Daily May 2018

daily@lists.cert.at

1 participants
19 discussions

Tageszusammenfassung - 15.05.2018
by Daily end-of-shift report 15 May '18

15 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 14-05-2018 18:00 − Dienstag 15-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Containers are here. What about container security? ∗∗∗ --------------------------------------------- The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19 percent of hybrid cloud production workloads today, but in just two years’ time, containers will make up one-third of hybrid cloud production workloads. (Note: I am an ESG employee.) Container security issuesNot surprisingly, cybersecurity professionals say rapid growth and proliferation of application containers have led to several security issues:35 --------------------------------------------- https://www.csoonline.com/article/3273347/security/containers-are-here-what… ∗∗∗ IDG Contributor Network: Fact vs. fiction: 6 myths about container security ∗∗∗ --------------------------------------------- DevOps, containers and microservices are eating software development just as software is eating the world. But with the explosive growth of these technologies and methodologies, it’s becoming increasingly difficult to separate fact from fiction. This is particularly the case when talking container security. In this article, we take a look specifically at the myths surrounding container security [...] --------------------------------------------- https://www.csoonline.com/article/3272830/containers/fact-vs-fiction-6-myth… ∗∗∗ Code-Injection: Sicherheitslücke in Signals Desktop-Client ∗∗∗ --------------------------------------------- Eine Code-Injection-Lücke in Signals Desktop-Client ermöglicht es, aus der Ferne JavaScript auszuführen. Ein Update für die Electron-App steht bereit. (Signal, Sicherheitslücke) --------------------------------------------- https://www.golem.de/news/code-injection-sicherheitsluecke-in-signals-deskt… ∗∗∗ Warnung vor CryptoCode ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine E-Mail von Bitcoin Austria. Bei dem Schreiben handelt es sich um Werbung für CryptoCode. Ein Link in der Nachricht führt auf cryptocode.online. Auf der Plattform sollen Besucher/innen Geld einzahlen, damit sie jeden Tag "$15.000" verdienen können. Das einbezahlte Geld ist verloren, denn eine Gewinnausschüttung gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-cryptocode/ ∗∗∗ NIS Update ∗∗∗ --------------------------------------------- Am 9. Mai hätte Österreich die NIS-Direktive umgesetzt haben sollen. Das haben wir verpasst. Wir haben noch immer kein NIS-Gesetz, und leider auch noch keinen Entwurf dazu in Begutachtung. Aber: ein Teil der NIS-Thematik (Anbieter digitaler Dienste) fällt unter die Vollharmonisierung und wird daher direkt aus Brüssel heraus gültig. Die entsprechende Verordnung wurde im Jänner veröffentlicht und ist seit 10. Mai in Kraft. Will man wissen, [...] --------------------------------------------- http://www.cert.at/services/blog/20180515161108-2242.html ===================== = Vulnerabilities = ===================== ∗∗∗ SSA-914382 (Last Update: 2018-05-15): Denial-of-Service Vulnerability in SIMATIC S7-400 ∗∗∗ --------------------------------------------- SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed.The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a new version or implementing specific countermeasures. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf ∗∗∗ VMSA-2018-0011 ∗∗∗ --------------------------------------------- Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0011.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, llpp, and webkit2gtk), Debian (kwallet-pam), Fedora (kernel and pam-kwallet), Gentoo (mpv), Oracle (389-ds-base, firefox, libvirt, and qemu-kvm), and Ubuntu (php5 and php5, php7.0, php7.1, php7.2). --------------------------------------------- https://lwn.net/Articles/754495/ ∗∗∗ BlackBerry powered by Android Security Bulletin - May 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0922/ ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015829 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2018-1512) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012325 ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012281 ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012280 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012283 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012282 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012263 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015254 ∗∗∗ IBM Security Bulletin: IBM Data Risk Manager has released VM v2.0.1 in response to the vulnerability known as Spectre. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013157 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016207 ∗∗∗ Linux kernel vulnerability CVE-2018-8897 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K17403481 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2018
by Daily end-of-shift report 14 May '18

14 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-05-2018 18:00 − Montag 14-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ #efail #fail ∗∗∗ --------------------------------------------- Aktuell gehen Berichte um (Twitter, ars technica, EFF, ...), die vor einem Sicherheitsproblem mit verschlüsselten Mails berichten. Die EFF geht soweit, eine Deinstallation diverser Tools zu empfehlen. Während ich diesen Blogpost schreibe, gingen die Researcher mit ihren Ergebnissen online: https://efail.de/ Yay! Eine Vuln mit coolem Namen und Logo. Hier die wichtigsten Punkte: Das Problem ist nicht die Verschlüsselung, sondern liegt im automatischen [...] --------------------------------------------- http://www.cert.at/services/blog/20180514123156-2221.html ∗∗∗ Mit Electron entwickelte Cross-Plattform-Apps angreifbar ∗∗∗ --------------------------------------------- Cross-Plattform Desktop-Apps, die mit dem Electron Framework erstellt werden, können eine gefährliche Sicherheitslücke aufweisen, durch die ein Cross-Site Scripting Angriff auf sie denkbar ist. Das Electron-Team stellt ein Update zur Verfügung. --------------------------------------------- https://www.heise.de/-4048915 ∗∗∗ Some notes on eFail ∗∗∗ --------------------------------------------- Ive been busy trying to replicate the "eFail" PGP/SMIME bug. I thought Id write up some notes.PGP and S/MIME encrypt emails, so that eavesdroppers cant read them. The bugs potentially allow eavesdroppers to take the encrypted emails theyve captured and resend them to you, reformatted in a way that allows them to decrypt the messages. Disable remote/external content in email The most important defense is to disable "external" or "remote" content from being [...] --------------------------------------------- https://blog.erratasec.com/2018/05/some-notes-on-efail.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-09) and AdobePhotoshop CC (APSB18-17). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1553 ∗∗∗ Rockwell Automation FactoryTalk Activation Manager ∗∗∗ --------------------------------------------- This advisory was posted originally to the HSIN ICS-CERT library on April 12, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory contains mitigations for cross-site scripting, and improper restriction of operations within the bounds of a memory buffer vulnerabilities in Rockwell Automation's FactoryTalk Activation Manager products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02 ∗∗∗ Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet ∗∗∗ --------------------------------------------- MyBiz MyProcureNet is affected by a critical arbitrary file upload vulnerability allowing an attacker to compromise the server by uploading a web shell for issuing OS commands. Furthermore it is affected by cross site scripting issues. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (tiff and tiff3), Fedora (glusterfs, kernel, libgxps, LibRaw, postgresql, seamonkey, webkit2gtk3, wget, and xen), Mageia (afflib, flash-player-plugin, imagemagick, qpdf, and transmission), openSUSE (Chromium, opencv, and xen), SUSE (kernel), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/754430/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.05.2018
by Daily end-of-shift report 11 May '18

11 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-05-2018 18:00 − Freitag 11-05-2018 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-09) ∗∗∗ --------------------------------------------- A prenotification Security Advisory (APSB18-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Monday, May 14, 2018. We will continue to provide updates on the upcoming release via the Security Advisory as well as the Adobe … Continue [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1553 ∗∗∗ Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets ∗∗∗ --------------------------------------------- Five academics from the Vrije University in Amsterdam and one from the University of Cyprus have discovered a way for launching Rowhammer attacks via network packets and network cards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-come-up-with-a-w… ∗∗∗ Lücke in Windows, Linux, macOS: Entwickler missverstehen Intel-Dokumentation ∗∗∗ --------------------------------------------- Weil ihre Entwickler die Dokumentation einer CPU-Funktion missverstanden haben, sind nun fast alle Betriebssysteme anfällig für Manipulationen des Kernel-Speichers. Updates für die Lücke wurden bereits verteilt. --------------------------------------------- https://www.heise.de/security/meldung/Luecke-in-Windows-Linux-macOS-Entwick… ∗∗∗ ATM attacks: How hackers are going for gold ∗∗∗ --------------------------------------------- Imagine winning the lottery and having an ATM spit huge amounts of cash at you. That's exactly what some cyber criminals are after. They're targeting ATMs and launching "jackpotting" attacks, forcing them to dispense bills like a winning slot machine. --------------------------------------------- https://www.helpnetsecurity.com/2018/05/11/atm-attacks/ ∗∗∗ Sicherheitslücke bei "Signal"-App für Mac ∗∗∗ --------------------------------------------- Nachrichten, die verschwinden sollen, leben in der Benachrichtigungsleiste weiter --------------------------------------------- http://derstandard.at/2000079519326 ∗∗∗ One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak ∗∗∗ --------------------------------------------- The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems --------------------------------------------- https://www.welivesecurity.com/2018/05/10/one-year-later-eternalblue-exploi… ∗∗∗ LG patches RCE bug in smartphone keyboards ∗∗∗ --------------------------------------------- LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models. --------------------------------------------- https://www.scmagazineuk.com/news/lg-patches-rce-bug-in-smartphone-keyboard… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (freetype2, libraw, and powerdns), CentOS (389-ds-base and kernel), Debian (php5, prosody, and wavpack), Fedora (ckeditor, fftw, flac, knot-resolver, patch, perl, and perl-Dancer2), Mageia (cups, flac, graphicsmagick, libcdio, libid3tag, and nextcloud), openSUSE (apache2), Oracle (389-ds-base and kernel), Red Hat (389-ds-base and flash-plugin), Scientific Linux (389-ds-base), Slackware (firefox and wget), SUSE (xen), and Ubuntu (wget). --------------------------------------------- https://lwn.net/Articles/754145/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmupdf, mupdf, mupdf-gl, and mupdf-tools), Debian (firebird2.5, firefox-esr, and wget), Fedora (ckeditor, drupal7, firefox, kubernetes, papi, perl-Dancer2, and quassel), openSUSE (cairo, firefox, ImageMagick, libapr1, nodejs6, php7, and tiff), Red Hat (qemu-kvm-rhev), Slackware (mariadb), SUSE (xen), and Ubuntu (openjdk-8). --------------------------------------------- https://lwn.net/Articles/754257/ ∗∗∗ Oracle Java SE vulnerability CVE-2018-2783 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44923228 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.05.2018
by Daily end-of-shift report 09 May '18

09 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-05-2018 18:00 − Mittwoch 09-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ "Hide and Seek" Becomes First IoT Botnet Capable of Surviving Device Reboots ∗∗∗ --------------------------------------------- Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hide-and-seek-becomes-first-… ∗∗∗ PoC Developed for CoinHive Mining In Excel Using Custom JavaScript Functions ∗∗∗ --------------------------------------------- Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poc-developed-for-coinhive-m… ∗∗∗ Call for speakers One Conference ∗∗∗ --------------------------------------------- The international One Conference 2018 will take place on October 2 & 3 in The Hague. Overall theme of this edition is "Merging Worlds – Securing the connected future". --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/call-for-speakers-one-confe… ∗∗∗ Nice Phishing Sample Delivering Trickbot, (Wed, May 9th) ∗∗∗ --------------------------------------------- Users have to deal with phishing for a very long time. Today, most of them remain dumb messages quickly redacted with a simple attached file and a message like "Click on me, its urgent!". Yesterday, I put my hands on a very nice sample that deserve to be dissected to demonstrate that phishing campaigns remain an excellent way to infect a computer! --------------------------------------------- https://isc.sans.edu/diary/rss/23641 ∗∗∗ Massive localstorage[.]tk Drupal Infection ∗∗∗ --------------------------------------------- After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: [...] --------------------------------------------- https://blog.sucuri.net/2018/05/massive-localstorage-tk-drupal-infection.ht… ∗∗∗ Its 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V ∗∗∗ --------------------------------------------- Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon peoples personal information, and so on. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/09/microsoft_w… ∗∗∗ Introducing Orchestrator decryption tool ∗∗∗ --------------------------------------------- Researched and written by Donny Maasland and Rindert Kramer Introduction During penetration tests we sometimes encounter servers running software that use sensitive information as part of the underlying process, such as Microsoft’s System Center Orchestrator. According to Microsoft, Orchestrator is a workflow management solution for data centers and can be used to automate the creation, [...] --------------------------------------------- https://blog.fox-it.com/2018/05/09/introducing-orchestrator-decryption-tool/ ∗∗∗ Netzwerkfähige Medizinprodukte besser schützen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/sicherheits… ∗∗∗ Gandcrab Ransomware Walks its Way onto Compromised Sites ∗∗∗ --------------------------------------------- This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski.Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft. --------------------------------------------- https://blog.talosintelligence.com/2018/05/gandcrab-compromised-sites.html ∗∗∗ Google CTF 2018 is here ∗∗∗ --------------------------------------------- https://security.googleblog.com/2018/05/google-ctf-2018-is-here.html ∗∗∗ Gefälschte Mobilis GmbH-Bestellung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bestellung der Mobilis GmbH. In dem geschäftlichen Schreiben fordern sie von Unternehmen, dass diese den Dateianhang für weiterführende Informationen zum Einkauf öffnen. In Wahrheit verbirgt er Schadsoftware. Aus diesem Grund ist es wichtig, dass Empfänger/in die vermeintliche Bestellung nicht öffnen und die Nachricht in ihren Spam-Ordner verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-mobilis-gmbh-bestellung-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2018-8897 ∗∗∗ --------------------------------------------- Aktuell gehen Medienberichte über einen Bug im Umgang von Betriebssystemen mit Intel und AMD CPUs umher, dazu hatten wir die ersten Rückfragen bezüglich der Kritikalität. Wir sehen das nicht tragisch: der Bug ist nach momentanem Wissensstand weder remote noch via JavaScript etc. ausnutzbar, und daher "nur" eine klassische Privilege Escalation. --------------------------------------------- http://www.cert.at/services/blog/20180509142228-2199.html ∗∗∗ Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and OS command injection vulnerabilities in Silex Technology SX-500, SD-320AN, and GE Healthcare MobileLink devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01 ∗∗∗ Siemens Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation vulnerabilities in Siemens SINAMICS modular drive systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-01 ∗∗∗ Siemens Siveillance VMS ∗∗∗ --------------------------------------------- This advisory includes mitigations for a deserialization of untrusted data vulnerability in the Siemens Siveillance Video Management Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-02 ∗∗∗ Siemens Siveillance VMS Video Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper certificate validation vulnerability in the Siemens Siveillance VMS mobile app. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-03 ∗∗∗ May 2018 Office Update Release ∗∗∗ --------------------------------------------- The May 2018 Public Update releases for Office are now available! This month, there are 30 security updates and 22 non-security updates. All of the security and non-security updates are listed in KB article 4133083. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/05/08… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Gentoo (rsync), openSUSE (Chromium), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and php7), and Ubuntu (dpdk, libraw, linux, linux-lts-trusty, linux-snapdragon, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/754021/ ∗∗∗ Security Update Summary ∗∗∗ --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/summary ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ [R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-04 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01294982 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2796 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K71021401 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2798 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24593421 Next End-of-Day report: 2018-05-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2018
by Daily end-of-shift report 08 May '18

08 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 07-05-2018 18:00 − Dienstag 08-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Office 365 Zero-Day Used in Real-World Phishing Campaigns ∗∗∗ --------------------------------------------- A new email attack known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/office-365-zero-day-used-in-… ∗∗∗ Don’t Share Email with Scripts and Macros ∗∗∗ --------------------------------------------- Sharing documents scripts and macros over email is a habit you want to break, says Broderick Aquilino, Senior Researcher at F-Secure. "Both scripts and macros are commonly used attack vectors," he told us. "Users practicing this increase their risk because it becomes harder for them to distinguish something malicious from what they are receiving day [...] --------------------------------------------- https://safeandsavvy.f-secure.com/2018/05/08/dont-share-email-with-scripts-… ∗∗∗ How to Protect Your Web Applications From XXE Attacks ∗∗∗ --------------------------------------------- XML External Entities (XXE) Attacks are now the 4th greatest risk to web applications as per OWAPS Top 10. --------------------------------------------- https://www.htbridge.com/blog/how-to-protect-your-web-applications-from-xxe… ∗∗∗ Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users ∗∗∗ --------------------------------------------- We discovered a malware family called Maikspy - a multi-platform spyware that can steal users' private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016. Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware… ∗∗∗ Drupal-Lücken: Lenovo versäumt Webseiten-Update und fängt sich Krypto-Miner ein ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt, dass Angreifer gegenwärtig ungepatchte Drupal-Webseiten attackieren, um dort einen Kryptogeld-Miner zu platzieren. Sicherheitsupdates sind schon länger verfügbar. --------------------------------------------- https://www.heise.de/-4044683 ∗∗∗ Mobile Menace Monday: re-emergence of a fake Android AV ∗∗∗ --------------------------------------------- Way back in early 2013, a new antivirus (AV) company emerged into the mobile security software industry that had everyone perplexed. It seemed like a fake Android AV, but received certification by a reputable AV testing organization! Now, five years later, its back. Heres why you shouldnt trust it. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2018/05/mobile-menace-monda… ∗∗∗ 8 Tips to Harden Your Joomla Installation ∗∗∗ --------------------------------------------- Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla [...] --------------------------------------------- https://www.tripwire.com/state-of-security/featured/8-tips-harden-joomla-in… ∗∗∗ Hacking train passenger Wi-Fi ∗∗∗ --------------------------------------------- After speaking about Wi-Fi security at a rail industry conference last week, it struck me that very insecure passenger networks are making their way on to trains. So, here's a quick check list for making sure your pax Wi-Fi network is secure. Similar checks could be applied to your guest network in your office, Wi-Fi [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/hacking-train-passenger-wi-fi/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-12), Adobe Flash Player (APSB18-16), and Adobe Connect (APSB18-18). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1557 ∗∗∗ iPrint Appliance 2.1 Patch 7 ∗∗∗ --------------------------------------------- Abstract: iPrint Appliance 2.1 Patch 7 is a cumulative patch including fixes from all the previous 2.1 patches and hot fixes. Document ID: 5377430Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:iPrint-2.1.0.87.HP.zip (950.24 MB)Products:iPrint Appliance 2.1Superceded Patches:iPrint Appliance 2.1 --------------------------------------------- https://download.novell.com/Download?buildid=uKzGH3eCxf0~ ∗∗∗ SAP Security Patch Day - May 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ ∗∗∗ Android Security Bulletin - May 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-05-05 or later address all of these issues. To learn how to check a devices security patch level, see Check & update your Android version. --------------------------------------------- https://source.android.com/security/bulletin/2018-05-01 ∗∗∗ USN-3639-1: LibRaw vulnerabilities ∗∗∗ --------------------------------------------- libraw vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.04 LTSUbuntu 17.10Ubuntu 16.04 LTSSummarySeveral security issues were fixed in LibRaw.Software Descriptionlibraw - raw image decoder libraryDetailsIt was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to execute arbitrary code.(CVE-2018-10528)It was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to [...] --------------------------------------------- https://usn.ubuntu.com/3639-1/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (wget), SUSE (patch), and Ubuntu (qpdf). --------------------------------------------- https://lwn.net/Articles/753882/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0004 ∗∗∗ --------------------------------------------- Date Reported: May 07, 2018 Advisory ID: WSA-2018-0004 CVE identifiers: CVE-2018-4121, CVE-2018-4200,CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4121 Versions affected: WebKitGTK+ before 2.20.0. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Description: Multiple memory corruptionissues were addressed with improved memory handling. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0004.html ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011364 ∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15526101 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2018
by Daily end-of-shift report 07 May '18

07 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-05-2018 18:00 − Montag 07-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Drupal Sites Fall Victims to Cryptojacking Campaigns ∗∗∗ --------------------------------------------- After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining. --------------------------------------------- https://www.bleepingcomputer.com/news/security/drupal-sites-fall-victims-to… ∗∗∗ SynAck Ransomware Uses Process Doppelgänging Technique ∗∗∗ --------------------------------------------- A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique. --------------------------------------------- https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-proce… ∗∗∗ How to Protect Yourself From GDPR-Related Phishing Scams ∗∗∗ --------------------------------------------- Fourteen emails. That’s the amount of GDPR policy notification emails I’ve received in the past few weeks. The EU’s General Data Protection Regulation (GDPR) compliance deadline is May 25, requiring companies around the world to notify their contacts about data privacy changes under this new rule. --------------------------------------------- http://resources.infosecinstitute.com/protect-gdpr-phishing-scams/ ∗∗∗ Lenovo Patches Arbitrary Code Execution Flaw ∗∗∗ --------------------------------------------- Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line. --------------------------------------------- https://threatpost.com/lenovo-patches-arbitrary-code-execution-flaw/131725/ ∗∗∗ Umsetzung NIS-Richtlinie abgeschlossen - neue Pflichten für Anbieter digitaler Dienste ∗∗∗ --------------------------------------------- Im Zuge der Umsetzung der EU-Richtlinie zur Netzwerk- und Informationssicherheit (NIS-Richtlinie) müssen Anbieter von Suchmaschinen, Cloud-Computing-Diensten und Online-Marktplätzen mit Sitz in Deutschland ab 10. Mai 2018 IT-Sicherheitsvorfälle mit erheblichen Auswirkungen auf den betriebenen Dienst an das Bundesamt für Sicherheit in der Informationstechnik (BSI) melden. Gleichzeitig gelten dann europaweit einheitliche Mindestanforderungen [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/NIS-Richtli… ∗∗∗ MassMiner: Kryptogeld-Miner hat es auf Web-Server abgesehen ∗∗∗ --------------------------------------------- Unbekannte Angreifer attackieren Sicherheitsforschern zufolge derzeit gezielt Server mit verwundbaren Versionen von Apache Struts, Oracle WebLogic und Windows SMB. Sicherheitspatches sind schon länger verfügbar. --------------------------------------------- https://heise.de/-4043366 ∗∗∗ Spectre-NG: Intel verschiebt die ersten Patches – koordinierte Veröffentlichung aufgeschoben ∗∗∗ --------------------------------------------- Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehensoll. --------------------------------------------- https://www.heise.de/-4043790 ∗∗∗ Windows Defender Exploit Guard – Attack Surface Reduction Rules aktivieren ∗∗∗ --------------------------------------------- Mit Windows 10 v1709 hat Microsoft der Defender-Plattform zusätzliche, interessante Features spendiert, die nun mit Win10-Release 1803 um weitere Möglichkeiten ergänzt wurden. So lassen sich zum Beispiel folgende Regeln aktivieren, welche das Risiko einer Malware-Infektion in einigen Szenarien deutlich reduzieren können: [...] --------------------------------------------- https://hitco.at/blog/windows-defender-exploit-guard-attack-surface-reducti… ===================== = Vulnerabilities = ===================== ∗∗∗ Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch") ∗∗∗ --------------------------------------------- Some platforms with integrated GPUs, such as smartphones, may allow both side-channel and rowhammer attacks via WebGL, which may allow a remote attacker to compromise the browser on an affected platform. An attack technique that leverages these vulnerabilities is called "GLitch." --------------------------------------------- https://www.kb.cert.org/vuls/id/283803 ∗∗∗ Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM (Multi-Master Replication Manager for MySQL) it ensures that only one node is writeable at a time. Using MySQL MMM an end user can also choose to move their Virtual IP addresses to different servers depending on their replication [...] --------------------------------------------- https://blog.talosintelligence.com/2018/05/vulnerability-spotlight-mysql-mm… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl, libmad, lucene-solr, tzdata, and wordpress), Fedora (drupal7, scummvm, scummvm-tools, and zsh), Mageia (boost, ghostscript, gsoap, java-1.8.0-openjdk, links, and php), openSUSE (pam_kwallet), and Slackware (python). --------------------------------------------- https://lwn.net/Articles/753687/ ∗∗∗ Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208804 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016092 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015944 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016039 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011857 ∗∗∗ RSA Authentication Manager Bugs Let Remote Users Inject HTTP Headers and Remote Authenticated Users Conduct XML External Entity Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040835 ∗∗∗ Side-channel processor vulnerability CVE-2018-9056 (BranchScope) ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35135935 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.05.2018
by Daily end-of-shift report 04 May '18

04 May '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-05-2018 18:00 − Freitag 04-05-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Dateikompression: Bug in 7-Zip 18.01 ermöglicht Codeausführung beim Entpacken ∗∗∗ --------------------------------------------- Ein Bug macht sich uninitialisierten Speicher zunutze, um darüber beliebigen Code beim Entpacken von Dateiarchiven mit 7-Zip auszuführen. Ein Softwareentwickler hat die Lücke entdeckt und zu Demonstrationszwecken ausgenutzt. Statt dem Windows-Taschenrechner könnte darüber auch Schlimmeres ausgeführt werden. --------------------------------------------- https://www.golem.de/news/dateikompression-bug-in-7-zip-18-01-ermoeglicht-c… ∗∗∗ IMHO: Ein Lob für Twitter und Github ∗∗∗ --------------------------------------------- Bei Github wurden Passwörter versehentlich im Klartext gespeichert. Kurze Zeit später meldete Twitter ein ähnliches Problem. Es gibt keinen Hinweis darauf, dass dadurch Nutzer gefährdet wurden. Trotzdem gingen die Firmen damit transparent um - richtig so! --------------------------------------------- https://www.golem.de/news/imho-ein-lob-fuer-twitter-und-github-1805-134232.… ∗∗∗ Rooting a Logitech Harmony Hub: Improving Security in Todays IoT World ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Red Team recently discovered vulnerabilities present on the Logitech Harmony Hub Internet of Things (IoT) device that could potentially be exploited, resulting in root access to the device via SSH. The Harmony Hub is a home control system designed to connect to and control a variety of devices in the user’s .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/05/rooting-logitech-harmon… ∗∗∗ ICS-Systeme von Schneider Electric: Angreifer könnten Fabriken übernehmen ∗∗∗ --------------------------------------------- In den Industrie-Kontrollsystemen InduSoft Web Studio und InTouch Machine Edition von Schneider Electric klaffen kritische Sicherheitslücken. Patches sind verfügbar. --------------------------------------------- https://www.heise.de/meldung/ICS-Systeme-von-Schneider-Electric-Angreifer-k… ∗∗∗ Wie Google mit veralteten und unsicheren Android-Apps aufräumen will ∗∗∗ --------------------------------------------- Entwickler sehen sich künftig mit wesentlich härteren Vorschriften konfrontiert – Umstellung bringt Mehrarbeit --------------------------------------------- http://derstandard.at/2000078894766 ∗∗∗ Google rolls out .app domains with built-in HTTPS ∗∗∗ --------------------------------------------- The move is part of the company’s HTTPS-everywhere vision for the internet .. --------------------------------------------- https://www.welivesecurity.com/2018/05/04/google-rolls-app-domain-built-htt… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips Brilliance Computed Tomography (CT) System ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for execution with unnecessary privileges, exposure of resource to wrong sphere, and use of hard-coded credentials vulnerabilities in Philips Brillance CT Scanners. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01 ∗∗∗ Lantech IDS 2102 ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and stack-based buffer overflow vulnerabilities in the Lantech IDS 2102 Ethernet device server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01 ∗∗∗ DSA-4191 redmine - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4191 ∗∗∗ DSA-4189 quassel - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4189 ∗∗∗ Security Advisory 2018-01: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-01-security-update-for-ot… ∗∗∗ Use of hardcoded credentials for communication between Meru access points and FortiWLC ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-274 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2018
by Daily end-of-shift report 03 May '18

03 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-05-2018 18:00 − Donnerstag 03-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Notfall-Hotline für von Cybercrime betroffene Unternehmen in Wien ∗∗∗ --------------------------------------------- Anzeigen wegen Cybercrime-Delikten sind im Vorjahr in Österreich um rund 28 Prozent gestiegen. ... Die WK Wien startete deshalb eine Notfall-Hotline für betroffene Unternehmen. --------------------------------------------- http://derstandard.at/2000079106868 ∗∗∗ Threat Roundup for April 20-27 ∗∗∗ --------------------------------------------- Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 20 and 27. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics, indicators of compromise... --------------------------------------------- http://blog.talosintelligence.com/2018/04 /threat-round-up-0420-0427.html ∗∗∗ Betrug mit gefälschter Microsoft-Warnung ∗∗∗ --------------------------------------------- Mit einer gefälschten Microsoft-Warnung fordern Kriminelle von Konsument/innen, dass sie telefonisch Kontakt mit einem Support-Center aufnehmen. Es teilt ihnen mit, dass ihr Computer mit Schadsoftware befallen sei. Aus diesem Grund sollen sie ein Programm herunterladen und für die Hilfestellung bezahlen. Kommen die Konsument/innen den Aufforderungen nach, verlieren sie Geld und infizieren ihr Endgerät mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news /betrug-mit-gefaelschter-microsoft-warnung/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: * WebEx Advanced Recording Format Remote Code Execution Vulnerability cisco-sa-20180502-war * Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability cisco-sa-20180502-prime-upload * Secure Access Control System Remote Code Execution Vulnerability cisco-sa-20180502-acs1 * Wireless LAN Controller 802.11 Management Frame Denial-of-Service Vulnerability cisco-sa-20180502-wlc-mfdos * Wireless LAN Controller IP Fragment Reassembly Denial-of-Service Vulnerability cisco-sa-20180502-wlc-ip * Meeting Server Remote Code Execution Vulnerability cisco-sa-20180502-cms-cx * Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial-of-Service Vulnerability cisco-sa-20180502-ap-ptp * Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability cisco-sa-20180502-aironet-ssh --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/05/02 /Cisco-Releases-Security-Updates ∗∗∗ Weitere Spectre-Lücken im Anflug ∗∗∗ --------------------------------------------- Ganze acht neue Sicherheitslücken in Intel-CPUs haben mehrere Forscher-Teams dem Hersteller bereits gemeldet, die aktuell noch geheimgehalten werden. ... Die konkrete Gefahr für Privatleute und Firmen-PCs ist hingegen eher gering, weil es dort in aller Regel andere, einfacher auszunutzende Schwachstellen gibt. Trotzdem sollte man sie ernst nehmen und die anstehenden Spectre-NG-Updates nach deren Erscheinen zügig einspielen. --------------------------------------------- https://heise.de/-4039134 ∗∗∗ Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar 3. Mai 2018 Beschreibung Das IT-Security Consulting Unternehmen SEC-Consult hat eine kritische Sicherheitslücke in der verbreiteten Software Oracle Access Manager (OAM) entdeckt, die in vielen Umgebungen für Single-Sign-On und andere Login-Szenarios verwendet wird. CVE-Nummer: CVE-2018-2879 Auswirkungen Angreifer können sich durch Ausnutzen der Lücke mit beliebigen Accounts (auch --------------------------------------------- http://www.cert.at/warnings/all/20180503.html ∗∗∗ Docker für Windows: Microsoft patcht Go-Bibliothek hcsshim ∗∗∗ --------------------------------------------- Wer Docker zur Containervirtualisierung unter Windows nutzt oder selbst Go-Programme entwickelt, sollte dringend die Aktualität des "Windows Host Compute Service Shim" (hcsshim)-Packages auf seinem System überprüfen. --------------------------------------------- https://heise.de/-4040139 ∗∗∗ SSA-546832 (Last Update: 2018-05-03): Vulnerabilities in Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf ∗∗∗ SSA-468514 (Last Update: 2018-05-03): Improper Certificate Validation Vulnerability in Siveillance VMS Video Mobile App for Android and iOS ∗∗∗ --------------------------------------------- The latest update for the Siveillance VMS Video mobile app for Android and iOS fixes a security vulnerability that could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. Precondition for this scenario is that an attacker is able to intercept the communication channel between the affected app and a server, and is also able to generate a certificate that results for the validation algorithm in --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf ∗∗∗ SSA-457058 (Last Update: 2018-05-03): .NET Security Vulnerability in Siveillance VMS ∗∗∗ --------------------------------------------- Siemens has released software updates for Siveillance VMS which fix a security vulnerability with the .NET Remoting deserialization that could allow elevation of privileges and/or causing a Denial-of-Service, if affected ports are exposed. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf ∗∗∗ HPESBHF03841 rev.1 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- Several HPE servers that use AMD processors are vulnerable to security defects (Fallout/Masterkey) which allow local unauthorized elevation of privilege, unauthorized modification of information, unauthorized disclosure of information, and Denial of Service. --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, librelp, patch, and python-paramiko), Debian (kernel and quassel), Gentoo (chromium, hesiod, and python), openSUSE (corosync, dovecot22, libraw, patch, and squid), Oracle (java-1.7.0-openjdk), Red Hat (go-toolset-7 and go-toolset-7-golang, java-1.7.0-openjdk, and rh-php70-php), and SUSE (corosync and patch). --------------------------------------------- https://lwn.net/Articles/753457/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK IBM Rational Software Architect and Rational Software Architect for WebSphere Software. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015990 ∗∗∗ IBM Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013601 ∗∗∗ IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012311 ∗∗∗ IBM Security Bulletin: ISC DHCP vulnerability affects TS4500 Tape Library (CVE-2018-5732) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012247 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.05.2018
by Daily end-of-shift report 02 May '18

02 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 30-04-2018 18:00 − Mittwoch 02-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Millionen Autos von Volkswagen und Audi können gehackt werden ∗∗∗ --------------------------------------------- Zwei Sicherheitsforscher haben eine Sicherheitslücke entdeckt, die zahlreiche populäre Fahrzeuge betrifft. --------------------------------------------- https://futurezone.at/digital-life/millionen-autos-von-volkswagen-und-audi-… ∗∗∗ Security baseline for Windows 10 “April 2018 Update” (v1803) – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 “April 2018 Update,” also known as version 1803, “Redstone 4,” or RS4. Download the .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-f… ∗∗∗ 7-Zip: From Uninitialized Memory to Remote Code Execution ∗∗∗ --------------------------------------------- After my previous post on the 7-Zip bugs CVE-2017-17969 and CVE-2018-5996, I continued to spend time on analyzing antivirus software. As it happens, I found a new bug that (as the last two bugs) .. --------------------------------------------- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-e… ∗∗∗ Jetzt absichern! Oracle WebLogic Server im Visier von Angreifern ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrt Scans nach verwundbaren WebLogic Servern. Updates stehen bereit – Angreifer sollen den Schutz jedoch umgehen können. --------------------------------------------- https://www.heise.de/meldung/Jetzt-absichern-Oracle-WebLogic-Server-im-Visi… ∗∗∗ Windows 10 1803 ohne Microcode-Updates gegen Spectre V2 ∗∗∗ --------------------------------------------- Die Installation des Windows 10 April 2018 Update verdrängt Microcode-Updates für Intel-Prozessoren aus dem Update KB4090007, die vor der Sicherheitslücke Spectre V2 schützen - man braucht also wieder BIOS-Updates. --------------------------------------------- https://www.heise.de/meldung/Windows-10-1803-ohne-Microcode-Updates-gegen-S… ∗∗∗ Spammer missbrauchen ungefilterte Redirects in Google Maps ∗∗∗ --------------------------------------------- Kriminelle nutzen Googles Online-Kartendienst Maps, um Opfer mittels offener Redirects auf gefährliche Irrwege zu führen. Das Unternehmen weiß um das Problem, scheint aber bislang keinen Handlungsbedarf zu sehen. --------------------------------------------- https://www.heise.de/meldung/Spammer-missbrauchen-ungefilterte-Redirects-in… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cups-filters, ghostscript, glusterfs, PackageKit, qpdf, and xen), Mageia (anki, libofx, ming, sox, webkit2, and xdg-user-dirs), Oracle (corosync, java-1.7.0-openjdk, and pcs), Red Hat (java-1.7.0-openjdk), Scientific Linux (corosync, firefox, gcc, glibc, golang, java-1.7.0-openjdk, java-1.8.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/753257/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: CA20180501-01: Security Notice for CA Spectrum ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541977 ∗∗∗ Vuln: PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104020 ∗∗∗ Security Advisory - Two Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2018-1000005, CVE-2018-1000007) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014495 ∗∗∗ IBM Security Bulletin: API Connect is affected by an information leakage vulnerability (CVE-2018-1468) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015968 ∗∗∗ IBM SECURITY BULLETIN: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar SIEM. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015825 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2018