------------------- https://www.heise.de/developer/meldung/Versionsverwaltung-GitLab-10-5-integ… ∗∗∗ Name, Adresse, Geburtsdatum: ÖBB-App zeigte fremde Nutzerdaten an ∗∗∗ --------------------------------------------- Betroffene sahen sensible Daten anderer Nutzer. Ob auch Kreditkarteninformationen im Detail eingesehen werden konnten, ist noch nicht klar --------------------------------------------- http://derstandard.at/2000074884009 ∗∗∗ Report Highlights Challenges of Incident Response ∗∗∗ --------------------------------------------- False Positives Lead to a Surprising Number of Incident Response Investigations read more --------------------------------------------- https://www.securityweek.com/report-highlights-challenges-incident-response ===================== = Vulnerabilities = ===================== ∗∗∗ MFSBGN03798 rev.1 - Micro Focus UCMDB-Browser, Apache Struts Instance ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Universal CMDB. The vulnerability could be remotely exploited to allow Arbitrary Code Execution. --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups, gcc-6, irssi, kernel, and squid3), Fedora (mupdf), Mageia (irssi, mpv, qpdf, and quagga), openSUSE (libmad and postgresql95), SUSE (kernel and php5), and Ubuntu (kernel, linux-lts-trusty, linux-raspi2, and wavpack). --------------------------------------------- https://lwn.net/Articles/747911/ ∗∗∗ DFN-CERT-2018-0378: Apache Tomcat: Zwei Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0378/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.02.2018
by Daily end-of-shift report 22 Feb '18

22 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-02-2018 18:00 − Donnerstag 22-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gefälschte BAWAG P.S.K.-Kundeninformation im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte BAWAG P.S.K.-Kundeninformation. Darin fordern sie die Empfänger/innen dazu auf, dass sie ihre Nutzerinformationen bei der Bank bestätigen. Das soll auf einer fremden Website geschehen. Konsument/innen, die der Aufforderung nachkommen, übermitteln Betrüger/innen ihre Daten. Die Kriminellen nützen diese, um Geld zu stehlen und Verbrechen unter fremden Namen zu begehen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-bawag-psk-kundeninformat… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0364/">Digium Asterisk, Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Der Hersteller informiert über die Schwachstellen und stellt Asterisk Open Source 13.19.2, 14.7.6 und 15.2.2 sowie Certified Asterisk 13.18-cert3 als Sicherheitsupdates bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0364/ ∗∗∗ DFN-CERT-2018-0356/">Red Hat Satellite: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung von Systemen ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in von Red Hat Satellite verwendeten Komponenten, insbesondere Foreman, ermöglichen auch einem entfernten und nicht authentisierten Angreifer das Ausspähen sensibler Informationen wie Passwörtern, einen Cross-Site-Scripting (XSS)-Angriff, Denial-of-Service (DoS)-Angriffe und möglicherweise die Ausführung beliebigen Programmcodes ... --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0356/ ∗∗∗ Sicherheitsupdates: Drupal-Webseiten können Inhalte leaken ∗∗∗ --------------------------------------------- Im CMS Drupal klaffen mehrere Sicherheitslücken. Davon gelten zwei als kritisch. Sicherheitsupdates für verschiene Versionsstränge stehen bereit. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Drupal-Webseiten-koennen-In… ∗∗∗ Trend Micro fixes serious vulnerabilities in Email Encryption Gateway ∗∗∗ --------------------------------------------- Trend Micro has plugged a bucketload of vulnerabilities in its Email Encryption Gateway, some of which can be combined to execute root commands from the perspective of a remote unauthenticated attacker. --------------------------------------------- https://www.helpnetsecurity.com/2018/02/22/email-encryption-gateway-vulnera… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (strongswan), Fedora (torbrowser-launcher), openSUSE (libdb-4_5, libdb-4_8, postgresql96, python3-openpyxl, and xv), Red Hat (rh-maven35-jackson-databind), and Ubuntu (kernel, libreoffice, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-oem, and linux-lts-xenial, linux-aws). --------------------------------------------- https://lwn.net/Articles/747805/ ∗∗∗ IBM Security Bulletin: IBM b-type SAN Network/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012115 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM API Connect (CVE-2017-3738, CVE-2017-3737) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013801 ∗∗∗ IBM Security Bulletin: API Connect is affected by weaker than expected cryptographic algorithm usage vulnerability (CVE-2018-1385) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013051 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by Information Exposure vulnerability (CVE-2017-1774 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013595 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Password in Clear Text vulnerability (CVE-2018-1377 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013596 ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by Liberty for Java for IBM Cloud (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013713 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM API Connect (CVE-2017-7668, CVE-2017-7679) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012455 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2018
by Daily end-of-shift report 21 Feb '18

21 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-02-2018 18:00 − Mittwoch 21-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ New Spectre/Meltdown Variants ∗∗∗ --------------------------------------------- Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks. --------------------------------------------- https://www.schneier.com/blog/archives/2018/02/new_spectremelt.html ===================== = Vulnerabilities = ===================== ∗∗∗ ABB netCADOPS Web Application ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an information exposure vulnerability in the ABB netCADOPS Web Application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01 ∗∗∗ DFN-CERT-2018-0347/">phpMyAdmin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in phpMyAdmin ausnutzen, um einen Cross-Site-Scripting (XSS)-Angriff gegen sich selbst durchzuführen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0347/ ∗∗∗ Mozillas executable installers: FUBAR ∗∗∗ --------------------------------------------- #1) "Firefox Installer.exe" (digitally signed 2018-01-28) 58.0.1 is vulnerable to DLL hijacking #2) "setup-stub.exe" extracted and executed by "Firefox Installer.exe" is vulnerable to DLL hijacking #3) "Firefox Setup 52.6.0esr.exe" (digitally signed 2018-01-19) is vulnerable to DLL hijacking #4) "setup.exe" extracted and executed by "Firefox Setup 52.6.0esr.exe" is vulnerable to DLL hijacking --------------------------------------------- http://seclists.org/fulldisclosure/2018/Feb/58 ∗∗∗ Sicherheitsforscher empfiehlt, BitTorrent-Client uTorrent Web vorerst nicht zu nutzen ∗∗∗ --------------------------------------------- Zwei uTorrent-Clients sind verwundbar. Es gibt zwar Sicherheitspatches, doch offenbar wirken diese nur teilweise. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsforscher-empfiehlt-BitTorrent-Clien… ∗∗∗ Coldroot: macOS-Trojaner offenbar seit zwei Jahren unentdeckt ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Remote-Access-Malware für Apple-Rechner entdeckt, die seit mindestens 2016 kursieren soll. --------------------------------------------- https://www.heise.de/meldung/Coldroot-macOS-Trojaner-offenbar-seit-zwei-Jah… ∗∗∗ Internet of Babies – When baby monitors fail to be smart ∗∗∗ --------------------------------------------- Baby monitors serve an important purpose in securing and monitoring our loved ones. An estimated 52k user accounts and video baby monitors are affected by a number of critical security vulnerabilities in "miSafes" video monitor products. --------------------------------------------- https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-mo… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmspack), Debian (zziplib), Fedora (ca-certificates, firefox, freetype, golang, krb5, libreoffice, monit, patch, plasma-workspace, ruby, sox, tomcat, and zziplib), openSUSE (dovecot22, glibc, GraphicsMagick, libXcursor, mbedtls, p7zip, SDL_image, SDL2_image, sox, and transfig), Red Hat (chromium-browser), and Ubuntu (cups, libvirt, and qemu). --------------------------------------------- https://lwn.net/Articles/747711/ ∗∗∗ Cisco Unity Connection Mail Relay Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Service Catalog Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=swg22012965 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1415) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013796 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2018-1414) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013797 ∗∗∗ IBM Security Bulletin: IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012113 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential input validation vulnerability (CVE-2018-1392) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013249 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential Denial of Service (DOS) vulnerability (CVE-2018-1391) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013247 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012828 ∗∗∗ IBM Security Bulletin: IBM Transformation Extender Advanced is Potentially Vulnerable to an XML External Entity (XXE) Injection in its REST API. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013432 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013088 ∗∗∗ IBM Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027035 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2018
by Daily end-of-shift report 20 Feb '18

20 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-02-2018 18:00 − Dienstag 20-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Coldroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years Ago ∗∗∗ --------------------------------------------- Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetecta… ∗∗∗ Pirated Wordpress Add-On makes Websites Distribute Malware ∗∗∗ --------------------------------------------- Wordpress is a popular tool for creating web pages. Numerous extensions make your own programming skills superfluous. However, one should be careful when choosing its extensions. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/02/30506-wordpress-add-on-malware ∗∗∗ Biggest Crypto Hacking Operation Ever Uncovered ∗∗∗ --------------------------------------------- Hackers are targeting Jenkins CI servers to exploit a vulnerability and secretly mine millions of dollars worth of cryptocurrency. --------------------------------------------- https://www.htbridge.com/blog/biggest-crypto-hacking-operation-ever-uncover… ∗∗∗ Wikipedia Page Review Reveals Minr Malware ∗∗∗ --------------------------------------------- Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen any new malware using it. It was definitely a surprise for us when approximately 3 months ago we noticed the JJEncode obfuscator was once again in [...] --------------------------------------------- https://blog.sucuri.net/2018/02/wikipedia-page-review-revealed-minr-malware… ∗∗∗ Textbombe: Apple räumt verheerenden Fehler mit Update aus ∗∗∗ --------------------------------------------- Neue Versionen von iOS und macOS verfügbar – Zeichenfolge konnte zahlreiche Apps zum Absturz bringen --------------------------------------------- http://derstandard.at/2000074619775 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/747630/ ∗∗∗ DFN-CERT-2018-0340: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0340/ ∗∗∗ IBM Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by the Following OpenSSL Vulnerabilities (CVE-2017-3637, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013705 ∗∗∗ JSA10843 - 2018-02 Security Bulletin: AppFormix: Debug Shell Command Execution in AppFormix Agent (CVE-2018-0015) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10843&actp=RSS -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.02.2018
by Daily end-of-shift report 19 Feb '18

19 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-02-2018 18:00 − Montag 19-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers pilfered $6M from Russian central bank via SWIFT system ∗∗∗ --------------------------------------------- Hackers nicked $6 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank. --------------------------------------------- https://www.scmagazine.com/hackers-pilfered-6m-from-russian-central-bank-vi… ∗∗∗ WWW: Tracking-Methoden werden brutaler, Browser-Hersteller schauen weg ∗∗∗ --------------------------------------------- Die Überwachungsmethoden der Tracker werden immer ausgefeilter. Selbst bei Online-Apotheken bedienen sich die Datendealer. Datenschutz-Forscher Arvind Narayanan ärgert sich über die Untätigkeit der großen Browser-Hersteller. --------------------------------------------- https://heise.de/-3718112 ∗∗∗ FSX: Add-On-Entwickler FSLabs liest heimlich Passwörter von Raubkopierern aus ∗∗∗ --------------------------------------------- FlightSimLabs verkauft Zusatzflugzeuge für den beliebten Microsoft Flight Simulator. Die Firma gibt zu, mutmaßlichen Raubkopierern eine Software auf den Rechner installiert zu haben, die deren Chrome-Passwörter an die Entwickler übermittelt. --------------------------------------------- https://heise.de/-3973485 ∗∗∗ Security bugs in Dell storage platform allowed hackers to gain root access ∗∗∗ --------------------------------------------- Security researchers recently unearthed as many as nine security vulnerabilities in Dell EMC's Isilon OneFS platform allowing remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root. --------------------------------------------- https://www.scmagazineuk.com/news/security-bugs-in-dell-storage-platform-al… ∗∗∗ Record-Breaking Number of Vulnerabilities Disclosed in 2017: Report ∗∗∗ --------------------------------------------- A record-breaking number of vulnerabilities were disclosed in 2017, with a total of 20,832 such security flaws, a new report from Risk Based Security shows. read more --------------------------------------------- https://www.securityweek.com/record-breaking-number-vulnerabilities-disclos… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft-Browser Edge: Google veröffentlicht Zero-Day-Lücke, kein Patch in Sicht ∗∗∗ --------------------------------------------- Der JIT-Compiler, der Microsofts Edge-Browser von Angriffscode aus dem Web isolieren soll, lässt sich selbst zum Einschleusen von Angriffscode missbrauchen. Google hat die dazugehörige Lücke nun veröffentlicht, ohne dass Microsoft Zeit zum Patchen hatte. --------------------------------------------- https://heise.de/-3973380 ∗∗∗ DSA-4118 tomcat-native - security update ∗∗∗ --------------------------------------------- Jonas Klempel reported that tomcat-native, a library giving Tomcataccess to the Apache Portable Runtime (APR) librarys network connection(socket) implementation and random-number generator, does not properlyhandle fields longer than 127 bytes when parsing the AIA-Extension fieldof a client certificate. If OCSP checks are used, this could result inclient certificates that should have been rejected to be accepted. --------------------------------------------- https://www.debian.org/security/2018/dsa-4118 ∗∗∗ DFN-CERT-2016-0125: Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Red Hat aktualisiert seinen Sicherheitshinweis vom 21.01.2016 und gibt bekannt, dass die Schwachstelle CVE-2012-1148 auch in der aktualisierten Version des Red Hat JBoss Webserver enthalten ist. Bislang gibt es keine Information darüber, wann ein Sicherheitsupdate zur Behebung dieser Schwachstelle zur Verfügung stehen wird. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0125/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi), Debian (bind9, gcc-4.9, plasma-workspace, quagga, and tomcat-native), Fedora (p7zip), Mageia (nasm), openSUSE (exim, ffmpeg, irssi, mpv, qpdf, quagga, rrdtool, and rubygem-puppet), and SUSE (p7zip and xen). --------------------------------------------- https://lwn.net/Articles/747548/rss ∗∗∗ Tenda AC15 Remote Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2018020216 ∗∗∗ IBM Security Bulletin: IBM Maximo Anywhere is vulnerable to cross-site scripting (CVE-2017-1604) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011883 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects Rational Rhapsody Design Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013739 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.02.2018
by Daily end-of-shift report 16 Feb '18

16 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-02-2018 18:00 − Freitag 16-02-2018 18:00 Handler: n/a Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Saturn Ransomware Actively Infecting Victims ∗∗∗ --------------------------------------------- A new ransomware was discovered this week by MalwareHunterTeam called Saturn. This ransomware will encrypt the files on a computer and then append the .saturn extension to the files name. At this time it is not known how Saturn Ransomware is being distributed. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-saturn-ransomware-active… ∗∗∗ Using the Chrome Task Manager to Find In-Browser Miners ∗∗∗ --------------------------------------------- The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager. --------------------------------------------- https://www.bleepingcomputer.com/news/security/using-the-chrome-task-manage… ∗∗∗ Behörden ignorieren Sicherheitsbedenken gegenüber Windows 10 ∗∗∗ --------------------------------------------- Deutsche Behörden kaufen fleißig Software bei Microsoft. Dabei gibt es erhebliche Sicherheitsbedenken, die das US-Unternehmen wohl immer noch nicht ausräumen konnte. Unklar ist etwa, welche Daten an den Konzern fließen. --------------------------------------------- https://www.heise.de/newsticker/meldung/Behoerden-ignorieren-Sicherheitsbed… ∗∗∗ Infizierte Heimrouter: Satori-Botnetz legt stark zu ∗∗∗ --------------------------------------------- Der Mirai-Nachfolger Satori infiziert immer mehr Heimrouter und IoT-Geräte. Die zugrundeliegenden Sicherheitslücken werden von den Herstellern oft ignoriert. In der Zwischenzeit schürfen die Angreifer munter Kryptogeld. --------------------------------------------- https://www.heise.de/meldung/Infizierte-Heimrouter-Satori-Botnetz-legt-star… ∗∗∗ Oracle WebLogic Server Flaw Exploited to Deliver Crypto-Miners ∗∗∗ --------------------------------------------- Threat actors are exploiting a recently patched vulnerability in Oracle WebLogic Server to infect systems with crypto-currency mining malware, FireEye reports. --------------------------------------------- https://www.securityweek.com/oracle-weblogic-server-flaw-exploited-deliver-… ===================== = Vulnerabilities = ===================== ∗∗∗ Nortek Linear eMerge E3 Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a command injection vulnerability in the Nortek Linear eMerge E3 Series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-01 ∗∗∗ GE D60 Line Distance Relay ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and improper restriction of operations within the bounds of a memory buffer vulnerabilities in GE’s D60 Line Distance Relay. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02 ∗∗∗ Schneider Electric IGSS Mobile ∗∗∗ --------------------------------------------- This advisory contains mitigation details for Improper certificate validation and plaintext storage of a password vulnerabilities in the Schneider Electric IGSS Mobile products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03 ∗∗∗ Schneider Electric StruxureOn Gateway ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unrestricted upload of file with dangerous type vulnerability in Schneider Electrics StruxureOn Gateway software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-04 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (quagga), Mageia (freetype2, kernel-linus, and kernel-tmb), openSUSE (chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware (irssi), SUSE (glibc and quagga), and Ubuntu (quagga). --------------------------------------------- https://lwn.net/Articles/747439/rss ∗∗∗ 2018-01-06 (updated 2018-02-16): Cyber Security Notification - Meltdown & Spectre ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A8219&… ∗∗∗ DFN-CERT-2018-0320: Quagga: Mehrere Schwachstellen ermöglichen u.a. einen Distributed-Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0320/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027118 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013416 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Host On-Demand ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012447 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008816 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2018
by Daily end-of-shift report 15 Feb '18

15 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-02-2018 18:00 − Donnerstag 15-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Spam and phishing in 2017 ∗∗∗ --------------------------------------------- The share of spam in email traffic in 2017 fell by 1.68% to 56.63%. The lowest share (52.67%) was recorded in December 2017. The highest (59.56%) belonged to September. In 2017, the Anti-Phishing system was triggered 246,231,645 times on computers of Kaspersky Lab users as a result of phishing redirection attempts. --------------------------------------------- http://securelist.com/spam-and-phishing-in-2017/83833/ ∗∗∗ Inside the MSRC– The Monthly Security Update Releases ∗∗∗ --------------------------------------------- For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence. October 2003 ushered in .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/02/14/inside-the-msrc-the-mon… ∗∗∗ Multi-Stage Email Word Attack without Macros ∗∗∗ --------------------------------------------- Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Multi-Stage-Email-Word-… ∗∗∗ Besser vernetzt - besser geschützt ∗∗∗ --------------------------------------------- Zweitägiger Workshop im BRZ ermöglicht raschere Reaktion auf Malware und andere Bedrohungen. 70 Teilnehmer/innen von österreichischen und internationalen CERTs waren dabei. --------------------------------------------- https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html ∗∗∗ MeltdownPrime & SpectrePrime: Neue Software automatisiert CPU-Angriffe ∗∗∗ --------------------------------------------- Nach Meltdown und Spectre hatten Experten prognostiziert, dass das Zuschneiden auf spezifische Chips eine Weile dauern würde. Dieser Prozess lässt sich nun durch Automatisierung beschleunigen. Dabei wurden auch neue Variationen der Angriffe gefunden. --------------------------------------------- https://www.heise.de/meldung/MeltdownPrime-SpectrePrime-Neue-Software-autom… ∗∗∗ Cryptojacking: Hacker infiltrieren 5.000 Websites, verdienen nur 23 Euro ∗∗∗ --------------------------------------------- Laut Angaben von Skript-Entwickler Coinhive – Angreifer schleusten Code in Vorlese-Plugin .. --------------------------------------------- http://derstandard.at/2000074318850 ∗∗∗ COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style ∗∗∗ --------------------------------------------- This post is authored by Jeremiah OConnor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive SummaryCisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign .. --------------------------------------------- http://blog.talosintelligence.com/2018/02/coinhoarder.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4112 xen - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4112 ∗∗∗ Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-013 ∗∗∗ Entity Backup - Critical - Module Unsupported - SA-CONTRIB-2018-012 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily February 2018