=====================
= End-of-Day report =
=====================
Timeframe: Montag 05-02-2018 18:00 β Dienstag 06-02-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
=====================
= News =
=====================
βββ Research papers and Youtube videos from BlueHat Israel 2018 βββ
---------------------------------------------
http://www.bluehatil.com/abstracts.html
βββ European Cyber Security Month ECSM 2017 deployment report βββ
---------------------------------------------
ENISA is today pleased to publish the βEuropean Cyber Security Month deployment reportβ, a summary of the activities carried out throughout ECSM 2017 by the Agency and participating Member States.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/european-cyber-security-month-eβ¦
βββ Strong cybersecurity culture as efficient firewall for organisations βββ
---------------------------------------------
ENISAβs Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/strong-cybersecurity-culture-asβ¦
βββ Krypto-Miner schlich ΓΌber Download-Verzeichnis MacUpdate auf Macs βββ
---------------------------------------------
Mac-Nutzer, die beliebte Software wie etwa den Browser Firefox ΓΌber MacUpdate heruntergeladen haben, handelten sich dadurch unter UmstΓ€nden Malware ein.
---------------------------------------------
https://www.heise.de/meldung/Krypto-Miner-schlich-ueber-Download-Verzeichniβ¦
=====================
= Vulnerabilities =
=====================
βββ Security updates available for Adobe Flash Player (APSB18-03) βββ
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1522
βββ IBM Security Bulletin: IBM Content Navigator is affected by a common separated value (CSV) vulnerability βββ
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012674
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM JRE affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013271
βββ February 2018 βββ
---------------------------------------------
https://source.android.com/security/bulletin/2018-02-01.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 02-02-2018 18:00 β Montag 05-02-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
βββ Safer Internet Day βββ
---------------------------------------------
February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/02/05/Safer-Internet-Day
=====================
= Vulnerabilities =
=====================
βββ New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices βββ
---------------------------------------------
Two new WD My Cloud vulnerabilities have been identified, adding to last monthβs bevy of security bugs.
---------------------------------------------
http://threatpost.com/new-western-digital-my-cloud-bugs-give-local-attackerβ¦
βββ NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) βββ
---------------------------------------------
NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes.
---------------------------------------------
https://download.novell.com/Download?buildid=MtsbTyzebZw~
βββ Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities βββ
---------------------------------------------
Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscoβ¦
βββ DFN-CERT-2018-0235/">Django: Eine Schwachstelle ermΓΆglicht das AusspΓ€hen von Informationen βββ
---------------------------------------------
Eine Schwachstelle in Django ermΓΆglicht einem entfernten, nicht authentisierten Angreifer Informationen zu berechtigten Benutzern auszuspΓ€hen.
Der Hersteller hat Django 2.0.2 und 1.11.10 als Security Releases verΓΆffentlicht und stellt Patches fΓΌr den Master Branch und die Releases Branches 2.0 und 1.11 zur VerfΓΌgung.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0235/
βββ DFN-CERT-2018-0234/">7-Zip: Eine Schwachstelle ermΓΆglicht u.a. die AusfΓΌhrung beliebigen Programmcodes βββ
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Angriff durchzufΓΌhren (Out-of-bounds Write) oder mΓΆglicherweise mit Hilfe eines prΓ€parierten ZIP-Archivs beliebigen Programmcode zur AusfΓΌhrung bringen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0234/
βββ Update: Kritische SicherheitslΓΌcke in Cisco ASA Software - Patches verfΓΌgbar βββ
---------------------------------------------
Update: 5. Februar 2018 Cisco hat bekanntgegeben, dass im Zuge interner Untersuchungen noch weitere LΓΌcken gefunden wurden, sowie dass die bisher verΓΆffentlichten gefixten Versionen Fehler enthalten.
---------------------------------------------
http://www.cert.at/warnings/all/20180130.html
βββ Security updates for Monday βββ
---------------------------------------------
Security updates have been issued by Debian (dokuwiki and p7zip), Fedora (kernel, pdns, rsync, and webkitgtk4), openSUSE (chromium and translate-toolkit), Red Hat (jboss-ec2-eap and Red Hat Satellite 6), Slackware (php), and SUSE (bind and firefox).
