Daily

daily@lists.cert.at

1 participants
3211 discussions

Tageszusammenfassung - 20.03.2018
by Daily end-of-shift report 20 Mar '18

20 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-03-2018 18:00 − Dienstag 20-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Administrators Password Bad Practice, (Tue, Mar 20th) ∗∗∗ --------------------------------------------- Just a quick reminder about some bad practices while handling Windows Administrator credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/23465 ∗∗∗ This Android malware redirects calls you make to your bank to go to scammers instead ∗∗∗ --------------------------------------------- Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. Very sneaky. --------------------------------------------- https://www.grahamcluley.com/this-android-malware-redirects-calls-you-make-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ES2018-05 Kamailio heap overflow ∗∗∗ --------------------------------------------- A specially crafted REGISTER message with a malformed `branch` or `From tag` triggers an off-by-one heap overflow. Abuse of this vulnerability leads to denial of service in Kamailio. Further research may show that exploitation leads to remote code execution. --------------------------------------------- http://www.securityfocus.com/archive/1/541874 ∗∗∗ Bugtraq: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries ∗∗∗ --------------------------------------------- Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled. --------------------------------------------- http://www.securityfocus.com/archive/1/541875 ∗∗∗ DFN-CERT-2018-0526/">Apache Commons Compress: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten ZIP-Archivdatei einen Denial-of-Service-Angriff auf Apache Commons Compress und auf Software, die dessen ZIP-Paket verwendet, durchführen. Der Hersteller veröffentlicht zur Behebung der Schwachstelle die Version Commons Compress 1.16. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0526/ ∗∗∗ DFN-CERT-2018-0532/">SDL2, SDL2_image: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in verschiedenen Komponenten von SDL2_image ermöglicht einem entfernten, nicht authentisierten Angreifer mit Hilfe manipulierter Bilddateien, welche ein Benutzer anzeigen muss, die Ausführung beliebigen Programmcodes sowie die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0532/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), openSUSE (various KMPs), Oracle (firefox), Scientific Linux (firefox), SUSE (java-1_7_1-ibm), and Ubuntu (memcached). --------------------------------------------- https://lwn.net/Articles/749757/ ∗∗∗ [R1] Nessus 7.0.3 Fixes One Vulnerability ∗∗∗ --------------------------------------------- When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. --------------------------------------------- http://www.tenable.com/security/tns-2018-01 ∗∗∗ Geutebruck IP Cameras ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Geutebrück IP Cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 ∗∗∗ Siemens SIMATIC, SINUMERIK, and PROFINET IO ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC, SINUMERIK, and PROFINET IO products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-02 ∗∗∗ IBM Security Bulletin: Denial of Service attack affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-3768) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099791 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099790 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099766 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099759 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099758 ∗∗∗ IBM Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099779 ∗∗∗ IBM Security Bulletin: Vulnerabilities in expat affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099765 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Chassis Management Module (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099776 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099775 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2018
by Daily end-of-shift report 19 Mar '18

19 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-03-2018 18:00 − Montag 19-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Ab sofort: Cyber-Security-Hotline der WKO für Unternehmen ∗∗∗ --------------------------------------------- Cyberattacken können jedes Unternehmen treffen - im Falle des Falles ist rasche Hilfe wichtig. Dafür sorgt die Hotline der WKO unter 0800 888 133. --------------------------------------------- https://futurezone.at/b2b/ab-sofort-cyber-security-hotline-der-wko-fuer-unt… ∗∗∗ Großes Missbrauchspotenzial beim Bundestrojaner ∗∗∗ --------------------------------------------- Der Bundestrojaner ist laut Verfassungsjuristen rechtlich "kaum angreifbar". Missbrauch ist nach Meinung von IT-Experten kaum zu kontrollieren. --------------------------------------------- https://futurezone.at/netzpolitik/grosses-missbrauchspotenzial-beim-bundest… ∗∗∗ VB2017 paper: The life story of an IPT - Inept Persistent Threat actor ∗∗∗ --------------------------------------------- At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/03/vb2017-paper-life-story-ipt-… ∗∗∗ Pwn2Own: Touch Bar eines MacBook Pro via Safari gehackt ∗∗∗ --------------------------------------------- Über die Ausnutzung von insgesamt drei Fehlern gelang es einem Sicherheitsforscher, aus dem Browser heraus tief in macOS einzugreifen. Auch ein weiterer Safari-Hack verlief erfolgreich. --------------------------------------------- https://www.heise.de/meldung/Pwn2Own-Touch-Bar-eines-MacBook-Pro-via-Safari… ∗∗∗ Hacker-Wettbewerb Pwn2Own: Firefox, Edge und Safari fallen um wie die Fliegen ∗∗∗ --------------------------------------------- Dieses Jahr haben die Pwn2Own-Veranstalter ein Preisgeld von zwei Millionen US-Dollar ausgerufen. Trotz einiger Hack-Erfolge blieb ein Großteil der Prämie jedoch im Topf. --------------------------------------------- https://www.heise.de/meldung/Hacker-Wettbewerb-Pwn2Own-Firefox-Edge-und-Saf… ∗∗∗ Passwort-Tresor Webbrowser: Firefox pfuscht seit neun Jahren beim Master-Kennwort ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt erneut: In Firefox und Thunderbird gespeicherte Passwörter sind nicht effektiv vor Datendiebstahl geschützt. --------------------------------------------- https://www.heise.de/meldung/Passwort-Tresor-Webbrowser-Firefox-pfuscht-sei… ∗∗∗ Hackerangriff auf deutsches Regierungsnetz nur punktuell erfolgreich ∗∗∗ --------------------------------------------- Berlin will sich stärker gegen Cyberattacken schützen --------------------------------------------- http://derstandard.at/2000076371068 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4144 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4144 ∗∗∗ DSA-4143 firefox-esr - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4143 ∗∗∗ DSA-4145 gitlab - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4145 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.03.2018
by Daily end-of-shift report 16 Mar '18

16 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-03-2018 18:00 − Freitag 16-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ TROOPERS 18 Wrap-Up Day #2 ∗∗∗ --------------------------------------------- Hello Readers, here is my wrap-up of the second day. Usually, the second day is harder in the morning due to the social events but, at TROOPERS, they organize the hacker run started at 06:45 for the most motivated of us. Today, the topic of the 3rd track switched from [...] --------------------------------------------- https://blog.rootshell.be/2018/03/15/troopers-18-wrap-day-2/ ∗∗∗ Schwachstelle in Chrome RDP für macOS: Gast kann vollen Remote-Zugriff erhalten ∗∗∗ --------------------------------------------- Ein Fehler in Googles Fernwartungs-Tool Chrome Remote Desktop kann es Unbefugten ohne Kenntnis eines Passwortes ermöglichen, einen aktiven Nutzer-Account auf dem entfernten Mac zu übernehmen, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3996450 ∗∗∗ Sofacy Uses DealersChoice to Target European Government Agency ∗∗∗ --------------------------------------------- Back in October 2016, Unit 42 published an initial analysis on a Flash exploitation framework used by the Sofacy threat group called DealersChoice. The attack consisted of Microsoft Word delivery documents that contained Adobe Flash objects capable of loading additional malicious Flash objects embedded in the file or directly provided by a command and control server. Sofacy continued to use [...] --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-deal… ∗∗∗ Hintertüren in USB-Controllern auch in Intel-Systemen vermutet ∗∗∗ --------------------------------------------- Einige der kürzlich von CTS-Labs gemeldeten Sicherheitslücken von AMD-Chips betreffen auch PCIe-USB-3.0-Controller von ASMedia, die auf vielen Mainboards für Intel-Prozessoren sitzen. --------------------------------------------- https://heise.de/-3996868 ∗∗∗ Qrypter RAT Hits Hundreds of Organizations Worldwide ∗∗∗ --------------------------------------------- Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says. The malware, often mistaken for the Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform. --------------------------------------------- https://www.securityweek.com/qrypter-rat-hits-hundreds-organizations-worldw… ∗∗∗ Abusing Duo 2FA ∗∗∗ --------------------------------------------- On a recent client engagement, our customer asked us to look at their use of Duo Security multifactor authentication that protected Windows workstation logins. It was configured to send a push notification to users' phones whenever they logged in or unlocked, either physically at the console or over remote desktop. --------------------------------------------- https://www.pentestpartners.com/security-blog/abusing-duo-2fa/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0008 ∗∗∗ --------------------------------------------- Workstation and Fusion updates address a denial-of-service vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0008.html ∗∗∗ VMSA-2018-0007.2 ∗∗∗ --------------------------------------------- VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-03-15: Updated in conjunction with the release of Identity Manager (vIDM) 3.2 and vRealize Automation (vRA) 7.3.1 on 2018-03-15. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0007.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (clamav and firefox-esr), openSUSE (Chromium and kernel-firmware), Oracle (firefox), Red Hat (ceph), Scientific Linux (firefox), Slackware (curl), and SUSE (java-1_7_1-ibm and mariadb). --------------------------------------------- https://lwn.net/Articles/749513/ ∗∗∗ Bugtraq: Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541861 ∗∗∗ DFN-CERT-2018-0513: HP-UX CIFS Server (Samba), Apache Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0513/ ∗∗∗ DFN-CERT-2018-0507: Monitorix: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0507/ ∗∗∗ [remote] MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44290/?rss ∗∗∗ [remote] SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44292/?rss ∗∗∗ IBM Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014388 ∗∗∗ IBM Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013598 ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011981 ∗∗∗ IBM Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011984 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.03.2018
by Daily end-of-shift report 15 Mar '18

15 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-03-2018 18:00 − Donnerstag 15-03-2018 18:00 Handler: Nina Bieringer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PSA: Beware of Windows PowerShell Credential Request Prompts ∗∗∗ --------------------------------------------- A new PowerShell script was posted on Github recently that prompts a victim to enter their login credentials, checks if they are correct, and then sends the credentials to a remote server. This allows an attacker to distribute the script and harvest domain login credentials from their victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/psa-beware-of-windows-powers… ∗∗∗ Webmailer: Squirrelmail-Sicherheitslücke bleibt vorerst offen ∗∗∗ --------------------------------------------- Bei der Untersuchung einer Security-Appliance von Check Point haben Sicherheitsforscher eine Lücke im Webmail-Tool Squirrelmail gefunden, mit der sich unberechtigt Dateien des Servers auslesen lassen. Einen offiziellen Fix gibt es bislang nicht, Golem.de stellt aber einen vorläufigen Patch bereit. --------------------------------------------- https://www.golem.de/news/webmailer-squirrelmail-sicherheitsluecke-bleibt-v… ∗∗∗ VPN tests reveal privacy-leaking bugs ∗∗∗ --------------------------------------------- Hotspot Shield patched; Zenmate and VPN Shield havent ... yet? A virtual private network recommendation site decided to call in the white hats and test three products for bugs, and the news wasnt good. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/03/15/vpn_tests_r… ∗∗∗ TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗ --------------------------------------------- [...] This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-074A ∗∗∗ Rechnungen im Doc-Format sind Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden E-Mails, mit denen Sie Empfänger/innen dazu auffordern, eine Rechnung zu öffnen: „bitte Anhang beachten. Danke. Noch einen schönen Resttag“. Die Rechnung steht auf einer fremden Website zum Download bereit. Nutzer/innen, die die angebliche Zahlungsaufforderung öffnen, installieren Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/rechnungen-im-doc-format-sind-schads… ===================== = Vulnerabilities = ===================== ∗∗∗ Arbitrary Shortcode Execution & Local File Inclusion in WOOF (PluginUs.Net) ∗∗∗ --------------------------------------------- Multiple vulnerabilies have been identified in WooCommerce Products Filter version 1.1.9. An unauthenticated user can perform a local file inclusion and execute arbitrary wordpress shortcode. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/arbitrary-shortcode-executio… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (samba), CentOS (389-ds-base, kernel, libreoffice, mailman, and qemu-kvm), Debian (curl, libvirt, and mbedtls), Fedora (advancecomp, ceph, firefox, libldb, postgresql, python-django, and samba), Mageia (clamav, memcached, php, python-django, and zsh), openSUSE (adminer, firefox, java-1_7_0-openjdk, java-1_8_0-openjdk, and postgresql94), Oracle (kernel and libreoffice), Red Hat (erlang, firefox, flash-plugin, and java-1.7.1-ibm), Scientific Linux --------------------------------------------- https://lwn.net/Articles/749423/ ∗∗∗ IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012341 ∗∗∗ IBM Security Bulletin: IBM® Db2® performs unsafe deserialization in DB2 JDBC driver (CVE-2017-1677) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012896 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099764 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099763 ∗∗∗ IBM Security Bulletin: Vulnerability in HTTPD affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099762 ∗∗∗ IBM Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012948 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Campaign, IBM Contact Optimization ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014126 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013756 ∗∗∗ Linux kernel vulnerability CVE-2017-1000111 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44309215 ∗∗∗ Apache vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Apache Portable Runtime vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Linux kernel vulnerability CVE-2017-1000112 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K60250153 ∗∗∗ Linux kernel vulnerability CVE-2017-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61223103 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.03.2018
by Daily end-of-shift report 14 Mar '18

14 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-03-2018 18:00 − Mittwoch 14-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2018 ∗∗∗ --------------------------------------------- March 2018 Android Security Bulletin --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Websicherheit: Apple-Datei auf Webservern verrät Verzeichnisinhalte ∗∗∗ --------------------------------------------- Mittels Parser lassen sich aus .DS_Store-Dateien sensible Informationen auslesen. Das Projekt Internetwache.org hat sich die proprietäre Lösung von Apple genauer angeschaut - und Erstaunliches zutage gefördert. --------------------------------------------- https://www.golem.de/news/websicherheit-apple-datei-auf-webservern-verraet-… ∗∗∗ Spectre-Lücke: Intels Microcode-Updates für Linux und Windows ∗∗∗ --------------------------------------------- Endlich hat es Intel geschafft, die zum Stopfen der Spectre-V2-Lücke nötigen Updates für Core-i-Prozessoren seit 2011 (Sandy Bridge) zu veröffentlichen - vor allem für Linux-Distributionen. --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-L… ∗∗∗ Lets Encrypt stellt ab sofort Wildcard-Zertifikate aus ∗∗∗ --------------------------------------------- Die kostenlose Zertifizierungsstelle Lets Encrypt stellt ab sofort auch Zertifikate ohne explizit benannte Subdomains aus. Durch solche Wildcards können Admins mit weniger unterschiedlichen Zertifikaten HTTPS aktivieren. --------------------------------------------- https://www.heise.de/meldung/Let-s-Encrypt-stellt-ab-sofort-Wildcard-Zertif… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-05), Adobe Connect (APSB18-06) and Adobe Dreamweaver CC (APSB18-07). Adobe recommends users update their product .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1535 ∗∗∗ Microsoft - March 2018 Security Updates ∗∗∗ --------------------------------------------- The March security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and .. --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail… ∗∗∗ Mozilla Foundation Security Advisory 2018-06 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox 59 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ ∗∗∗ Mozilla Foundation Security Advisory 2018-07 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox ESR 52.7 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (calibre, dovecot, and postgresql), CentOS (dhcp and mailman), Fedora (freetype, kernel, leptonica, mariadb, mingw-leptonica, net-snmp, .. --------------------------------------------- https://lwn.net/Articles/749288/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2018
by Daily end-of-shift report 13 Mar '18

13 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-03-2018 18:00 − Dienstag 13-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Phishing bei Amazon Prime-Kunden ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Amazon Prime-Schreiben an Unternehmen. Darin behaupten sie, dass diese ihre Mitgliedschaft nicht bezahlen konnten. Aus diesem Grund sollen Verkäufer/innen auf einer Website ihre Zahlungsdaten aktualisieren. In Wahrheit müssen Empfänger/innen keine Reaktion zeigen und können die Nachricht löschen, denn es handelt sich um eine Phishingmail. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-bei-amazon-prime-kunden/ ===================== = Vulnerabilities = ===================== ∗∗∗ [20180301] - Core - SQLi vulnerability User Notes ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.5.0 through 3.8.5 Exploit type: SQLi Reported Date: 2018-March-08 Fixed Date: 2018-March-12 CVE Number: CVE-2018-8045 --------------------------------------------- https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnera… ∗∗∗ TYPO3 8.7.11 and 7.6.25 released ∗∗∗ --------------------------------------------- The TYPO3 Community announces the versions 8.7.11 LTS and 7.6.25 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes only. --------------------------------------------- https://typo3.org/news/article/typo3-8711-and-7625-released ∗∗∗ Achtung Admins: Netzwerküberwachung PRTG speichert Passwörter unverschlüsselt ∗∗∗ --------------------------------------------- Wer die Netzwerküberwachung PRTG von Paessler nutzt, muss jetzt handeln, ansonsten könnten Angreifer Passwörter auslesen. --------------------------------------------- https://heise.de/-3992126 ∗∗∗ Sicherheitsforscher beschreiben 12 Lücken in AMD-Prozessoren ∗∗∗ --------------------------------------------- Die Firma CTS-Labs meldet 12 Sicherheitslücken, die aktuelle AMD-Prozessoren wie Ryzen, Ryzen Pro und Epyc betreffen beziehungsweise deren integrierte AMD Secure Processors (PSP). --------------------------------------------- https://heise.de/-3993807 ∗∗∗ rt-sa-2017-012 ∗∗∗ --------------------------------------------- Shopware Cart Accessible by Third-Party Websites --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-012.txt ∗∗∗ SAP Security Patch Day - March 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/ ∗∗∗ Kritische Sicherheitslücke in Samba4 - Patches verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Samba4 - Patches verfügbar 13. März 2018 Beschreibung Wie das Samba-Projekt bekanntgegeben hat, gibt es 2 Sicherheitsprobleme in allen aktuellen Samba-Versionen, eine davon stufen wir als kritisch ein. CVE-Nummern: CVE-2018-1057 CVE-2018-1050 Auswirkungen Durch Ausnutzen von CVE-2018-1057 kann ein angemeldeter Benutzer auf einem Samba Domain Controller die Passwörter beliebiger Benutzerkonten ändern. Dies inkludiert Dienst-Accounts von --------------------------------------------- http://www.cert.at/warnings/all/20180313.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (samba), Fedora (tor), openSUSE (glibc, mysql-connector-java, and shadow), Oracle (dhcp), Red Hat (bind, chromium-browser, and dhcp), Scientific Linux (dhcp), and SUSE (java-1_7_0-openjdk, java-1_8_0-ibm, and java-1_8_0-openjdk). --------------------------------------------- https://lwn.net/Articles/749177/ ∗∗∗ BSRT-2018-001 Vulnerability in UEM Management Console impacts UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013951 ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2017-3145 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022495 ∗∗∗ IBM Security Bulletin: Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2018-1388) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014196 ∗∗∗ IBM Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022490 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2018
by Daily end-of-shift report 12 Mar '18

12 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-03-2018 18:00 − Montag 12-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files ∗∗∗ --------------------------------------------- A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victims files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted files name. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-g… ∗∗∗ Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers ∗∗∗ --------------------------------------------- Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer). --------------------------------------------- https://www.bleepingcomputer.com/news/security/coinminer-campaigns-target-r… ∗∗∗ SmartCam: Kritische Sicherheitslücken in Cloud-Anbindung von Samsung-IP-Kameras ∗∗∗ --------------------------------------------- Lücken in der IP-Kamera SNH-V6410PN/PNW ermöglichen es, das Linux darauf zu kapern. Da die Sicherheitslücke in der Cloud-Anbindung liegt, sind wahrscheinlich weitere SmartCam-Modelle betroffen. Der Cloud-Dienst verwaltet die Kameras per Jabber-Server. --------------------------------------------- https://www.heise.de/security/meldung/SmartCam-Kritische-Sicherheitsluecken… ∗∗∗ TLS 1.3 and Proxies ∗∗∗ --------------------------------------------- I'll generally ignore the internet froth in a given week as much as possible, but when Her Majesty's Government starts repeating misunderstandings about TLS 1.3 it is necessary to write something, if only to have a pointer ready for when people start citing it as evidence. --------------------------------------------- http://www.imperialviolet.org/2018/03/10/tls13.html ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Critical Vulnerabilities in SecurEnvoy SecurMail ∗∗∗ --------------------------------------------- Several vulnerabilities in the SecurEnvoy SecurMail encrypted mail transfer solution allow an attacker to read other users' encrypted e-mails and overwrite or delete e-mails stored in other users' inboxes. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, libreoffice, php, quagga, and ruby), Debian (ming, util-linux, vips, and zsh), Fedora (community-mysql, php, ruby, and transmission), Gentoo (newsbeuter), Mageia (libraw and mbedtls), openSUSE (php7 and python-Django), Red Hat (MRG Realtime 2.5), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/749087/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1444) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014392 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects MegaRAID Storage Manager (CVE-2016-7055) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099769 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009613 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013943 ∗∗∗ IBM Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013339 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013818 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013557 ∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011110 ∗∗∗ IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012171 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.03.2018
by Daily end-of-shift report 09 Mar '18

09 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-03-2018 18:00 − Freitag 09-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ LLVM 6.0: Clang bekommt Maßnahme gegen Spectre-Angriff ∗∗∗ --------------------------------------------- Die neue Version der LLVM-Compiler wie Clang bringt mit Retpolines eine wichtige Maßnahme gegen Angriffe über Spectre. Davon profitieren auch künftige Windows-Versionen von Google Chrome. Optimierungen gibt es außerdem bei der Diagnose von Quelltexten. --------------------------------------------- https://www.golem.de/news/llvm-6-0-clang-bekommt-massnahme-gegen-spectre-an… ∗∗∗ Avast: CCleaner-Infektion enthielt Keylogger-Funktion ∗∗∗ --------------------------------------------- Die im vergangenen Jahr mit CCleaner verteilte Malware sollte Unternehmen wohl auch per Keylogger ausspionieren. Avast hat im eigenen Netzwerk die Shadowpad-Malware gefunden, geht aber davon aus, dass diese bei Kunden nicht installiert wurde. --------------------------------------------- https://www.golem.de/news/avast-ccleaner-infektion-enthielt-keylogger-funkt… ∗∗∗ Look-Alike Domains and Visual Confusion ∗∗∗ --------------------------------------------- How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well .. --------------------------------------------- https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/ ∗∗∗ Researchers Demonstrate Ransomware Attack on Robots ∗∗∗ --------------------------------------------- IOActive security researchers today revealed a ransomware attack on robots, demonstrating not only that such assaults are possible, but also their potential financial impact. read more --------------------------------------------- https://www.securityweek.com/researchers-demonstrate-ransomware-attack-robo… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module ∗∗∗ --------------------------------------------- This advisory includes mitigations for missing authentication for critical function, and inadequate encryption strength vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01 ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension ∗∗∗ --------------------------------------------- This advisory includes mitigation details for a missing authentication for critical function vulnerability in the Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Honor Smart Scale Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in eNSP Software ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ IBM Security Bulletin: IBM Notes Privilege Escalation in IBM Notes System Diagnostics service (CVE-2018-1437) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014201 ∗∗∗ IBM Security Bulletin: IBM Notes Remote Code Execution Vulnerability (CVE-2018-1435) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2018
by Daily end-of-shift report 08 Mar '18

08 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-03-2018 18:00 − Donnerstag 08-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours ∗∗∗ --------------------------------------------- Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-stops-malware-camp… ∗∗∗ Memcached Amplification: Neue Hacker-Tools verursachen Rekord-DDoS-Angriffe ∗∗∗ --------------------------------------------- DDoS-Angriffe per Memcached Amplification sind erst seit etwa einer Woche bekannt, nun existieren einfach zu bedienende Werkzeuge für solche Attacken. Unter anderem wurde auf diese Art GitHub mit einem Rekord-Angriff aus dem Internet geschwemmt. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Neue-Hacker-T… ∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗ --------------------------------------------- We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this .. --------------------------------------------- https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/07/Cisco-Releases-Sec… ∗∗∗ DFN-CERT-2018-0455/">Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0455/ ∗∗∗ rt-sa-2018-001 ∗∗∗ --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2018-001.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2018
by Daily end-of-shift report 07 Mar '18

07 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-03-2018 18:00 − Mittwoch 07-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Encryption 101: How to break encryption ∗∗∗ --------------------------------------------- Continuing on in our Encryption 101 series, where we gave a malware analyst’s primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some kind of secret flaw. That flaw is often a result of an error in implementation. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Releases Security Update for Chrome ∗∗∗ --------------------------------------------- Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/06/Google-Releases-Se… ∗∗∗ DFN-CERT-2018-0444/">Citrix NetScaler Application Delivery Controller, Citrix NetScaler Gateway: Mehrere Schwachstellen ermöglichen u.a. die Übernahme des Systems ∗∗∗ --------------------------------------------- Eine Schwachstelle in Citrix VPX ermöglicht einem entfernten, einfach authentisierten Angreifer die Ausführung beliebigen Programmcodes und damit letztlich die Übernahme des Systems. Weitere Schwachstellen ermöglichen einem entfernten, vermutlich nicht authentisierten Angreifer das Ausspähen beliebiger Dateien, die Eskalation von Privilegien sowie einen Cross-Site-Scripting (XSS)-Angriff. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0444/ ∗∗∗ FortiWebs cookie tampering protection can be bypassed by erasing the FortiWeb session cookie ∗∗∗ --------------------------------------------- FortiWeb 5.6.0 introduced a feature called "Signed Security Mode", which, when enabled, would prevent an attacker from tampering with "regular" cookies set by the web-sites protected by FortiWeb; in effect, access to the protected web-site can be blocked when cookie tampering is detected (depending on the "Action" selected by the FortiWeb admin).This protection can however be made inoperant if the attacker removes FortiWebs own session cookie. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-279 ∗∗∗ RSA Archer eGRC Bugs Let Remote Users Redirect Users to an Arbitrary Site and Let Remote Authenticated Users Obtain Username Information ∗∗∗ --------------------------------------------- A remote authenticated user can exploit an access control flaw in an API to determine valid usernames on the target system [CVE-2018-1219]. A remote user can exploit a flaw in the QuickLinks feature to redirect the target user to an arbitrary site [CVE-2018-1220]. --------------------------------------------- http://www.securitytracker.com/id/1040457 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (leptonlib), Fedora (bugzilla, cryptopp, electrum, firefox, freexl, glibc, jhead, libcdio, libsamplerate, libXcursor, libXfont, libXfont2, mingw-wavpack, nx-libs, php, python-crypto, quagga, sharutils, unzip, x2goserver, and xen), Gentoo (exim), openSUSE (cups, go1.8, ImageMagick, jgraphx, leptonica, openexr, tor, and wavpack), Red Hat (389-ds-base, java-1.7.1-ibm, kernel, kernel-rt, libreoffice, and --------------------------------------------- https://lwn.net/Articles/748741/ ∗∗∗ Hirschmann Automation and Control GmbH Classic Platform Switches ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01 ∗∗∗ Schneider Electric SoMove Software and DTM Software Components ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02 ∗∗∗ Eaton ELCSoft ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-03 ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Permission Control Vulnerability in Huawei Video Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012342 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014257 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily