Daily

daily@lists.cert.at

1 participants
3211 discussions

Tageszusammenfassung - 21.12.2017
by Daily end-of-shift report 21 Dec '17

21 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-12-2017 18:00 − Donnerstag 21-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Infosec controls relaxed a little after latest Wassenaar meeting ∗∗∗ --------------------------------------------- A welcome dash of perspective Without much fanfare, negotiators crafting the Wassenaar Agreement earlier this month moved to make things easier for infosec white-hats. --------------------------------------------- www.theregister.co.uk/2017/12/21/infosec_controls_relaxed_a_little_after_la… ∗∗∗ Einfache Mail-Verschlüsselung: PGP-Helfer Autocrypt in Version 1.0 vorgestellt ∗∗∗ --------------------------------------------- Eine benutzerfreundliche E-Mail-Verschlüsselung versprechen die Macher der Autocrypt-Spezifikation, die heute in Version 1.0 freigegeben wurde. --------------------------------------------- https://heise.de/-3924855 ∗∗∗ Massive Cryptomining Campaign Targeting WordPress Sites ∗∗∗ --------------------------------------------- On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory for Buffer Overflow Vulnerabilities in QTS ∗∗∗ --------------------------------------------- Multiple buffer overflow vulnerabilities were recently found in QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier. If exploited, these vulnerabilities may allow remote attackers to run arbitrary code on NAS devices. --------------------------------------------- https://www.qnap.com/en/security-advisory/nas-201712-15 ∗∗∗ TMM vulnerability CVE-2017-6138 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6138. Security Advisory. Security Advisory Description. Malicious requests made to virtual servers .. --------------------------------------------- https://support.f5.com/csp/article/K34514540 ∗∗∗ TMM vulnerability CVE-2017-6132 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6132. Security Advisory. Security Advisory Description. Undisclosed sequence of packets sent .. --------------------------------------------- https://support.f5.com/csp/article/K12044607 ∗∗∗ Linux kernel vulnerability CVE-2017-6135 ∗∗∗ --------------------------------------------- Linux kernel vulnerability CVE-2017-6135. Security Advisory. Security Advisory Description. A slow memory leak as a result .. --------------------------------------------- https://support.f5.com/csp/article/K43322910 ∗∗∗ me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2017-097 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009491 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011039 ∗∗∗ TMM vulnerability CVE-2017-6134 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37404773 ∗∗∗ SQL injection vulnerability CVE-2017-0304 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39428424 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2017
by Daily end-of-shift report 20 Dec '17

20 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-12-2017 18:00 − Mittwoch 20-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verschlüsselung: Audit findet schwerwiegende Sicherheitslücken in Enigmail ∗∗∗ --------------------------------------------- Mozillas Secure Open Source Fund und der Berliner E-Mail-Anbieter Posteo haben einen Security-Audit für Thunderbird und die Erweiterung Enigmail in Auftrag gegeben. Dabei sind einige kritische und schwerwiegende Lücken gefunden worden. --------------------------------------------- https://www.golem.de/news/verschluesselung-audit-findet-schwerwiegende-sich… ∗∗∗ Avast veröffentlicht Maschinencode-Decompiler als Open Source ∗∗∗ --------------------------------------------- Der Virenschutz-Hersteller Avast hat ein Werkzeug entwickelt, mit dem sich ausführbarer Maschinencode in lesbaren Quelltext zurückübersetzen lassen soll. Damit lässt sich das Verhalten von Programmen analysieren, ohne sie auszuführen. --------------------------------------------- https://heise.de/-3923397 ∗∗∗ Backdoor in Captcha Plugin Affects 300K WordPress Sites ∗∗∗ --------------------------------------------- The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ ===================== = Vulnerabilities = ===================== ∗∗∗ Ecava IntegraXor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for SQL injection vulnerabilities in Ecava’s IntegraXor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 ∗∗∗ Siemens LOGO! Soft Comfort ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a download of code without integrity check vulnerability in Siemens LOGO! Soft Comfort software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04 ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a heap-based buffer overflow vulnerability in WECON’s LeviStudio HMI. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-05 ∗∗∗ Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol) ∗∗∗ --------------------------------------------- It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting. --------------------------------------------- https://typo3.org/news/article/multiple-vulnerabilities-in-extension-jobcon… ∗∗∗ Captcha 4.3.6–4.4.4 - Backdoored ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8980 ∗∗∗ DFN-CERT-2017-2302/">TYPO3 Extensions: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2302/ ∗∗∗ DFN-CERT-2017-2305/">VMware ESXi, Workstation, Fusion, vCenter Server Appliance: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2305/ ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by libxml2 vulnerabilty (CVE-2017-16932 CVE-2017-16931) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011831 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3735 CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011851 ∗∗∗ BIG-IP APM Portal Access vulnerability CVE-2017-0301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54358225 ∗∗∗ TMM vulnerability CVE-2017-6140 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55102452 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2017
by Daily end-of-shift report 19 Dec '17

19 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 18-12-2017 18:00 − Dienstag 19-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Dual EC: Wie Cisco, Avast und die NSA TLS 1.3 behindern ∗∗∗ --------------------------------------------- Auch der jüngste Entwurf des TLS-1.3-Protokolls führt zu Verbindungsabbrüchen. Google nennt jetzt einige Schuldige, darunter ein Gerät von Cisco, ein Virenscanner - und eine Spur zur NSA-Hintertüre Dual EC in der RSA-BSAFE-Bibliothek. --------------------------------------------- https://www.golem.de/news/dual-ec-wie-cisco-avast-und-die-nsa-tls-1-3-behin… ∗∗∗ aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript ∗∗∗ --------------------------------------------- Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-win… ∗∗∗ Multifunktionstrojaner Loapi kann Android-Smartphones physisch beschädigen ∗∗∗ --------------------------------------------- Loapi ist die eierlegende Wollmilchsau unter den Android-Trojanern und geht so hart zu Werk, dass Smartphones aufplatzen können. --------------------------------------------- https://heise.de/-3921651 ∗∗∗ The Market for Stolen Account Credentials ∗∗∗ --------------------------------------------- Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Todays post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online .. --------------------------------------------- https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentia… ∗∗∗ Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC ∗∗∗ --------------------------------------------- A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framewo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2017
by Daily end-of-shift report 18 Dec '17

18 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-12-2017 18:00 − Montag 18-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Windows 10: Kritische Lücke in vorinstalliertem Passwortmanager ∗∗∗ --------------------------------------------- Keeper-Nutzer sollten unbedingt die gepatchte Version installieren. Der aktuell in Windows 10 vorinstallierte Passwortmanager Keeper hatte bis Version 11.3 einen Fehler, der es bösartigen Webseiten ermöglichte, über Clickjacking beliebige Passwörter auszulesen. --------------------------------------------- https://www.golem.de/news/windows-10-kritische-luecke-in-vorinstalliertem-p… ∗∗∗ BGP-Hijacking: IP-Verkehr der Großen Vier nach Russland umgeleitet ∗∗∗ --------------------------------------------- Weil etliche Netzbetreiber immer noch ein Routing-Protokoll ohne Sicherheitsvorkehrungen nutzen, gelang es wieder einmal Angreifern, IP-Verkehr von Google, Facebook, Apple und Microsoft umzuleiten. Das Zwischenziel: Russland. --------------------------------------------- https://heise.de/-3919524 ∗∗∗ Kritische und bislang ungepatchte Lücken in Forensoftware vBulletin ∗∗∗ --------------------------------------------- In der aktuellen Version von vBulletin klaffen zwei Schwachstellen – davon ist mindestens eine als kritisch einzustufen. Angreifer könnten Schadcode ausführen. --------------------------------------------- https://heise.de/-3920375 ∗∗∗ Gesichtserkennung von Windows 10 mit Papierausdruck reingelegt ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Windows Hello erfolgreich ausgetrickst und sich an damit gesicherten Computern angemeldet. Das funktioniert aber nur mit bestimmten Hard- und Softwarekonstellationen. --------------------------------------------- https://heise.de/-3920864 ∗∗∗ Hacker zeigte Probleme bei Ladekarten für Stromtankstellen auf ∗∗∗ --------------------------------------------- "Ich brauche nur diese Nummer, um auf fremde Kosten Strom zu laden" --------------------------------------------- http://derstandard.at/2000070592621 ∗∗∗ Über 10.000 Seiten schürfen mit PC-Leistung der Nutzer nach Kryptogeld ∗∗∗ --------------------------------------------- Sicherheitsexperten registrieren rasanten Anstieg seit Bitcoin-Hype --------------------------------------------- http://derstandard.at/2000070618982 ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin – December 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1423) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011400 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010601 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008673 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.12.2017
by Daily end-of-shift report 15 Dec '17