---------------------------------------------
https://lwn.net/Articles/746568/rss
βββ IBM Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382 βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013054
βββ IBM Security Bulletin: API Connect Developer Portal is affected by authenticated user access to sensitive information vulnerability (CVE-2017-1785) βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013061
βββ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013153
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry βββ
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026841
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025910
βββ IBM Security Bulletin: October 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products βββ
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011818
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 01-02-2018 18:00 β Freitag 02-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
βββ Crypto Miners May Be the 'New Payload of Choice' for Attackers βββ
---------------------------------------------
Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware.
---------------------------------------------
http://threatpost.com/crypto-miners-may-be-the-new-payload-of-choice-for-atβ¦
βββ Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd) βββ
---------------------------------------------
Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Janes 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body.
---------------------------------------------
https://isc.sans.edu/diary/rss/23305
βββ Multiple Vulnerabilities in WD MyCloud βββ
---------------------------------------------
While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details.
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilitieβ¦
βββ There is no evidence in-the-wild malware is using Meltdown or Spectre βββ
---------------------------------------------
Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/02/there-no-evidence-wild-malwaβ¦
βββ Service-Router von Cisco kΓΆnnen sich an IPv6-Paketen verschlucken βββ
---------------------------------------------
Ein Sicherheitsupdate schlieΓt eine DoS-Schwachstelle in Cisco ASR 9000.
---------------------------------------------
https://www.heise.de/security/meldung/Service-Router-von-Cisco-koennen-sichβ¦
βββ Security updates for Friday βββ
---------------------------------------------
Security updates have been issued by CentOS (systemd and thunderbird), Debian (squid and squid3), Fedora (firefox), Mageia (java-1.8.0-openjdk and sox), openSUSE (ecryptfs-utils and libXfont), Oracle (systemd and thunderbird), Scientific Linux (thunderbird), and Ubuntu (dovecot and w3m).
---------------------------------------------
https://lwn.net/Articles/746326/rss
=====================
= Vulnerabilities =
=====================
βββ "Zero-Day" SicherheitslΓΌcke in Adobe Flash Player - aktiv ausgenΓΌtzt - Patches noch nicht verfΓΌgbar βββ
---------------------------------------------
"Zero-Day" SicherheitslΓΌcke in Adobe Flash Player - aktiv ausgenΓΌtzt - Patches noch nicht verfΓΌgbar 1. Februar 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische SicherheitslΓΌcke in Adobe Flash Player gibt, die auch bereits aktiv ausgenΓΌtzt wird. CVE-Nummer: CVE-2018-4878 Es ist noch keine entsprechend gefixte Version verfΓΌgbar - Adobe hat eine solche fΓΌr nΓ€chste Woche (beginnend mit 5. Februar 2018) in Aussicht
---------------------------------------------
http://www.cert.at/warnings/all/20180201.html
βββ IBM Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown. βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012719
βββ IBM Security Bulletin: Multiple vulnerabilities in Kernel, libvirt and qemu-kvm affect IBM Netezza Host Management βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012641
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 31-01-2018 18:00 β Donnerstag 01-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
βββ DDG: A Mining Botnet Aiming at Database Servers βββ
---------------------------------------------
Starting 2017-10-25, we noticed there was a large scale ongoing scan targeting the OrientDB databases. Further analysis found that this is a long-running botnet whose main ..
---------------------------------------------
http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/
βββ Adaptive Phishing Kit βββ
---------------------------------------------
Phishing kits are everywhere! If your server is compromised today, they are chances that it will be used to mine cryptocurrency, to deliver malware payloads or to host a phishing kit. Phishing remains a common attack scenario to collect valid credentials and impersonate the user account or, in larger attacks, it is one of the first steps to ..
---------------------------------------------
https://isc.sans.edu/diary/rss/23299
βββ Internet of Dildos β a long way to a vibrant future βββ
---------------------------------------------
Schwachstellen in Sexspielzeugen sind nicht nur aus technischer Sicht sehr interessant, sondern vor allem datenschutzrechtlich. Mehrere βSmart Sexβ Spielzeuge der Marke Vibratissimo und die dazugehΓΆrige Cloud Plattform waren von schwerwiegenden Schwachstellen betroffenen.
---------------------------------------------
https://www.sec-consult.com/blog/2018/02/internet-of-dildos-a-long-way-to-aβ¦
βββ Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready? βββ
---------------------------------------------
It has been few weeks since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws. Spectre and Meltdown are security ..
---------------------------------------------
https://thehackernews.com/2018/02/meltdown-spectre-malware-hacking.html
βββ Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet βββ
---------------------------------------------
The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affects more than half a million users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular ..
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chromβ¦
βββ "Γndere dein Passwort"-Tag: Lass es doch einfach bleiben! βββ
---------------------------------------------
Am 1. Februar ist "Γndere dein Passwort"-Tag. Aber ist es wirklich sinnvoll, PasswΓΆrter regelmΓ€Γig zu Γ€ndern? Und wie wΓ€hlt man ΓΌberhaupt gute PasswΓΆrter, die Hackerangriffen standhalten?
---------------------------------------------
https://www.heise.de/meldung/Aendere-dein-Passwort-Tag-Lass-es-doch-einfachβ¦
βββ Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions βββ
---------------------------------------------
The threat landscape is constantly changing; over the last few years malware threat vectors, methods and payloads have rapidly evolved. Recently, as cryptocurrency values have exploded, mining ..
---------------------------------------------
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
βββ Chromeβs Plan to Distrust Symantec Certificates βββ
---------------------------------------------
Posted by Devon OβBrien, Ryan Sleevi, Andrew Whalley, Chrome SecurityThis post is a broader announcement of plans already finalized on the blink-dev mailing list.Update, 1/31/18: Post was updated to further clarify 13 month validity limitationsAt the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and ..
---------------------------------------------
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.hβ¦
=====================
= Vulnerabilities =
=====================
βββ DSA-4103 chromium-browser - security update βββ
---------------------------------------------
https://www.debian.org/security/2018/dsa-4103
βββ Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range βββ
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 30-01-2018 18:00 β Mittwoch 31-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
βββ Microsoft Drops the Hammer on Coercive Registry Cleaners & System Optimizers βββ
---------------------------------------------
Starting March 1st 2018, Windows Defender and other Microsoft products will begin to remove programs that display coercive behavior. This includes registry cleaners and system optimizers that offer free scans, display alarming messages, and then require the user to purchase it.before fixing anything.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-drops-the-hammer-β¦
βββ Google hat 2017 mehr als 700.000 bΓΆsartige Apps aus Google Play verbannt βββ
---------------------------------------------
In einem Jahresbericht fΓΌhrt Google aus, wie sicher der eigene Android-App-Store Google Play doch ist. Aufgrund einiger VorfΓ€lle wirkt die Argumentation stellenweise jedoch nicht ganz glaubwΓΌrdig.
---------------------------------------------
https://www.heise.de/meldung/Google-hat-2017-mehr-als-700-000-boesartige-Apβ¦
βββ Kritische SicherheitslΓΌcke in Mozilla Firefox - Patch verfΓΌgbar βββ
---------------------------------------------
Mozilla hat einen Out-of-Band Patch fΓΌr eine kritische SicherheitslΓΌcke im Webbrowser Firefox verΓΆffentlicht. Auswirkungen Durch AusnΓΌtzen dieser LΓΌcke kann ein Angreifer beliebigen Code auf betroffenen Systemen, mit den Rechten des angemeldeten Benutzers, ausfΓΌhren. Dazu reicht es, den Browser zum Anzeigen einer entsprechend prΓ€parierten Webseite ..
---------------------------------------------
http://www.cert.at/warnings/all/20180131.html
=====================
= Vulnerabilities =
=====================
βββ DSA-4102 thunderbird - security update βββ
---------------------------------------------
https://www.debian.org/security/2018/dsa-4102
βββ PHOENIX CONTACT mGuard βββ
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01
βββ Siemens TeleControl Server Basic βββ
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02
βββ WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting βββ
---------------------------------------------
http://jvn.jp/en/jp/JVN30636823/
βββ Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 βββ
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-β¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 29-01-2018 18:00 β Dienstag 30-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
βββ IBM-Studie: Viele Nutzer halten biometrische Anmeldung fΓΌr sicher βββ
---------------------------------------------
Gerade junge Leute wollen sich heutzutage keine PasswΓΆrter mehr merken: Eine IBM-Studie untersucht Vorlieben von Nutzern aller Altersgruppen. Teilnehmer ab 55 Jahren hingegen merken sich viele verschiedene PasswΓΆrter auf einmal - auch ohne Passwort-Manager.
---------------------------------------------
https://www.golem.de/news/ibm-studie-viele-nutzer-halten-biometrische-anmelβ¦
βββ Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery βββ
---------------------------------------------
Of course this does nothing for victims encrypted files Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets.
---------------------------------------------
theregister.com/feed/www.theregister.co.uk/2018/01/30/ransomware_diversions/
βββ Chrome Extension Malware Has Evolved βββ
---------------------------------------------
While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data.
---------------------------------------------
https://www.wired.com/story/chrome-extension-malware
βββ ENISA organises cyber-exercise to boost CSIRT cooperation βββ
---------------------------------------------
On 30 January 2018, the EU Cybersecurity Agency ENISA organised βCyber SOPExβ, the first cooperation exercise of the CSIRTs Network.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-organises-cyber-exercise-β¦
βββ E-Mail-Betrug: Vorarlberger Firma zahlt 150.000 Euro βββ
---------------------------------------------
Mitarbeiterin ΓΌberwies knapp 150.000 Euro ins Ausland β 83.000 Euro konnten zurΓΌckgeholt werden
---------------------------------------------
http://derstandard.at/2000073288109
βββ "spotzi" und "bier1": Cybasar-Leak zeigt die unsicheren PasswΓΆrter der Γsterreicher βββ
---------------------------------------------
Viele KennwΓΆrter offenbaren fahrlΓ€ssigen Umgang mit eigenen Informationen im Netz β auch von BehΓΆrdenmitarbeitern
---------------------------------------------
http://derstandard.at/2000073316365
βββ 2017 in Snort Signatures. βββ
---------------------------------------------
This post was written by Martin Lee and Vanja Svajcer.2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact ..
---------------------------------------------
http://blog.talosintelligence.com/2018/01/2017-in-snort-signatures.html
βββ Kritische SicherheitslΓΌcke in Cisco ASA Software - Patches verfΓΌgbar βββ
---------------------------------------------
Cisco hat ein Advisory zu einer kritischen SicherheitslΓΌcke in Cisco ASA Software verΓΆffentlicht. Die LΓΌcke befindet sich im Code, der fΓΌr das "webvpn"-Feature zustΓ€ndig ..
---------------------------------------------
http://www.cert.at/warnings/all/20180130.html
=====================
= Vulnerabilities =
=====================
βββ [20180103] - Core - XSS vulnerability in Uri class βββ
---------------------------------------------
https://developer.joomla.org/security-centre/721-20180103-core-xss-vulnerabβ¦
βββ [20180102] - Core - XSS vulnerability in com_fields βββ
---------------------------------------------
https://developer.joomla.org/security-centre/720-20180102-core-xss-vulnerabβ¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 26-01-2018 18:00 β Montag 29-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
βββ Cyberattacken auf niederlΓ€ndische Banken: Netbanking weg βββ
---------------------------------------------
Die drei grΓΆΓten Banken der Niederlande hatten am Wochenende mit Cyberangriffen zu kΓ€mpfen. Teilweise fiel auch das Online-Banking aus.
---------------------------------------------
https://futurezone.at/digital-life/cyberattacken-auf-niederlaendische-bankeβ¦
βββ Coincheck: KryptowΓ€hrung im Wert von 429 Millionen Euro gestohlen βββ
---------------------------------------------
FΓΌr das Unternehmen Coincheck war es ein schwarzer Freitag: Eine groΓe Menge der KryptowΓ€hrung NEM wurde gestohlen. Der Kurs sank dadurch um elf Prozent. Auch Bitcoin und Etherium waren davon betroffen. Der Angriff ist fΓΌr einige ein Anlass zur Kritik an Japans Regulierung des Kryptohandels.
---------------------------------------------
https://www.golem.de/news/coincheck-kryptowaehrung-im-wert-von-429-milliardβ¦
βββ Security: Lenovo gesteht SicherheitslΓΌcken im Fingerprint Manager ein βββ
---------------------------------------------
Die Software Fingerprint Manager Pro speichert biometrische Daten auf dem GerΓ€t. Allerdings sagt selbst Lenovo, dass das unsicher sei und rΓ€t daher zu einem Update. Windows-10-GerΓ€te sind davon jedoch nicht betroffen.
---------------------------------------------
https://www.golem.de/news/security-lenovo-gesteht-sicherheitsluecken-im-finβ¦
βββ Meltdown & Spectre: Windows-Update deaktiviert Schutz gegen Spectre V2 βββ
---------------------------------------------
Ein aktuelles Windows-Update schaltet den Schutz gegen Spectre Variant 2 ab, um InstabilitΓ€ten des Systems vorzubeugen.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Meltdown-Spectre-Windows-Update-deaβ¦
βββ First 'Jackpotting' Attacks Hit U.S. ATMs βββ
---------------------------------------------
ATM "jackpotting" - a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand - has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United [...]
---------------------------------------------
https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/
βββ Cybasar.at gehackt: 70.000 ΓΆsterreichische Log-ins im Netz aufgetaucht βββ
---------------------------------------------
Hunderte E-Mails und PasswΓΆrter von offiziellen Stellen enthalten β Daten stammen von Gebrauchtwagenplattform Cybasar
---------------------------------------------
http://derstandard.at/2000073253135
=====================
= Vulnerabilities =
=====================
βββ DSA-4099 ffmpeg - security update βββ
---------------------------------------------
Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4099
βββ DSA-4101 wireshark - security update βββ
---------------------------------------------
It was discovered that wireshark, a network protocol analyzer, containedseveral vulnerabilities in the dissectors/file parsers for IxVeriWave,WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial ofservice or the execution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4101
βββ DFN-CERT-2018-0020 βββ
---------------------------------------------
Auf diesem Wege noch einmal der Hinweis, dass wir unsere Security Advisories zu #Spectre und #Meltdown (DFN-CERT-2018-0020) sowie Spectre 2 (DFN-CERT-2018-0019) beinahe tΓ€glich aktualisieren. Bleiben Sie via @DFNCERT_ADV auf dem neuesten Stand.
---------------------------------------------
https://twitter.com/DFNCERT/status/956906148388536321
βββ DFN-CERT-2018-0196: VMware AirWatch Console (AWC): Eine Schwachstelle ermΓΆglicht einen Cross-Site-Request-Forgery-Angriff βββ
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0196/
βββ Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180129-β¦
βββ IBM Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown βββ
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.aβ¦
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012707
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 24-01-2018 18:00 β Donnerstag 25-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
βββ Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack βββ
---------------------------------------------
The worlds largest container shipping company Γ’β¬βA.P. MΓΒΈller-MaerskΓ’β¬β said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pcβ¦
βββ BSI-Richtlinie: Der streng geheime Streit ΓΌber die Routersicherheit βββ
---------------------------------------------
Das BSI will in den kommenden Monaten eine Technische Richtlinie fΓΌr Heimrouter herausgeben. Vor allem die Kabelnetzbetreiber halten nichts davon, fΓΌr mΓΆglichst viel Sicherheit bei den GerΓ€ten zu sorgen. Der CCC spricht von "Lobbying-Sabotage".
---------------------------------------------
https://www.golem.de/news/bsi-richtlinie-der-streng-geheime-streit-ueber-diβ¦
βββ Windows 10: Microsoft will aufzeigen, was an GerΓ€tedaten gesammelt wird βββ
---------------------------------------------
Sprachdaten, Positionsdaten und Browserverlauf: Nutzer sollen kΓΌnftig einen besseren Γberblick ΓΌber gesammelte Daten in Windows 10 bekommen. Dazu stellt Microsoft ein Dashboard fΓΌr Microsoft-Accounts und einen Diagnostic Viewer fΓΌr GerΓ€teinformation zur VerfΓΌgung. (Microsoft, Datenschutz)
---------------------------------------------
https://www.golem.de/news/windows-10-microsoft-will-aufzeigen-was-an-geraetβ¦
βββ Cloudflare[.]solutions Keylogger Returns on New Domains βββ
---------------------------------------------
A few months ago, we covered two injections related to the βcloudflare.solutionsβ malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains. Keylogger Spreads to New Domains A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken [...]
---------------------------------------------
https://blog.sucuri.net/2018/01/cloudflare-solutions-keylogger-returns-on-nβ¦
βββ libcurl has had auth leak bug since the first commit we recorded βββ
---------------------------------------------
Fixed in 7.58.0 If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak.β¦
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/01/25/curl_carrieβ¦
βββ Healthcare CERTs highlight the need for security guidance for specific sectors βββ
---------------------------------------------
A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development. Read more
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/01/healthcare-certs-show-need-sβ¦
βββ Announcing turndown of the deprecated Google Safe Browsing APIs βββ
---------------------------------------------
Posted by Alex Wozniak, Software Engineer, Safe Browsing TeamIn May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect over 3 billion devices from unsafe web resources.Coupled with that announcement was the deprecation of legacy Safe Browsing APIs, v2 and v3. Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must [...]
---------------------------------------------
https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.hβ¦
=====================
= Vulnerabilities =
=====================
βββ DSA-4096 firefox-esr - security update βββ
---------------------------------------------
Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees, integeroverflows and other implementation errors may lead to the execution ofarbitrary code, denial of service or URL spoofing.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4096
βββ Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified βββ
---------------------------------------------
Update 1/25/18: Blender has released version 2.79a to address these issues
Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since its free and open-source software. However, this also make it an attractive target for adversaries to audit and find vulnerabilities. Given the user base of Blender, exploiting these vulnerabilities to [...]
---------------------------------------------
http://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html
βββ DFN-CERT-2018-0177: Google Chrome, Chromium: Mehrere Schwachstellen ermΓΆglichen u.a. die AusfΓΌhrung beliebigen Programmcodes βββ
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0177/
βββ IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Spectre and Meltdown. βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026853
βββ IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026733
βββ IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026732
βββ IBM Security Bulletin: A vulnerability in Apache Portable Runtime affects PowerKVM βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026735
βββ IBM Security Bulletin: A vulnerability in procmail affects PowerKVM βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026736
βββ IBM Security Bulletin: A vulnerability in curl affects PowerKVM βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026734
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact βββ
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012767
βββ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026731
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) βββ
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007398
βββ IBM Security Bulletin: Rational DOORS is affected by multiple vulnerabilities βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012789
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 23-01-2018 18:00 β Mittwoch 24-01-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
βββ Skype, Signal, Slack, other apps inherit Electron vuln βββ
---------------------------------------------
If youve built a Windows application on Electron, check to see if its subject to a just-announced remote code execution vulnerability. ... Slack users should update to version 3.0.3 or better, and the latest version of Skype for Windows is protected
---------------------------------------------
https://www.theregister.co.uk/2018/01/24/skype_signal_slack_nherit_electronβ¦
βββ [papers] Hardcore SAP Penetration Testing βββ
---------------------------------------------
http://www.exploit-db.com/docs/english/43859-hardcore-sap-penetration-testiβ¦
βββ 14 flaws found that could take over industrial control systems βββ
---------------------------------------------
Licence management systems used in industrial control systems are plagued with vulnerabilities - contain 14 flaws could enable hackers to take control of systems and carry out DoS attacks
---------------------------------------------
https://www.scmagazineuk.com/news/14-flaws-found-that-could-take-over-indusβ¦
=====================
= Vulnerabilities =
=====================
βββ Advantech WebAccess/SCADA βββ
---------------------------------------------
This advisory contains mitigation details for path traversal and SQL injection vulnerabilities in Advantechβs WebAccess/SCADA software platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01
βββ Security updates for Tuesday βββ
---------------------------------------------
Security updates have been issued by Debian (smarty3), Fedora (bind, bind-dyndb-ldap, dnsperf, glibc, kernel, libtasn1, libvpx, mariadb, python-bottle, ruby, and sox), Red Hat (rh-eclipse46-jackson-databind), SUSE (kernel), and Ubuntu (kernel, linux, linux-aws, linux-euclid, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync).
---------------------------------------------
https://lwn.net/Articles/745165/rss
βββ Apple Updates Everything, Again, (Tue, Jan 23rd) βββ
---------------------------------------------
https://isc.sans.edu/diary/rss/23269
βββ Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability βββ
---------------------------------------------
http://www.securityfocus.com/bid/102765
βββ Security Advisory - Memory Leak Vulnerability in Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180124-β¦
βββ Security Advisory - Two Vulnerabilities in MGCP Protocol of Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-β¦
βββ Security Advisory - Integer Overflow Vulnerability on Smartphones βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-β¦
βββ Security Advisory - DoS Vulnerability in Some Huawei Products βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-β¦
βββ Security Advisory - CPU Vulnerabilities Meltdown and Spectre βββ
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-β¦
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012739
βββ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology βββ
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012712
βββ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in MyFaces for WebSphere Application Server βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012737
βββ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in Apache MyFaces βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012735
βββ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 βββ
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012623
βββ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight. βββ
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012627
βββ SSA-824231 (Last Update 2018-01-24): Unauthenticated Firmware Upload Vulnerability in Desigo PXC βββ
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231β¦
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily