Daily March 2018

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 30.03.2018
by Daily end-of-shift report 30 Mar '18

30 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-03-2018 18:00 − Freitag 30-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 10 Steps to Avoid Insecure Deserialization ∗∗∗ --------------------------------------------- You might think that your applications are secure and safe from prying eyes, but hackers are using ever more sophisticated methods to capture your user data over the Internet. We will explore some of the most common insecure deserialization methods that have been uncovered recently, and look at 10 steps that can be implemented [...] --------------------------------------------- http://resources.infosecinstitute.com/10-steps-avoid-insecure-deserializati… ∗∗∗ How to Identify and Mitigate XXE Vulnerabilities ∗∗∗ --------------------------------------------- Security vulnerabilities that are created through the serialization of sensitive data are well known, yet some developers are still falling into this trap. We will look at some basic web application safeguards that you can employ to keep your applications hardened against this growing threat. To help understand this growing problem, we will turn [...] --------------------------------------------- http://resources.infosecinstitute.com/identify-mitigate-xxe-vulnerabilities/ ∗∗∗ ENISA publishes the first comprehensive study on cyber Threat Intelligence Platforms ∗∗∗ --------------------------------------------- ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of consumers, users, developers, vendors and the security research community. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-publishes-first-study-on-… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips iSite/IntelliSpace PACS Vulnerabilities ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for vulnerabilities identified in the Philips Philips iSite and IntelliSpace PACS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01 ∗∗∗ WAGO 750 Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper resource shutdown or release vulnerability in the WAGO 750 series PLC. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01 ∗∗∗ Siemens TIM 1531 IRC ∗∗∗ --------------------------------------------- This advisory includes mitigations for an incorrect implementation of authentication algorithm vulnerability in the Siemens TIM 1531 IRC communications modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-02 ∗∗∗ Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-03 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: March 29, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:iOS 11.3, tvOS 11.3, watchOS 4.3, Xcode 9.3 [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/29/Apple-Releases-Mul… ∗∗∗ Kritische Sicherheitslücke in Microsoft Windows - Patch verfügbar ∗∗∗ --------------------------------------------- Microsoft hat ein Security Advisory sowie ein Sicherheitsupdate dazu ausserhalb des normalen Patch-Zyklus veröffentlicht. Der Bug ermöglicht einem Angreifer durch eine Privilege Escalation beliebigen Code mit Kernel Rechten auszuführen. CVE: CVE-2018-1038 Details: Durch Ausnutzen der Lücke kann ein Angreifer höhere Rechte auf betroffenen Systemen erlangen, und [...] --------------------------------------------- http://www.cert.at/warnings/all/20180330.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (memcached, openssl, openssl1.0, php5, thunderbird, and xerces-c), Fedora (python-notebook, slf4j, and unboundid-ldapsdk), Mageia (kernel, libvirt, mailman, and net-snmp), openSUSE (aubio, cacti, cacti-spine, firefox, krb5, LibVNCServer, links, memcached, and tomcat), Slackware (ruby), SUSE (kernel and python-paramiko), and Ubuntu (intel-microcode). --------------------------------------------- https://lwn.net/Articles/750573/ ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by an Apache Poi Vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014912 ∗∗∗ IBM Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012643 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in IBM WebSphere Application Server in IBM Cloud (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014798 ∗∗∗ IBM Security Bulletin: IBM MobileFirst Platform Foundation is vulnerable to cross-site scripting (CVE-2017-1772) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000369 ∗∗∗ IBM Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014179 Next End-of-Day report: 2018-04-03 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.03.2018
by Daily end-of-shift report 29 Mar '18

29 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-03-2018 18:00 − Donnerstag 29-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Total Meltdown? ∗∗∗ --------------------------------------------- Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing. Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse [...] --------------------------------------------- https://blog.frizk.net/2018/03/total-meltdown.html ∗∗∗ Warnung vor Travel Planet Amsterdam ∗∗∗ --------------------------------------------- Urlauber/innen finden auf Travel Planet Amsterdam (travelplanetamsterdam.com) günstige Unterkünfte. Sie sind von fremden Websites kopiert und in Wahrheit nicht bei dem Anbieter buchbar. Die Unterkünfte sollen Reisende vorab bezahlen. Das Geld ist verloren, denn Travel Planet Amsterdam ist ein betrügerischer Anbieter, der keine Leistung erbringt. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-travel-planet-amsterdam/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Angreifer könnten Firefox und Tor Browser lahmlegen ∗∗∗ --------------------------------------------- Die Entwickler haben die Lücke in Firefox 59.0.2, Firefox ESR 52.7.3 und Tor Browser 7.5.3 geschlossen. Alle vorigen Ausgaben sind bedroht. Angriffe sollen aus der Ferne ohne Authentifizierung möglich sein. Das von der Schwachstelle ausgehende Risiko gilt als "hoch". --------------------------------------------- https://heise.de/-4007839 ∗∗∗ Citrix XenServer 7.2 Multiple Security Updates ∗∗∗ --------------------------------------------- A number of security issues have been identified within Citrix XenServer 7.2 which could, if exploited, allow a malicious man-in-the-middle (MiTM) attacker on the management network to decrypt management traffic. Collectively, this has been rated as a medium severity vulnerability; the following issues have been remediated: CVE-2016-2107 CVE-2016-2108 --------------------------------------------- https://support.citrix.com/article/CTX233832 ∗∗∗ Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Patches verfügbar 29. März 2018 Beschreibung Cisco hat 20 Security Advisories zu teils kritischen Sicherheitslücken in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software veröffentlicht. Drei der Schwachstellen werden mit einem CVSS Base Score von 9.8 als kritisch eingestuft: ... --------------------------------------------- http://www.cert.at/warnings/all/20180329-2.html ∗∗∗ Kritische Sicherheitslücke in Drupal - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Drupal - Updates verfügbar 29. März 2018 Beschreibung In der verbreiteten CMS-Software Drupal ist eine kritische Sicherheitslücke entdeckt worden. Durch Ausnutzung dieses Fehlers kann auf betroffenen Systemen beliebiger Code (mit den Rechten des Webserver-Users) ausgeführt werden. CVE-Nummer: CVE-2018-7600 --------------------------------------------- http://www.cert.at/warnings/all/20180329.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, graphicsmagick, libdatetime-timezone-perl, thunderbird, and tzdata), Fedora (gd, libtiff, mozjs52, and nmap), Gentoo (thunderbird), Red Hat (openstack-tripleo-common, openstack-tripleo-heat-templates and sensu), SUSE (kernel, libvirt, and memcached), and Ubuntu (icu, librelp, openssl, and thunderbird). --------------------------------------------- https://lwn.net/Articles/750432/ ∗∗∗ Bugtraq: CA20180328-01: Security Notice for CA API Developer Portal ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541902 ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015075 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000372 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10295, CVE-2017-10345, CVE-2017-10355, CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013651 ∗∗∗ IBM Security Bulletin: IBM MQ Clients can send a specially crafted message that could cause a channel to SIGSEGV. (CVE-2017-1747) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012992 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099794 ∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35453761 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.03.2018
by Daily end-of-shift report 28 Mar '18

28 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-03-2018 18:00 − Mittwoch 28-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Many VPN Providers Leak Customers IP Address via WebRTC Bug ∗∗∗ --------------------------------------------- Around 20% of todays top VPN solutions are leaking the customers IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. --------------------------------------------- https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-cust… ∗∗∗ 10 Best Practices for Mobile App Penetration Testing ∗∗∗ --------------------------------------------- Penetration testing is one of the best ways to thoroughly check your defense perimeters for security weaknesses. Pentesting can be used across the entire spectrum of an IT infrastructure, including network, web application and database security. But today [...] --------------------------------------------- http://resources.infosecinstitute.com/10-best-practices-mobile-app-penetrat… ∗∗∗ How to Set Up a Web App Pentesting Lab in 4 Easy Steps ∗∗∗ --------------------------------------------- A pentesting lab can be a small entity used by one security tester, consisting of one or two computers; or it could be a larger set of networked computers behind a closed or secured network, used by a group of security testers. --------------------------------------------- http://resources.infosecinstitute.com/set-web-app-pentesting-lab-4-easy-ste… ∗∗∗ Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the draft release of the security configuration baseline settings for the upcoming Windows 10 version 1803, codenamed "Redstone 4." Please evaluate this proposed baseline and send us your feedback via blog comments below. Download the content here: DRAFT-Windows-10-v1803-RS4 The downloadable attachment to this blog post includes importable GPOs, scripts for applying [...] --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-f… ∗∗∗ Unmasking Monero: stripping the currency’s privacy protection ∗∗∗ --------------------------------------------- The features that make blockchains trustworthy may leave them vulnerable to retrospective action. --------------------------------------------- https://nakedsecurity.sophos.com/2018/03/28/unmasking-monero-stripping-the-… ∗∗∗ TA18-086A: Brute Force Attacks Conducted by Cyber Actors ∗∗∗ --------------------------------------------- [...] According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad. On February 2018 [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-086A ∗∗∗ Legacy technologies as a threat to EU's telecommunications infrastructure ∗∗∗ --------------------------------------------- EU level assessment of the current sets of protocols used in interconnections in telecommunications (SS7, Diameter). --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/legacy-technologies-as-a-threat… ∗∗∗ Internet Ombudsmann und Watchlist Internet Jahresbericht 2017 ∗∗∗ --------------------------------------------- Der Internet Ombudsmann informiert auf der Watchlist Internet über Internet-Betrug, Fallen und Fakes. Die Watchlist Internet verfolgt das Ziel, Leser/innen dabei zu helfen, dass sie Verbrechensversuche erkennen und keine Opfer von Cybercrime werden. Im vergangenen Jahr 2017 verfügte die Watchlist Internet über 906 redaktionelle Beiträge und verzeichnete 1,45 Millionen Seitenaufrufe. --------------------------------------------- https://www.watchlist-internet.at/news/internet-ombudsmann-und-watchlist-in… ∗∗∗ Betrügerische Mahnungen von Prolex Inkasso ∗∗∗ --------------------------------------------- Konsument/innen erhalten im Auftrag von unseriösen Streaming-Plattformen eine Mahnung von Prolex Inkasso. Darin heißt es, dass Empfänger/innen ihre offenen Rechnungen nicht beglichen haben. Deshalb sollen sie 467,16 Euro an Prolex zahlen. Die Mahnung ist betrügerisch, eine Zahlungspflicht besteht nicht. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mahnungen-von-prolex-… ===================== = Vulnerabilities = ===================== ∗∗∗ Apples Festplattendienstprogramm "Disk Util.app" von macOS 10.13 High Sierra kann Passwort von verschlüsselten APFS-Dateisystemen offenlegen ∗∗∗ --------------------------------------------- Die Ausnutzung der Schwachstelle ermöglicht es einem lokalen Angreifer mit Administratorrechten und Zugriff auf das System-Log mit Besitz des externen Datenträgers das verschlüsselte APFS-Dateisystem zu entschlüsseln. Alle Nutzer des Festplattenprogramms sollten auf Ihren Systemen die neueste Version installieren, sobald diese zur Verfügung steht. Bis dahin sollten die Nutzer [...] --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/03/warn… ∗∗∗ Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 PLCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 ∗∗∗ Philips Alice 6 Vulnerabilities ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for improper authentication and missing data encryption vulnerabilities identified in the Philips Alice 6 System product. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (slf4j), Debian (firefox-esr, mupdf, net-snmp, and samba), Fedora (apache-commons-compress, calibre, chromium, glpi, kernel, libvncserver, libvorbis, mozjs52, ntp, slurm, sqlite, and wireshark), openSUSE (librelp), SUSE (librelp, LibVNCServer, and qemu), and Ubuntu (firefox and zsh). --------------------------------------------- https://lwn.net/Articles/750291/ ∗∗∗ Vuln: ImageMagick CVE-2018-8960 Heap Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/103523 ∗∗∗ Security Advisory - Improper Authorization Vulnerability on Huawei Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180328-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014642 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects IBM DataPower Gateways (CVE-2017-15906) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014534 ∗∗∗ IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012162 ∗∗∗ RSA Authentication Agent for Web Multiple Flaws Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Potentially Sensitive Information ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040577 ∗∗∗ [R1] Tenable Appliance 4.7.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.03.2018
by Daily end-of-shift report 27 Mar '18

27 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-03-2018 18:00 − Dienstag 27-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Academics Discover New CPU Side-Channel Attack Named BranchScope ∗∗∗ --------------------------------------------- A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users CPUs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-s… ∗∗∗ Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb ∗∗∗ --------------------------------------------- Coinkidink? Nah. Crooks are switching tactics There was a big drop in exploit kit development last year, and experts have equated this to the phasing out of Adobe Flash. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/03/27/exploit_kit… ∗∗∗ E-Mail-Verschlüsselung: Enigmail 2.0 ist da ∗∗∗ --------------------------------------------- Mit der neuen Enigmail-Version 2.0 für den Mail-Client Thunderbird kann man unter anderem neben Text in Mails nun auch die Betreffzeile verschlüsseln. --------------------------------------------- https://heise.de/-4005589 ∗∗∗ The Last Windows XP Security White Paper ∗∗∗ --------------------------------------------- Using the strategies and procedures we present in our paper could help prevent an attacker from taking control of your computer --------------------------------------------- https://www.welivesecurity.com/2018/03/27/last-windows-xp-security-white-pa… ===================== = Vulnerabilities = ===================== ∗∗∗ Mozilla Releases Security Updates for Firefox ∗∗∗ --------------------------------------------- Original release date: March 27, 2018 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 59.0.2 and Firefox ESR 52.7.3 and apply the necessary updates. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/27/Mozilla-Releases-S… ∗∗∗ 2018-02-06 (updated 2018-03-27): Vulnerability in MicroSCADA Pro SYS600 9.x - Improper Access Control ∗∗∗ --------------------------------------------- 3.2.2018 Original document, 16.3.2018 Fix for SYS600 9.3 systems is available. Clarified file system permissions for created Windows groups, see FAQ. --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS257731&LanguageC… ∗∗∗ OpenSSL Security Advisory [27 Mar 2018] ∗∗∗ --------------------------------------------- Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) --------------------------------------------- https://openssl.org/news/secadv/20180327.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, irssi, and librelp), Gentoo (busybox and plib), Mageia (exempi and jupyter-notebook), openSUSE (clamav, dhcp, nginx, python-Django, python3-Django, and thunderbird), Oracle (slf4j), Red Hat (slf4j), Scientific Linux (slf4j), Slackware (firefox), SUSE (librelp), and Ubuntu (screen-resolution-extra). --------------------------------------------- https://lwn.net/Articles/750207/ ∗∗∗ Bugtraq: Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541897 ∗∗∗ DFN-CERT-2018-0574: Librelp: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0574/ ∗∗∗ DFN-CERT-2018-0573: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0573/ ∗∗∗ DFN-CERT-2018-0575: Sophos UTM: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0575/ ∗∗∗ DFN-CERT-2018-0581: Apache Struts: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0581/ ∗∗∗ Security Notice - Statement on Command Injection Vulnerability in Huawei HG655m Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180327-01-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099782 ∗∗∗ IBM Security Bulletin: ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027315 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014717 ∗∗∗ IBM Security Bulletin: IBM B2B Advanced Communications is Affected by an XML External Entity Injection (XXE) Attack when Processing XML Data ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014656 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Security Privileged Identity Manager is affected by sensitive information in page comments vulnerability (CVE-2017-1705) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014988 ∗∗∗ NTP vulnerability CVE-2018-7184 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13540723 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.03.2018
by Daily end-of-shift report 26 Mar '18

26 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-03-2018 18:00 − Montag 26-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Microsoft unterbindet RDP-Anfragen von ungepatchten Clients ∗∗∗ --------------------------------------------- Eine kritische Sicherheitslücke in Microsofts Credential Security Support Provider versetzt Angreifer in die Lage, beliebigen Code auszuführen. Deswegen unterbindet das Unternehmen demnächst Verbindungsversuche ungepatchter Clients, Admins sollten also schnell handeln. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-microsoft-unterbindet-rdp-anfra… ∗∗∗ Threat Landscape for Industrial Automation Systems in H2 2017 ∗∗∗ --------------------------------------------- Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to incident response teams, enterprise information security staff and researchers in the area of industrial facility security. --------------------------------------------- http://securelist.com/threat-landscape-for-industrial-automation-systems-in… ∗∗∗ KVA Shadow: Mitigating Meltdown on Windows ∗∗∗ --------------------------------------------- On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post dives into the technical details of Kernel Virtual Address (KVA) Shadow which is the Windows [...] --------------------------------------------- https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-me… ∗∗∗ Adding Backdoors at the Chip Level ∗∗∗ --------------------------------------------- Interesting research into undetectably adding backdoors into computer chips during manufacture: "Stealthy dopant-level hardware Trojans: extended version," also available here:Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing [...] --------------------------------------------- https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html ∗∗∗ Web Application Penetration Testing Cheat Sheet ∗∗∗ --------------------------------------------- This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level. --------------------------------------------- https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodo… ∗∗∗ Gefälschte A1-Mail fordert SIM-Karten-Aktualisierung ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte A1-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie ihre SIM-Karten-Details aktualisieren. Das soll auf einer gefälschten A1-Website geschehen. Kund/innen, die der Aufforderung nachkommen, übermitteln sensible Informationen an Kriminelle und werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-a1-mail-fordert-sim-kart… ∗∗∗ Achtung vor gefälschter Klarna-Rechnung! ∗∗∗ --------------------------------------------- Unter dem Betreff "Offene Rechnung von Klarna" versenden Kriminelle gefälschte Rechnungen. EmpfängerInnen werden in der E-Mail aufgefordert eine angehängte ZIP-Datei zu öffnen, um weiterführende Informationen zu offenen Beträgen zu erhalten. Die ZIP-Datei enthält jedoch Schadsoftware, Betroffene dürfen die Datei daher nicht öffnen und sollten die E-Mail löschen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaelschter-klarna-rech… ∗∗∗ Forgot About Default Accounts? No Worries, GoScanSSH Didn’t ∗∗∗ --------------------------------------------- This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba.Executive SummaryDuring a recent Incident Response (IR) engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named GoScanSSH, was written using the Go programming language, and exhibited several interesting characteristics. This is not the first malware family that Talos has observed that was written using Go. --------------------------------------------- http://blog.talosintelligence.com/2018/03/goscanssh-analysis.html ∗∗∗ One Year Later, Hackers Still Target Apache Struts Flaw ∗∗∗ --------------------------------------------- One year after researchers saw the first attempts to exploit a critical remote code execution flaw affecting the Apache Struts 2 framework, hackers continue to scan the Web for vulnerable servers. The vulnerability in question, tracked as CVE-2017-5638, affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10. The security hole was addressed on March 6, 2017 with the release of versions 2.3.32 and 2.5.10.1. The bug, caused due to improper handling of the Content-Type header, can be [...] --------------------------------------------- https://www.securityweek.com/one-year-later-hackers-still-target-apache-str… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bchunk, thunderbird, and xerces-c), Debian (freeplane, icu, libvirt, and net-snmp), Fedora (monitorix, php-simplesamlphp-saml2, php-simplesamlphp-saml2_1, php-simplesamlphp-saml2_3, puppet, and qt5-qtwebengine), openSUSE (curl, libmodplug, libvorbis, mailman, nginx, opera, python-paramiko, and samba, talloc, tevent), Red Hat (python-paramiko, rh-maven35-slf4j, rh-mysql56-mysql, rh-mysql57-mysql, rh-ruby22-ruby, rh-ruby23-ruby, and [...] --------------------------------------------- https://lwn.net/Articles/750150/ ∗∗∗ Bugtraq: Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541891 ∗∗∗ Norton App Lock Authentication Bypass ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ DFN-CERT-2018-0566: Nmap: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0566/ ∗∗∗ DFN-CERT-2018-0569: Moodle: Zwei Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0569/ ∗∗∗ DFN-CERT-2018-0571: Mozilla Thunderbird: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0571/ ∗∗∗ DFN-CERT-2018-0570: Apache Software Foundation HTTP-Server (httpd): Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Sitzungsdaten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0570/ ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Business Space affects IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2018-1384) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012604 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1767) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012396 ∗∗∗ IBM Security Bulletin: Potential information leakage in IBM Business Process Manager (CVE-2017-1756) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010796 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014831 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.03.2018
by Daily end-of-shift report 23 Mar '18

23 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-03-2018 18:00 − Freitag 23-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Wichtige Updates sichern GitLab ab ∗∗∗ --------------------------------------------- Wer Software-Projekte über GitLab verwaltet, sollte zügig die aktuellen Sicherheitspatches installieren. Sonst könnten Angreifer eventuell Schadcode ausführen. --------------------------------------------- https://www.heise.de/meldung/Wichtige-Updates-sichern-GitLab-ab-4002151.html ∗∗∗ Atlanta: Kryptotrojaner trifft Stadtverwaltung ∗∗∗ --------------------------------------------- Die US-Metropole Atlanta wurde von einem Kryptotrojaner getroffen, der Teile des Computernetzes der Stadtregierung lahmgelegt hat. Derzeit versuchen das FBI und das Heimatschutzministerium, das Problem zu beheben. --------------------------------------------- https://www.heise.de/meldung/Atlanta-Kryptotrojaner-trifft-Stadtverwaltung-… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC WinCC OA UI Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper access control vulnerability in the Siemens WinCC OA UI mobile app for Android and IOS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-081-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multiplatforms ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014820 ∗∗∗ IBM Security Bulletin: There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services (CVE-2018-1390) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014795 ∗∗∗ IBM Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014530 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.03.2018
by Daily end-of-shift report 22 Mar '18

22 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-03-2018 18:00 − Donnerstag 22-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 10 Steps to Detect Lateral Movement in a Data Breach ∗∗∗ --------------------------------------------- Many enterprises spend millions of dollars on solutions that promise to bolster their security. However, much less focus is placed on the ability to detect lateral movement during a breach. --------------------------------------------- http://resources.infosecinstitute.com /10-steps-detect-lateral-movement-data-breach/ ∗∗∗ Siri plaudert geheime Nachrichten von iPhone-Nutzern aus ∗∗∗ --------------------------------------------- Neu entdeckter Bug unterwandert zentrale Sicherheitssperren des Apple-Smartphones --------------------------------------------- http://derstandard.at/2000076603171 ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ModSecurity WAF 3.0 for Nginx - Denial of Service ∗∗∗ --------------------------------------------- During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set. In the system logs I found information about the Nginx worker processes being terminated due to memory corruption errors. --------------------------------------------- http://www.securityfocus.com/archive/1/541886 ∗∗∗ JSON API - Moderately critical - Access Bypass - SA-CONTRIB-2018-016 ∗∗∗ --------------------------------------------- This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when viewing related resources or relationships, thereby causing an access bypass vulnerability. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-016 ∗∗∗ DFN-CERT-2018-0557/">Oracle Solaris: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in ISC BIND, ISC DHCP und Wireshark für Oracle Solaris 11.3 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0557/ ∗∗∗ Drupal stellt Sicherheitsupdate für extrem kritische Lücke in Aussicht ∗∗∗ --------------------------------------------- Wer das CMS Drupal einsetzt, sollte sich den 28. März im Kalender markieren, um wichtige Sicherheitsupdates für verschiedene Versionen zu installieren. --------------------------------------------- https://heise.de/-4001063 ∗∗∗ Flaws in ManageEngine apps opens enterprise systems to compromise ∗∗∗ --------------------------------------------- Researchers have discovered multiple severe vulnerabilities in ManageEngine’s line of tools for internal IT support teams, which are used by over half of Fortune 500 companies. About the vulnerabilities The first flaw affects EventLog Analyzer 11.8 and Log360 5.3, and could be exploited to achieve remote code execution with the same privileges as the user that started the application, by uploading a web shell to be written to the web root. --------------------------------------------- https://www.helpnetsecurity.com/2018/03/22/manageengine-apps-flaws/ ∗∗∗ TMM WebSocket vulnerability CVE-2018-5504 ∗∗∗ --------------------------------------------- In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service (DoS) or possible remote code execution on the BIG-IP system. (CVE-2018-5504) This vulnerability allows unauthorized remote code execution and disruption of service through an unspecified crafted WebSocket packet. --------------------------------------------- https://support.f5.com/csp/article/K11718033 ∗∗∗ Multiple Wireshark vulnerabilities ∗∗∗ --------------------------------------------- A remote attacker can transmit crafted packets while a BIG-IP administrator account runs the tshark utility with the affected protocol parsers via Advanced Shell (bash). This causes the tshark utility to stop responding and may allow remote code execution from the BIG-IP administrator account. --------------------------------------------- https://support.f5.com/csp/article/K34035645 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-libvorbis), Debian (exempi and polarssl), Gentoo (collectd and webkit-gtk), openSUSE (postgresql96), SUSE (qemu), and Ubuntu (libvorbis). --------------------------------------------- https://lwn.net/Articles/749958/ ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability ( CVE-2018-1429). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014046 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014629 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099781 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011787 ∗∗∗ IBM Security Bulletin: Vulnerability in GNU C Library affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-15670) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099788 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a denial of service vulnerability in cURL (CVE-2017-1000257) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011740 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011746 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014628 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by multiple vulnerabilities in IBM Tivoli Integrated Portal (TIP) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014253 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.03.2018
by Daily end-of-shift report 21 Mar '18

21 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-03-2018 18:00 − Mittwoch 21-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IETF 101: TLS 1.3 ist jetzt wirklich fertig ∗∗∗ --------------------------------------------- Auf der IETF-Tagung in London ist TLS 1.3 beschlossen worden. In wenigen Wochen dürfte der Standard für Verschlüsselung im Web dann auch als RFC erscheinen. --------------------------------------------- https://www.golem.de/news/ietf-101-tls-1-3-ist-jetzt-wirklich-fertig-1803-1… ∗∗∗ Ryzenfall, Fallout & Co: AMD bestätigt Sicherheitslücken in Ryzen- und Epyc-Prozessoren ∗∗∗ --------------------------------------------- Der Chiphersteller AMD konnte die Sicherheitslücken in Epyc- und Ryzen-CPUs sowie Promontory-Chipsätzen nachvollziehen und kündigt Sicherheitspatches für die betroffenen Systeme an. --------------------------------------------- https://heise.de/-4000040 ∗∗∗ Nmap 7.70 released: Better service and OS detection, 9 new NSE scripts, and more! ∗∗∗ --------------------------------------------- Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. --------------------------------------------- https://www.helpnetsecurity.com/2018/03/21/nmap-7-70-released/ ∗∗∗ Keine 3D Secure Passwort-Aktualisierung notwendig ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte CardComplete-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie ihre persönlichen Daten aktualisieren. Das soll auf einer gefälschten Website geschehen und angeblich notwendig sein, damit Kund/innen weiterhin das 3D Secure-Verfahren nützen können. In Wahrheit übermitteln sie mit einer Aktualisierung ihre Kreditkartendaten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/keine-3d-secure-passwort-aktualisier… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0543/">GitLab: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Schwachstelle ermöglicht einem vermutlich nicht authentisierten Angreifer mit Netzwerkzugriff auf eine GitLab-Instanz die Durchführung eines Server-Side-Request-Forgery (SSRF)-Angriffs, mit Hilfe von manipulierten Web-Anfragen, und dadurch unter anderem das Ausspähen von Informationen, das Umgehen von Sicherheitsvorkehrungen sowie die Ausführung beliebigen Programmcodes. Eine weitere Schwachstelle betrifft nur die GitLab Community Edition (CE) und ermöglicht einem authentisierten Angreifer durch eine Auth0-Anmeldung die Anmeldung eines anderen Benutzers und dadurch möglicherweise dessen Benutzerrechte zu erlangen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0543/ ∗∗∗ DFN-CERT-2018-0547/">Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen nicht weiter spezifizierte Angriffe ∗∗∗ --------------------------------------------- Ein Angreifer kann aufgrund mehrerer Schwachstellen in Google Chrome und Chromium verschiedene, nicht weiter spezifizierte Angriffe ausführen. In der Vergangenheit konnten derartige Schwachstellen zumeist von einem entfernten und nicht authentisierten Angreifer ausgenutzt werden. Google stellt Chrome 65.0.3325.181 für Windows, macOS und Linux als Sicherheitsupdate zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0547/ ∗∗∗ DFN-CERT-2018-0551/">SpiderMonkey (mozjs): Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in SpiderMonkey ermöglichen einem entfernten und nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes. Eine Schwachstelle ermöglicht dem Angreifer einen Denial-of-Service (DoS)-Angriff, eine weitere das Umgehen von Sicherheitsvorkehrungen. Ein lokaler, nicht authentisierter Angreifer kann außerdem Informationen ausspähen. Mozilla stellt analog zur kürzlich veröffentlichten Version 52.7.2 von Firefox ESR eine aktuelle Version der JavaScript-Engine SpiderMonkey zur Verfügung, macht aber keine Angaben über die dadurch behobenen Schwachstellen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0551/ ∗∗∗ [openssl-announce] Forthcoming OpenSSL releases ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0h and 1.0.2o. These releases will be made available on 27th March 2018 between approximately 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities have been addressed: CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing CVE-2018-7541: grant table v2 -> v1 transition may crash Xen --------------------------------------------- https://support.citrix.com/article/CTX232655 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (plexus-utils), Fedora (calibre, cryptopp, curl, dolphin-emu, firefox, golang, jhead, kernel, libcdio, libgit2, libvorbis, ming, net-snmp, patch, samba, xen, and zsh), Red Hat (collectd and rh-mariadb101-mariadb and rh-mariadb101-galera), and Ubuntu (paramiko and tiff). --------------------------------------------- https://lwn.net/Articles/749871/ ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability on Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180214-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to the vulnerability known as Spectre (CVE-2017-5715) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099757 ∗∗∗ IBM Security Bulletin: One vulnerability in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2, v5.0.2, v5.0.2.1, v5.0.3, v5.0.4, v5.0.4.1 (CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014797 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099787 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099786 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099793 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014815 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2018
by Daily end-of-shift report 20 Mar '18

20 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-03-2018 18:00 − Dienstag 20-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Administrators Password Bad Practice, (Tue, Mar 20th) ∗∗∗ --------------------------------------------- Just a quick reminder about some bad practices while handling Windows Administrator credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/23465 ∗∗∗ This Android malware redirects calls you make to your bank to go to scammers instead ∗∗∗ --------------------------------------------- Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. Very sneaky. --------------------------------------------- https://www.grahamcluley.com/this-android-malware-redirects-calls-you-make-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ES2018-05 Kamailio heap overflow ∗∗∗ --------------------------------------------- A specially crafted REGISTER message with a malformed `branch` or `From tag` triggers an off-by-one heap overflow. Abuse of this vulnerability leads to denial of service in Kamailio. Further research may show that exploitation leads to remote code execution. --------------------------------------------- http://www.securityfocus.com/archive/1/541874 ∗∗∗ Bugtraq: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries ∗∗∗ --------------------------------------------- Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled. --------------------------------------------- http://www.securityfocus.com/archive/1/541875 ∗∗∗ DFN-CERT-2018-0526/">Apache Commons Compress: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten ZIP-Archivdatei einen Denial-of-Service-Angriff auf Apache Commons Compress und auf Software, die dessen ZIP-Paket verwendet, durchführen. Der Hersteller veröffentlicht zur Behebung der Schwachstelle die Version Commons Compress 1.16. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0526/ ∗∗∗ DFN-CERT-2018-0532/">SDL2, SDL2_image: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in verschiedenen Komponenten von SDL2_image ermöglicht einem entfernten, nicht authentisierten Angreifer mit Hilfe manipulierter Bilddateien, welche ein Benutzer anzeigen muss, die Ausführung beliebigen Programmcodes sowie die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0532/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), openSUSE (various KMPs), Oracle (firefox), Scientific Linux (firefox), SUSE (java-1_7_1-ibm), and Ubuntu (memcached). --------------------------------------------- https://lwn.net/Articles/749757/ ∗∗∗ [R1] Nessus 7.0.3 Fixes One Vulnerability ∗∗∗ --------------------------------------------- When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. --------------------------------------------- http://www.tenable.com/security/tns-2018-01 ∗∗∗ Geutebruck IP Cameras ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Geutebrück IP Cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 ∗∗∗ Siemens SIMATIC, SINUMERIK, and PROFINET IO ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC, SINUMERIK, and PROFINET IO products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-02 ∗∗∗ IBM Security Bulletin: Denial of Service attack affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-3768) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099791 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099790 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099766 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099759 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099758 ∗∗∗ IBM Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099779 ∗∗∗ IBM Security Bulletin: Vulnerabilities in expat affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099765 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Chassis Management Module (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099776 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099775 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2018
by Daily end-of-shift report 19 Mar '18

19 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-03-2018 18:00 − Montag 19-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Ab sofort: Cyber-Security-Hotline der WKO für Unternehmen ∗∗∗ --------------------------------------------- Cyberattacken können jedes Unternehmen treffen - im Falle des Falles ist rasche Hilfe wichtig. Dafür sorgt die Hotline der WKO unter 0800 888 133. --------------------------------------------- https://futurezone.at/b2b/ab-sofort-cyber-security-hotline-der-wko-fuer-unt… ∗∗∗ Großes Missbrauchspotenzial beim Bundestrojaner ∗∗∗ --------------------------------------------- Der Bundestrojaner ist laut Verfassungsjuristen rechtlich "kaum angreifbar". Missbrauch ist nach Meinung von IT-Experten kaum zu kontrollieren. --------------------------------------------- https://futurezone.at/netzpolitik/grosses-missbrauchspotenzial-beim-bundest… ∗∗∗ VB2017 paper: The life story of an IPT - Inept Persistent Threat actor ∗∗∗ --------------------------------------------- At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/03/vb2017-paper-life-story-ipt-… ∗∗∗ Pwn2Own: Touch Bar eines MacBook Pro via Safari gehackt ∗∗∗ --------------------------------------------- Über die Ausnutzung von insgesamt drei Fehlern gelang es einem Sicherheitsforscher, aus dem Browser heraus tief in macOS einzugreifen. Auch ein weiterer Safari-Hack verlief erfolgreich. --------------------------------------------- https://www.heise.de/meldung/Pwn2Own-Touch-Bar-eines-MacBook-Pro-via-Safari… ∗∗∗ Hacker-Wettbewerb Pwn2Own: Firefox, Edge und Safari fallen um wie die Fliegen ∗∗∗ --------------------------------------------- Dieses Jahr haben die Pwn2Own-Veranstalter ein Preisgeld von zwei Millionen US-Dollar ausgerufen. Trotz einiger Hack-Erfolge blieb ein Großteil der Prämie jedoch im Topf. --------------------------------------------- https://www.heise.de/meldung/Hacker-Wettbewerb-Pwn2Own-Firefox-Edge-und-Saf… ∗∗∗ Passwort-Tresor Webbrowser: Firefox pfuscht seit neun Jahren beim Master-Kennwort ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt erneut: In Firefox und Thunderbird gespeicherte Passwörter sind nicht effektiv vor Datendiebstahl geschützt. --------------------------------------------- https://www.heise.de/meldung/Passwort-Tresor-Webbrowser-Firefox-pfuscht-sei… ∗∗∗ Hackerangriff auf deutsches Regierungsnetz nur punktuell erfolgreich ∗∗∗ --------------------------------------------- Berlin will sich stärker gegen Cyberattacken schützen --------------------------------------------- http://derstandard.at/2000076371068 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4144 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4144 ∗∗∗ DSA-4143 firefox-esr - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4143 ∗∗∗ DSA-4145 gitlab - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4145 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily March 2018