15 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-12-2017 18:00 − Freitag 15-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Considers Adding Python as an Official Scripting Language to Excel ∗∗∗ --------------------------------------------- Microsoft is considering adding Python as one of the official Excel scripting languages, according to .. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-… ∗∗∗ Vigilante Removes Malware from Netgear Site After Company Fails to Do So for 2 Years ∗∗∗ --------------------------------------------- An anonymous vigilante has taken matters into his own hands and removed malware from a Netgear site after the .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vigilante-removes-malware-fr… ∗∗∗ The spy under your christmas tree ∗∗∗ --------------------------------------------- In the past few years, makers of internet-enabled toys have made the headlines multiple times, but not in a good way. Privacy and data protection clearly is not the highest priority in this sector. In Germany, the sale of some of those toys has already been banned after they were classified as concealed surveillance .. --------------------------------------------- https://www.gdatasoftware.com/blog/2017/12/30277-the-spy-under-your-christm… ∗∗∗ Joanna Rutkowska: Qubes OS soll "einfach wie Ubuntu" werden ∗∗∗ --------------------------------------------- Die Gründerin von Qubes OS, Joanna Rutkowska, erklärt die grundlegenden Ideen und Konzepte des auf Sicherheit fokussierten Projektes. Außerdem verrät die Entwicklerin im Gespräch mit Golem.de weiter .. --------------------------------------------- https://www.golem.de/news/joanna-rutkowska-qubes-os-soll-einfach-wie-ubuntu… ∗∗∗ Determining your risk ∗∗∗ --------------------------------------------- Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2998921 ∗∗∗ Javascript Injection Creates Rogue WordPress Admin User ∗∗∗ --------------------------------------------- Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement .. --------------------------------------------- https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpres… ∗∗∗ Root-Lücke in Firewalls von Palo Alto Networks ∗∗∗ --------------------------------------------- Kombinieren Angreifer drei Sicherheitslücken, könnten sie Firewalls von Palo Alto Networks kompromittieren, warnt ein Sicherheitsforscher. --------------------------------------------- https://heise.de/-3918909 ===================== = Vulnerabilities = ===================== ∗∗∗ Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake ∗∗∗ --------------------------------------------- A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could .. --------------------------------------------- https://support.citrix.com/article/CTX230612 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2017
by Daily end-of-shift report 14 Dec '17

14 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-12-2017 18:00 − Donnerstag 14-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ The Intel ME vulnerabilities are a big deal for some people, harmless for most ∗∗∗ --------------------------------------------- (Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and its not absolutely the worst case scenario but its still .. --------------------------------------------- https://mjg59.dreamwidth.org/49788.html ∗∗∗ Sneaky *.BAT File Leads to Spoofed Banking Page ∗∗∗ --------------------------------------------- If you thought using BAT files was old hat, think again. While monitoring our Secure Email Gateway Cloud service, we came across several suspect spam emails targeting Brazilian users. The figure .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Sneaky--BAT-File-Leads-to-Sp… ∗∗∗ Attack on Fox-IT shows how a DNS hijack can break multiple layers of security ∗∗∗ --------------------------------------------- Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/12/attack-fox-it-shows-how-dns-… ∗∗∗ Triton Malware Targets Industrial Safety Systems In the Middle East ∗∗∗ --------------------------------------------- A rare and dangerous new form of malware targets the industrial safety control systems that protect human life. --------------------------------------------- https://www.wired.com/story/triton-malware-targets-industrial-safety-system… ∗∗∗ Dezember-Patchday bei SAP ∗∗∗ --------------------------------------------- Es stehen Sicherheitsupdates für verschiedene SAP-Produkte bereit. Zwei Lücken sind mit dem Bedrohungsgrad "hoch" eingestuft. --------------------------------------------- https://heise.de/-3918036 ∗∗∗ Mirai: Wie Minecraft-Betrug das ganze Internet in die Knie zwang ∗∗∗ --------------------------------------------- Drei US-amerikanische Studenten gestehen Urheberschaft – Wollten eigentlich nur mit Angriffen gegen Spieleserver Geld machen --------------------------------------------- http://derstandard.at/2000070340698 ∗∗∗ 34C3: Das Programm für den Hacker-Kongress steht ∗∗∗ --------------------------------------------- Keynote von Science-Fiction-Autor Charles Stross – Findet heuer erstmals in Leipzig statt --------------------------------------------- http://derstandard.at/2000070364235 ∗∗∗ New MacOS malware steals bank log-in details and intellectual property ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/new-macos-malware-steals-bank-log-in-deta… ===================== = Vulnerabilities = ===================== -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2017
by Daily end-of-shift report 13 Dec '17

13 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-12-2017 18:00 − Mittwoch 13-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Argy-bargy Argies barge into Starbucks Wi-Fi with alt-coin discharges ∗∗∗ --------------------------------------------- Venti vanilla skinny latte with sprinkles of JavaScript and a side of Monero mining, please Starbucks has joined the long growing list of organizations that have inadvertently and silently mined alt-coins on customers computers for mystery miscreants.… --------------------------------------------- www.theregister.co.uk/2017/12/12/starbucks_wifi_crypto_mining/ ∗∗∗ Apple Security Flaws Give Some Researchers Concern About Deeper Issues ∗∗∗ --------------------------------------------- Apples had some prominent security lapses lately. But is it just a rough patch, or something deeper? --------------------------------------------- https://www.wired.com/story/apples-security-macos-high-sierra-ios-11 ∗∗∗ ROBOT-Attacke: TLS-Angriff von 1998 funktioniert immer noch ∗∗∗ --------------------------------------------- Sicherheitsforscher haben eine neue Variante der Bleichenbacher-Attacke zum Entschlüsseln von Internettraffic vorgestellt. Davon sind unter anderem Facebook und PayPal betroffen. --------------------------------------------- https://heise.de/-3916994 ∗∗∗ KRACK- und Broadpwn-Schwachstelle: Apple flickt AirPort-WLAN-Basisstationen erst jetzt ∗∗∗ --------------------------------------------- Ein Firmware-Update soll Apples WLAN-Basisstationen vor gravierenden Schwachstellen schützen – es deckt AirPort Express, AirPort Extreme und Time Capsule ab. --------------------------------------------- https://heise.de/-3916951 ===================== = Vulnerabilities = ===================== ∗∗∗ Gain Windows privileges with FortiClient vpn before logon and untrusted certificate ∗∗∗ --------------------------------------------- When the "VPN before logon" feature of FortiClient Windows is enabled (disabled by default), and when the server certificate is not valid, it is possible for an attacker without a user account on the targeted Windows workstation to obtain SYSTEM level privileges, via .. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-070 ∗∗∗ VPN credentials disclosure in Fortinet FortiClient ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-i… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2017
by Daily end-of-shift report 12 Dec '17

12 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 11-12-2017 18:00 − Dienstag 12-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Security update available for Adobe Flash Player (APSB17-42) ∗∗∗ --------------------------------------------- A Security Bulletin (APSB17-42) has been published regarding a security update for Adobe Flash Player. This update addresses a regression that could lead to the unintended reset of the global settings preference file. Adobe .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1514 ∗∗∗ Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses ∗∗∗ --------------------------------------------- Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/12/11/detonating-a-bad-rabbit… ∗∗∗ December 2017 security update release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/12/12/december-2017-security-… ∗∗∗ New Ruski hacker clan exposed: Theyre called MoneyTaker, and theyre gonna take your money ∗∗∗ --------------------------------------------- Subtly named group has gone largely unnoticed until now Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker. --------------------------------------------- www.theregister.co.uk/2017/12/11/russian_bank_hackers_moneytaker/ ∗∗∗ Googles Project Zero reveals Apple jailbreak exploit ∗∗∗ --------------------------------------------- Holy Moley! iOS and MacOS were wholly holey Ian Beer of Googles Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability. --------------------------------------------- www.theregister.co.uk/2017/12/12/apple_jailbreak_exploit/ ∗∗∗ Hintergrund: Malware-Analyse - Do-It-Yourself ∗∗∗ --------------------------------------------- Bauen Sie Ihre eigene Schadsoftware-Analyse-Sandbox, um schnell das Verhalten von unbekannten Dateien zu überprüfen. Dieser Artikel zeigt, wie das mit der kostenlosen Open-Source-Sandbox Cuckoo funktioniert. --------------------------------------------- https://heise.de/-3910855 ∗∗∗ An analysis of 120 mobile app stores uncovers plethora of malicious apps ∗∗∗ --------------------------------------------- RiskIQ analyzed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, their Q3 mobile threat landscape report documents an increase in blacklisted apps over Q2, as well as the continued .. --------------------------------------------- https://www.helpnetsecurity.com/2017/12/12/mobile-app-stores-malicious-apps/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4063 pdns-recursor - security update ∗∗∗ --------------------------------------------- Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer. --------------------------------------------- https://www.debian.org/security/2017/dsa-4063 ∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Simple Mail Transfer Protocol (SMTP) header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling of a malformed SMTP header in .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DSA-4064 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4064 ∗∗∗ Qt for Android vulnerable to OS command injection ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN67389262/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2017
by Daily end-of-shift report 11 Dec '17

11 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-12-2017 18:00 − Montag 11-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Heres How to Enable Chrome "Strict Site Isolation" Experimental Security Mode ∗∗∗ --------------------------------------------- Google Chrome 63, which shipped yesterday evening, arrived with a new experimental feature called Site Isolation that according to Google engineers is an additional security layer on top of Chromes built-in sandboxing technology. --------------------------------------------- https://www.bleepingcomputer.com/news/google/heres-how-to-enable-chrome-str… ∗∗∗ Script Recovers Event Logs Doctored by NSA Hacking Tool ∗∗∗ --------------------------------------------- Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines. --------------------------------------------- https://www.bleepingcomputer.com/news/security/script-recovers-event-logs-d… ∗∗∗ Botconf 2017 Wrap-Up Day #3 ∗∗∗ --------------------------------------------- And this is already the end of Botconf. Time for my last wrap-up. The day started a little bit later to allow some people to recover from the social event. --------------------------------------------- https://blog.rootshell.be/2017/12/08/botconf-2017-wrap-day-3/ ∗∗∗ Security, Incident Response, Privacy and Data Protection ∗∗∗ --------------------------------------------- [...] to protect the personal data on their systems and networks, security and incident response teams must themselves process personal data. Fortunately regulators also provide guidance on balancing privacy protection and privacy invasion. The words “legitimate interest” are not just a phrase, but one of the most deeply analysed terms in data protection law. --------------------------------------------- https://www.first.org/blog/20171211_GDPR_for_CSIRTs ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2228/">ISC DHCPD: Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff ∗∗∗ --------------------------------------------- Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine Schwachstelle im DHCP Daemon (ISC DHCPD) mit Hilfe speziell präparierter OMAPI-Nachrichten ausnutzen, um die Zahl der verfügbaren Dateideskriptoren im zugehörigen Prozess zu erschöpfen und dadurch einen Denial-of-Service (DoS)-Zustand zu erzeugen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2228/ ∗∗∗ DFN-CERT-2017-2238/">Tor-Browser: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen im Tor Browser vor Version 7.5a9 bzw. 7.0.11 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung von Denial-of-Service (DoS)-Angriffen. Zwei Schwachstellen ermöglichen das Ausspähen von Informationen. Die Schwachstelle CVE-2017-7845 in der verwendeten Firefox ESR Version ermöglicht dem Angreifer das Ausführen beliebigen Programmcodes und eine weitere Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2238/ ∗∗∗ Sicherheit: Keylogger in HP-Notebooks gefunden ∗∗∗ --------------------------------------------- Schon wieder wurde in einem vorinstallierten Treiber von HP ein Keylogger gefunden. Zwar ist die Schnüffelfunktion standardmäßig deaktiviert, ein Forscher fand allerdings einen Weg, das zu ändern. --------------------------------------------- https://www.golem.de/news/sicherheit-keylogger-in-hp-notebooks-gefunden-171… ∗∗∗ DFN-CERT-2017-2237/">Node.js: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Node.js ermöglichen einem entfernten, nicht authentisierten Angreifer das Umgehen von Sicherheitsvorkehrungen und das Ausspähen von Informationen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2237/ ∗∗∗ DFN-CERT-2017-2236/">GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Eine Schwachstelle in GitLab ermöglicht einem entfernten, nicht authentisierten Angreifer das Ausspähen von Informationen über private Projekte. Mehrere weitere Schwachstellen ermöglichen einem entfernten, einfach authentisierten Angreifer einen Cross-Site-Scripting (XSS)-Angriff, das Ausspähen von Informationen und die Eskalation von Privilegien. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2236/ ∗∗∗ DFN-CERT-2017-2239/">Jenkins-Plugin: Eine Schwachstelle ermöglicht das Lesen beliebiger Dateien ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer mit der Berechtigung, abgesicherte (sandboxed) Groovy- und Pipeline-Skripte zu erstellen, kann eine Schwachstelle im Jenkins-Plugin Script Security ausnutzen, um Lesezugriff auf beliebige Dateien des Master-Dateisystems von Jenkins zu erhalten. Dadurch sind weitere Angriffe möglich. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2239/ ∗∗∗ Android flaw lets attack code slip into signed apps ∗∗∗ --------------------------------------------- The vulnerability, CVE-2017-13156, was addressed in patch level 1 of the December Android update, so those who get their patches directly from Google should be protected. Unfortunately, due to the nature of the Android ecosystem, many vendors and carriers are slow to release fixes. --------------------------------------------- https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip… ∗∗∗ FortiClient improper access control of users VPN credentials ∗∗∗ --------------------------------------------- FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations; regular users may therefore be able to see each others encrypted credentials. This is an issue, because the key used to encrypt the aforementioned credentials may be retrieved from the binary. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-214 ∗∗∗ Xiongmai Technology IP Cameras and DVRs ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Xiongmai Technology IP Cameras and DVRs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01 ∗∗∗ Rockwell Automation FactoryTalk Alarms and Events ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automations FactoryTalk Alarms and Events component. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02 ∗∗∗ PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a cross-site scripting vulnerability in PHOENIX CONTACT’s FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH industrial networking equipment. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03 ∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Multiple Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime Affect IBM Web Experience Factory ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011357 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026378 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010330 ∗∗∗ IBM Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2017-11185) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026377 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026250 ∗∗∗ IBM Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2016-9318) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026376 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/java_oct2017_advisory.asc ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008900 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1421) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005234 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2017
by Daily end-of-shift report 07 Dec '17

07 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-12-2017 18:00 − Donnerstag 07-12-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ "Process Doppelgänging" Attack Works on All Windows Versions ∗∗∗ --------------------------------------------- Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelgänging." [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/-process-doppelg-nging-attac… ∗∗∗ Firmware-Bug: Codeausführung in deaktivierter Intel-ME möglich ∗∗∗ --------------------------------------------- Sicherheitsforscher demonstrieren einen Angriff auf Intels ME zum Ausführen von beliebigem Code, gegen den weder das sogenannte Kill-Bit noch die von Google geplanten Sicherheitsmaßnahmen für seine Server helfen. Theoretisch lassen sich Geräte so auch aus der Ferne angreifen. --------------------------------------------- https://www.golem.de/news/firmware-bug-codeausfuehrung-in-deaktivierter-int… ∗∗∗ Apple Issues Security Updates for MacOS, iOS, TvOS, WatchOS, and Safari ∗∗∗ --------------------------------------------- Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was [...] --------------------------------------------- https://apple.slashdot.org/story/17/12/06/2137251/apple-issues-security-upd… ∗∗∗ VB2017 paper: Modern reconnaissance phase on APT – protection layer ∗∗∗ --------------------------------------------- During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/11/vb2017-paper-modern-reconnai… ∗∗∗ 37 Sicherheitslücken in Chrome geschlossen ∗∗∗ --------------------------------------------- Googles Webbrowser Chrome ist in der abgesicherten Version 63.0.3239.84 für Linux, macOS und Windows erschienen. Im Menüpunkt "Hilfe" kann man unter "Über Google Chrome" die installierte Ausgabe prüfen und das Update anstoßen. --------------------------------------------- https://heise.de/-3912131 ∗∗∗ Sysinternals Sysmon suspicious activity guide ∗∗∗ --------------------------------------------- Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating system level. Sysmon is running in the background all the time, and is writing events to the event log. You can find the Sysmon events under the Microsoft-Windows-Sysmon/Operational event log. This guide will help you to investigate and appropriately handle these events. --------------------------------------------- https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-s… ∗∗∗ Penetration Testing Apache Thrift Applications ∗∗∗ --------------------------------------------- ... Apache Thrift, which is used to easily build RPC clients and servers regardless of programming languages used on each side. The web interception tool of choice at MDSec is Burp Suite, so it follows suit that we wanted to continue using Burp during the assessment. Unfortunately, there are no Burp extensions out there (at least that we know of) for Thrift encoded data, so we decided to make our own. --------------------------------------------- https://www.mdsec.co.uk/2017/12/penetration-testing-apache-thrift-applicati… ∗∗∗ November 2017: The Month in Ransomware ∗∗∗ --------------------------------------------- November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ∗∗∗ StorageCrypt: Ransomware infiziert NAS-Geräte via SambaCry-Lücke ∗∗∗ --------------------------------------------- Viele Netzwerkspeicher (NAS) weisen noch immer die SMB-Lücke SambaCry auf. Ein aktueller Verschlüsselungstrojaner macht sich das zunutze. NAS-Besitzer sollten zügig patchen. --------------------------------------------- https://heise.de/-3912498 ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSL Security Advisory [07 Dec 2017] ∗∗∗ --------------------------------------------- Read/write after SSL object in error state (CVE-2017-3737) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) --------------------------------------------- https://www.openssl.org/news/secadv/20171207.txt ∗∗∗ DFN-CERT-2017-2213: Microsoft Malware Protection Engine: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2213/ ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009964 ∗∗∗ IBM Security Bulletin: Potential information leakage vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010627 ∗∗∗ [R1]Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2017-15 Next End-of-Day report on 2017-12-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily