Daily April 2018

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - 16.04.2018
by Daily end-of-shift report 16 Apr '18

16 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-04-2018 18:00 − Montag 16-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ CVE-2018-7600: Kritische Drupal-Lücke wird ausgenutzt ∗∗∗ --------------------------------------------- Wer seine Drupal-Installation noch nicht gepatcht hat, soll dies spätestens jetzt nachholen. Nach der Veröffentlichung weiterer Details und einem auf Twitter zirkulierenden Exploit-Code wurden erste Angriffe beobachtet. (Drupal, CMS) --------------------------------------------- https://www.golem.de/news/cve-2018-7600-kritische-drupal-luecke-wird-ausgen… ∗∗∗ The March/April 2018 issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- The topics covered in this report are: - The dark side of the Data Force: Facebook, Cambridge Analytica, and the pressing question of who is using whose data for what - News from the world of state trojans: Microsoft’s analysis of FinFisher - Russian APT28 hackers’ month-long infiltration of the computer network of Germany’s federal government - Bitcoin bounty or close encounter: bizarre side-effects of cryptomining The Security Report is available in both English and German. --------------------------------------------- https://securityblog.switch.ch/2018/04/16/switch-security-report-201802/ ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Advanced Secure Gateway (ASG), ProxySG: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Zwei Schwachstellen in Symantec Advanced Secure Gateway (ASG) und ProxySG ermöglichen einem einfach authentifizierten Angreifer im benachbarten Netzwerk die Durchführung von Cross-Site-Scripting (XSS)-Angriffen und das Umgehen von Sicherheitsvorkehrungen. Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine weitere Schwachstelle zu Denial-of-Service (DoS)-Angriffen ausnutzen. Diese Schwachstellen können nur über die Management-Konsole von ASG und ProxySG ausgenutzt werden. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0705/ ∗∗∗ Schwachstelle in Intels SPI-Flash: Erste Firmware-Updates veröffentlicht ∗∗∗ --------------------------------------------- Ein Sicherheitsproblem in Intel-Chipsätzen ermöglicht lokalen Angreifern Firmware-Manipulationen bis hin zum Denial-of-Service. Als erster Hersteller stellt nun Lenovo BIOS/UEFI-Updates bereit. --------------------------------------------- https://heise.de/-4024853 ∗∗∗ Micro Focus Universal Configuration Management Database Lets Local Users Gain Elevated Privileges ∗∗∗ --------------------------------------------- A vulnerability was reported in Micro Focus Universal Configuration Management Database (UCMDB). A local user can obtain elevated privileges on the target system. A local user can exploit an installation file access control flaw to gain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1040680 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-openssl and zsh), Debian (patch, perl, ruby-loofah, squirrelmail, tiff, and tiff3), Fedora (gnupg2), Gentoo (go), Mageia (firefox, flash-player-plugin, nxagent, puppet, python-paramiko, samba, and thunderbird), Red Hat (flash-plugin), Scientific Linux (python-paramiko), and Ubuntu (patch, perl, and ruby). --------------------------------------------- https://lwn.net/Articles/751947/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015421 ∗∗∗ OpenSSL vulnerability CVE-2018-0739 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08044291 ∗∗∗ Apache Tomcat vulnerability CVE-2018-1305 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32051722 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.04.2018
by Daily end-of-shift report 13 Apr '18

13 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-04-2018 18:00 − Freitag 13-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code ∗∗∗ --------------------------------------------- The exploitation of a very dangerous Drupal vulnerability has started after the publication of proof-of-concept (PoC) code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploitation-of-drupalgeddon… ∗∗∗ "Early Bird" Code Injection Technique Helps Malware Stay Undetected ∗∗∗ --------------------------------------------- Security researchers have discovered at least three malware strains using a new code injection technique that allowed them to avoid antivirus detection. --------------------------------------------- https://www.bleepingcomputer.com/news/security/early-bird-code-injection-te… ∗∗∗ Office Macros ∗∗∗ --------------------------------------------- Eine kleine Bemerkung aus aktuellem Anlass: Ich hab gestern mal wieder meinen üblichen Vortrag zum Thema "Bedrohungslage" gehalten, und dabei auch - wie immer - erwähnt, dass Office-Macros gefährlich sind und eingeschränkt werden müssen. Im Publikum war klar zu erkennen, dass einige das bei sich nicht machen können. Verständlich, weil in so manchen Firmen wichtige Geschäftsprozesse als Excel-Macros implementiert [...] --------------------------------------------- http://www.cert.at/services/blog/20180413094624-2176.html ∗∗∗ Thousands of WP, Joomla and SquareSpace sites serving malicious updates ∗∗∗ --------------------------------------------- Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been going on since at least December 2017 and has been gaining steam. The malicious actors are injecting JavaScript that triggers the download requests into the content management systems' JavaScript files or directly into the sites' homepage. --------------------------------------------- https://www.helpnetsecurity.com/2018/04/13/wp-joomla-squarespace-malicious-… ∗∗∗ Android-Hersteller belügen Nutzer bei Sicherheits-Updates ∗∗∗ --------------------------------------------- Bis auf Google liefert niemand wirklich alle Patches aus – Samsung patzt manchmal, OnePlus, LG und Co. regelmäßig --------------------------------------------- http://derstandard.at/2000077842490 ∗∗∗ Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers ∗∗∗ --------------------------------------------- https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan… ===================== = Vulnerabilities = ===================== ∗∗∗ Yokogawa CENTUM and Exaopc ∗∗∗ --------------------------------------------- This advisory includes mitigations for a permissions, privileges, and access controls vulnerability in the Yokogawa CENTUM series and Exaopc products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01 ∗∗∗ Oracle Critical Patch Update Pre-Release Announcement - April 2018 ∗∗∗ --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2018, which will be released on Tuesday, April 17, 2018. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html ∗∗∗ VMSA-2018-0009 ∗∗∗ --------------------------------------------- vRealize Automation updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0009.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache), openSUSE (libvirt, openssl, policycoreutils, and zziplib), Oracle (firefox and python-paramiko), and Red Hat (python-paramiko). --------------------------------------------- https://lwn.net/Articles/751780/ ∗∗∗ Bugtraq: [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541942 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014440 ∗∗∗ IBM Security Bulletin: IBM MQ clients connecting to an MQ queue manager can cause a SIGSEGV in the amqrmppa channel process terminating it. (CVE-2018-1371) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012983 ∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities which is used by IBM PureApplication Systems/Service (CVE-2017-3736 CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014945 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015346 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by privilege escalation vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015034 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by information disclosure vulnerability in Websphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015032 ∗∗∗ BIG-IP TMM vulnerability CVE-2018-5510 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77671456 ∗∗∗ BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05263202 ∗∗∗ BIG-IP PEM vulnerability CVE-2018-5508 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10329515 ∗∗∗ BIG-IP SOCKS proxy vulnerability CVE-2017-6148 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55225440 ∗∗∗ vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52521791 ∗∗∗ Apache vulnerability CVE-2018-5506 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65355492 ∗∗∗ TMUI vulnerability CVE-2018-5511 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30500703 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6158 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19361245 ∗∗∗ TMM vulnerability CVE-2017-6155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10930474 ∗∗∗ IP Intelligence Feed List vulnerability CVE-2017-6143 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11464209 ∗∗∗ cURL and libcurl vulnerability CVE-2018-1000120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22052524 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.04.2018
by Daily end-of-shift report 12 Apr '18

12 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-04-2018 18:00 − Donnerstag 12-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali ∗∗∗ --------------------------------------------- In this article, we will be focusing on the Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK files. --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ∗∗∗ APT Trends report Q1 2018 ∗∗∗ --------------------------------------------- In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. --------------------------------------------- http://securelist.com/apt-trends-report-q1-2018/85280/ ∗∗∗ New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection ∗∗∗ --------------------------------------------- Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. --------------------------------------------- http://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-e… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities ∗∗∗ --------------------------------------------- Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog ... --------------------------------------------- http://blog.talosintelligence.com/2018/04/simple-direct-media-layer-vulnera… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (poppler), Fedora (koji and libofx), Gentoo (adobe-flash), Oracle (kernel), Red Hat (qemu-kvm-rhev and sensu), and Scientific Linux (firefox). --------------------------------------------- https://lwn.net/Articles/751668/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013955 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in the Apache Portal Runtime (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014874 ∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Spectrum Scale which is used by IBM PureApplication Systems/Service (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015239 ∗∗∗ IBM Security Bulletin: IBM Cloud Manager is affected by a OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015344 ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014914 ∗∗∗ JSA10844 - 2018-04 Security Bulletin: Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&actp=RSS ∗∗∗ JSA10845 - 2018-04 Security Bulletin: SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&actp=RSS ∗∗∗ JSA10846 - 2018-04 Security Bulletin: SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies. (CVE-2018-0018) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&actp=RSS ∗∗∗ JSA10847 - 2018-04 Security Bulletin: Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&actp=RSS ∗∗∗ JSA10848 - 2018-04 Security Bulletin: Junos OS: rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&actp=RSS ∗∗∗ JSA10850 - 2018-04 Security Bulletin: NorthStar: Return Of Bleichenbachers Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&actp=RSS ∗∗∗ JSA10851 - 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851&actp=RSS ∗∗∗ JSA10852 - 2018-04 Security Bulletin: Junos OS: Multiple vulnerabilities in stunnel ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&actp=RSS ∗∗∗ JSA10853 - 2018-04 Security Bulletin: NSM Appliance: Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10853&actp=RSS ∗∗∗ Apache HTTPD vulnerability CVE-2018-1301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78131906 ∗∗∗ OpenSSH vulnerability CVE-2016-10708 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32485746 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.04.2018
by Daily end-of-shift report 11 Apr '18

11 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-04-2018 18:00 − Mittwoch 11-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series: Apktool ∗∗∗ --------------------------------------------- In this article, we will look at the step by step procedure to setup utility called “Apktool” and its usage in android application penetration testing. Introduction Apktool is a utility that can be used for reverse engineering Android applications resources (APK). --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft kümmert sich um mehr als 60 Lücken in Windows & Co. ∗∗∗ --------------------------------------------- Über Windows Update stehen Sicherheitsptaches bereit. Unter anderem schließen diese eine Lücke, über die Angreifer ein Wireless Keyboard in einen Keylogger verwandeln könnten. --------------------------------------------- https://heise.de/-4016580 ∗∗∗ Sicherheitsforscher: Intel-Modem macht neue iPhones für Schadcode anfällig ∗∗∗ --------------------------------------------- Eine Schwachstelle in Baseband-Prozessoren von Intel erlaubt versierten Angreifern das Einschleusen von Schadcode über das Mobilfunknetz. Betroffen sind laut Sicherheitsforschern neue iPhones bis hin zum iPhone X – iOS 11.3 schließt die Lücke. --------------------------------------------- https://heise.de/-4015828 ∗∗∗ AMD-Prozessoren bekommen Windows-10-Update gegen Spectre-V2-Lücke ∗∗∗ --------------------------------------------- Eine Kombination aus einem Windows-Update mit BIOS-Updates für Mainboards soll Windows-10-Rechner mit AMD-Prozessoren ab der 2011 vorgestellten Bulldozer-Generation schützen. --------------------------------------------- https://heise.de/-4016546 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pcs), Fedora (drupal7), openSUSE (git and mercurial), Red Hat (firefox and qemu-kvm-rhev), SUSE (libvirt and xen), and Ubuntu (patch). --------------------------------------------- https://lwn.net/Articles/751548/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of PEM Module in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Invalid Memory Access Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ Security Advisory - Information Leak Vulnerability in the NFC Module of Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015184 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere MQ 5.3 and MQ 8 for HPE NonStop Server (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014367 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an OpenLDAP vulnerability (CVE-2017-9287) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014873 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by glibc vulnerabilities (CVE-2015-8779, CVE-2015-8776) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014870 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015185 ∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012660 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by vulnerabilities in the wget package (CVE-2017-13090, CVE-2017-13089) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013885 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013851 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.04.2018
by Daily end-of-shift report 10 Apr '18

10 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 09-04-2018 18:00 − Dienstag 10-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II ∗∗∗ --------------------------------------------- In the previous article "Advanced Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I," we discussed the advanced threat and common strategies that security professionals practice during targeted attacks in a windows infrastructure, using legitimate binaries. We also learned about the techniques to identify Spawned Processes with the help of the windows [...] --------------------------------------------- http://resources.infosecinstitute.com/advance-persistent-threat-lateral-mov… ∗∗∗ Entwickler warnt vor iOS-Angriffen über Kontakt-Berechtigungen ∗∗∗ --------------------------------------------- Apple unterscheidet aktuell nicht zwischen dem Schreiben und Lesen von Kontakten, wenn Nutzer Apps die Zugriffserlaubnis erteilen. Ein Entwickler schildert nun ein mögliches Szenario zum Abgreifen von Passwörtern. --------------------------------------------- https://heise.de/-4014136 ∗∗∗ Jetzt patchen! Angriffe auf Flash Player leichtgemacht ∗∗∗ --------------------------------------------- Derzeit sind vermehrt Exploits im Umlauf, die es auf eine Lücke in Adobes Flash Player abgesehen haben. Ein Sicherheitspatch erschien bereits im Februar. --------------------------------------------- https://www.heise.de/-4014258 ∗∗∗ BSI stellt Entwicklern Prüf-Tool für digitale Zertifikatsketten zur Verfügung ∗∗∗ --------------------------------------------- Software-Anwendungen wie Browser oder E-Mail-Clients und Hardware-Komponenten wie VPN-Gateways, die auf Grund von Programmierfehlern ungültige Zertifikatsketten akzeptieren, stellen ein Sicherheitsrisiko für die authentisierte und vertrauliche Kommunikation über das Internet dar. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) stellt nun ein Prüf-Tool bereit, das Entwickler bei der korrekten Implementierung dieser Zertifikatspfadvalidierung unterstützt. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/pruef_tool_… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-08), Adobe Experience Manager (APSB18-10), Adobe InDesign CC (APSB18-11), Digital Editions (APSB18-13) and the Adobe PhoneGap Push plugin (APSB18-15). Adobe recommends users update their product installations to the latest versions using [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1542 ∗∗∗ Signal Bypass Screen locker ∗∗∗ --------------------------------------------- Signal for iOS, version 2.23.1.1 and prior, is vulnerable to screen lock bypass. The vulnerability, triggered by some click sequence, allows anyone to bypass password and TouchID authentication protections that iOS users can set on their device in order to increase application security and confidentiality. --------------------------------------------- http://nint.en.do/Signal-Bypass-Screen-locker.php ∗∗∗ SAP Security Patch Day - April 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ ∗∗∗ Update: Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Detaillierte Sicherheitshinweise für das Cisco IOS und IOS XE Smart Install Feature verfügbar ∗∗∗ --------------------------------------------- [...] Cisco hat ein Security Advisory mit Informationen zu CVE-2018-0171 und weiteren - teils schon älteren - Sicherheitslücken im Smart Install Feature von Cisco IOS und Cisco IOS XE veröffentlicht. Cisco empfiehlt die Umsetzung der im Advisory angeführten Maßnahmen zur Absicherung betroffener Systeme. --------------------------------------------- http://www.cert.at/warnings/all/20180329-2.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvorbis and thunderbird), Debian (pjproject), Fedora (compat-openssl10, java-1.8.0-openjdk-aarch32, libid3tag, python-pip, python3, and python3-docs), Gentoo (ZendFramework), Oracle (thunderbird), Red Hat (ansible, gcc, glibc, golang, kernel, kernel-alt, kernel-rt, krb5, kubernetes, libvncserver, libvorbis, ntp, openssh, openssl, pcs, policycoreutils, qemu-kvm, and xdg-user-dirs), SUSE (openssl and openssl1), and Ubuntu (python-crypto, [...] --------------------------------------------- https://lwn.net/Articles/751454/ ∗∗∗ IBM Security Bulletin: eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014742 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z are affected by a vulnerability. gskit ssl ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013978 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Windows is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015200 ∗∗∗ NTP vulnerability CVE-2018-7185 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04912972 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.04.2018
by Daily end-of-shift report 09 Apr '18

09 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-04-2018 18:00 − Montag 09-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ARP Spoofing in 2018: are you protected?, (Mon, Apr 9th) ∗∗∗ --------------------------------------------- This week I was reminded how efficient ARP (Address Resolution Protocol) spoofing attacks might be. A single Android device equipped with offensive tools was enough to fool any device on a network and capture sensitive data. But wait, we are talking about a threat as old as ARP specification from 1982. There arent vulnerable networks to this nowadays, right? Wrong. --------------------------------------------- https://isc.sans.edu/diary/rss/23533 ∗∗∗ Hacked Website Trend Report – 2017 ∗∗∗ --------------------------------------------- We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented stems from the analysis of 34,371 infected websites summarizing the latest trends by bad actors. --------------------------------------------- https://blog.sucuri.net/2018/04/hacked-website-trend-report-2017.html ∗∗∗ The dots do matter: how to scam a Gmail user ∗∗∗ --------------------------------------------- I recently received an email from Netflix which nearly caused caused me to add my card details to someone else’s Netflix account. Here I show that this is a new kind of phishing scam which is enabled by an obscure feature of Gmail called “the dots don’t matter”. I then argue that the dots do matter, and that this Gmail feature is in fact a misfeature. --------------------------------------------- https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-… ∗∗∗ Event Log Auditing, Demystified ∗∗∗ --------------------------------------------- the topic of reviewing event logs has received a fair amount grunts, groans, and questions such as “You honestly expect us to review all of that data?!” or “We have so many systems! Where would we even begin?” or “We already have enough on our plate to worry about!”. Fortunately, the times have changed, and log aggregation has matured over a relatively short amount of time. Its existence alone however is not the complete answer to log auditing woes. --------------------------------------------- https://medium.com/@jeremy.trinka/event-log-auditing-demystified-75b55879f0… ∗∗∗ How to prevent bypassing AppLocker using Alternate Data Streams ∗∗∗ --------------------------------------------- I usually write my blog-posts in german. This one is in english, because Sami Laiho asked me to do a short write-up, to make this problem available to a broader audience. Who is affected and what’s the problem? If you are using AppLocker Application-Whitelisting using Path-Rules with Exceptions you are probably affected. --------------------------------------------- https://hitco.at/blog/howto-prevent-bypassing-applocker-using-alternate-dat… ∗∗∗ Nicht bestellen bei salewaz.top! ∗∗∗ --------------------------------------------- Auf der Website salewaz.top findet man Kleidung und Sportausrüstung der bekannten Marke Salewa. Die Preise der Angebote sind um vieles niedriger als üblich für Salewa-Produkte, weshalb ein Kauf auf den ersten Blick attraktiv erscheint. KonsumentInnen sollten in diesem Shop auf keinen Fall bestellen, denn es handelt sich um betrügerische Anbieter und es wird trotz Bezahlung keine Ware verschickt. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-bei-salewaztop/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure ∗∗∗ --------------------------------------------- Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. --------------------------------------------- http://www.securityfocus.com/archive/1/541931 ∗∗∗ Bugtraq: [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution ∗∗∗ --------------------------------------------- The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. --------------------------------------------- http://www.securityfocus.com/archive/1/541932 ∗∗∗ Authentication Bypass Vulnerability Found in Auth0 Identity Platform ∗∗∗ --------------------------------------------- A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media ... --------------------------------------------- https://thehackernews.com/2018/04/auth0-authentication-bypass.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (openssl and zziplib), Debian (ldap-account-manager, ming, python-crypto, sam2p, sdl-image1.2, and squirrelmail), Fedora (bchunk, koji, libidn, librelp, nodejs, and php), Gentoo (curl, dhcp, libvirt, mailx, poppler, qemu, and spice-vdagent), Mageia (389-ds-base, aubio, cfitsio, libvncserver, nmap, and ntp), openSUSE (GraphicsMagick, ImageMagick, spice-gtk, and wireshark), Oracle (kubernetes), Slackware (patch), and SUSE (apache2 and openssl). --------------------------------------------- https://lwn.net/Articles/751346/ ∗∗∗ The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32518458 ∗∗∗ Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180104-01-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022524 ∗∗∗ IBM Security Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027341 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.04.2018
by Daily end-of-shift report 06 Apr '18

06 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-04-2018 18:00 − Freitag 06-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now ∗∗∗ --------------------------------------------- Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. In an [...] --------------------------------------------- https://thehackernews.com/2018/04/spring-framework-hacking.html ∗∗∗ Sicherheitsforscher finden 1,5 Milliarden sensible Daten ∗∗∗ --------------------------------------------- Forscher des IT-Sicherheitsanbieters Digital Shadows haben eigenen Angaben zufolge weltweit rund 1,5 Milliarden Datensätze in falsch konfigurierten und daher frei zugänglichen Online-Speichern gefunden. Darunter befinden sich sensible Informationen wie medizinische Daten, Gehaltsabrechnungen oder Patente. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/news_forscher_fin… ∗∗∗ From PNG tEXt to Persistent XSS ∗∗∗ --------------------------------------------- I was on job for a client and was playing around with various endpoints they have for uploading files. They're really strict on several things and will only accept files with a .PNG extension. In one place, however, you were able to upload files with a .html extension ... score. Well, not really. You're allowed to upload [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/from-png-text-to-persistent-x… ∗∗∗ Warnung vor sportspoort.de ∗∗∗ --------------------------------------------- Der Online-Shop sportspoort.de verkauft günstige Adidas-Schuhe. Es handelt sich um gefälschte Markenware. Konsument/innen können sie ausschließlich über eine unsichere Verbindung mit ihrer Kreditkarte bezahlen. Die Watchlist Internet rät von einem Einkauf auf sportspoort.de ab, denn der Anbieter ist kriminell. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sportspoortde/ ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation MicroLogix ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authentication vulnerability in the Rockwell MicroLogix Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory includes mitigations for an information exposure vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02 ∗∗∗ LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper check or handling of exceptional conditions vulnerability in LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sharutils), Fedora (firefox, httpd, and mod_http2), openSUSE (docker-distribution, graphite2, libidn, and postgresql94), Oracle (libvorbis and thunderbird), Red Hat (libvorbis, python-paramiko, and thunderbird), Scientific Linux (libvorbis and thunderbird), SUSE (apache2), and Ubuntu (firefox, linux-lts-xenial, linux-aws, and ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/751146/ ∗∗∗ [local] Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44410/ ∗∗∗ [local] Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44411/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1483) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015317 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015269 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Insight ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015268 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) CVE-2016-1000031 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015340 ∗∗∗ Intel SPI Flash Unsafe Opcodes Lets Local Users Cause Denial of Service Conditions ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040626 ∗∗∗ [R1] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-03 ∗∗∗ The BIG-IP ASM CSRF token may fail to renew when the original web server renews its session ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K70517410 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.04.2018
by Daily end-of-shift report 05 Apr '18

05 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-04-2018 18:00 − Donnerstag 05-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs ∗∗∗ --------------------------------------------- Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. --------------------------------------------- https://www.bleepingcomputer.com/news/security/intel-tells-users-to-uninsta… ∗∗∗ Natus Neuroworks: Sicherheitslücken in Gehirnscan-Software entdeckt ∗∗∗ --------------------------------------------- Der Scan der Hirnaktivitäten ist nicht gefährdet, das Krankenhaus aber schon: Sicherheitsexperten haben Schwachstellen in der Software von EEG-Geräten gefunden, die es ermöglichen, Code auf dem Gerät auszuführen und sich Zugriff auf das Krankenhausnetz zu verschaffen. (Security, Cisco) --------------------------------------------- https://www.golem.de/news/natus-neuroworks-sicherheitsluecken-in-gehirnscan… ∗∗∗ Apples Dateisystem: APFS-Probleme bleiben bestehen ∗∗∗ --------------------------------------------- Nach dem letzten Problem rund um die Klartextspeicherung von Passwörtern zu verschlüsselten APFS-Datenträgern stellt sich nach weiteren Untersuchungen heraus, dass die Passwörter mit 10.13.4 weiter lesbar sind. Die Passwörter verbleiben auch nach dem Patch in den Logs. (APFS, Apple) --------------------------------------------- https://www.golem.de/news/apples-dateisystem-apfs-probleme-bleiben-bestehen… ∗∗∗ Understanding Code Signing Abuse in Malware Campaigns ∗∗∗ --------------------------------------------- Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/understanding-c… ∗∗∗ Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client ∗∗∗ --------------------------------------------- Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in U.S. CERTs recent alert. --------------------------------------------- http://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.h… ∗∗∗ Keine 358.80 Euro an toxflix.de und ähnliche Streaming-Plattformen zahlen! ∗∗∗ --------------------------------------------- Die CINE STAR LTD ist laut Impressum verantwortlich für Streaming-Webseiten wie toxflix.de, roxflix.de oder laflix.de. Auf den Seiten werden Filme zum Streamen angeboten, vorab ist aber eine Registrierung durch die InteressentInnen notwendig. Die Anmeldung führt nach Ablauf einer 5-Tagesfrist zum Abschluss einer Premium-Mitgliedschaft und Forderungen in der Höhe von 358,80 Euro im Jahr. Der Betrag muss nicht bezahlt werden, denn ein gültiger Vertrag kommt nie zustande! --------------------------------------------- https://www.watchlist-internet.at/news/keine-35880-euro-an-toxflixde-und-ae… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (drupal), Debian (openjdk-7), Fedora (exempi, gd, and tomcat), SUSE (python-paramiko), and Ubuntu (kernel, libvncserver, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-trusty, and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/751026/ ∗∗∗ Vuln: Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/103653 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013308 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014266 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in Liberty for Java for IBM Cloud (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015292 ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM PureApplication System (CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011238 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect™ Plus ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014937 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK that affect IBM PureApplication System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015284 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015161 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Service (CVE-2017-10295, CVE-2017-10355, CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013492 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2017-10295, CVE-2017-10355) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013493 ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation and Information disclosure affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1731, CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014721 ∗∗∗ IBM Security Bulletin: IBM Distributed Marketing Could Allow an Authenticated but Unauthorized User with Special Access to Change Security Policies (CVE-2017-1109) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015044 ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by multiple GSKit vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015252 ∗∗∗ IBM Security Bulletin: XML External Entity Injection (XXE) Vulnerability Impacts IBM Campaign (CVE-2015-0254) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015263 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services for ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014821 ∗∗∗ IBM Security Bulletin: Denial of Service in Apache CXF used by Liberty for Java for IBM Cloud (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015296 ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM HTTP Server and Denial of Service in Apache CXF used by IBM WebSphere Application Server for IBM Cloud (CVE-2017-12613, CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015297 ∗∗∗ FreeBSD IPsec AH Option Header Infinite Loop Lets Remote Users Cause the Target System to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040628 ∗∗∗ HPE integrated Lights Out (iLO) TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040630 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.04.2018
by Daily end-of-shift report 04 Apr '18

04 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-04-2018 18:00 − Mittwoch 04-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Intel Admits It Wont Be Possible to Fix Spectre (V2) Flaw in Some Processors ∗∗∗ --------------------------------------------- As speculated by the researcher who disclosed Meltdown and Spectre flaws in Intel processors, some of the Intel processors will not receive patches for the Spectre (variant 2) side-channel analysis attack In a recent microcode revision guidance (PDF), Intel admits that it would not be possible to address the Spectre design flaw in its specific old CPUs, because it requires changes to the --------------------------------------------- https://thehackernews.com/2018/04/intel-spectre-vulnerability.html ∗∗∗ Pocket cryptofarms - Investigating mobile apps for hidden mining ∗∗∗ --------------------------------------------- We've noticed that attackers no longer limit themselves to servers, desktops, and laptops. They are increasingly drawn to mobile devices, mainly Android. We decided to take a closer look to see which mobile apps stealthily mine digital coins on user devices and how widespread they are. --------------------------------------------- https://securelist.com/pocket-cryptofarms/85137/ ∗∗∗ BSI warnt vor Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apples Medienverwaltung enthält mehrere kritische Fehler – nicht nur in der enthaltenen Browser-Engine WebKit. Sicherheits-Bugs stecken auch in der iCloud-Unterstützung für Windows. --------------------------------------------- https://heise.de/-4010622 ∗∗∗ Nvidia patcht mehrere Lücken in GPU-Treibern ∗∗∗ --------------------------------------------- Lücken in mehreren Nvidia-Grafikkartentreibern können unter anderem für die Code-Ausführung aus der Ferne missbraucht werden. Gepatchte Versionen stehen zum Download bereit. --------------------------------------------- https://www.heise.de/-4010707 ∗∗∗ LockCrypt ransomware: weakness in code can lead to recovery ∗∗∗ --------------------------------------------- A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/04/lockcrypt-ransomware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Malware Protection Engine: Sicherheitsupdate behebt kritische Schwachstelle ∗∗∗ --------------------------------------------- Am 03.04.18 hat Microsoft ein Update zur Behebung des kritischen Fehlers CVE-2018-0986 in der hauseigenen Antiviren-Software (Microsoft Malware Protection Engine) benutzt in zum Beispiel Windows Defender, Microsoft Security Essentials, Microsoft Intune Endpoint, Microsoft Forefront Endpoint 2010 sowie in Exchange Server 2013 und 2016 unter den Systemen Windows 7 bis Windows 10 beziehungsweise [...] --------------------------------------------- http://www.cert.at/services/blog/20180404151337-2161.html ∗∗∗ Siemens Building Technologies Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for a series of vulnerabilities in Siemens Building Technologies Products, including stack-based buffer overflows, security features, improper restriction of operations within the bounds of a memory buffer, NULL pointer deference, XML entity expansion, heap-based buffer overflow, and improper access control. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 ∗∗∗ USN-3618-1: LibVNCServer vulnerability ∗∗∗ --------------------------------------------- LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. [...] It was discovered that LibVNCServer incorrectly handled certain packetlengths. A remote attacker able to connect to a LibVNCServer could possiblyuse this issue [...] --------------------------------------------- https://usn.ubuntu.com/3618-1/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2, ldap-account-manager, and openjdk-7), Fedora (libuv and nodejs), Gentoo (glibc and libxslt), Mageia (acpica-tools, openssl, and php), SUSE (clamav, coreutils, and libvirt), and Ubuntu (kernel, libraw, linux-hwe, linux-gcp, linux-oem, and python-crypto). --------------------------------------------- https://lwn.net/Articles/750902/ ∗∗∗ IBM Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022442 ∗∗∗ Cacti Input Validation Flaw in get_current_page() Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040620 ∗∗∗ WordPress 4.9.5 Security and Maintenance Release ∗∗∗ --------------------------------------------- https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.04.2018
by Daily end-of-shift report 03 Apr '18

03 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-03-2018 18:00 − Dienstag 03-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Java Deserialization Attack Against Windows, (Tue, Apr 3rd) ∗∗∗ --------------------------------------------- Recently we talked a lot about attacks exploiting Java deserialization vulnerabilties in systems like Apache SOLR and WebLogic. Most of these attacks targeted Linux/Unix systems. But recently, I am seeing more attacks that target windows. For example: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/23513 ∗∗∗ Sicherheitslücke in Apple Mail erlaubte Mitlesen verschlüsselter Nachrichten ∗∗∗ --------------------------------------------- Mit macOS 10.13.4 behebt der Mac-Hersteller einen Bug, über den Angreifer im lokalen Netz an Inhalte von mit S/MIME gesicherter Post gelangen konnten. Ob frühere Betriebssysteme weiterhin betroffen sind, bleibt unklar. --------------------------------------------- https://heise.de/-4009761 ∗∗∗ Fake-Profile sammeln auf Facebook Telefonnummern ∗∗∗ --------------------------------------------- Kriminelle erstellen auf Facebook Fake-Profile und geben sich so als Freund oder Freundin möglicher Opfer aus. Anschließend versuchen sie an die Telefonnummer der Betroffenen zu kommen, um Einkäufe über deren Mobilfunkrechnung tätigen zu können. Wer in die Falle tappt, verliert sein Geld. --------------------------------------------- https://www.watchlist-internet.at/news/fake-profile-sammeln-auf-facebook-te… ∗∗∗ iPhone X-Gewinnspiel kostet 89 Euro im Monat ∗∗∗ --------------------------------------------- Für die Teilnahme an einem iPhone X-Gewinnspiel auf braingamemasters.com sollen Konsumenten monatlich 89 Euro bezahlen. Der Betrag wird für eine Mitgliedschaft für das Spiel Trainyourbrainskils in Rechnung gestellt. Konsumenten müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund. --------------------------------------------- https://www.watchlist-internet.at/news/iphone-x-gewinnspiel-kostet-89-euro-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability ∗∗∗ --------------------------------------------- This vulnerability is discovered by Patrick DeSantis and Dave McDaniel of Cisco TalosToday, Talos is disclosing TALOS-2017-0507 (CVE-2017-14459), a vulnerability that has been identified in Moxa AWK-3131A industrial wireless access point. --------------------------------------------- http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-moxa-awk-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot, irssi, libevt, libvncserver, mercurial, mosquitto, openssl, python-django, remctl, rubygems, and zsh), Fedora (acpica-tools, dovecot, firefox, ImageMagick, mariadb, mosquitto, openssl, python-paramiko, rubygem-rmagick, and thunderbird), Mageia (flash-player-plugin and squirrelmail), Slackware (php), and Ubuntu (dovecot). --------------------------------------------- https://lwn.net/Articles/750759/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (beep and jruby), Fedora (libvncserver), and Ubuntu (openjdk-7 and openjdk-8). --------------------------------------------- https://lwn.net/Articles/750829/ ∗∗∗ 21 IBM Security Advisories 2018-04-03 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ [webapps] osCommerce 2.3.4.1 - Remote Code Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44374/?rss ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… ∗∗∗ Security Advisory - MITM Vulnerability in Huawei Themes App in Some Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170908-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-… ∗∗∗ Android Security Bulletin - April 2018 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2018-04-01.html ∗∗∗ Linux kernel vulnerability CVE-2017-17448 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01043241 ∗∗∗ Apache Commons FileUpload vulnerability CVE-2016-1000031 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25206238 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily April 2018