Daily September 2018

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - 14.09.2018
by Daily end-of-shift report 14 Sep '18

14 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-09-2018 18:00 − Freitag 14-09-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Interesting approach: Skill Squatting with Amazon Echo ∗∗∗ --------------------------------------------- Mishearing something every once in a while is a normal thing for humans. In that respect, Amazon Echo has some human characteristics as well. A research team from the University of Illinois has taken a closer look at Echo, Alexa and the abuse potential for malicious Alexa skills. They have presented their findings at the Usenix conference. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/09/31112-skill-squatting-amazon-echo ∗∗∗ Windows, Linux Kodi Users Infected With Cryptomining Malware ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from ZDNet: Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm .. --------------------------------------------- https://it.slashdot.org/story/18/09/13/2118233/windows-linux-kodi-users-inf… ∗∗∗ Apple Has Started Paying Hackers for iPhone Exploits ∗∗∗ --------------------------------------------- Lorenzo Franceschi-Bicchierai, reporting for Motherboard: In 2016, Apples head of security surprised the attendees of one of the biggest security conference in the world by announcing a bug bounty program for Apples mobile operating .. --------------------------------------------- https://it.slashdot.org/story/18/09/14/1441201/apple-has-started-paying-hac… ∗∗∗ Unsuccessfully Defaced Websites ∗∗∗ --------------------------------------------- Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a peculiar JavaScript injection included in the source code. What is a .. --------------------------------------------- https://blog.sucuri.net/2018/09/unsuccessfully-defaced-websites.html ∗∗∗ DarkCloud Bootkit ∗∗∗ --------------------------------------------- In an earlier blog about crypto-malware, we described different techniques used by cybercriminals, such as cryptomining and wallet stealing. In this blog, we will provide a technical analysis of yet another type of .. --------------------------------------------- https://www.zscaler.com/blogs/research/darkcloud-bootkit ∗∗∗ Bug in Intels ME-Firmware: Wieder BIOS-Updates nötig ∗∗∗ --------------------------------------------- Die russischen Experten von PTE haben erneut einen schwerwiegenden Bug bei kryptografischen Schlüsseln in Intels Management Engine (ME) entdeckt. --------------------------------------------- https://heise.de/-4165732 ∗∗∗ GlobeImposter use new ways to spread to the globe: How to prevent falling victims? ∗∗∗ --------------------------------------------- Recently, there have been many incidents of ransomware attacks. Once users are .. --------------------------------------------- https://blog.360totalsecurity.com/en/globeimposter-use-new-ways-to-spread-t… ∗∗∗ Hacking an assault tank… A Nerf one ∗∗∗ --------------------------------------------- TL;DR A complex, challenging reverse and hijack of a toy tank Nerf gun camera, but the result was we got to shoot the 44Con conference organiser with it! Why A remote-controlled Nerf gun with .. --------------------------------------------- https://www.pentestpartners.com/security-blog/hacking-an-assault-tank-a-ner… ===================== = Vulnerabilities = ===================== ∗∗∗ Honeywell Mobile Computers with Android Operating Systems ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper privilege management vulnerability in the Honeywell mobile computers running the Android Operating System. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01 ∗∗∗ CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption ∗∗∗ --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-Sec… ∗∗∗ HPESBHF03866 rev.1 - HPE Integrated Lights-Out 3,4,5 using SSH, Remote Execution of Arbitrary Code and Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.09.2018
by Daily end-of-shift report 13 Sep '18

13 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-09-2018 18:00 − Donnerstag 13-09-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Office VBA + AMSI: Parting the veil on malicious macros ∗∗∗ --------------------------------------------- As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi… ∗∗∗ A New Mining Botnet Blends Its C2s into ngrok Service ∗∗∗ --------------------------------------------- These days, it feels like new mining malwares are popping up almost daily and we have pretty much stopped blogging the regular ones so we don’t flood our readers’ feed. With that being said, one did have our attention recently. This botnet hides its C2s(Downloader and Reporter [...] --------------------------------------------- http://blog.netlab.360.com/a-new-mining-botnet-blends-its-c2s-into-ngrok-se… ∗∗∗ Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars ∗∗∗ --------------------------------------------- High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow to unlock and start the vehicle based on the physical proximity of a paired key fob; no user interaction is required. --------------------------------------------- https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyles… ∗∗∗ The 42M Record kayo.moe Credential Stuffing Data ∗∗∗ --------------------------------------------- This is going to be a brief blog post but its a necessary one because I cant load the data Im about to publish into Have I Been Pwned (HIBP) without providing more context than what I can in a single short breach description. Heres the story: [...] --------------------------------------------- https://www.troyhunt.com/the-42m-record-kayo-moe-credential-stuffing-data/ ∗∗∗ Keine 359,88 Euro an Streaming-Plattformen zahlen ∗∗∗ --------------------------------------------- Die Streaming-Plattformen borastream.de und matostream.de verlangen von Besucher/innen eine kostenlose Registrierung. Sie führt ohne Hinweis zu einer Premium-Mitgliedschaft um 359,88 Euro pro Jahr. Konsument/innen müssen die Rechnung der Website-Betreiberinnen Roxo Films Ltd bzw. Filmser Ltd27 nicht bezahlen, denn ihre Angebote sind unseriöse Abo-Fallen. --------------------------------------------- https://www.watchlist-internet.at/news/keine-35988-euro-an-streaming-plattf… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript and openssh), Oracle (firefox), Scientific Linux (firefox and OpenAFS), SUSE (tomcat), and Ubuntu (openjdk-lts). --------------------------------------------- https://lwn.net/Articles/764713/ ∗∗∗ ZDI-18-1046: (0Day) PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1046/ ∗∗∗ Intel Baseboard Management Controller (BMC) Firmware: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1861/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1791) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731207 ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-1656 and CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728399 ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718837 ∗∗∗ IBM Security Bulletin: A Vulnerability in the Java runtime environment that IBM provides affects WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718653 ∗∗∗ IBM Security Bulletin: A Vulnerability in Java runtime environment that IBM provides affects WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718453 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731317 ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0739 ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731019 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.09.2018
by Daily end-of-shift report 12 Sep '18

12 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-09-2018 18:00 − Mittwoch 12-09-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ British Airways Breach Caused By the Same Group That Hit Ticketmaster ∗∗∗ --------------------------------------------- A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The groups regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered into store checkout pages, [...] --------------------------------------------- https://it.slashdot.org/story/18/09/11/1116221/british-airways-breach-cause… ∗∗∗ When is a patch not a patch? When its for this McAfee password bug ∗∗∗ --------------------------------------------- Vulnerability still open to all despite multiple fixes A privilege escalation flaw in McAfees True Key software remains open to exploitation despite multiple attempts to patch it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/09/11/mcafee_flaw… ∗∗∗ Back up a minute: Veeam database config snafu exposed millions of customer records ∗∗∗ --------------------------------------------- Firm helps self with own disaster recovery A misconfigured server at data recovery and backup firm Veeam exposed millions of email addresses. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/09/12/veeam_datab… ∗∗∗ Erpresserische E-Mail droht mit Masturbationsvideo ∗∗∗ --------------------------------------------- Unternehmen erhalten eine erpresserische E-Mail, die angeblich von ihrer eigenen Adresse stammt. Darin behaupten Kriminelle, dass sie Zugriff auf den fremden Computer haben und über Masturbationsvideos der Empfänger/innen verfügen. Opfer sollen Bitcoins zahlen, damit es zu keiner Veröffentlichung kommt. Der Inhalt der Nachricht ist erfunden. Eine Zahlung ist nicht erforderlich. --------------------------------------------- https://www.watchlist-internet.at/news/erpresserische-e-mail-droht-mit-mast… ∗∗∗ Warnung vor telmo24.de ∗∗∗ --------------------------------------------- Der Fake-Shop telmo24.de vertreibt günstige Handys und Tablets. Trotz Bezahlung liefert er keine Ware. Konsument/innen können den Fake-Shop daran erkennen, dass er über sehr niedrige Preise verfügt und ausschließlich eine Bezahlung im Voraus akzeptiert. Vor einem Einkauf ist dringend abzuraten! --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-telmo24de/ ∗∗∗ Sicherheit - Microsoft schließt drei gefährliche Zero-Day-Lücken bei Windows ∗∗∗ --------------------------------------------- Eine davon auch bereits aktiv ausgenutzt - Insgesamt 17 kritische Lücken behoben --------------------------------------------- https://derstandard.at/2000087198816/Microsoft-schliesst-drei-gefaehrliche-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kamailio, libextractor, and mgetty), Fedora (community-mysql, ghostscript, glusterfs, iniparser, okular, and zsh), openSUSE (compat-openssl098, php5, and qemu), Red Hat (firefox), SUSE (libzypp, zypper, python3, spark, and zsh), and Ubuntu (zsh). --------------------------------------------- https://lwn.net/Articles/764645/ ∗∗∗ OpenAFS: Mehrere Schwachstellen ermöglichen u. a. die Manipulation von Daten ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1854/ ∗∗∗ INTEL-SA-00125: A potential security vulnerability in Intel CSME, Intel Server Platform Services and Intel Trusted Execution Engine Firmware may allow information disclosure ∗∗∗ --------------------------------------------- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0… ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180912-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729745 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated attacker to obtain sensitive information. (CVE-2018-1698) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728857 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1695) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10730979 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012749 ∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1567) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10730983 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10731205 ∗∗∗ libidn vulnerability CVE-2016-6263 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25353544 ∗∗∗ HPESBHF03893 rev.1 - HPE Intelligent Management Center (iMC) Wireless Services Manager Software, Remote Code Execution ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03876 rev.1 - HPE ProLiant ML10 Gen9 Servers with Intel-based Processors using Active Management Technology (AMT), Multiple Local Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03873 rev.1 - Certain HPE Gen10 Servers with Intel-based Processors using Converged Security and Management Engine (CSME), and Power Management Controller (PMC) Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.09.2018
by Daily end-of-shift report 11 Sep '18

11 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Montag 10-09-2018 18:00 − Dienstag 11-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mongo Lock Attack Ransoming Deleted MongoDB Databases ∗∗∗ --------------------------------------------- An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-… ∗∗∗ OpenSSL 1.1.1 Is Released ∗∗∗ --------------------------------------------- Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible. For most applications this should be straight forward if they are written to work with OpenSSL 1.1.0. --------------------------------------------- https://www.openssl.org/blog/blog/2018/09/11/release111/ ∗∗∗ "Google Fonts" popup leads to malware ∗∗∗ --------------------------------------------- A recent malware injection in a client's WordPress file was found to be targeting website visitors that were using the Google Chrome browser to access the infected website. It uses Javascript to detect the visitor's use of Google Chrome and then upon the visitor clicking it generates a popup notification which falsely claims that the visitor's Google Chrome is missing the "HoeflerText" font ... --------------------------------------------- http://labs.sucuri.net/?note=2018-09-10 ∗∗∗ Nicht auf gamingkoenig.org reinfallen ∗∗∗ --------------------------------------------- Bei gamingkoenig.org wird Computerzubehör zu Schnäppchenpreisen angeboten. Konsument/innen dürfen bei dem Anbieter auf keinen Fall bestellen, denn es handelt sich um einen Fakeshop. Die bestellte Ware wird sie nie erreichen und Konsument/innen verlieren einen hohen Geldbetrag. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-auf-gamingkoenigorg-reinfallen/ ∗∗∗ Anwaltsschreiben mit Schadsoftware im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden unter dem Namen von erfundenden Anwaltskanzleien betrügerische E-Mails. Darin behauten sie, dass Empfänger/innen einen pornografischen Film angesehen und damit eine Urheberrechtsverletzung begangen haben. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/anwaltsschreiben-mit-schadsoftware-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe ColdFusion(APSB18-33) and Adobe Flash Player (APSB18-31). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1607 ∗∗∗ eDirectory 9.1.1 Hot Patch 1 ∗∗∗ --------------------------------------------- This update is being provided to resolve potential critical issues found since the latest patch: - Open unvalidated redirect vulnerability in iMonitor (Bug 1082040) (CVE-2018-7692) --------------------------------------------- https://download.novell.com/Download?buildid=vP3nS-Hctkk~ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libextractor), Fedora (godot and iniparser), Oracle (kernel), Red Hat (chromium-browser and Fuse 7.1), SUSE (compat-openssl098, openssh, php5, php53, qemu, and tiff), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, and linux-hwe, linux-azure, linux-gcp). --------------------------------------------- https://lwn.net/Articles/764575/ ∗∗∗ Vuln: SAP Business One For Android CVE-2018-2460 Certificate Validation Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105309 ∗∗∗ Vuln: SAP NetWeaver WebDynpro Java CVE-2018-2464 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105308 ∗∗∗ Vuln: SAP Business One CVE-2018-2458 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105307 ∗∗∗ Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Insufficient Input Validation Vulnerabilities in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180911-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10730799 ∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10719697 ∗∗∗ IBM Security Bulletin: Datacap Taskmaster Capture, Datacap Fastdoc Capture and Datacap Navigator is affected by vulnerability due to unexpected authentication behavior ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729013 ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720295 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729699 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0732, CVE-2018-0737) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10730811 ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0739) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10726053 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in bind (CVE-2017-3145) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719051 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728841 ∗∗∗ SSA-268644 (Last Update: 2018-09-11): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf ∗∗∗ SSA-346256 (Last Update: 2018-09-11): Vulnerability in SIMATIC WinCC OA V3.14 and prior ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf ∗∗∗ SSA-198330 (Last Update: 2018-09-11): Local Privilege Escalation in TD Keypad Designer ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf ∗∗∗ SSA-447396 (Last Update: 2018-09-11): Denial-of-Service in SCALANCE X300, SCALANCE X408 and SCALANCE X414 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.09.2018
by Daily end-of-shift report 10 Sep '18

10 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-09-2018 18:00 − Montag 10-09-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VLAN Hopping and Mitigation ∗∗∗ --------------------------------------------- We'll start with a few concepts: VLAN A VLAN is used to share the physical network while creating virtual segmentations to divide specific groups. For example, a host on VLAN 1 is separated from any host on VLAN 2. Any packets sent between VLANs must go through a router or other layer 3 devices. Security is one of the many reasons network administrators configure VLANs. However, with an exploit known as VLAN Hopping, an attacker is able to bypass these security implementations. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/vlan-hopping-and-mitig… ∗∗∗ Keybase Browser Extension Could Allow Sites to See Messages ∗∗∗ --------------------------------------------- The browser extension for the Keybase app fails to keep the end-to-end encryption promised by its desktop variant as sites could see the text being types into the chat area. --------------------------------------------- https://www.bleepingcomputer.com/news/security/keybase-browser-extension-co… ∗∗∗ Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall ∗∗∗ --------------------------------------------- Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since. --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-io… ∗∗∗ Knuddels.de: Millionen Nutzerdaten mit Passwörtern geleakt ∗∗∗ --------------------------------------------- Bei der deutschen Chat-Community Knuddels.de gab es ein immenses Datenleck: Die Accountdaten fast aller Nutzer standen im Netz. --------------------------------------------- https://heise.de/-4158265 ∗∗∗ Apps that steal users' browser histories kicked out of the Mac App store ∗∗∗ --------------------------------------------- Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasnt the only popular app stealing users private information. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/apps-that-steal-users-b… ∗∗∗ Irreführende Rechnung von ITR Register ∗∗∗ --------------------------------------------- Unternehmen, die ihre Marke oder ihr Geschmacksmuster beim Amt der Europäischen Union für Geistiges Eigentum (EuIPO) registrieren, erhalten eine Rechnung von ITR Register. Sie sollen 1.380 Euro für einen Eintrag auf itr-service.com bezahlen. Die Zahlungsaufforderung von ITR Register ist ein irreführendes Vertragsangebot. Unternehmen müssen den Geldbetrag nicht bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/irrefuehrende-rechnung-von-itr-regis… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser, curl, discount, firefox-esr, ghostscript, and openssh), Fedora (curl, firefox, ghostscript, glibc, mod_perl, thunderbird, and unixODBC), openSUSE (chromium, firefox, GraphicsMagick, nodejs4, and thunderbird), Oracle (kernel), and SUSE (java-1_7_1-ibm and kvm). --------------------------------------------- https://lwn.net/Articles/764511/ ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by multiple issues ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10726039 ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730341 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DataPower Gateways ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10726009 ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a vulnerability in OpenSSL (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730515 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728351 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718249 ∗∗∗ RSA BSAFE Crypto-J Crypto Timing Error Lets Remote Users Obtain Keys ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041615 ∗∗∗ RSA BSAFE SSL-J Crypto Timing and Memory Access Errors Let Remote or Physically Local Users Obtain Keys ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041614 ∗∗∗ QNAP Storage Devices PHP Buffer Error Lets Remote Users Deny Service ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041607 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.09.2018
by Daily end-of-shift report 07 Sep '18

07 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-09-2018 18:00 − Freitag 07-09-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Chainshot Malware Found By Cracking 512-Bit RSA Key ∗∗∗ --------------------------------------------- Security researchers exploited a threat actors poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-… ∗∗∗ Hotspot Honeypot ∗∗∗ --------------------------------------------- Introduction The Hotspot Honeypot is an illegitimate Wi-Fi access point which can appear as an authorized and secure hotspot. Despite appearances, it is actually set up by black-hat attackers or malicious hackers to steal your bank and credit card details, passwords and other personal information. --------------------------------------------- https://resources.infosecinstitute.com/hotspot-honeypot/ ∗∗∗ British Airways Website, Mobile App Breach Compromises 380k ∗∗∗ --------------------------------------------- The airline said information like name, address and bank card details like CVC code were compromised. --------------------------------------------- https://threatpost.com/british-airways-website-mobile-app-breach-compromise… ∗∗∗ 2018 CEF Telecom Call - €13 million to reinforce the EUs Cybersecurity capacity ∗∗∗ --------------------------------------------- The European Commission calls for proposals under the Connecting Europe Facility (CEF) to reinforce the EUs cybersecurity capacity, with up to €13 million available in grant funding, open until the 22 November 2018. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/2018-cef-telecom-call2013-20ac1… ∗∗∗ Jetzt patchen! Die Ransomware Gandcrab schlüpft durch Flash- und Windows-Lücken ∗∗∗ --------------------------------------------- Auf einigen kompromittierten Webseiten lauert ein Exploit Kit, das nach Sicherheitslücken in Flash und Windows Ausschau hält. --------------------------------------------- https://heise.de/-4157172 ∗∗∗ Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user. --------------------------------------------- https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-pr… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0017.3 - VMware Tools update addresses an out-of-bounds read vulnerability ∗∗∗ --------------------------------------------- [...] VMware Tools 10.3.0 is is discontinued because of a functional issue with 10.3.0 in ESXi 6.5, please refer to KB55796 for more information. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0017.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qemu and xen), Mageia (libxkbcommon, sleuthkit, and wireshark), openSUSE (apache-pdfbox, dovecot22, and php7), SUSE (enigmail, kernel, nodejs4, and php7), and Ubuntu (firefox and transfig). --------------------------------------------- https://lwn.net/Articles/764386/ ∗∗∗ (0Day) Remote Code Execution Vulnerabilities in Hewlett Packard Enterprise Intelligent Management Center ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-999/ http://www.zerodayinitiative.com/advisories/ZDI-18-1000/ http://www.zerodayinitiative.com/advisories/ZDI-18-1001/ http://www.zerodayinitiative.com/advisories/ZDI-18-1002/ http://www.zerodayinitiative.com/advisories/ZDI-18-1003/ http://www.zerodayinitiative.com/advisories/ZDI-18-1004/ http://www.zerodayinitiative.com/advisories/ZDI-18-1005/ http://www.zerodayinitiative.com/advisories/ZDI-18-1006/ http://www.zerodayinitiative.com/advisories/ZDI-18-1007/ --------------------------------------------- ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730727 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016006 ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730717 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Public disclosed vulnerability from Bouncy Castle ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016292 ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by an Information disclosure vulnerability (CVE-2017-1679) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728737 ∗∗∗ Apache Tomcat vulnerability CVE-2018-1336 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73008537 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.09.2018
by Daily end-of-shift report 06 Sep '18

06 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-09-2018 18:00 − Donnerstag 06-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Nicht bestellen bei apothekerezeptfrei.com ∗∗∗ --------------------------------------------- KonsumentInnen, die auf der Suche nach Medikamenten und insbesondere Potenzmitteln sind, finden auf apothekerezeptfrei.com ein großes Angebot an teils verschreibungspflichtigen Medikamenten. InteressentInnen sollten hier auf keinen Fall bestellen, denn es handelt sich um einen Fake-Shop, der trotz Bezahlung keine Ware liefert. Zusätzlich sollten verschreibungspflichtige Medikamente nicht ohne entsprechende Verschreibung gekauft werden. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-bei-apothekerezeptfr… ∗∗∗ Browser Extensions: Are They Worth the Risk? ∗∗∗ --------------------------------------------- Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or --------------------------------------------- https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-r… ∗∗∗ Malicious PowerShell Compiling C# Code on the Fly, (Wed, Sep 5th) ∗∗∗ --------------------------------------------- What I like when hunting is to discover how attackers are creative to find new ways to infect their victims computers. I came across a Powershell sample that looked new and interesting to me. --------------------------------------------- https://isc.sans.edu/diary/rss/24072 ∗∗∗ Using just a laptop, boffins sniff, spoof and pry – without busting browser padlock ∗∗∗ --------------------------------------------- In a paper seen by The Register, to be presented at the ACM's Conference on Computer and Communications Security (Toronto in October), Dr Shulman's team wrote: "The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker's public key to a victim domain." --------------------------------------------- https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validatio… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: September 05, 2018 Cisco has released updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/09/05/Cisco-Releases-Sec… ∗∗∗ DokuWiki CSV Formula Injection Vulnerability ∗∗∗ --------------------------------------------- The administration panel of the application has a “CSV export of users” feature which allows the export of user data (username, real name, email address and user groups) as a CSV file. On the registration page, it is possible for an attacker to set certain values in the Real Name field that – when exported and opened with a spreadsheet application (Microsoft Excel, Open Office, etc.) – will be interpreted as a formula. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injecti… ∗∗∗ VMSA-2018-0023: AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities ∗∗∗ --------------------------------------------- * The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. CVE-2018-6975 * The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker. CVE-2018-6976 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0023.html ∗∗∗ Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities ∗∗∗ --------------------------------------------- Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning (ERP) cloud application. These vulnerabilities enable an attacker to bypass authentication and get unauthenticated access to sensitive data. An attacker can use a normal web browser to trigger these vulnerabilities — no special tools are required. --------------------------------------------- https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-talos-20… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, gdm3, git-annex, lcms2, and sympa), Fedora (discount, dolphin-emu, gd, obs-build, osc, tcpflow, and yara), openSUSE (wireshark), Slackware (curl, firefox, ghostscript, and thunderbird), SUSE (apache-pdfbox, curl, dovecot22, and libvirt), and Ubuntu (libtirpc). --------------------------------------------- https://lwn.net/Articles/764300/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in Kerberos affect Power Hardware Management Console (CVE-2017-11368, CVE-2017-7562) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717893 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from PHP ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10719483 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Oracle Outside In Technology Affect IBM WebSphere Portal (CVE-2018-2768, CVE-2018-2801, CVE-2018-2806) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10715935 ∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2018-1567) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016254 ∗∗∗ Apache Tomcat vulnerability CVE-2018-8034 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34468163 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.09.2018
by Daily end-of-shift report 05 Sep '18

05 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-09-2018 18:00 − Mittwoch 05-09-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Verschlüsselung: NSA-Chiffre Speck fliegt aus dem Linux-Kernel ∗∗∗ --------------------------------------------- Mit der NSA-Chiffre Speck wollte Google ursprünglich den Speicher von Low-End-Android-Smartphones verschlüsseln, doch nun hat das Unternehmen seine Unterstützung dafür zurückgezogen. Die umstrittene Verschlüsselung wird deshalb wieder aus dem Linux-Kernel entfernt. (Linux-Kernel, Verschlüsselung) --------------------------------------------- https://www.golem.de/news/verschluesselung-nsa-chiffre-speck-fliegt-aus-dem… ∗∗∗ Multiple Remote Code-Execution Flaws Patched in Opsview Monitor ∗∗∗ --------------------------------------------- Five flaws were disclosed Tuesday in monitoring software Opsview Monitor. --------------------------------------------- https://threatpost.com/multiple-remote-code-execution-flaws-patched-in-opsv… ∗∗∗ WordPress Database Upgrade Phishing Campaign ∗∗∗ --------------------------------------------- We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this: The email’s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content is the deadline. --------------------------------------------- https://blog.sucuri.net/2018/09/wordpress-database-upgrade-phishing-campaig… ∗∗∗ PowerPool malware exploits ALPC LPE zero-day vulnerability ∗∗∗ --------------------------------------------- Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure --------------------------------------------- https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-d… ∗∗∗ Lets Trade: You Read My Email, Ill Read Your Password! ∗∗∗ --------------------------------------------- Its been a while, but my last few posts have been on password spraying, which is great approach if your customer has an userid / password interface that faces the internet. I also ran a walk-through on using responder and LLMNR. But what if you are on the outside, and your customer is wise enough to front all of those interfaces with two-factor authentication, or mutual certificate authentication? --------------------------------------------- https://isc.sans.edu/forums/diary/Lets+Trade+You+Read+My+Email+Ill+Read+You… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#598349: Problems with automatic DNS registration and autodiscovery ∗∗∗ --------------------------------------------- Problems with automatic DNS registration and autodiscovery. If an attacker with access to the network adds a malicious device to the network with the name WPAD, such an attacker may be able to utilize DNS autoregistration and autodiscovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and [...] --------------------------------------------- http://www.kb.cert.org/vuls/id/598349 ∗∗∗ Opto22 PAC Control Basic and PAC Control Professional ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in Opto22s PAC Control software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01 ∗∗∗ Android Security Bulletin - September 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-09-01 ∗∗∗ (0Day) Cisco WebEx Network Recording Player Improper Access Control Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on vulnerable installations of Cisco WebEx Network Recording Player. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-18-998/ ∗∗∗ Remote Code Execution Vulnerabilities in WECON LeviStudioU ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-989/ http://www.zerodayinitiative.com/advisories/ZDI-18-990/ http://www.zerodayinitiative.com/advisories/ZDI-18-991/ http://www.zerodayinitiative.com/advisories/ZDI-18-992/ http://www.zerodayinitiative.com/advisories/ZDI-18-993/ http://www.zerodayinitiative.com/advisories/ZDI-18-994/ http://www.zerodayinitiative.com/advisories/ZDI-18-995/ http://www.zerodayinitiative.com/advisories/ZDI-18-996/ http://www.zerodayinitiative.com/advisories/ZDI-18-997/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lcms2), openSUSE (yubico-piv-tool), Oracle (kernel), and SUSE (cobbler and kvm). --------------------------------------------- https://lwn.net/Articles/764182/ ∗∗∗ Synology-SA-18:52 Android Moments ∗∗∗ --------------------------------------------- A vulnerability allows man-in-the-middle attackers to execute arbitrary code via a susceptible version of Android Moments. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_52 ∗∗∗ Red Hat Gluster Storage Wed Administration, tendrl-api: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1790/ ∗∗∗ Red Hat Virtualization: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1798/ ∗∗∗ cURL: Eine Schwachstelle ermöglicht u. a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1796/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-… ∗∗∗ Python vulnerability CVE-2014-9365 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11068141 ∗∗∗ HPESBST03884 rev.1 - HPE ConvergedSystem 700 Solutions Using HPE 3PAR Service Processor, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.09.2018
by Daily end-of-shift report 04 Sep '18

04 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Montag 03-09-2018 18:00 − Dienstag 04-09-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Thousands of Compromised MikroTik Routers Send Traffic to Attackers ∗∗∗ --------------------------------------------- Attackers compromising MikroTik routers have configured the devices to forward network traffic to a handful of IP addresses under their control. --------------------------------------------- https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mik… ∗∗∗ New Banking Trojan Poses As A Security Module ∗∗∗ --------------------------------------------- A newly discovered banking Trojan departs from the regular tactics observed by malware researchers by choosing visible installation and by adding social engineering components. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-banking-trojan-poses-as-… ∗∗∗ Credit card gobbling code found piggybacking on ecommerce sites ∗∗∗ --------------------------------------------- Be careful! If crooks can upload malicious JavaScript to your ecommerce server, then youre helping the them rip off your own customers. --------------------------------------------- https://nakedsecurity.sophos.com/2018/09/04/credit-card-gobbling-code-found… ∗∗∗ You cant contain me! :: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows ∗∗∗ --------------------------------------------- I have been continuing my journey of searching for windows breakout vulnerabilities in popular applications and one that I discovered in March I found interesting enough to share. Whilst kernel vulnerabilities are fun to discover, there are many core windows and third party applications that are fundamentally broken in regards to logic [...] --------------------------------------------- https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-expl… ∗∗∗ Googles Doors Hacked Wide Open By Own Employee ∗∗∗ --------------------------------------------- Last July, in Google’s Sunnyvale offices, a hacker found a way to trick doors into opening without the requisite RFID keycard. Luckily for Google, it was David Tomaschik, an employee at the tech giant, who only had good intentions. --------------------------------------------- https://www.forbes.com/sites/thomasbrewster/2018/09/03/googles-doors-hacked… ∗∗∗ Erpressungstrojaner Gandcrab verbreitet sich über gefälschte Bewerbungsmails ∗∗∗ --------------------------------------------- Momentan sind vermehrt Fake-Bewerbungen als Mail in Umlauf, die einen gefährlichen Trojaner als Dateianhang haben. --------------------------------------------- http://heise.de/-4154167 ∗∗∗ Sicherheitsforscher warnt vor Browser-Angriffen auf dem Mac ∗∗∗ --------------------------------------------- Mittels URL-Schemata ist es unter macOS möglich, Programme zu aktivieren, die ein Nutzer nicht ausgelöst haben möchte. --------------------------------------------- http://heise.de/-4154059 ∗∗∗ Of ML and malware: What’s in store? ∗∗∗ --------------------------------------------- All things labeled Artificial Intelligence (AI) or Machine Learning (ML) are making waves, but talk of them in cybersecurity contexts often muddies the waters. A new ESET white paper sets out to bring some clarity to a subject where confusion often reigns supreme The post Of ML and malware: What’s in store? appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2018/09/04/ml-malware-whats-in-store/ ∗∗∗ Gefälschte Microsoft-Nachricht im Umlauf ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Microsoft-Nachricht. Darin behaupten sie, dass das E-Mailkonto von Empfänger/innen gesperrt sei. Damit Nutzer/innen wieder auf ihr Postfach zugreifen können, sollen sie ihre Identität auf einer unbekannten Website bestätigen. Das führt zur Datenübermittlung an Kriminelle. Diese können dadurch Verbrechen unter dem Namen ihrer Opfer begehen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-microsoft-nachricht-im-u… ===================== = Vulnerabilities = ===================== ∗∗∗ Lenovo Computer: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Es existiert eine Schwachstelle in Lenovo Computern mit Intel Prozessoren und Intel Optane Speichermodulen bezüglich der Festplattenverschlüsselung. Wenn die Optane Speichermodule konfiguriert werden, bevor die Festplattenverschlüsselung aktiviert wird, bleiben Teile des Speichers unverschlüsselt. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/09/warn… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (ImageMagick, libressl, postgresql10, spice, and spice-gtk), Red Hat (collectd, kernel, Red Hat Gluster Storage, Red Hat Virtualization, RHGS WA, rhvm-appliance, and samba), and SUSE (crowbar, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, kernel, spice, and spice-gtk). --------------------------------------------- https://lwn.net/Articles/764130/ ∗∗∗ Red Hat Gluster Storage, collectd: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1787/ ∗∗∗ Red Hat Gluster Storage, Samba: Mehrere Schwachstellen ermöglichen u. a. die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1786/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.09.2018
by Daily end-of-shift report 03 Sep '18

03 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-08-2018 18:00 − Montag 03-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ CryptoNar Ransomware Discovered and Quickly Decrypted ∗∗∗ --------------------------------------------- This week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptonar-ransomware-discove… ∗∗∗ Kostenpflichtige Gratisproben von BeautyShop International ∗∗∗ --------------------------------------------- Konsument/innen bestellen von BeautyShop International Kosmetika als kostenlose Produktproben. Diese erhalten sie mit einer Rechnung von AB Commerce Collect. Bezahlen sie den geforderten Geldbetrag nicht, folgen hohe Mahnungen. Nachdem zwischen Konsument/innen und BeautyShop International kein kostenpflichtiger Vertrag zustande kommt, müssen sie den geforderten Betrag nicht bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/kostenpflichtige-gratisproben-von-be… ===================== = Vulnerabilities = ===================== ∗∗∗ [20180802] - Core - Stored XSS vulnerability in the frontend profile ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 1.5.0 through 3.8.11 Exploit type: XSS CVE Number: CVE-2018-15880 Inadequate output filtering on the user profile page could lead to a stored XSS attack. Affected Installs Joomla! CMS versions 1.5.0 through 3.8.11 Solution Upgrade to version 3.8.12 Contact The JSST at the Joomla! Security Centre. Reported By: Fouad Maakor --------------------------------------------- https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-v… ∗∗∗ CA Release Automation Object Deserialization Error Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- Version(s): 6.3, 6.4, 6.5; possibly older versions Description: A vulnerability was reported in CA Release Automation. A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to trigger an object deserialization error and execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1041591 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dojo, libtirpc, mariadb-10.0, php5, ruby-json-jwt, spice, spice-gtk, tomcat8, and trafficserver), Fedora (ghc-hakyll, ghc-hs-bibutils, ghostscript, mariadb, pandoc-citeproc, phpMyAdmin, and xen), Mageia (java-1.8.0-openjdk, libarchive, libgd, libraw, libxcursor, mariadb, mercurial, openssh, openssl, poppler, quazip, squirrelmail, and virtualbox), openSUSE (cobbler, libressl, wireshark, and zutils), and SUSE (couchdb, java-1_7_0-ibm, java-1_7_1-ibm, spice). --------------------------------------------- https://lwn.net/Articles/764046/ ∗∗∗ Cisco: CPU Side-Channel Information Disclosure Vulnerabilities: August 2018 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement About the Vulnerability in Huawei B315s-22 Products Disclosed by Security Researcher ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180903-01-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2018