Daily August 2018

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 31.08.2018
by Daily end-of-shift report 31 Aug '18

31 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-08-2018 18:00 − Freitag 31-08-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Firework: Leveraging Microsoft Workspaces in a Penetration Test ∗∗∗ --------------------------------------------- WCX files can be used to configure a Microsoft Workplace on a system with a couple of clicks. The enrollment process could disclose credentials in the form of a NetNTLM hash. Authentication will either take place automatically on older [...] --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/Firework--Leveraging-Micros… ∗∗∗ BEC fraud burgeoning despite training ∗∗∗ --------------------------------------------- Business email compromises (BEC) - commonly referred to as CEO Fraud because the CEOs identity is being impersonated - continues to grow and, more significantly, succeed due to the simplicity and urgency of the attacks, according to recent study from Barracuda of some 3,000 attacks. --------------------------------------------- https://www.scmagazine.com/bec-fraud-burgeoning-despite-training/article/79… ∗∗∗ John McAfees "unhackbares" Bitcoin-Wallet Bitfi gehackt – mehrmals ∗∗∗ --------------------------------------------- Zum wiederholten Male haben Sicherheitsforscher eigentlich geheime Passphrasen aus dem Bitcoin-Wallet Bitfi ausgelesen. --------------------------------------------- http://heise.de/-4152116 ∗∗∗ How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN) ∗∗∗ --------------------------------------------- [...] Earlier this week security researcher SandboxEscaper published details and proof-of-concept (POC) for a "0day" local privilege escalation vulnerability in Windows Task Scheduler service, which allows a local unprivileged user to change permissions of any file on the system - and thus subsequently replace or modify that file. As the researchers POC demonstrates, one can use this vulnerability [...] --------------------------------------------- https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html ===================== = Vulnerabilities = ===================== ∗∗∗ Philips e-Alert Unit ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for numerous vulnerabilities in Phillips e-Alert Unit, a non-medical device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, bind9, and squirrelmail), Fedora (dolphin-emu), openSUSE (libX11), SUSE (cobbler, GraphicsMagick, ImageMagick, liblouis, postgresql10, qemu, and spice), and Ubuntu (libx11). --------------------------------------------- https://lwn.net/Articles/763906/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.08.2018
by Daily end-of-shift report 30 Aug '18

30 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-08-2018 18:00 − Donnerstag 30-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ What are botnets downloading? ∗∗∗ --------------------------------------------- Every day we intercept numerous file-download commands sent to bots of various types and families. Here we present the results of our botnet activity analysis for H2 2017 and H1 2018. --------------------------------------------- https://securelist.com/what-are-botnets-downloading/87658/ ∗∗∗ Crypto Mining Is More Popular Than Ever!, (Thu, Aug 30th) ∗∗∗ --------------------------------------------- We already wrote some diaries about crypto miners and they remain more popular than ever. Based on my daily hunting statistics, we can see that malicious scripts performing crypto mining operations .. --------------------------------------------- https://isc.sans.edu/diary/rss/24050 ∗∗∗ Kritische Lücke in der Klinik: Netzwerk-Gateways am Krankenbett angreifbar ∗∗∗ --------------------------------------------- Capsule-Netzwerkgeräte der Firma Qualcomm Life verbinden Geräte am Krankenbett mit dem Krankenhaus-Netzwerk. Hier klafft eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4151345 ∗∗∗ Intel entwickelt Spezial-Linux für sicherheitskritische Einsätze ∗∗∗ --------------------------------------------- Das Intel Safety Critical Project for Linux OS soll autonome Roboter, Drohnen und selbstfahrende Autos sicher machen. --------------------------------------------- http://heise.de/-4151374 ∗∗∗ Rocke: The Champion of Monero Miners ∗∗∗ --------------------------------------------- Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine .. --------------------------------------------- https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.… ∗∗∗ Cyberkriminalität - Schwedischer Wahlkampf vermehrt Cyberangriffen ausgesetzt ∗∗∗ --------------------------------------------- Gefälschte Social-Media-Accounts verbreiten vermehrt falsche Informationen --------------------------------------------- https://derstandard.at/2000086347410/Schwedischer-Wahlkampf-vermehrt-Cybera… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libx11), Fedora (bouncycastle, libxkbcommon, libzypp, nodejs, ntp, openssh, tomcat, xen, and zypper), Red Hat (ansible, kernel, and opendaylight), and SUSE (apache2, cobbler, ImageMagick, libtirpc, libzypp, zypper, and qemu). --------------------------------------------- https://lwn.net/Articles/763824/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - August 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Bing Autosuggest API - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-058 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-058 ∗∗∗ Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2018-057 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-057 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.08.2018
by Daily end-of-shift report 29 Aug '18

29 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-08-2018 18:00 − Mittwoch 29-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776 ∗∗∗ --------------------------------------------- After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week. --------------------------------------------- https://www.bleepingcomputer.com/news/security/active-attacks-detected-usin… ∗∗∗ OpenSSH Versions Since 2011 Vulnerable to Oracle Attack ∗∗∗ --------------------------------------------- OpenSSH continues to be vulnerable to oracle attacks, and the issue affects all versions of the suite since September 2011. Developers fixed a similar bug less than a week ago. --------------------------------------------- https://www.bleepingcomputer.com/news/security/openssh-versions-since-2011-… ∗∗∗ Loki Bot: On a hunt for corporate passwords ∗∗∗ --------------------------------------------- Starting in early July, we have seen malicious spam activity that has targeted corporate mailboxes. Messages .. --------------------------------------------- https://securelist.com/loki-bot-stealing-corporate-passwords/87595/ ∗∗∗ 3D Printers in The Wild, What Can Go Wrong?, (Wed, Aug 29th) ∗∗∗ --------------------------------------------- Richard wrote a quick diary yesterday about an interesting information that we received from one of our readers. It&#;x26;#;39;s about a huge amount of OctoPrint interfaces that are publicly facing the Internet. Octoprint[1] is a web interface for .. --------------------------------------------- https://isc.sans.edu/diary/rss/24044 ∗∗∗ PHP-Paket-Repository Packagist.org war für Schadcode anfällig ∗∗∗ --------------------------------------------- In der Webseite Packagist.org klaffte eine gefährliche Sicherheitslücke. Angreifer hätten mit vergleichsweise wenig Aufwand Schadcode ausführen können. --------------------------------------------- http://heise.de/-4149216 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4281 tomcat8 - security update ∗∗∗ --------------------------------------------- Several issues were discovered in the Tomcat servlet and JSPengine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. --------------------------------------------- https://www.debian.org/security/2018/dsa-4281 ∗∗∗ Cisco Data Center Network Manager Path Traversal Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system.The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.08.2018
by Daily end-of-shift report 28 Aug '18

28 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Montag 27-08-2018 18:00 − Dienstag 28-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitsforscher warnen vor kritischer Lücke in Windows ∗∗∗ --------------------------------------------- Eine neue Schwachstelle betrifft offenbar auch vollständig aktualisierte Windows-10-Computer. --------------------------------------------- https://futurezone.at/produkte/sicherheitsforscher-warnen-vor-kritischer-lu… ∗∗∗ Android-Smartphones durch AT-Modembefehle aus den 80ern angreifbar ∗∗∗ --------------------------------------------- Angreifer können neue Firmware flashen, Spionage betreiben und Android-Sicherheitsfunktionen deaktivieren. --------------------------------------------- http://heise.de/-4147013 ∗∗∗ Apache Struts: Exploit für kritische Lücke aufgetaucht ∗∗∗ --------------------------------------------- Admins von Webseiten, die Apache Struts nutzen, sollten dringendst prüfen, ob sie Updates für eine vor kurzem entdeckte Sicherheitslücke eingespielt haben. --------------------------------------------- http://heise.de/-4147203 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Creative Cloud Desktop Application (APSB18-32) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1602 ∗∗∗ [20180803] - Core - ACL Violation in custom fields ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/745-20180803-core-acl-violatio… ∗∗∗ [20180802] - Core - Stored XSS vulnerability in the frontend profile ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-v… ∗∗∗ [20180801] - Core - Hardening the InputFilter for PHAR stubs ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/743-20180801-core-hardening-th… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.08.2018
by Daily end-of-shift report 27 Aug '18

27 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-08-2018 18:00 − Montag 27-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability ∗∗∗ --------------------------------------------- Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability. --------------------------------------------- https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnera… ∗∗∗ Password Protected Word Document Delivers HERMES Ransomware ∗∗∗ --------------------------------------------- Evading AV detection is part of a malware authors routine in crafting spam campaigns and an old and effective way of achieving this is spamming a password protected document. Recently, we observed such a .. --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/Password-Protected-Word-Doc… ∗∗∗ Well, cant get hacked if your PC doesnt work... McAfee yanks BSoDing Endpoint Security patch ∗∗∗ --------------------------------------------- Dont install August update, world+dog warned McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their .. --------------------------------------------- www.theregister.co.uk/2018/08/24/mcafee_blue_screen_of_death/ ∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: An own goal and serious foul: Spanish football league’s app turns 10 million users into involuntarily .. --------------------------------------------- https://securityblog.switch.ch/2018/08/27/a-new-issue-of-our-switch-securit… ∗∗∗ Schwachstelle Royale: Fortnite-Installer für Android offen für freies Nachladen ∗∗∗ --------------------------------------------- Bei der Android-Version von Fortnite Battle Royale umging Epic Games den Play Store und lieferte einen eigenen Installer – mit gravierender Sicherheitslücke. --------------------------------------------- http://heise.de/-4145876 ∗∗∗ Who’s Behind the Screencam Extortion Scam? ∗∗∗ --------------------------------------------- The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, its likely that additional spammers and scammers piled on with their own versions of the phishing email after .. --------------------------------------------- https://krebsonsecurity.com/2018/08/whos-behind-the-screencam-extortion-sca… ∗∗∗ Verschlüsselung - Wenn Paypal und Co plötzlich nicht mehr funktionieren ∗∗∗ --------------------------------------------- Mozilla und Google vertrauen Symantec-Zertifikaten in Entwicklungsversionen ihrer Browser nicht mehr --------------------------------------------- https://derstandard.at/2000086139348/Wenn-Paypal-und-Co-ploetzlich-nicht-me… ===================== = Vulnerabilities = ===================== ∗∗∗ Synology-SA-18:50 Drive ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Drive. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_50 ∗∗∗ File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-056 ∗∗∗ Multiple Cross Site Scripting on FortiCloud Web Interface Login ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-026 ∗∗∗ Forgot password link doesnt expire after use ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-074 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.08.2018
by Daily end-of-shift report 24 Aug '18

24 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-08-2018 18:00 − Freitag 24-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Botnetz: Mirai-Malware gefährdet durch Cross-Compiling noch mehr Systeme ∗∗∗ --------------------------------------------- Eine neue Mirai-Variante kann mittels Aboriginal Linux nun u.a. auch Android- und Debian-Systeme infizieren und in ein Botnetz einspannen. --------------------------------------------- http://heise.de/-4144912 ∗∗∗ Warnung vor hoverboardmarkt.at ∗∗∗ --------------------------------------------- Auf hoverboardmarkt.at finden Konsument/innen stark rabattierte Hoverboards. Es ist unbekannt, wer den Online-Shop betreibt. Es zeigen sich weitere Auffälligkeiten bei dem Anbieter. Aus diesem Grund ist es am sichersten, wenn Konsument/innen nicht bei hoverboardmarkt.at einkaufen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-hoverboardmarktat/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMware Virtual Appliances, L1 Terminal Fault (L1TF): Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein lokaler, nicht authentisierter Angreifer kann diese Schwachstelle über einen Terminal Seitenfehler (Terminal Page Fault) ausnutzen, um in einem Seitenkanalangriff (Side-Channel Analysis) unautorisiert Informationen aus dem L1 Data Cache auszuspähen. Die Schwachstelle betrifft auch eine Reihe von VMware Produkten, unter anderem vCenter Server (vCSA) 6.0, 6.5 und 6.7 und vSphere Data Protection (VDP) 6.x. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1622/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (kernel-headers), Mageia (bind, cgit, dpkg, sssd, and thunderbird), openSUSE (libXcursor and python-Django), Oracle (postgresql), Red Hat (postgresql), Scientific Linux (postgresql), SUSE (libreoffice, openssl, and xen), and Ubuntu (kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-lts-xenial, linux-aws, and spice, spice-protocol). --------------------------------------------- https://lwn.net/Articles/763429/ ∗∗∗ Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence IX5000 Series and TelePresence TX9000 Series Cross-Frame Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability When Using the RememberMe feature affects WebSphere Commerce ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728829 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by multiple kernel vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728537 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (SNSC) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729112 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Insight ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10719165 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Reporting for Development Intelligence ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10719163 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.08.2018
by Daily end-of-shift report 23 Aug '18

23 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-08-2018 18:00 − Donnerstag 23-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Intel erklärt Hardware-Schutz gegen Spectre- & Meltdown-Lücken ∗∗∗ --------------------------------------------- Kommende "Cascade Lake"-Xeons sind gegen Meltdown-Attacken unempfindlich und auch gegen viele Spectre-Attacken – aber Software-Patches bleiben nötig. --------------------------------------------- http://heise.de/-4144368 ∗∗∗ Tool - OpenSSH: Neue Version beseitigt 19 Jahre alte Lücke ∗∗∗ --------------------------------------------- War bereits in der allerersten Version der Software enthalten – Angreifer konnten Nutzernamen raten --------------------------------------------- https://derstandard.at/2000085926326/OpenSSH-Neue-Version-beseitigt-19-Jahr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel and tomcat-native), Fedora (axis, CuraEngine-lulzbot, nodejs, python-uranium-lulzbot, and sleuthkit), Gentoo (chromium, lxc, networkmanager-vpnc, and .. --------------------------------------------- https://lwn.net/Articles/763283/ ∗∗∗ Synology-SA-18:49 Ghostscript ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) when the AirPrint feature is enabled. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_49 ∗∗∗ Vuln: Multiple Symantec Products CVE-2018-5238 DLL Loading Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105100 ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728689 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a remote command injection vulnerability (CVE-2018-1722) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10719623 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection. (CVE-2018-1699) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10725805 ∗∗∗ Side-channel processor vulnerability CVE-2018-3693 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54252492 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.08.2018
by Daily end-of-shift report 22 Aug '18

22 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-08-2018 18:00 − Mittwoch 22-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Android Triout Malware Can Record Phone Calls, Steal Pictures ∗∗∗ --------------------------------------------- Security researchers from Bitdefender have discovered a new Android malware strain named Triout that comes equipped with intrusive spyware capabilities, such as the ability to record phone calls and steal pictures taken with the device. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-android-triout-malware-c… ∗∗∗ Unterkunft nicht bei benaco-ferienwohnungen.de buchen ∗∗∗ --------------------------------------------- Auf benaco-ferienwohunungen.de findet man günstige Unterkünfte am Gardasee. Die Inserate wurden jedoch zu betrügerischen Zwecken von echten Portalen kopiert. Die gebotenen Unterkünfte können nicht gebucht werden und Kunden werden um ihr Geld betrogen. --------------------------------------------- https://www.watchlist-internet.at/news/unterkunft-nicht-bei-benaco-ferienwo… ===================== = Vulnerabilities = ===================== ∗∗∗ Bislang kein Patch: Gefährliche Sicherheitslücken im PDF/Postscript-Interpreter Ghostscript ∗∗∗ --------------------------------------------- Angreifer könnten über Schwachstellen im weit verbreiteten Ghostscript-Interpreter Schadcode ausführen. Derzeit gibt es nur einen Workaround zum Schutz. --------------------------------------------- http://heise.de/-4143153 ∗∗∗ Kritische Sicherheitslücke in Apache Struts 2 - Patches verfügbar ∗∗∗ --------------------------------------------- Es wurde eine kritische Sicherheitslücke in Apache Struts 2 gefunden, die schwerwiegende Folgen für die Sicherheit von Webservern, die dieses Framework einsetzen, haben kann. --------------------------------------------- http://www.cert.at/warnings/all/20180822.html ∗∗∗ Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades ∗∗∗ --------------------------------------------- A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999. [...] This bug allows a remote attacker to guess the usernames registered on an OpenSSH server. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-op… ∗∗∗ Philips IntelliVue Information Center iX ∗∗∗ --------------------------------------------- This medical device advisory includes mitigation recommendations for a resource exhaustion vulnerability in Philips IntelliVue Information Center iX real-time central monitoring system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01 ∗∗∗ Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for stack-based buffer overflow vulnerabilities in Yokogawas iDefine, STARDOM, ASTPLANNER, and TriFellows products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-233-01 ∗∗∗ PMASA-2018-5 ∗∗∗ --------------------------------------------- A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Assigned CVE ids: CVE-2018-15605 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2018-5/ ∗∗∗ Adobe Photoshop CC: Zwei Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Zwei Schwachstellen in Adobe Photoshop CC 2017 18.1.5 und CC 2018 19.1.5 sowie den jeweils früheren Versionen für Windows und macOS ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes im Sicherheitskontext des aktiven Benutzers. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1697/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openssh and otrs2), Fedora (gifsicle, lighttpd, quazip, and samba), Red Hat (openstack-keystone), Scientific Linux (mutt), Slackware (libX11), SUSE (gtk2, ImageMagick, libcgroup, and libgit2), and Ubuntu (base-files). --------------------------------------------- https://lwn.net/Articles/763157/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affects IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10726077 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016774 ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10726081 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in IBM WebSphere Application Server (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728345 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack (CVE-2018-1739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10725439 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by NTP vulnerabilities (CVE-2017-6462, CVE-2017-6463, CVE-2017-6464) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728215 ∗∗∗ IBM Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security Access Manager releases are affected by a Kerberos vulnerability (CVE-2017-11462) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015092 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.08.2018
by Daily end-of-shift report 21 Aug '18

21 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Montag 20-08-2018 18:00 − Dienstag 21-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ USB-Kabel können Computer mit Trojanern infizieren ∗∗∗ --------------------------------------------- Sicherheitsforschern ist es gelungen, USB-Ladekabel so zu modifizieren, dass sie Trojaner einschleusen können. --------------------------------------------- https://futurezone.at/produkte/usb-kabel-koennen-computer-mit-trojanern-inf… ∗∗∗ TLS developers should ditch pseudo constant time crypto processing ∗∗∗ --------------------------------------------- Fixes for Lucky 13-type bugs could still be vulnerable More than five years after cracks started showing in the Transport Layer Security (TLS) network crypto protocol, the author of the "Lucky 13" attack has poked holes in the fixes .. --------------------------------------------- www.theregister.co.uk/2018/08/21/tls_developers_should_ditch_pseudo_constan… ∗∗∗ Microsoft: Russische Hacker nehmen Trump-kritische Republikaner ins Visier ∗∗∗ --------------------------------------------- Im Kampf gegen mutmaßlich russische Hacker hat Microsoft weitere Erfolge verkündet: Für Phising-Angriffe auf Republikaner nutzbare Domains wurden entschärft. --------------------------------------------- http://heise.de/-4142219 ∗∗∗ How often are users’ DNS queries intercepted? ∗∗∗ --------------------------------------------- A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix Security Symposium last week. The problem Most Internet connections are preceded by a DNS address lookup request, as the Domain Name System (DNS) “translates” .. --------------------------------------------- https://www.helpnetsecurity.com/2018/08/21/dns-interception/ ∗∗∗ The enemy is us: a look at insider threats ∗∗∗ --------------------------------------------- It could be the engineer in the IT department, the janitor mopping the lobby, one of the many managers two floors up, or the contractor who’s been in and out the office for weeks now. Or, maybe it could be you. It .. --------------------------------------------- https://blog.malwarebytes.com/101/2018/08/the-enemy-is-us-a-look-at-insider… ∗∗∗ Darkhotel APT is back: Zero-day vulnerability in Microsoft VBScript is exploited ∗∗∗ --------------------------------------------- VBScript is available in the latest versions of Windows and Internet Explorer 11. However, Microsoft disabled VBScript execution in the latest version of Windows .. --------------------------------------------- https://blog.360totalsecurity.com/en/darkhotel-apt-is-back-zero-day-vulnera… ∗∗∗ Skype - Skype führt "Ende-zu-Ende-Verschlüsselung" ein ∗∗∗ --------------------------------------------- Die Verschlüsselung ist allerdings nicht automatisch aktiviert --------------------------------------------- https://derstandard.at/2000085764456/Skype-fuehrt-Ende-zu-Ende-Verschluesse… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4279 linux - security update ∗∗∗ --------------------------------------------- Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw .. --------------------------------------------- https://www.debian.org/security/2018/dsa-4279 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.08.2018
by Daily end-of-shift report 20 Aug '18

20 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-08-2018 18:00 − Montag 20-08-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Week in Ransomware - August 17th 2018 - Princess Evolution & Dharma ∗∗∗ --------------------------------------------- The biggest news was the release of the Princess Evolution RaaS and a new variant of the Dharma ransomware utilizing the .cmb extension for encrypted files. Otherwise, it was mostly small variants released that will not likely have many victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-augus… ∗∗∗ New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles ∗∗∗ --------------------------------------------- A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-va… ∗∗∗ New "Turning Tables" Technique Bypasses All Windows Kernel Mitigations ∗∗∗ --------------------------------------------- Security researchers have discovered a new exploitation technique that they say can bypass the kernel protection measures present in the Windows operating systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-turning-tables-technique… ∗∗∗ Malspam Campaign Targets Banks Using Microsoft Publisher ∗∗∗ --------------------------------------------- Its very unusual for malware authors to utilize publishing software like Microsoft Publisher which is mainly used for fancy documents and desktop publishing tasks. So when we saw an email sample with a .pub attachment (Microsoft Office Publisher file) and [...] --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Malspam-Campaign-Target… ∗∗∗ Fake Plugins with Popuplink.js Redirect to Scam Sites ∗∗∗ --------------------------------------------- Since July, we've been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin that has been called either "index" or "wp_update", and a malicious popuplink.js file. --------------------------------------------- https://blog.sucuri.net/2018/08/fake-plugins-with-popuplink-js-redirect-to-… ∗∗∗ Fax-Lücke in HP-Druckern: Mac-Nutzer weiter angreifbar ∗∗∗ --------------------------------------------- Firmware-Updates für eine schwere Lücke in seinen Multifunktionsdruckern liefert Hewlett-Packard zum Teil nur für Windows. Es gibt aber Abhilfe. --------------------------------------------- http://heise.de/-4141384 ∗∗∗ Firefox-Add-on "Web Security": Entwickler räumen Fehler ein ∗∗∗ --------------------------------------------- Das Firefox-Add-on "Web Security" sammelte zu viele Daten und übertrug sie unverschlüsselt. Das war ein Fehler, räumen die Entwickler ein und geloben Besserung. --------------------------------------------- http://heise.de/-4141593 ∗∗∗ Banker Trojan, "TrickBot", is preparing for the next global outbreak by using new techniques ∗∗∗ --------------------------------------------- Recently, 360 Security Center detected a new variant of "TrickBot" banker Trojan. Compared to the previous "TrickBot", the functions of the latest "TrickBot" are all [...] --------------------------------------------- https://blog.360totalsecurity.com/en/banker-trojan-trickbot-is-preparing-fo… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (confuse, jetty9, kamailio, kernel, libxcursor, and mutt), Fedora (blktrace, docker-latest, libgit2, and yubico-piv-tool), Mageia (chromium-browser-stable, flash-player-plugin, kernel, kernel-linus, kernel-tmb, microcode, openslp, and wpa_supplicant), openSUSE (apache2, curl, GraphicsMagick, perl-Archive-Zip, and xen), Oracle (kernel and mariadb), Red Hat (rh-postgresql95-postgresql), Slackware (ntp and samba), SUSE (apache2, curl, kernel, [...] --------------------------------------------- https://lwn.net/Articles/763045/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016776 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a systemd vulnerability (CVE-2018-1049) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728209 ∗∗∗ Linux kernel vulnerability (FragmentSmack) CVE-2018-5391 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74374841 ∗∗∗ HPESBHF03850 rev.5 - Certain HPE Products using Intel-based Processors, Local Disclosure of Information, Speculative Execution Side Channel Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2018