Daily

daily@lists.cert.at

1 participants
3211 discussions

Tageszusammenfassung - 18.04.2018
by Daily end-of-shift report 18 Apr '18

18 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-04-2018 18:00 − Mittwoch 18-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Android: Google integriert sichere DNS-Abfrage in Android P ∗∗∗ --------------------------------------------- In der kommenden Android-Version mit dem Anfangsbuchstaben P führt Google DNS over TLS ein. Damit würden DNS-Abfragen über einen sicheren Kanal erfolgen. Nutzer können in den Einstellungen auch einen eigenen Hostnamen eingeben oder die Funktion abstellen. --------------------------------------------- https://www.golem.de/news/android-google-integriert-sichere-dns-abfrage-in-… ∗∗∗ Leaking ads ∗∗∗ --------------------------------------------- We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relehttps://www.heise.de/security/meldung/Critical-Patch-Update-Oracle-will-mit-254-Updates-die-Sicherheit-steigern-4026726.htmlvant ads, but often fail to protect that data when sending it to their servers. --------------------------------------------- http://securelist.com/leaking-ads/85239/ ∗∗∗ Malicious Activities with Google Tag Manager ∗∗∗ --------------------------------------------- If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say "yes" or even "absolutely". But when malicious behavior ensues, everything should be double-checked and suspected, even assets that come from "trusted sources" like Google, Facebook, and Youtube. In the past, we saw how adsense was abused with a malvertising campaign. Even more recently, we saw how attackers injected malware that called [...] --------------------------------------------- https://blog.sucuri.net/2018/04/malicious-activities-google-tag-manager.html ∗∗∗ Critical Patch Update: Oracle will mit 254 Updates die Sicherheit steigern ∗∗∗ --------------------------------------------- Oracle hangelt sich durch sein Software-Portfolio und schließt zum Teil äußerst kritische Sicherheitslücken. Admins sollten jetzt handeln. --------------------------------------------- https://heise.de/-4026726 ∗∗∗ Chrome 66 warnt vor Webseiten mit Symantec-Zertifikaten ∗∗∗ --------------------------------------------- Die aktuelle Version des Webbrowser Chrome vertraut ab sofort einigen TLS-Zertifikaten von Symantec nicht mehr. Das ist ein weiterer Schritt von Google gegen die Zertifizierungsstelle. --------------------------------------------- https://www.heise.de/-4026854 ∗∗∗ Erpressungstrojaner XiaoBa verwandelt sich in Krypto-Miner ∗∗∗ --------------------------------------------- Die Malware-Autoren des Verschlüsselungstrojaners XiaoBa schwenken um und wollen statt der Erpressung von Lösegeld nun Kryptogeld auf infizierten Computern schürfen. Doch dabei läuft noch nicht alles rund. --------------------------------------------- https://www.heise.de/-4026455 ∗∗∗ Cryptominers displace ransomware as the number one threat ∗∗∗ --------------------------------------------- During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware as the number one threat, Comodo's Global Malware Report Q1 2018 has found. Another surprising finding: Altcoin Monero became the leading target for cryptominers' malware, replacing Bitcoin. The surge of cryptominers For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users' computers to mine cryptocurrencies --------------------------------------------- https://www.helpnetsecurity.com/2018/04/18/q1-2018-malware-trends/ ∗∗∗ PBot: a Python-based adware ∗∗∗ --------------------------------------------- Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/04/pbot-python-based-adw… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freeplane and jruby), Fedora (kernel and python-bleach), Gentoo (evince, gdk-pixbuf, and ncurses), openSUSE (kernel), Oracle (gcc, glibc, kernel, krb5, ntp, openssh, openssl, policycoreutils, qemu-kvm, and xdg-user-dirs), Red Hat (corosync, glusterfs, kernel, and kernel-rt), SUSE (openssl), and Ubuntu (openssl and perl). --------------------------------------------- https://lwn.net/Articles/752183/ ∗∗∗ Abbott Laboratories Defibrillator ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and improper restriction of power consumption vulnerabilities identified in Abbott Laboratories defibrillators. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-107-01 ∗∗∗ Schneider Electric Triconex Tricon ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer vulnerabilities in Schneider Electrics Triconex Tricon safety instrumented system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 ∗∗∗ Rockwell Automation Stratix Services Router ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation, improper restriction of operations, and use of externally-controlled format string vulnerabilities in the Rockwell Automation Stratix 5900 router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 ∗∗∗ Rockwell Automation Stratix and ArmorStratix Switches ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper improper input validation, resource management, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Allen-Bradley Stratix and ArmorStratix Switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 ∗∗∗ Rockwell Automation Stratix Industrial Managed Ethernet Switch ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper imput validation, resource managment, 7PK, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Stratix Industrial Managed Switch. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Inputhub Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180418-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.04.2018
by Daily end-of-shift report 17 Apr '18

17 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 16-04-2018 18:00 − Dienstag 17-04-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Cisco Best Practices to Harden Devices Against Cyber Attacks Targeting Network Infrastructure ∗∗∗ --------------------------------------------- Cisco is aware of the recent joint technical alert from US-CERT (TA18-106A) that details known issues which require customers take steps to protect their networks against cyber-attacks. Providing transparency and guidance to help customers best protect their network is a top priority. Cisco security teams have been actively informing customers about the .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Wichtige Sicherheitsupdates für VMware vRealize Automation ∗∗∗ --------------------------------------------- Aktualisierte Versionen von vRealize Automation schließen mehrere Sicherheitslücken. Davon gilt keine als kritisch. --------------------------------------------- https://www.heise.de/meldung/Wichtige-Sicherheitsupdates-fuer-VMware-vReali… ∗∗∗ Kreditkartenklau, DDoS-Angriffe: Facebook löscht 117 Cybercrime-Gruppen ∗∗∗ --------------------------------------------- Von Forscher gemeldet – Waren teils seit vielen Jahren aktiv, größter Auftritt hatte 47.000 Mitglieder --------------------------------------------- http://derstandard.at/2000078122065 ===================== = Vulnerabilities = ===================== ∗∗∗ 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - MMS Path Traversal ∗∗∗ --------------------------------------------- 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - MMS Path Traversal --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS758878&LanguageC… ∗∗∗ 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - Weak Database Encryption ∗∗∗ --------------------------------------------- 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - Weak Database Encryption --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS758877&LanguageC… ∗∗∗ SSA-845879 (Last Update: 2018-04-17): Firmware Downgrade Vulnerability in EN100 Ethernet Communication Module for SIPROTEC 4, SIPROTEC Compact and Reyrolle ∗∗∗ --------------------------------------------- The EN100 Ethernet communication module, which is an optional extension for SIPROTEC 4, SIPROTEC Compact and Reyrolle devices, allows an unauthenticated upload of firmware updates to the communication module in affected versions.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf ∗∗∗ SSA-203306 (Last Update: 2018-04-17): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families ∗∗∗ --------------------------------------------- SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf ∗∗∗ IBM Security Bulletin: IBM i is affected by DHCP vulnerabilities CVE-2018-5732 and CVE-2018-5733. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022543 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015105 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from PHP. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015535 ∗∗∗ IBM Security Bulletin: Security vulnerability affects IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015454 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.04.2018
by Daily end-of-shift report 16 Apr '18

16 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-04-2018 18:00 − Montag 16-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ CVE-2018-7600: Kritische Drupal-Lücke wird ausgenutzt ∗∗∗ --------------------------------------------- Wer seine Drupal-Installation noch nicht gepatcht hat, soll dies spätestens jetzt nachholen. Nach der Veröffentlichung weiterer Details und einem auf Twitter zirkulierenden Exploit-Code wurden erste Angriffe beobachtet. (Drupal, CMS) --------------------------------------------- https://www.golem.de/news/cve-2018-7600-kritische-drupal-luecke-wird-ausgen… ∗∗∗ The March/April 2018 issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- The topics covered in this report are: - The dark side of the Data Force: Facebook, Cambridge Analytica, and the pressing question of who is using whose data for what - News from the world of state trojans: Microsoft’s analysis of FinFisher - Russian APT28 hackers’ month-long infiltration of the computer network of Germany’s federal government - Bitcoin bounty or close encounter: bizarre side-effects of cryptomining The Security Report is available in both English and German. --------------------------------------------- https://securityblog.switch.ch/2018/04/16/switch-security-report-201802/ ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Advanced Secure Gateway (ASG), ProxySG: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Zwei Schwachstellen in Symantec Advanced Secure Gateway (ASG) und ProxySG ermöglichen einem einfach authentifizierten Angreifer im benachbarten Netzwerk die Durchführung von Cross-Site-Scripting (XSS)-Angriffen und das Umgehen von Sicherheitsvorkehrungen. Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine weitere Schwachstelle zu Denial-of-Service (DoS)-Angriffen ausnutzen. Diese Schwachstellen können nur über die Management-Konsole von ASG und ProxySG ausgenutzt werden. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0705/ ∗∗∗ Schwachstelle in Intels SPI-Flash: Erste Firmware-Updates veröffentlicht ∗∗∗ --------------------------------------------- Ein Sicherheitsproblem in Intel-Chipsätzen ermöglicht lokalen Angreifern Firmware-Manipulationen bis hin zum Denial-of-Service. Als erster Hersteller stellt nun Lenovo BIOS/UEFI-Updates bereit. --------------------------------------------- https://heise.de/-4024853 ∗∗∗ Micro Focus Universal Configuration Management Database Lets Local Users Gain Elevated Privileges ∗∗∗ --------------------------------------------- A vulnerability was reported in Micro Focus Universal Configuration Management Database (UCMDB). A local user can obtain elevated privileges on the target system. A local user can exploit an installation file access control flaw to gain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1040680 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-openssl and zsh), Debian (patch, perl, ruby-loofah, squirrelmail, tiff, and tiff3), Fedora (gnupg2), Gentoo (go), Mageia (firefox, flash-player-plugin, nxagent, puppet, python-paramiko, samba, and thunderbird), Red Hat (flash-plugin), Scientific Linux (python-paramiko), and Ubuntu (patch, perl, and ruby). --------------------------------------------- https://lwn.net/Articles/751947/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015421 ∗∗∗ OpenSSL vulnerability CVE-2018-0739 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08044291 ∗∗∗ Apache Tomcat vulnerability CVE-2018-1305 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32051722 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.04.2018
by Daily end-of-shift report 13 Apr '18

13 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-04-2018 18:00 − Freitag 13-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code ∗∗∗ --------------------------------------------- The exploitation of a very dangerous Drupal vulnerability has started after the publication of proof-of-concept (PoC) code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploitation-of-drupalgeddon… ∗∗∗ "Early Bird" Code Injection Technique Helps Malware Stay Undetected ∗∗∗ --------------------------------------------- Security researchers have discovered at least three malware strains using a new code injection technique that allowed them to avoid antivirus detection. --------------------------------------------- https://www.bleepingcomputer.com/news/security/early-bird-code-injection-te… ∗∗∗ Office Macros ∗∗∗ --------------------------------------------- Eine kleine Bemerkung aus aktuellem Anlass: Ich hab gestern mal wieder meinen üblichen Vortrag zum Thema "Bedrohungslage" gehalten, und dabei auch - wie immer - erwähnt, dass Office-Macros gefährlich sind und eingeschränkt werden müssen. Im Publikum war klar zu erkennen, dass einige das bei sich nicht machen können. Verständlich, weil in so manchen Firmen wichtige Geschäftsprozesse als Excel-Macros implementiert [...] --------------------------------------------- http://www.cert.at/services/blog/20180413094624-2176.html ∗∗∗ Thousands of WP, Joomla and SquareSpace sites serving malicious updates ∗∗∗ --------------------------------------------- Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been going on since at least December 2017 and has been gaining steam. The malicious actors are injecting JavaScript that triggers the download requests into the content management systems' JavaScript files or directly into the sites' homepage. --------------------------------------------- https://www.helpnetsecurity.com/2018/04/13/wp-joomla-squarespace-malicious-… ∗∗∗ Android-Hersteller belügen Nutzer bei Sicherheits-Updates ∗∗∗ --------------------------------------------- Bis auf Google liefert niemand wirklich alle Patches aus – Samsung patzt manchmal, OnePlus, LG und Co. regelmäßig --------------------------------------------- http://derstandard.at/2000077842490 ∗∗∗ Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers ∗∗∗ --------------------------------------------- https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan… ===================== = Vulnerabilities = ===================== ∗∗∗ Yokogawa CENTUM and Exaopc ∗∗∗ --------------------------------------------- This advisory includes mitigations for a permissions, privileges, and access controls vulnerability in the Yokogawa CENTUM series and Exaopc products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01 ∗∗∗ Oracle Critical Patch Update Pre-Release Announcement - April 2018 ∗∗∗ --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2018, which will be released on Tuesday, April 17, 2018. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html ∗∗∗ VMSA-2018-0009 ∗∗∗ --------------------------------------------- vRealize Automation updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0009.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache), openSUSE (libvirt, openssl, policycoreutils, and zziplib), Oracle (firefox and python-paramiko), and Red Hat (python-paramiko). --------------------------------------------- https://lwn.net/Articles/751780/ ∗∗∗ Bugtraq: [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541942 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014440 ∗∗∗ IBM Security Bulletin: IBM MQ clients connecting to an MQ queue manager can cause a SIGSEGV in the amqrmppa channel process terminating it. (CVE-2018-1371) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012983 ∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities which is used by IBM PureApplication Systems/Service (CVE-2017-3736 CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014945 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015346 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by privilege escalation vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015034 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by information disclosure vulnerability in Websphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015032 ∗∗∗ BIG-IP TMM vulnerability CVE-2018-5510 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77671456 ∗∗∗ BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05263202 ∗∗∗ BIG-IP PEM vulnerability CVE-2018-5508 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10329515 ∗∗∗ BIG-IP SOCKS proxy vulnerability CVE-2017-6148 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55225440 ∗∗∗ vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52521791 ∗∗∗ Apache vulnerability CVE-2018-5506 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65355492 ∗∗∗ TMUI vulnerability CVE-2018-5511 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30500703 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6158 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19361245 ∗∗∗ TMM vulnerability CVE-2017-6155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10930474 ∗∗∗ IP Intelligence Feed List vulnerability CVE-2017-6143 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11464209 ∗∗∗ cURL and libcurl vulnerability CVE-2018-1000120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22052524 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.04.2018
by Daily end-of-shift report 12 Apr '18

12 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-04-2018 18:00 − Donnerstag 12-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali ∗∗∗ --------------------------------------------- In this article, we will be focusing on the Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK files. --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ∗∗∗ APT Trends report Q1 2018 ∗∗∗ --------------------------------------------- In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. --------------------------------------------- http://securelist.com/apt-trends-report-q1-2018/85280/ ∗∗∗ New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection ∗∗∗ --------------------------------------------- Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. --------------------------------------------- http://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-e… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities ∗∗∗ --------------------------------------------- Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog ... --------------------------------------------- http://blog.talosintelligence.com/2018/04/simple-direct-media-layer-vulnera… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (poppler), Fedora (koji and libofx), Gentoo (adobe-flash), Oracle (kernel), Red Hat (qemu-kvm-rhev and sensu), and Scientific Linux (firefox). --------------------------------------------- https://lwn.net/Articles/751668/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013955 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in the Apache Portal Runtime (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014874 ∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Spectrum Scale which is used by IBM PureApplication Systems/Service (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015239 ∗∗∗ IBM Security Bulletin: IBM Cloud Manager is affected by a OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015344 ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014914 ∗∗∗ JSA10844 - 2018-04 Security Bulletin: Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&actp=RSS ∗∗∗ JSA10845 - 2018-04 Security Bulletin: SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&actp=RSS ∗∗∗ JSA10846 - 2018-04 Security Bulletin: SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies. (CVE-2018-0018) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&actp=RSS ∗∗∗ JSA10847 - 2018-04 Security Bulletin: Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&actp=RSS ∗∗∗ JSA10848 - 2018-04 Security Bulletin: Junos OS: rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&actp=RSS ∗∗∗ JSA10850 - 2018-04 Security Bulletin: NorthStar: Return Of Bleichenbachers Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&actp=RSS ∗∗∗ JSA10851 - 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851&actp=RSS ∗∗∗ JSA10852 - 2018-04 Security Bulletin: Junos OS: Multiple vulnerabilities in stunnel ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&actp=RSS ∗∗∗ JSA10853 - 2018-04 Security Bulletin: NSM Appliance: Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10853&actp=RSS ∗∗∗ Apache HTTPD vulnerability CVE-2018-1301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78131906 ∗∗∗ OpenSSH vulnerability CVE-2016-10708 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32485746 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.04.2018
by Daily end-of-shift report 11 Apr '18

11 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-04-2018 18:00 − Mittwoch 11-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series: Apktool ∗∗∗ --------------------------------------------- In this article, we will look at the step by step procedure to setup utility called “Apktool” and its usage in android application penetration testing. Introduction Apktool is a utility that can be used for reverse engineering Android applications resources (APK). --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft kümmert sich um mehr als 60 Lücken in Windows & Co. ∗∗∗ --------------------------------------------- Über Windows Update stehen Sicherheitsptaches bereit. Unter anderem schließen diese eine Lücke, über die Angreifer ein Wireless Keyboard in einen Keylogger verwandeln könnten. --------------------------------------------- https://heise.de/-4016580 ∗∗∗ Sicherheitsforscher: Intel-Modem macht neue iPhones für Schadcode anfällig ∗∗∗ --------------------------------------------- Eine Schwachstelle in Baseband-Prozessoren von Intel erlaubt versierten Angreifern das Einschleusen von Schadcode über das Mobilfunknetz. Betroffen sind laut Sicherheitsforschern neue iPhones bis hin zum iPhone X – iOS 11.3 schließt die Lücke. --------------------------------------------- https://heise.de/-4015828 ∗∗∗ AMD-Prozessoren bekommen Windows-10-Update gegen Spectre-V2-Lücke ∗∗∗ --------------------------------------------- Eine Kombination aus einem Windows-Update mit BIOS-Updates für Mainboards soll Windows-10-Rechner mit AMD-Prozessoren ab der 2011 vorgestellten Bulldozer-Generation schützen. --------------------------------------------- https://heise.de/-4016546 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pcs), Fedora (drupal7), openSUSE (git and mercurial), Red Hat (firefox and qemu-kvm-rhev), SUSE (libvirt and xen), and Ubuntu (patch). --------------------------------------------- https://lwn.net/Articles/751548/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of PEM Module in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Invalid Memory Access Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ Security Advisory - Information Leak Vulnerability in the NFC Module of Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015184 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere MQ 5.3 and MQ 8 for HPE NonStop Server (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014367 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an OpenLDAP vulnerability (CVE-2017-9287) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014873 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by glibc vulnerabilities (CVE-2015-8779, CVE-2015-8776) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014870 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015185 ∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012660 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by vulnerabilities in the wget package (CVE-2017-13090, CVE-2017-13089) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013885 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013851 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.04.2018
by Daily end-of-shift report 10 Apr '18

10 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 09-04-2018 18:00 − Dienstag 10-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II ∗∗∗ --------------------------------------------- In the previous article "Advanced Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I," we discussed the advanced threat and common strategies that security professionals practice during targeted attacks in a windows infrastructure, using legitimate binaries. We also learned about the techniques to identify Spawned Processes with the help of the windows [...] --------------------------------------------- http://resources.infosecinstitute.com/advance-persistent-threat-lateral-mov… ∗∗∗ Entwickler warnt vor iOS-Angriffen über Kontakt-Berechtigungen ∗∗∗ --------------------------------------------- Apple unterscheidet aktuell nicht zwischen dem Schreiben und Lesen von Kontakten, wenn Nutzer Apps die Zugriffserlaubnis erteilen. Ein Entwickler schildert nun ein mögliches Szenario zum Abgreifen von Passwörtern. --------------------------------------------- https://heise.de/-4014136 ∗∗∗ Jetzt patchen! Angriffe auf Flash Player leichtgemacht ∗∗∗ --------------------------------------------- Derzeit sind vermehrt Exploits im Umlauf, die es auf eine Lücke in Adobes Flash Player abgesehen haben. Ein Sicherheitspatch erschien bereits im Februar. --------------------------------------------- https://www.heise.de/-4014258 ∗∗∗ BSI stellt Entwicklern Prüf-Tool für digitale Zertifikatsketten zur Verfügung ∗∗∗ --------------------------------------------- Software-Anwendungen wie Browser oder E-Mail-Clients und Hardware-Komponenten wie VPN-Gateways, die auf Grund von Programmierfehlern ungültige Zertifikatsketten akzeptieren, stellen ein Sicherheitsrisiko für die authentisierte und vertrauliche Kommunikation über das Internet dar. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) stellt nun ein Prüf-Tool bereit, das Entwickler bei der korrekten Implementierung dieser Zertifikatspfadvalidierung unterstützt. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/pruef_tool_… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-08), Adobe Experience Manager (APSB18-10), Adobe InDesign CC (APSB18-11), Digital Editions (APSB18-13) and the Adobe PhoneGap Push plugin (APSB18-15). Adobe recommends users update their product installations to the latest versions using [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1542 ∗∗∗ Signal Bypass Screen locker ∗∗∗ --------------------------------------------- Signal for iOS, version 2.23.1.1 and prior, is vulnerable to screen lock bypass. The vulnerability, triggered by some click sequence, allows anyone to bypass password and TouchID authentication protections that iOS users can set on their device in order to increase application security and confidentiality. --------------------------------------------- http://nint.en.do/Signal-Bypass-Screen-locker.php ∗∗∗ SAP Security Patch Day - April 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ ∗∗∗ Update: Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Detaillierte Sicherheitshinweise für das Cisco IOS und IOS XE Smart Install Feature verfügbar ∗∗∗ --------------------------------------------- [...] Cisco hat ein Security Advisory mit Informationen zu CVE-2018-0171 und weiteren - teils schon älteren - Sicherheitslücken im Smart Install Feature von Cisco IOS und Cisco IOS XE veröffentlicht. Cisco empfiehlt die Umsetzung der im Advisory angeführten Maßnahmen zur Absicherung betroffener Systeme. --------------------------------------------- http://www.cert.at/warnings/all/20180329-2.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvorbis and thunderbird), Debian (pjproject), Fedora (compat-openssl10, java-1.8.0-openjdk-aarch32, libid3tag, python-pip, python3, and python3-docs), Gentoo (ZendFramework), Oracle (thunderbird), Red Hat (ansible, gcc, glibc, golang, kernel, kernel-alt, kernel-rt, krb5, kubernetes, libvncserver, libvorbis, ntp, openssh, openssl, pcs, policycoreutils, qemu-kvm, and xdg-user-dirs), SUSE (openssl and openssl1), and Ubuntu (python-crypto, [...] --------------------------------------------- https://lwn.net/Articles/751454/ ∗∗∗ IBM Security Bulletin: eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014742 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z are affected by a vulnerability. gskit ssl ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013978 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Windows is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015200 ∗∗∗ NTP vulnerability CVE-2018-7185 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04912972 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.04.2018
by Daily end-of-shift report 09 Apr '18

09 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-04-2018 18:00 − Montag 09-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ARP Spoofing in 2018: are you protected?, (Mon, Apr 9th) ∗∗∗ --------------------------------------------- This week I was reminded how efficient ARP (Address Resolution Protocol) spoofing attacks might be. A single Android device equipped with offensive tools was enough to fool any device on a network and capture sensitive data. But wait, we are talking about a threat as old as ARP specification from 1982. There arent vulnerable networks to this nowadays, right? Wrong. --------------------------------------------- https://isc.sans.edu/diary/rss/23533 ∗∗∗ Hacked Website Trend Report – 2017 ∗∗∗ --------------------------------------------- We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented stems from the analysis of 34,371 infected websites summarizing the latest trends by bad actors. --------------------------------------------- https://blog.sucuri.net/2018/04/hacked-website-trend-report-2017.html ∗∗∗ The dots do matter: how to scam a Gmail user ∗∗∗ --------------------------------------------- I recently received an email from Netflix which nearly caused caused me to add my card details to someone else’s Netflix account. Here I show that this is a new kind of phishing scam which is enabled by an obscure feature of Gmail called “the dots don’t matter”. I then argue that the dots do matter, and that this Gmail feature is in fact a misfeature. --------------------------------------------- https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-… ∗∗∗ Event Log Auditing, Demystified ∗∗∗ --------------------------------------------- the topic of reviewing event logs has received a fair amount grunts, groans, and questions such as “You honestly expect us to review all of that data?!” or “We have so many systems! Where would we even begin?” or “We already have enough on our plate to worry about!”. Fortunately, the times have changed, and log aggregation has matured over a relatively short amount of time. Its existence alone however is not the complete answer to log auditing woes. --------------------------------------------- https://medium.com/@jeremy.trinka/event-log-auditing-demystified-75b55879f0… ∗∗∗ How to prevent bypassing AppLocker using Alternate Data Streams ∗∗∗ --------------------------------------------- I usually write my blog-posts in german. This one is in english, because Sami Laiho asked me to do a short write-up, to make this problem available to a broader audience. Who is affected and what’s the problem? If you are using AppLocker Application-Whitelisting using Path-Rules with Exceptions you are probably affected. --------------------------------------------- https://hitco.at/blog/howto-prevent-bypassing-applocker-using-alternate-dat… ∗∗∗ Nicht bestellen bei salewaz.top! ∗∗∗ --------------------------------------------- Auf der Website salewaz.top findet man Kleidung und Sportausrüstung der bekannten Marke Salewa. Die Preise der Angebote sind um vieles niedriger als üblich für Salewa-Produkte, weshalb ein Kauf auf den ersten Blick attraktiv erscheint. KonsumentInnen sollten in diesem Shop auf keinen Fall bestellen, denn es handelt sich um betrügerische Anbieter und es wird trotz Bezahlung keine Ware verschickt. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-bei-salewaztop/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure ∗∗∗ --------------------------------------------- Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. --------------------------------------------- http://www.securityfocus.com/archive/1/541931 ∗∗∗ Bugtraq: [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution ∗∗∗ --------------------------------------------- The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. --------------------------------------------- http://www.securityfocus.com/archive/1/541932 ∗∗∗ Authentication Bypass Vulnerability Found in Auth0 Identity Platform ∗∗∗ --------------------------------------------- A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media ... --------------------------------------------- https://thehackernews.com/2018/04/auth0-authentication-bypass.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (openssl and zziplib), Debian (ldap-account-manager, ming, python-crypto, sam2p, sdl-image1.2, and squirrelmail), Fedora (bchunk, koji, libidn, librelp, nodejs, and php), Gentoo (curl, dhcp, libvirt, mailx, poppler, qemu, and spice-vdagent), Mageia (389-ds-base, aubio, cfitsio, libvncserver, nmap, and ntp), openSUSE (GraphicsMagick, ImageMagick, spice-gtk, and wireshark), Oracle (kubernetes), Slackware (patch), and SUSE (apache2 and openssl). --------------------------------------------- https://lwn.net/Articles/751346/ ∗∗∗ The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32518458 ∗∗∗ Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180104-01-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022524 ∗∗∗ IBM Security Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027341 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.04.2018
by Daily end-of-shift report 06 Apr '18

06 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-04-2018 18:00 − Freitag 06-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now ∗∗∗ --------------------------------------------- Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. In an [...] --------------------------------------------- https://thehackernews.com/2018/04/spring-framework-hacking.html ∗∗∗ Sicherheitsforscher finden 1,5 Milliarden sensible Daten ∗∗∗ --------------------------------------------- Forscher des IT-Sicherheitsanbieters Digital Shadows haben eigenen Angaben zufolge weltweit rund 1,5 Milliarden Datensätze in falsch konfigurierten und daher frei zugänglichen Online-Speichern gefunden. Darunter befinden sich sensible Informationen wie medizinische Daten, Gehaltsabrechnungen oder Patente. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/news_forscher_fin… ∗∗∗ From PNG tEXt to Persistent XSS ∗∗∗ --------------------------------------------- I was on job for a client and was playing around with various endpoints they have for uploading files. They're really strict on several things and will only accept files with a .PNG extension. In one place, however, you were able to upload files with a .html extension ... score. Well, not really. You're allowed to upload [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/from-png-text-to-persistent-x… ∗∗∗ Warnung vor sportspoort.de ∗∗∗ --------------------------------------------- Der Online-Shop sportspoort.de verkauft günstige Adidas-Schuhe. Es handelt sich um gefälschte Markenware. Konsument/innen können sie ausschließlich über eine unsichere Verbindung mit ihrer Kreditkarte bezahlen. Die Watchlist Internet rät von einem Einkauf auf sportspoort.de ab, denn der Anbieter ist kriminell. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sportspoortde/ ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation MicroLogix ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authentication vulnerability in the Rockwell MicroLogix Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory includes mitigations for an information exposure vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02 ∗∗∗ LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper check or handling of exceptional conditions vulnerability in LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sharutils), Fedora (firefox, httpd, and mod_http2), openSUSE (docker-distribution, graphite2, libidn, and postgresql94), Oracle (libvorbis and thunderbird), Red Hat (libvorbis, python-paramiko, and thunderbird), Scientific Linux (libvorbis and thunderbird), SUSE (apache2), and Ubuntu (firefox, linux-lts-xenial, linux-aws, and ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/751146/ ∗∗∗ [local] Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44410/ ∗∗∗ [local] Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44411/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1483) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015317 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015269 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Insight ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015268 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) CVE-2016-1000031 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015340 ∗∗∗ Intel SPI Flash Unsafe Opcodes Lets Local Users Cause Denial of Service Conditions ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040626 ∗∗∗ [R1] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-03 ∗∗∗ The BIG-IP ASM CSRF token may fail to renew when the original web server renews its session ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K70517410 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.04.2018
by Daily end-of-shift report 05 Apr '18

05 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-04-2018 18:00 − Donnerstag 05-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs ∗∗∗ --------------------------------------------- Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. --------------------------------------------- https://www.bleepingcomputer.com/news/security/intel-tells-users-to-uninsta… ∗∗∗ Natus Neuroworks: Sicherheitslücken in Gehirnscan-Software entdeckt ∗∗∗ --------------------------------------------- Der Scan der Hirnaktivitäten ist nicht gefährdet, das Krankenhaus aber schon: Sicherheitsexperten haben Schwachstellen in der Software von EEG-Geräten gefunden, die es ermöglichen, Code auf dem Gerät auszuführen und sich Zugriff auf das Krankenhausnetz zu verschaffen. (Security, Cisco) --------------------------------------------- https://www.golem.de/news/natus-neuroworks-sicherheitsluecken-in-gehirnscan… ∗∗∗ Apples Dateisystem: APFS-Probleme bleiben bestehen ∗∗∗ --------------------------------------------- Nach dem letzten Problem rund um die Klartextspeicherung von Passwörtern zu verschlüsselten APFS-Datenträgern stellt sich nach weiteren Untersuchungen heraus, dass die Passwörter mit 10.13.4 weiter lesbar sind. Die Passwörter verbleiben auch nach dem Patch in den Logs. (APFS, Apple) --------------------------------------------- https://www.golem.de/news/apples-dateisystem-apfs-probleme-bleiben-bestehen… ∗∗∗ Understanding Code Signing Abuse in Malware Campaigns ∗∗∗ --------------------------------------------- Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/understanding-c… ∗∗∗ Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client ∗∗∗ --------------------------------------------- Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in U.S. CERTs recent alert. --------------------------------------------- http://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.h… ∗∗∗ Keine 358.80 Euro an toxflix.de und ähnliche Streaming-Plattformen zahlen! ∗∗∗ --------------------------------------------- Die CINE STAR LTD ist laut Impressum verantwortlich für Streaming-Webseiten wie toxflix.de, roxflix.de oder laflix.de. Auf den Seiten werden Filme zum Streamen angeboten, vorab ist aber eine Registrierung durch die InteressentInnen notwendig. Die Anmeldung führt nach Ablauf einer 5-Tagesfrist zum Abschluss einer Premium-Mitgliedschaft und Forderungen in der Höhe von 358,80 Euro im Jahr. Der Betrag muss nicht bezahlt werden, denn ein gültiger Vertrag kommt nie zustande! --------------------------------------------- https://www.watchlist-internet.at/news/keine-35880-euro-an-toxflixde-und-ae… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (drupal), Debian (openjdk-7), Fedora (exempi, gd, and tomcat), SUSE (python-paramiko), and Ubuntu (kernel, libvncserver, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-trusty, and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/751026/ ∗∗∗ Vuln: Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/103653 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013308 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014266 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in Liberty for Java for IBM Cloud (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015292 ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM PureApplication System (CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011238 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect™ Plus ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014937 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK that affect IBM PureApplication System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015284 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015161 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Service (CVE-2017-10295, CVE-2017-10355, CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013492 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2017-10295, CVE-2017-10355) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013493 ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation and Information disclosure affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1731, CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014721 ∗∗∗ IBM Security Bulletin: IBM Distributed Marketing Could Allow an Authenticated but Unauthorized User with Special Access to Change Security Policies (CVE-2017-1109) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015044 ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by multiple GSKit vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015252 ∗∗∗ IBM Security Bulletin: XML External Entity Injection (XXE) Vulnerability Impacts IBM Campaign (CVE-2015-0254) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015263 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services for ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014821 ∗∗∗ IBM Security Bulletin: Denial of Service in Apache CXF used by Liberty for Java for IBM Cloud (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015296 ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM HTTP Server and Denial of Service in Apache CXF used by IBM WebSphere Application Server for IBM Cloud (CVE-2017-12613, CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015297 ∗∗∗ FreeBSD IPsec AH Option Header Infinite Loop Lets Remote Users Cause the Target System to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040628 ∗∗∗ HPE integrated Lights Out (iLO) TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040630 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily