- Daily - CERT.at

Tageszusammenfassung - 22.11.2018
by Daily end-of-shift report 22 Nov '18

22 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-11-2018 18:00 − Donnerstag 22-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ New mining Trojan for Linux removes anti-viruses ∗∗∗ --------------------------------------------- November 20, 2018 One of today’s most common ways of obtaining illegal earnings is to mine cryptocurrency covertly, using the resources of a computer without the owner’s consent. Doctor Web recently discovered a .. --------------------------------------------- https://news.drweb.com/show/?i=12942&lng=en&c=9 ∗∗∗ ECCploit: Rowhammer-Angriff funktioniert auch mit ECC ∗∗∗ --------------------------------------------- Ein Forscherteam konnte zeigen, dass Angriffe mit Bitflips im Arbeitsspeicher auch dann möglich sind, wenn man Speichermodule mit Fehlerkorrektur verwendet. --------------------------------------------- https://www.golem.de/news/eccploit-rowhammer-angriff-funktioniert-auch-mit-… ∗∗∗ Malware scum want to build a Linux botnet using Mirai ∗∗∗ --------------------------------------------- Hadoop YARN is the attack vector, so lock it away Diligent hackers .. --------------------------------------------- www.theregister.co.uk/2018/11/22/mirai_for_linux_on_x86/ ∗∗∗ Markenfälschungen auf rmc-bad-grosspertholz.at ∗∗∗ --------------------------------------------- Bei rmc-bad-grosspertholz.at finden Sie Markenkleidung, Schuhe und Accessoires zu sagenhaften Preisen. Erwarten Sie sich jedoch nicht viel von Ihrer Bestellung, Sie werden – falls überhaupt – minderwertige Waren .. --------------------------------------------- https://www.watchlist-internet.at/news/markenfaelschungen-auf-rmc-bad-gross… ∗∗∗ Achtung: Betrug über den Amazon Marketplace ∗∗∗ --------------------------------------------- Kriminelle übernehmen Amazon-Händlerkonten und bieten günstige Waren an. Ihre Bestellung wird zunächst angenommen, dann aber grundlos storniert. Kontaktieren Sie die Anbieter per E-Mail, erhalten Sie .. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-betrug-ueber-den-amazon-mark… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1656) ∗∗∗ --------------------------------------------- There is a vulnerability in IBM® Runtime Environment Java Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat, Open SSL, and Apache HTTPD affects Rational Build Forge ∗∗∗ --------------------------------------------- Apache Tomcat, Open SSL, and Apache Tomcat have multiple security vulnerabilities that could allow a remote attacker to exploit the Rational Build Forge application. Respective security vulnerabilities are discussed in .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732 ∗∗∗ --------------------------------------------- Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732CVE(s): CVE-2018-0732Affected product(s) and affected version(s):WebSphere .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗ --------------------------------------------- Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 8.0.5.5 & 8.0.5.15 and IBM® Runtime Environment Java Versions 7.0.10.15 & 7.0.10.25 used by IBM Integration .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0737 ∗∗∗ --------------------------------------------- WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) has addressed the following vulnerability: CVE-2018-0737 CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVE(s): CVE-2018-0737Affected .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ Download WP-DBManager <= 2.79.1 - Arbitrary File Delete ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9151 ∗∗∗ Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-… ∗∗∗ Moodle Login Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042154 ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0008.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2018
by Daily end-of-shift report 21 Nov '18

21 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-11-2018 18:00 − Mittwoch 21-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Governikus: Personalausweis-Webanwendungen lassen sich austricksen ∗∗∗ --------------------------------------------- Mit einem relativ simplen Trick lässt sich die Authentifizierung von Webanwendungen mit dem elektronischen Personalausweis austricksen. Der Hersteller Governikus behauptet, dass dies in realen Anwendungen nicht funktioniert, kann aber nicht erklären, warum. (E-Personalausweis, Java) --------------------------------------------- https://www.golem.de/news/governikus-personalausweis-webanwendungen-lassen-… ∗∗∗ Werbe-Malware für macOS ∗∗∗ --------------------------------------------- Ein unter "SearchAwesome" und "SearchPageInjector" bekannter Datenschädling macht jetzt auf Macs die Runde. Er manipuliert Reklame und kann CPU-Zeit klauen. --------------------------------------------- http://heise.de/-4227303 ∗∗∗ Dell und VMware teilen sich Sicherheitslücken und servieren Patches ∗∗∗ --------------------------------------------- In Dell EMC Avamar Virtual Edition und VMware vSphere Data Protection klafft eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4228698 ∗∗∗ XSS Injection Campaign Exploits WordPress AMP Plugin ∗∗∗ --------------------------------------------- News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. --------------------------------------------- https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-word… ∗∗∗ Warnung vor gefälschter PayLife-Sicherheits-App ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte PayLife-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie sich eine vermeintliche Sicherheits-App auf ihrem Smartphone installieren. Sie ist angeblich für die weitere Nutzung von PayLife-Kreditkarten notwendig. In Wahrheit ist die gefälschte PayLife-Sicherheits-App Schadsoftware, die wichtige Daten von Kund/innen stiehlt. Dadurch können Kriminelle Geld ihrer Opfer stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gefaelschter-paylife-sic… ===================== = Vulnerabilities = ===================== ∗∗∗ Teledyne DALSA Sherlock ∗∗∗ --------------------------------------------- This advisory includes mitigations for a stack-based buffer overflow vulnerability in Teledyne DALSAs Sherlock machine vision software interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-324-01 ∗∗∗ Schneider Electric Modicon M221 ∗∗∗ --------------------------------------------- This advisory includes mitigations for an insufficient verification of data authenticity vulnerability in the Schneider Electric Modicon M221 product. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-324-02 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libtiff), CentOS (java-1.7.0-openjdk, spice-server, and thunderbird), Debian (jasper, liblivemedia, ruby-i18n, and ruby-rack), Fedora (curl, elfutils, firefox, kde-connect, kio-extras, libarchive, poppler, and webkit2gtk3), openSUSE (chromium, GraphicsMagick, kernel, libmatroska, mkvtoolnix, SDL2_image, and squid), Oracle (qemu), and Red Hat (flash-plugin and kernel). --------------------------------------------- https://lwn.net/Articles/772718/ ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-… ∗∗∗ IBM Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2018-16840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-community-edition… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-xml-externa… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-1061, CVE-2018-1060) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker , IBM Integration Bus and IBM App Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by a JDBC XA switch load files Vulnerability(CVE-2017-1418) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… ∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2018
by Daily end-of-shift report 20 Nov '18

20 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-11-2018 18:00 − Dienstag 20-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Datendiebstahl durch FinanzOnline-Phishing-Mails ∗∗∗ --------------------------------------------- Kriminelle versenden im Namen des Bundesministeriums für Finanzen (BMF) betrügerische Phishing-Mails. Darin werden Sie dazu aufgefordert, Ihre Daten zu aktualisieren, um eine Steuerrückzahlung zu ermöglichen. Folgen Sie den Anweisungen nicht, denn Sie könnten erheblichen finanziellen Schaden erleiden! Es handelt sich um einen Versuch, Ihre persönlichen Daten und Kontoinformationen zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-durch-finanzonline-ph… ∗∗∗ Internet Domain Services Austria-Mahnung nicht bezahlen ∗∗∗ --------------------------------------------- Unternehmen erhalten von Internet Domain Services Austria (IDSA) einen Payment Reminder. Darin heißt es, dass es unbeglichene Rechnungen gebe und der Betrag in Höhe von 237 Euro innerhalb von 5 Tagen bezahlt werden müsse. Empfänger/innen müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund. --------------------------------------------- https://www.watchlist-internet.at/news/internet-domain-services-austria-mah… ∗∗∗ TP-Link-Router TL-R600VPN vielfältig angreifbar ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für einen VPN-Router von TP-Link. --------------------------------------------- http://heise.de/-4225979 ∗∗∗ Notfall-Patch: Adobe sichert Flash außer der Reihe ab ∗∗∗ --------------------------------------------- Eigentlich veröffentlicht Adobe nur ein Mal im Monat Sicherheitsupdates für seine Produkte. Für eine gefährliche Flash-Lücke macht der Hersteller eine Ausnahme. --------------------------------------------- http://heise.de/-4227033 ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0029 ∗∗∗ --------------------------------------------- vSphere Data Protection (VDP) updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0029.html ∗∗∗ Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software. --------------------------------------------- https://blog.talosintelligence.com/2018/11/Atlantis-Word-Processor-RCE-vuln… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (mariadb-10.1, openjpeg2, systemd, and uriparser), Mageia (389-ds-base, apache, and soundtouch), SUSE (libwpd, py26-compat-salt, salt, and SMS3.1), and Ubuntu (systemd). --------------------------------------------- https://lwn.net/Articles/772621/ ∗∗∗ x86: DoS from attempting to use INVPCID with a non-canonical addresses ∗∗∗ --------------------------------------------- A buggy or malicious PV guest can crash the host. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-279.html ∗∗∗ Fix for XSA-240 conflicts with shadow paging ∗∗∗ --------------------------------------------- A malicious or buggy x86 PV guest may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-280.html ∗∗∗ Insufficient TLB flushing / improper large page mappings with AMD IOMMUs ∗∗∗ --------------------------------------------- A malicious or buggy guest may be able to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access (information leak). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-275.html ∗∗∗ Resource accounting issues in x86 IOREQ server handling ∗∗∗ --------------------------------------------- A compromised DM stubdomain may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-276.html ∗∗∗ x86: incorrect error handling for guest p2m page removals ∗∗∗ --------------------------------------------- A malicious or buggy guest may cause a deadlock, resulting in a DoS (Denial of Service) affecting the entire host. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-277.html ∗∗∗ Ricoh myPrint Hardcoded Credentials / Information Disclosure ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2018110154 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private Cloud Foundry (CVE-2018-14645) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2018-1843) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2017-7526) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private Cloud Foundry (CVE-2018-3646, CVE-2018-3615, CVE-2018-3620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (July 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2016-0705, CVE 2017-3732, CVE 2017-3736, and CVE-2018-2973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for Microsoft Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.11.2018
by Daily end-of-shift report 19 Nov '18

19 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-11-2018 18:00 − Montag 19-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Schwere Sicherheitslücken in GPS-Kinderuhren ∗∗∗ --------------------------------------------- Eigentlich sollten GPS-Uhren die Sicherheit der Kinder erhöhen. Nun werden sie selbst zum Risiko. --------------------------------------------- https://futurezone.at/digital-life/schwere-sicherheitsluecken-in-gps-kinder… ===================== = Vulnerabilities = ===================== ∗∗∗ Synaccess netBooter NP-0801DU 7.4 CSRF Add Admin Exploit ∗∗∗ --------------------------------------------- The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5501.php ∗∗∗ Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass ∗∗∗ --------------------------------------------- netBooter suffers from an authentication bypass vulnerability due to missing control check when calling webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create admin user account and bypass authentication giving her the power to turn off a power supply to a resource. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (grafana and patch), Debian (chromium-browser), Fedora (cabextract, curl, elfutils, firefox, flatpak, glusterfs, kernel, kernel-headers, kernel-tools, kio-extras, libmspack, mariadb, mupdf, poppler, suricata, and wireshark), Mageia (hylafax+, jhead, libmspack/cabextract, nginx, sdl2/mingw-SDL2, and squid), openSUSE (amanda, apache-pdfbox, chromium, ImageMagick, LibreOffice and dependency libraries, libxkbcommon, openssh, systemd, and [...] --------------------------------------------- https://lwn.net/Articles/772522/ ∗∗∗ Serial number disclosure in the FortiOS PPTP server hostname protocol field ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-101 ∗∗∗ Cross-site scripting (XSS) vulnerability via DHCP Hostname parameter ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-121 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK Affects IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability via large JSON payloads (CVE-2018-1779) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1683, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2018
by Daily end-of-shift report 16 Nov '18

16 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-11-2018 18:00 − Freitag 16-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Serverüberwachungssoftware Nagios XI: Mehrere Schlupflöcher für Angreifer ∗∗∗ --------------------------------------------- Nagios XI ist angreifbar und gefährdet IT-Infrastrukturen. Eine abgesicherte Version ist verfügbar. --------------------------------------------- http://heise.de/-4222806 ∗∗∗ Warnung vor Gelenkcreme Artrovex ∗∗∗ --------------------------------------------- Kriminelle geben sich als Bundesministerium für Arbeit, Soziales, Gesundheit und Konsumentenschutz aus und behaupten, dass die österreichische Regierung bei Gelenkschmerzen die Creme Artrovex empfiehlt. Das ist erfunden. Konsument/innen dürfen Artrovex nicht bestellen, denn die Creme hat keine medizinische Wirkung. Ebenso übermitteln Käufer/innen damit persönliche Daten an Unbekannte. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gelenkcreme-artrovex/ ∗∗∗ tRat Emerges as New Pet for APT Group TA505 ∗∗∗ --------------------------------------------- The modular malware seems to be in a testing phase, but TA505s interest made researchers take note. --------------------------------------------- https://threatpost.com/trat-emerges-as-new-pet-for-apt-group-ta505/139136/ ∗∗∗ Lock-Screen Bypass Bug Quietly Patched in Handsets ∗∗∗ --------------------------------------------- The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds. --------------------------------------------- https://threatpost.com/lock-screen-bypass-bug-quietly-patched-in-handsets/1… ∗∗∗ Hacking Connected Home Alarm Systems – The Expensive [part 2] ∗∗∗ --------------------------------------------- TL;DR: We were wondering whether price affects the security of IoT appliances. So we verified the security of two differently priced connected home alarm systems. Both IoT alarms are marketed as an easy solution to protect your home. Unfortunately we find this not to be the case as we identified multiple critical vulnerabilities in both systems. --------------------------------------------- https://blog.nviso.be/2018/11/15/hacking-connected-home-alarm-systems-the-e… ∗∗∗ 0-Day in ELBA5's Network Installation: Overtaking your company's bank account ∗∗∗ --------------------------------------------- This blog post is about a previously unknown critical vulnerability in the Austrian electronic banking application ELBA5. The issue discussed here could be abused to gain full control over any ELBA5 database server as well as the underlying operating system. It has a confirmed CVSSv3 score of 10.0. --------------------------------------------- https://bogner.sh/2018/11/0-day-in-elba5s-network-installation-overtaking-y… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (lldpad, pdns, and php), Mageia (flash-player-plugin, gdal, mutt, patch, php-pear-CAS, postgresql9.4|6, ruby-rack, and teeworlds), SUSE (kernel-rt, postgresql10, and squid), and Ubuntu (openjdk-7). --------------------------------------------- https://lwn.net/Articles/772259/ ∗∗∗ Multiple critical vulnerabilities in Miss Marple Enterprise Edition ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-1841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for Email, IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime Version 8 SR4FP10 affect IBM Notes and Domino ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-10892) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2018
by Daily end-of-shift report 15 Nov '18

15 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-11-2018 18:00 − Donnerstag 15-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now ∗∗∗ --------------------------------------------- A security researcher has discovered a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for --------------------------------------------- https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html ∗∗∗ Patchday: Schwerwiegende Sicherheitslücke in SAP HANA Streaming Analytics ∗∗∗ --------------------------------------------- SAP hat Updates veröffentlicht, die unter anderem eine kritische Schwachstelle im Software-Portfolio des Herstellers schließen. --------------------------------------------- http://heise.de/-4221574 ∗∗∗ Achtung: Rechnungs-Trojaner vom Kollegen ∗∗∗ --------------------------------------------- Mit einem miesen Trick versuchen Kriminelle, unvorsichtige Anwender mit Online-Banking-Trojanern zu infizieren. --------------------------------------------- http://heise.de/-4221813 ∗∗∗ Sicherheitsupdate: Skype kann an Emojis ersticken ∗∗∗ --------------------------------------------- Zu viele Emojis in Chat-Nachrichten können Skype for Business und Lync 2013 zum Erliegen bringen. --------------------------------------------- http://heise.de/-4221978 ∗∗∗ Kauf bei potenzmittel-apotheke.eu schädigt Brieftasche und Gesundheit ∗∗∗ --------------------------------------------- Bei potenzmittel-apotheke.eu finden Kund/innen rezeptfreie Potenzmittel und ersparen sich die unangenehme Erfahrung, dieses Medikament auf herkömmlichen Weg, nämlich über Rezept, zu erwerben. potenzmittel-apotheke.eu ist jedoch eine illegale Versandapotheke, Sie verlieren Ihr Geld und spielen Betrüger/innen persönliche Daten in die Hände! --------------------------------------------- https://www.watchlist-internet.at/news/kauf-bei-potenzmittel-apothekeeu-sch… ∗∗∗ Gefälschte Gemeinde-Rechnungen verbreiten Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Gemeinde-Rechnungen mit der Adress-Endung gv.at. Darin behaupten sie, dass Unternehmen eine offene Rechnung haben und der Verwaltung noch Geld schulden. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gemeinde-rechnungen-verb… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (kde-connect, mingw-SDL2_image, SDL2_image, and subscription-manager), Red Hat (flash-plugin), SUSE (openssh-openssl1, systemd, and thunderbird), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-azure, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, [...] --------------------------------------------- https://lwn.net/Articles/772103/ ∗∗∗ Digium Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2347/ ∗∗∗ IBM Security Bulletin: Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-directory-t… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (CVE-2018-0732, CVE-2018-12115, CVE-2018-7166, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-1639) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2018
by Daily end-of-shift report 14 Nov '18

14 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-11-2018 18:00 − Mittwoch 14-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers Change WordPress Siteurl to Pastebin ∗∗∗ --------------------------------------------- Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn't work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend [...] --------------------------------------------- https://blog.sucuri.net/2018/11/hackers-change-wordpress-siteurl-to-pastebi… ∗∗∗ Want to hack an ATM for free cash? Its as easy as Windows XP ∗∗∗ --------------------------------------------- Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash. --------------------------------------------- https://www.theregister.co.uk/2018/11/14/atm_security_lousy/ ∗∗∗ November 2018 Microsoft Patch Tuesday ∗∗∗ --------------------------------------------- This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. [...] The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. [...] Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild. --------------------------------------------- https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/243… ∗∗∗ Patchday bei Adobe: Nicht kritisch, aber wichtig ∗∗∗ --------------------------------------------- Sicherheitsupdates von Adobe schließen Lücken in Acrobat, Flash, Photoshop CC und Reader. Keine Schwachstelle gilt als "kritisch". --------------------------------------------- http://heise.de/-4220586 ∗∗∗ Generalschlüssel für Fingerabdruckscanner: Master-Prints entsperren Smartphones ∗∗∗ --------------------------------------------- Mit KI-Methoden erstellten Forscher Fingerabdrücke, die als eine Art Generalschlüssel für Fingerabdruckscanner fungieren und damit etwa Smartphones entsperren. --------------------------------------------- http://heise.de/-4220782 ∗∗∗ Prozessor-Sicherheit: Sieben neue Varianten von Spectre-Lücken ∗∗∗ --------------------------------------------- Die Spectre-Sicherheitslücken in Prozessoren lassen sich angeblich noch anders nutzen, als bisher bekannt; Intel gibt allerdings Entwarnung. --------------------------------------------- http://heise.de/-4220854 ∗∗∗ Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies ∗∗∗ --------------------------------------------- You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really dont like? Logging on to Report URI and being greeted with something like this: [...] --------------------------------------------- https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2018-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- This advisory covers a problem with a data migration discovered in the OTRS framework. --------------------------------------------- https://community.otrs.com/security-advisory-2018-10-security-update-for-ot… ∗∗∗ VMSA-2018-0028 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight updates address an authorization bypass vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0028.html ∗∗∗ November 2018 Office Update Release ∗∗∗ --------------------------------------------- The November 2018 Public Update releases for Office are now available! This month, there are 29 security updates and 16 non-security updates. All of the security and non-security updates are listed in KB article 4469617. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/11/13… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), Debian (ceph and spamassassin), Fedora (feh, flatpak, and xen), Red Hat (kernel, kernel-rt, openstack-cinder, python-cryptography, and Red Hat Single Sign-On 7.2.5), and Ubuntu (python2.7, python3.4, python3.5). --------------------------------------------- https://lwn.net/Articles/771881/ ∗∗∗ Security Advisory - Information Leakage Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ Denial of Service Vulnerability in Microsoft Skype for Business / Lync ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerability-in-skype-for-b… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2018
by Daily end-of-shift report 13 Nov '18

13 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-11-2018 18:00 − Dienstag 13-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Trojaner: Der Banking-Trojaner Trickbot hat neue Tricks gelernt ∗∗∗ --------------------------------------------- Vor zwei Jahren hatte es Trickbot nur auf Bankdaten abgesehen. Nun ist eine neue Variante des Trojaners im Umlauf, die auch Passwörter aus anderen Anwendungen abgreifen kann. (Malware, Spam) --------------------------------------------- https://www.golem.de/news/trojaner-der-banking-trojaner-trickbot-hat-neue-t… ∗∗∗ Blockverschlüsselung: Verschlüsselungsmodus OCB2 gebrochen ∗∗∗ --------------------------------------------- Im Verschlüsselungsmodus OCB2 wurden in kurzer Abfolge zahlreiche Sicherheitsprobleme gefunden. Breite Verwendung findet dieser Modus nicht, obwohl er Teil eines ISO-Standards ist. (Verschlüsselung, Applikationen) --------------------------------------------- https://www.golem.de/news/blockverschluesselung-verschluesselungsmodus-ocb2… ∗∗∗ Should You Send Your Pen Test Report to the MSRC? ∗∗∗ --------------------------------------------- Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/11/12/should-you-send-your-pe… ∗∗∗ Why Google Internet Traffic Rerouted Through China and Russia ∗∗∗ --------------------------------------------- For two hours Monday, Google internet traffic rerouted through China, Russia, and elsewhere. Heres why. --------------------------------------------- https://www.wired.com/story/google-internet-traffic-china-russia-rerouted ∗∗∗ TLS-Aufschlüsselung: Malware und Angriffe in verschlüsselten Datenströmen erkennen ∗∗∗ --------------------------------------------- Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten. --------------------------------------------- http://heise.de/-4219047 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1648 ∗∗∗ SAP Security Patch Day - November 2018 ∗∗∗ --------------------------------------------- On 13th of November 2018, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd). --------------------------------------------- https://lwn.net/Articles/771697/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ RSA BSAFE Micro Edition Suite Lets Remote Users Cause the Target Service to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042057 ∗∗∗ SSA-113131 (Last Update: 2018-11-13): Denial-of-Service Vulnerabilities in S7-400 CPUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt ∗∗∗ SSA-233109 (Last Update: 2018-11-13): Web Vulnerabilities in SIMATIC Panels ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-233109.txt ∗∗∗ SSA-242982 (Last Update: 2018-11-13): Cross-Site Scripting Vulnerability in SCALANCE S ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-242982.txt ∗∗∗ SSA-584286 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-584286.txt ∗∗∗ SSA-621493 (Last Update: 2018-11-13): Password Storage Vulnerability in SIMATIC STEP7 (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-621493.txt ∗∗∗ SSA-886615 (Last Update: 2018-11-13): Vulnerability in SIMATIC IT Production Suite ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-886615.txt ∗∗∗ SSA-944083 (Last Update: 2018-11-13): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-944083.txt ∗∗∗ SSA-168644 (Last Update: 2018-11-13): Spectre and Meltdown Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt ∗∗∗ SSA-179516 (Last Update: 2018-11-13): OpenSSL Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt ∗∗∗ SSA-254686 (Last Update: 2018-11-13): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ SSA-268644 (Last Update: 2018-11-13): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt ∗∗∗ SSA-293562 (Last Update: 2018-11-13): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-293562.txt ∗∗∗ SSA-346262 (Last Update: 2018-11-13): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt ∗∗∗ SSA-348629 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-348629.txt ∗∗∗ SSA-901333 (Last Update: 2018-11-13): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt ∗∗∗ SSA-159860 (Last Update: 2018-11-13): Access Control Vulnerability in IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-159860.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.11.2018
by Daily end-of-shift report 12 Nov '18

12 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-11-2018 18:00 − Montag 12-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Linux CryptoMiners Are Now Using Rootkits to Stay Hidden ∗∗∗ --------------------------------------------- To make it harder to spot a cryptominer process that is utilizing all of the CPU, a new variant has been discovered for Linux that attempts to hide its presence by utilizing a rootkit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-cryptominers-are-now-u… ∗∗∗ DSGVO: Sicherheitslücke in Wordpress-Addon ermöglicht Admin-Rechte ∗∗∗ --------------------------------------------- Durch eine fehlende Identitätsabfrage in einem DSGVO-Plugin für Wordpress können sich Angreifer Administratorkonten für Webseiten anlegen und dann beliebige Schadsoftware verteilen. Die Lücke wird bereits ausgenutzt. (Wordpress, PHP) --------------------------------------------- https://www.golem.de/news/dsgvo-sicherheitsluecke-in-wordpress-addon-ermoeg… ∗∗∗ Virtualisierung: Update behebt Schwachstelle in VMware Player und Workstation ∗∗∗ --------------------------------------------- Eine Sicherheitslücke betrifft die beliebten Virtualisierungsprogramme VMware Player und Workstation. Angreifer können darüber Code auf dem Hostsystem ausführen, was die Lücken recht kritisch macht. Das von VMware verteilte Update sollte schnell installiert werden. (VMware, Virtualisierung) --------------------------------------------- https://www.golem.de/news/virtualisierung-update-behebt-schwachstelle-in-vm… ∗∗∗ Trojaner: Achtung bei angeblichen Rechnungen ∗∗∗ --------------------------------------------- Vetrauenswürdiger Absender, glaubhafter Text in gutem Deutsch – und trotzdem handelt es sich bei der angehängten Rechnung um einen Trojaner. --------------------------------------------- http://heise.de/-4219043 ∗∗∗ Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems ∗∗∗ --------------------------------------------- Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/triton-malware-spearheads-l… ∗∗∗ Betrugsversuch beim Privatverkauf ∗∗∗ --------------------------------------------- Kriminelle senden Privatverkäufer/innen über WhatsApp Kaufangebote. Sie geben vor, dass sie im Ausland sind und schlagen die Vertragsabwicklung über eine Spedition vor. Dazu versenden sie gefälschte Überweisungsbelege. Verkäufer/innen sollen sowohl die Ware als auch zu viel transferierte Geldbeträge ins Ausland überweisen. Sie verlieren beides und erhalten nicht den Kaufpreis. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsversuch-beim-privatverkauf/ ∗∗∗ Schadsoftware-Mails von Paymorrow Gbr und Volkswagen VTI GmbH! ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Betrüger/innen versenden Mails mit angeblichen Rechnungen im .zip-Dateiformat. Die enthaltenen ausführbaren Files dürfen auf keinen Fall geöffnet werden, denn sie infizieren Ihr Gerät oder das Firmennetzwerk mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-mails-von-paymorrow-gb… ∗∗∗ How my personal Bug Bounty Program turned into a Free Security Audit for the Serendipity Blog ∗∗∗ --------------------------------------------- HackerOne is currently one of the most popular bug bounty program platforms. While the usual providers of bug bounty programs are companies, w while ago I noted that some people were running bug bounty programs on Hacker One for their private projects without payouts. It made me curious, so I decided to start one with some of my private web pages in scope. --------------------------------------------- https://blog.hboeck.de:443/archives/896-How-my-personal-Bug-Bounty-Program-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, systemd, and thunderbird), Debian (ansible, ghostscript, qemu, thunderbird, and xen), Fedora (community-mysql, gettext, links, mysql-connector-java, xen, and zchunk), Gentoo (icecast, libde265, okular, pango, and PHProjekt), Mageia (ansible, audiofile, iniparser, libtiff, mercurial, opencc, and python-dulwich), openSUSE (accountsservice, apache2, [...] --------------------------------------------- https://lwn.net/Articles/771574/ ∗∗∗ IBM Security Bulletin: IBM MQ can allow an attacker to execute a privilege escalation attack on a local machine. (CVE-2018-1792) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-allow-an-a… ∗∗∗ IBM Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2018-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIG-IP iControl and tmsh vulnerability CVE-2018-15325 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77313277 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2018
by Daily end-of-shift report 09 Nov '18

09 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-11-2018 18:00 − Freitag 09-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Root-Zertifikat: Sennheiser-Software hebelt HTTPS-Sicherheit aus ∗∗∗ --------------------------------------------- Eine Software für Headsets des Herstellers Sennheiser installiert ein Root-Zertifikat und sorgt damit dafür, dass HTTPS-Verbindungen nicht mehr sicher sind. In neueren Versionen ist die Lücke etwas weniger schlimm, einen Fix gibt es bisher nicht. (TLS, Sound-Hardware) --------------------------------------------- https://www.golem.de/news/root-zertifikat-sennheiser-software-hebelt-https-… ∗∗∗ Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets ∗∗∗ --------------------------------------------- Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. More than 75% of [...] --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-mal… ∗∗∗ AR18-312A: JexBoss – JBoss Verify and EXploitation Tool ∗∗∗ --------------------------------------------- JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as "red teams") and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server [...] --------------------------------------------- https://www.us-cert.gov/ncas/analysis-reports/AR18-312A ∗∗∗ Passive DNS for the Bad ∗∗∗ --------------------------------------------- Passive DNS is not a new technique but, for the last months, there was more and more noise around it. Passive DNS is a technique used to record all resolution requests performed by DNS resolvers (bigger they are, bigger they will collect) and then allow to search for historical data. --------------------------------------------- https://blog.rootshell.be/2018/11/09/passive-dns-for-the-bad/ ∗∗∗ UAC Bypass by Mocking Trusted Directories ∗∗∗ --------------------------------------------- During research for some new User Account Control (UAC) bypass techniques, I discovered what I believe to be a new bypass method (at the time of this writing). It is worth mentioning that Microsoft doesnt consider UAC a security boundary, however we still reported the bug to Microsoft and want to share its details here. --------------------------------------------- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directori… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips iSite and IntelliSpace PACS ∗∗∗ --------------------------------------------- This medical device advisory includes mitigations for a weak password Requirements vulnerability in the Philips iSite and IntelliSpace PACS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01 ∗∗∗ PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released ∗∗∗ --------------------------------------------- There is a whole new set of PostgreSQL releases out there, the main purpose of which is to include an important security fix. "Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs `pg_upgrade` on the database or during a pg_dump dump/restore cycle. This attack requires [...] --------------------------------------------- https://lwn.net/Articles/771145/ ∗∗∗ VMSA-2018-0027 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0027.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nginx), Fedora (icu, java-1.8.0-openjdk-aarch32, libgit2, php-pear-CAS, roundcubemail, and ruby), Gentoo (firefox, libX11, openssl, and python), openSUSE (thunderbird), Oracle (java-11-openjdk, kernel, and spice-server), Red Hat (java-1.8.0-ibm and thunderbird), Scientific Linux (spice-server), SUSE (curl, libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1, libxkbcommon, openssh, and [...] --------------------------------------------- https://lwn.net/Articles/771324/ ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-40) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1654 ∗∗∗ Roche Diagnostics Point of Care Handheld Medical Devices (Update A) ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Security Updates for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-09-security-update-for-ot… https://community.otrs.com/security-advisory-2018-08-security-update-for-ot… https://community.otrs.com/security-advisory-2018-07-security-update-for-ot… ∗∗∗ Field Notice: FN - 70319 - ASA and FXOS Software - Change in Root Certificate Might Affect Smart Licensing and Smart Call Home Functionality - Software Upgrade Recommended ∗∗∗ --------------------------------------------- https://www.cisco.com/c/en/us/support/docs/field-notices/703/fn70319.html ∗∗∗ IBM Security Bulletin: Denial of Service vulnerability affects IBM Spectrum Protect Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1786) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerability in FreeBSD affects AIX (CVE-2018-6922) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-free… ∗∗∗ IBM Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology Affect IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Bulletin: A Zip Slip vulnerability is exposed in Case Manager (CVE-2018-1884) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-a-z… ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Contact Optimization (CVE-2016-8610) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2018
by Daily end-of-shift report 08 Nov '18

08 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-11-2018 18:00 − Donnerstag 08-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Beginner’s Guide to Open Source Intrusion Detection (IDS) Tools ∗∗∗ --------------------------------------------- Originally written by Joe Schreiber Re-written and edited by Trevor Giffen (Editorial Contractor) Re-re edited and expanded by Rich Langston Whether you need to monitor hosts or the networks connecting them to identify the .. --------------------------------------------- https://feeds.feedblitz.com/~/579108152/0/alienvault-blogs~Beginner%e2%80%9… ∗∗∗ DJI Patches Forum Bug That Allowed Drone Account Takeovers ∗∗∗ --------------------------------------------- Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers. --------------------------------------------- https://threatpost.com/dji-patches-forum-bug-that-allowed-drone-account-tak… ∗∗∗ Sicherheitsupdates: Cisco entfernt Backdoor aus Business Switches ∗∗∗ --------------------------------------------- Es gibt wichtige Patches zu Absicherung von Hard- und Software von Cisco. --------------------------------------------- http://heise.de/-4216400 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python-paramiko and thunderbird), Debian (firefox-esr, libdatetime-timezone-perl, and mariadb-10.0), Fedora (curl, NetworkManager, and xorg-x11-server), openSUSE (kernel), Oracle (java-1.7.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/771129/ ∗∗∗ Synology-SA-18:58 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_58 ∗∗∗ Synology-SA-18:59 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_59 ∗∗∗ BlackBerry powered by Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9144 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1872) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5740 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is susceptible to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-node-js-as-used-in-ib… ∗∗∗ IBM Security Bulletin: An XML External Entity (XXE) processing vulnerability is exposed in Case Manager administration client (CVE-2018-1844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-xml-external-entit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2018
by Daily end-of-shift report 07 Nov '18

07 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-11-2018 18:00 − Mittwoch 07-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Oracle: Verärgerter Forscher veröffentlicht Exploit für Virtualbox ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Zero-Day-Lücke für Virtualbox veröffentlicht, die einen Ausbruch aus dem Gastsystem auf das Host-System ermöglicht. Der Forscher sei frustriert darüber, .. --------------------------------------------- https://www.golem.de/news/oracle-veraergerter-forscher-veroeffentlicht-expl… ∗∗∗ BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers ∗∗∗ --------------------------------------------- This article was co-authored by Hui Wang and RootKiter.Since September 2018, 360Netlab Scanmon has detected multiple scan spikes on TCP port 5431, each time the system logged more than 100k scan .. --------------------------------------------- http://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers… ∗∗∗ ADV180028 | Guidance for configuring BitLocker to enforce software encryption ∗∗∗ --------------------------------------------- Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain .. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028 ∗∗∗ WordPress Design Flaw Leads to WooCommerce RCE ∗∗∗ --------------------------------------------- A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million .. --------------------------------------------- https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-r… ∗∗∗ Vorsicht! Neue betrügerische Bewerbungsmail mit Erpressungstrojaner im Umlauf ∗∗∗ --------------------------------------------- Derzeit kursiert eine gefakte Bewerbung von "Peter Reif" im Internet. Nach dem Öffnen des Dateianhangs verschlüsselt ein Schädling Daten und fordert Lösegeld. --------------------------------------------- http://heise.de/-4214191 ∗∗∗ Attackers breached Statcounter to steal cryptocurrency from gate.io users ∗∗∗ --------------------------------------------- Web analytics company Statcounter and cryptocurrency exchange gate.io have been compromised in another supply-chain attack, which resulted in an unknown number of gate.io customers getting their money stolen,.. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/07/statcounter-gate-io-compromised/ ∗∗∗ Keine FLIXGLADE und FLIX FORGE LTD- Rechnungen bezahlen! ∗∗∗ --------------------------------------------- Auf der Suche nach kostenlosen Filmen im Internet stoßen Konsument/innen auf flixman.de und inflix.de. Es handelt sich um kriminelle Plattformen, die ihren Opfern keine Leistung erbringen, .. --------------------------------------------- https://www.watchlist-internet.at/news/keine-flixglade-und-flix-forge-ltd-r… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) inspectionengine of Cisco Adaptive Security Appliance (ASA) Software and CiscoFirepower Threat Defense (FTD) Software could allow an unauthenticated, .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin:Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system and The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java does not protect against CVE-2018-1656 and CVE-2018-12539 ∗∗∗ --------------------------------------------- The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletineclipse-openj9-could-a… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Cassandra affects IBM Operations Analytics Predictive Insights (CVE-2018-8016) ∗∗∗ --------------------------------------------- Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Apache Cassandra within IBM Operations .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Python within IBM Operations Analytics .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ Roche Point of Care Handheld Medical Devices ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Express Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory 282 - guest use of HLE constructs may lock up host ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-282.html ∗∗∗ Red Hat JBoss EAP RichFaces Access Control Bug Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042037 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.11.2018
by Daily end-of-shift report 06 Nov '18

06 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-11-2018 18:00 − Dienstag 06-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SSD: Forscher umgehen Passwörter bei verschlüsselten Festplatten ∗∗∗ --------------------------------------------- Bei manchen SSDs mit Hardwareverschlüsselung konnten Forscher die Firmware so manipulieren, dass sie beliebige Passwörter akzeptierte. Das war nicht das einzige Problem, das sie fanden. (Solid State Drive, Speichermedien) --------------------------------------------- https://www.golem.de/news/ssd-forscher-umgehen-passwoerter-bei-verschluesse… ∗∗∗ Malicious Powershell Script Dissection, (Tue, Nov 6th) ∗∗∗ --------------------------------------------- Here is another example of malicious Powershell script found while hunting. Such scripts remain a common attack vector and many of them can be easily detected just by looking for some specific strings. Here is an example of YARA rule [...] --------------------------------------------- https://isc.sans.edu/diary/rss/24282 ∗∗∗ Struts 2.3 Vulnerable to Two Year old File Upload Flaw ∗∗∗ --------------------------------------------- Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2 version of commons-fileupload. In November of 2016, a deserialization vulnerability was disclosed and patched in commons-fileupload [2]. The vulnerability can lead to arbitrary remote code execution. --------------------------------------------- https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File… ∗∗∗ GPU side channel attacks can enable spying on web activity, password stealing ∗∗∗ --------------------------------------------- Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/ ∗∗∗ Gefälschte Zahlungsanweisung an die Buchhaltung ∗∗∗ --------------------------------------------- Kriminelle geben sich als Geschäftsführung eines Unternehmens aus und versenden eine E-Mail an die Buchhaltung. Darin fordern sie die Mitarbeiter/innen dazu auf, dass sie einen hohen Geldbetrag ins Ausland überweisen. Angestellte, die die Zahlungsanweisung nicht als betrügerisch erkennen, transferieren die geforderte Summe an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-zahlungsanweisung-an-die… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-11-05 or later address all of these issues. [...] The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-11-01.html ∗∗∗ libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018 ∗∗∗ --------------------------------------------- Cisco has investigated its product line and has determined that no products or services are known to be affected by this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5). --------------------------------------------- https://lwn.net/Articles/770856/ ∗∗∗ IBM Security Bulletin: IBM API Connect is vulnerable to CSV Injection (CVE-2018-1774) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-vu… ∗∗∗ IBM Security Bulletin: IBM MQ can cause a Denial of Service attack to connecting MQTT clients (CVE-2018-1684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-cause-a-de… ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-expe… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Server Side Input Validation Vulnerability Affects IBM Campaign (CVE-2016-9749) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-server-side-input-v… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.11.2018
by Daily end-of-shift report 05 Nov '18

05 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-11-2018 18:00 − Montag 05-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Microsoft Edge Browser Zero-Day RCE Exploit in the Works ∗∗∗ --------------------------------------------- Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-z… ∗∗∗ Neue Schwachstelle in Intel-CPUs: Hyper-Threading anfällig für Datenleck ∗∗∗ --------------------------------------------- Forscher demonstrieren einen neuen CPU-Bug bei aktuellen Intel-Prozessoren, über den sich Daten aus einem benachbarten Thread auslesen lassen. --------------------------------------------- http://heise.de/-4210282 ∗∗∗ Streaming-Server Icecast: Angreifer könnten Online-Radiosender ausknipsen ∗∗∗ --------------------------------------------- In der aktuellen Version von Icecast haben die Entwickler eine Sicherheitslücke geschlossen. --------------------------------------------- http://heise.de/-4210875 ∗∗∗ Heres Why [Insert Thing Here] Is Not a Password Killer ∗∗∗ --------------------------------------------- These days, I get a lot of messages from people on security related things. Often its related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. But on a fairly regular basis, [...] --------------------------------------------- https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-kill… ∗∗∗ Finger weg vom Fake-Shop gaming-ez.com! ∗∗∗ --------------------------------------------- Kaufen Sie nicht auf gaming-ez.com ein. Die Playstation 4 Pro-, Xbox One- oder Nintendo Switch- Angebote sind zwar verlockend, werden aber nie geliefert. Überwiesenes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-vom-fake-shop-gaming-ezco… ∗∗∗ Datendiebstahl mit gefälschtem AirAsia-Ticket ∗∗∗ --------------------------------------------- Konsument/innen erhalten ein gefälschtes AirAsia-Ticket für einen Flug von Hong Kong nach Kuala Lumpur. Sie können es stornieren, indem sie die Website eines Payment Center aufrufen. Dieses fragt PayPal-Zugangsdaten sowie Kreditkarten- und Bankinformationen ab. Ebenfalls ist eine persönliche Identifizierung vorgesehen. Kund/innen, die die gewünschten Informationen bekannt geben, werden Opfer eines Daten- und Identitätsdiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschtem-aira… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):IBM Cloud Application Performance Management, Base Private IBM Cloud Application Performance Management, Advanced Private IBM Cloud Application Performance Management --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability found by vFinder (CVE-2018-14883 and CVE-2018-14851) ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Affected Product NameAffected VersionsIBM Lotus Protector for Mail Security2.8.3.0IBM Lotus Protector for Mail Security2.8.1.0 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Zookeeper could affect IBM Performance Management products (CVE-2018-8012) ∗∗∗ --------------------------------------------- Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Rational Publishing Engine 2.1.0 Rational Publishing Engine 2.1.1 Rational Publishing Engine 2.1.2 Rational Publishing Engine 6.0.5 Rational Publishing Engine 6.0.6 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- Security vulnerabilities affect multiple products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM). --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, icecast2, mupdf, and ruby2.3), Fedora (lldpad, NetworkManager, python-django, roundcubemail, thunderbird, webkit2gtk3, xen, and xorg-x11-server), Mageia (axis, cimg, gmic, dnsmasq, gitolite, gnutls, java-1.8.0-openjdk, lighttpd, mbedtls, mediawiki, perl-Dancer2, python-cryptography, and virtualbox), Red Hat (openvswitch, Red Hat Virtualization, and thunderbird), SUSE (curl, ffmpeg, and soundtouch), and Ubuntu (network-manager and systemd). --------------------------------------------- https://lwn.net/Articles/770744/ ∗∗∗ ZDI-18-1336: (0Day) Juuko JK-800 Replay Attack Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1336/ ∗∗∗ Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181105-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2018
by Daily end-of-shift report 02 Nov '18

02 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 31-10-2018 18:00 − Freitag 02-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Utilities, Energy Sector Attacked Mainly Via IT, Not ICS ∗∗∗ --------------------------------------------- Stealing administrative credentials to carry out months-long spy campaigns is a top threat. --------------------------------------------- https://threatpost.com/utilities-energy-sector-attacked-mainly-via-it-not-i… ∗∗∗ Intel CPUs impacted by new PortSmash side-channel vulnerability ∗∗∗ --------------------------------------------- Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPUs internal processes. --------------------------------------------- https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-cha… ∗∗∗ Zero-Day-Lücke in Cisco Adaptive Security Appliance und Firepower Threat Defense ∗∗∗ --------------------------------------------- Unbekannte Angreifer attackieren derzeit Firewalls und Sicherheitslösungen von Cisco. Für die Sicherheitslücke gibt es noch keinen Patch. --------------------------------------------- http://heise.de/-4208546 ∗∗∗ Bleedingbit: Sicherheitslücken in Bluetooth LE gefährden Access Points ∗∗∗ --------------------------------------------- Sicherheitsforscher skizzieren eine ihrer Einschätzung nach kritische Schwachstelle in einigen Bluetooth-Low-Energy-Chips. Es gibt bereits erste Updates. --------------------------------------------- http://heise.de/-4209343 ∗∗∗ Gefälschte iTunes Store-Rechnung im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte iTunes Store-Rechnung. Darin behaupten sie, dass Empfänger/innen einen Einkauf getätigt haben. Diesen können sie angeblich unter Bekanntgabe persönlicher Daten und ihrer Kreditkarteninformationen stornieren. Konsument/innen, die den erfundenen Einkauf rückgängig machen wollen, übermitteln Verbrecher/innen sensible Angaben und werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-itunes-store-rechnung-im… ∗∗∗ Coinhive & MikroTik ∗∗∗ --------------------------------------------- Wir haben in den uns zur Verfügung stehenden Shodan Daten nach Systemen gesucht, die von der Krypto-Mining Kampagne gegen MikroTik Geräte betroffen sind. Dabei sind wir auf ca 330 IP-Adressen aus Österreich gestoßen und haben die entsprechenden Abuse-Kontakte informiert. --------------------------------------------- https://www.cert.at/services/blog/20181102151919-2302.html ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA’s InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01 ∗∗∗ Schneider Electric Software Update (SESU) ∗∗∗ --------------------------------------------- This advisory includes mitigations for a DLL hijacking vulnerability in the Schneider Electric Software Update (SESU). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-02 ∗∗∗ Circontrol CirCarLife ∗∗∗ --------------------------------------------- This advisory includes mitigations for authentication bypass using an alternate path or channel and insufficiently protected credentials vulnerabilities in Circontrol’s CirCarLife, an electric vehicle charging station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03 ∗∗∗ Fr. Sauter AG CASE Suite ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper restriction of XML External Entity Reference vulnerability in Fr. Sauter AGs CASE Suite software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-04 ∗∗∗ Anviz AIM CrossChex Standard 4.3 Excel Macro Injection ∗∗∗ --------------------------------------------- CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php ∗∗∗ GitLab Critical Security Release: 11.4.4, 11.3.9, 11.2.8 ∗∗∗ --------------------------------------------- These versions contain a number of important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. --------------------------------------------- https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (phpldapadmin, poppler, and tzdata), Fedora (firefox, java-11-openjdk, libarchive, sos-collector, and teeworlds), Scientific Linux (java-1.7.0-openjdk, python-paramiko, and thunderbird), Slackware (curl), and SUSE (kernel, MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, and wireshark). --------------------------------------------- https://lwn.net/Articles/770367/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel and linux-lts), Debian (chromium-browser and mono), Oracle (firefox), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/770473/ ∗∗∗ Session Limit - Critical - Insecure Session Management - SA-CONTRIB-2018-072 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-072 ∗∗∗ Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018- 071 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-071 ∗∗∗ Paragraphs - Moderately critical - Access Bypass - SA-CONTRIB-2018-073 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-073 ∗∗∗ NextCloud Server: Mehrere Schwachstellen ermöglichen u. a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2238/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181101-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.10.2018
by Daily end-of-shift report 31 Oct '18

31 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-10-2018 18:00 − Mittwoch 31-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter Next End-of-Day report: 2018-11-02 ===================== = News = ===================== ∗∗∗ Square, PayPal POS Hardware Open to Multiple Attack Vectors ∗∗∗ --------------------------------------------- Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft. --------------------------------------------- https://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-v… ∗∗∗ Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims ∗∗∗ --------------------------------------------- Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that [...] --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/fallout-exploit-kit-release… ∗∗∗ Using PHP 5 Becomes Dangerous in 2 Months ∗∗∗ --------------------------------------------- WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. --------------------------------------------- https://www.wordfence.com/blog/2018/10/php5-dangerous/ ∗∗∗ 5 Types of Malware Currently Affecting macOS ∗∗∗ --------------------------------------------- Mac malware, or macOS malware, exists contrary to the popular belief that Apple’s operating system is immune to online threats. Cybersecurity researchers have been closely observing the threat landscape only to conclude that malware infections targeting Mac devices have increased in 2018. --------------------------------------------- https://www.tripwire.com/state-of-security/security-awareness/5-types-of-ma… ∗∗∗ Wenn Sie in eine Abo-Falle getappt sind… ∗∗∗ --------------------------------------------- Auf der Suche nach kostenlosen Angeboten und gratis Dienstleistungen werden Sie im Internet schnell fündig. Doch Vorsicht: Hier ist nicht alles Gold, was glänzt! Oft handelt es sich nämlich um Abo-Fallen, bei denen Ihnen unbegründet Rechnungen zugeschickt werden und man Ihnen mit Inkassobüro oder Rechtsanwaltsschreiben droht. Die Lösung? Auf gar keinen Fall bezahlen! --------------------------------------------- https://www.watchlist-internet.at/news/wenn-sie-in-eine-abo-falle-getappt-s… ∗∗∗ Warnung vor sierrasport-berlin.de ∗∗∗ --------------------------------------------- Der Online-Shop sierrasport-berlin.de vertreibt Markenfälschungen. Das können Konsument/innen daran erkennen, dass sämtliche Produkte stark rabattiert und lagernd sind. Kaufen sie bei sierrasport-berlin.de ein, müssen sie mit hohen Zusatzkosten, rechtlichen Konsequenzen und einem Identitätsdiebstahl rechnen. Von einem Einkauf bei sierrasport-berlin.de wird dringend abgeraten! --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sierrasport-berlinde/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability ∗∗∗ --------------------------------------------- Integrated Data Protection Appliance (iDPA) contains undocumented accounts with limited access which may potentially be used by a malicious user to compromise the affected system. --------------------------------------------- https://seclists.org/fulldisclosure/2018/Oct/53 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gitlab), Debian (gnutls28), Fedora (audiofile, coreutils, firefox, hesiod, kernel, kernel-headers, kernel-tools, libssh, lighttpd, mosquitto, opencc, patch, php-horde-nag, sos-collector, strongswan, and thunderbird), Gentoo (libxkbcommon, mutt-1.10, postgresql, systemd, xen, and xorg-server), Mageia (curl, libtiff, samba, spamassassin, and unzip), Oracle (java-1.7.0-openjdk and python-paramiko), Red Hat (git, glusterfs, java-1.7.0-openjdk, [...] --------------------------------------------- https://lwn.net/Articles/770203/ ∗∗∗ VMSA-2015-0008.2 ∗∗∗ --------------------------------------------- VMware product updates address information disclosure issue. Updated advisory to add vCloud Director fixes for 9.0.0.x and 9.1.0.x versions that now address CVE-2015-3269. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0008.html ∗∗∗ HPESBHF03894 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) Firmware Updates, Local Bypass of Security Restrictions ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ ElegantThemes (divi, extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9140 ∗∗∗ Apple security updates ∗∗∗ --------------------------------------------- https://support.apple.com/en-us/HT201222 ∗∗∗ Security Advisory - SegmentSmack Vulnerability in Linux Kernel ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Huawei Watches ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-… ∗∗∗ IBM Security Bulletin: IBM Robotic Process Automation could disclose sensitive information in a web request (CVE-2018-1878) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735977 ∗∗∗ IBM Security Bulletin: Passwords are unencrypted locally in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1877) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735973 ∗∗∗ IBM Security Bulletin: Passwords printed to log files in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1876) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735967 ∗∗∗ IBM Security Bulletin: ViewONE is vulnerable to XXE attack when opening PDF documents ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733815 ∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737147 ∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737125 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by vulnerabilities in python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10736105 ∗∗∗ IBM Security Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1552) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016247 ∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15314 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04524282 ∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15313 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21042153 ∗∗∗ TMM vulnerability CVE-2018-15320 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K72442354 ∗∗∗ BIG-IP tmsh vulnerability CVE-2018-15321 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01067037 ∗∗∗ MQTT vulnerability CVE-2018-15323 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26583415 ∗∗∗ BIG-IP Configuration utility vulnerability CVE-2018-15327 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20222812 ∗∗∗ tmsh utility vulnerability CVE-2018-15322 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28003839 ∗∗∗ BIG-IP APM portal access vulnerability CVE-2018-15324 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52206731 ∗∗∗ TMM vulnerability CVE-2018-15319 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64208870 ∗∗∗ BIG-IP iControl & tmsh vulnerability CVE-2018-15325 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77313277 ∗∗∗ BIG-IP APM CRL vulnerability CVE-2018-15326 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34652116 ∗∗∗ TMM vulnerability CVE-2018-15318 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16248201 ∗∗∗ TMM vulnerability CVE-2018-15317 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43625118 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.10.2018
by Daily end-of-shift report 30 Oct '18

30 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 29-10-2018 18:00 − Dienstag 30-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ CommonRansom Ransomware Demands RDP Access to Decrypt Files ∗∗∗ --------------------------------------------- A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victims files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/commonransom-ransomware-dema… ∗∗∗ Krankenkassen: Vivy-App gibt Daten preis ∗∗∗ --------------------------------------------- Sicherheitsforscher haben einige gravierende Lücken in der Krankenkassen-App Vivy gefunden. Unter anderem konnte auf Dokumente, die man mit dem Arzt teilte, unberechtigt zugegriffen werden. (Medizin, Verschlüsselung) --------------------------------------------- https://www.golem.de/news/krankenkassen-vivy-app-gibt-daten-preis-1810-1373… ∗∗∗ Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures ∗∗∗ --------------------------------------------- by Stephen Hilt, Numaan Huq, Vladimir Kropotov, Robert McArdle, Cedric Pernet, and Roel Reyes Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5LDw-xUlnAw/ ∗∗∗ Sicherheitsupdates: Multifunktionsgeräte von Lexmark anfällig für "böse" Faxe ∗∗∗ --------------------------------------------- Sicherheitspatches für Drucker-Fax-Kopier-Kombinationen von Lexmark schließen zwei Lücken. Eine davon gilt als kritisch. --------------------------------------------- http://heise.de/-4206719 ∗∗∗ Systemd: DHCPv6-Pakete können Linux-Rechner kapern ∗∗∗ --------------------------------------------- Eine Systemd-Komponente in vielen modernen Linux-Systemen kann missbraucht werden, um den Rechner übers Netz zu kapern. --------------------------------------------- http://heise.de/-4206800 ∗∗∗ Erpresserische E-Mails drohen mit Masturbationsvideo ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Nachrichten. Darin behaupten sie, dass sie das Passwort der Empfänger/innen kennen, angeblich Zugriff auf ihren Computer haben und deshalb über Masturbationsvideos verfügen. Die Adressat/innen sollen Bitcoins bezahlen, damit es zu keiner Veröffentlichung der Aufnahmen kommt. Konsument/innen können das Schreiben ignorieren, denn es ist erfunden. Eine Reaktion ist nicht erforderlich. --------------------------------------------- https://www.watchlist-internet.at/news/erpresserische-e-mails-drohen-mit-ma… ===================== = Vulnerabilities = ===================== ∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:4 ∗∗∗ --------------------------------------------- Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors. --------------------------------------------- http://www.squid-cache.org/Advisories/SQUID-2018_4.txt ∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:5 ∗∗∗ --------------------------------------------- Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack. --------------------------------------------- http://www.squid-cache.org/Advisories/SQUID-2018_5.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (xorg-x11-server), Debian (xen), Red Hat (389-ds-base, binutils, curl and nss-pem, fuse, glibc, glusterfs, GNOME, gnutls, jasper, java-1.7.0-openjdk, kernel, kernel-alt, kernel-rt, krb5, libcdio, libkdcraw, libmspack, libreoffice, libvirt, openssl, ovmf, python, python-paramiko, qemu-kvm, qemu-kvm-ma, samba, setup, sssd, wget, wpa_supplicant, X.org X11, xerces-c, zsh, and zziplib), and SUSE (ardana-monasca, ardana-spark, kafka, kafka-kit, [...] --------------------------------------------- https://lwn.net/Articles/770031/ ∗∗∗ Sandbox Bypass in Script Security and Pipeline Groovy Plugins ∗∗∗ --------------------------------------------- https://jenkins.io/security/advisory/2018-10-29/ ∗∗∗ GitLab Security Release: 11.4.3, 11.3.8, and 11.2.7 ∗∗∗ --------------------------------------------- https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-… ∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735105 ∗∗∗ IBM Security Bulletin: Vulnerability in the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732968 ∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2018-10858) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732876 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10737813 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735169 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733845 ∗∗∗ reposync vulnerability CVE-2018-10897 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23200408 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.10.2018
by Daily end-of-shift report 29 Oct '18

29 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-10-2018 18:00 − Montag 29-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows 10 Bug Allowed UWP Apps Full Access to File System ∗∗∗ --------------------------------------------- A bug in Windows 10 allowed UWP apps (Universal Windows Platform) to have access to the entire file system in Windows without permission from the user. This could have allowed a malicious app to access any data stored on the computer without the knowledge or consent of the user. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-a… ∗∗∗ Linux und BSD: Sicherheitslücke in X.org ermöglicht Root-Rechte ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Displayserver X.org erlaubt unter bestimmten Umständen das Überschreiben von Dateien und das Ausweiten der Benutzerrechte. Der passende Exploit passt in einen Tweet. (Sicherheitslücke, OpenBSD) --------------------------------------------- https://www.golem.de/news/linux-und-bsd-sicherheitsluecke-in-x-org-ermoegli… ∗∗∗ Sicherheitslücke: Steuerung von Bau-Kran lässt sich übernehmen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in der kabellosen Kransteuerung Telecrane F25 ermöglicht es, Signale mitzuschneiden und mit diesen anschließend den Kran fernzusteuern. Ein Sicherheitsupdate steht bereit. (Sicherheitslücke, Mobil) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-steuerung-von-bau-kran-laesst-s… ∗∗∗ OWASP Top 10 Security Risks – Part II ∗∗∗ --------------------------------------------- It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2018/10/owasp-top-10-security-risks-part-ii.html ∗∗∗ The D in Systemd stands for Dammmmit! A nasty DHCPv6 packet can pwn a vulnerable Linux box ∗∗∗ --------------------------------------------- Hole opens up remote-code execution to miscreants – or a crash, if youre lucky A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/10/26/systemd_dhc… ∗∗∗ Google schreibt Android-Herstellern zwei Jahre Sicherheitspatches vor ∗∗∗ --------------------------------------------- In einem Vertrag schreibt Google Herstellern von Android-Smartphones regelmäßige Sicherheitsupdates vor. Diese Verpflichtung gilt bereits seit dem Sommer. --------------------------------------------- http://heise.de/-4203113 ∗∗∗ Ransomware and the enterprise: A new white paper ∗∗∗ --------------------------------------------- Ransomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce risk The post Ransomware and the enterprise: A new white paper appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2018/10/29/ransomware-enterprise-new-white-p… ===================== = Vulnerabilities = ===================== ∗∗∗ GEOVAP Reliance 4 SCADA/HMI ∗∗∗ --------------------------------------------- This advisory includes mitigations for a cross-site scripting vulnerability in GEOVAPs Reliance 4 SCADA/HMI system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, and improper access control vulnerabilities in Advantechs WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 ∗∗∗ Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox), CentOS (firefox), Debian (389-ds-base, openjdk-8, thunderbird, and xorg-server), Fedora (firefox), openSUSE (GraphicsMagick, jhead, mysql-community-server, ntp, postgresql96, python-cryptography, rust, tomcat, webkit2gtk3, and zziplib), Scientific Linux (firefox), and SUSE (clamav, firefox, ImageMagick, libgit2, net-snmp, smt, wpa_supplicant, and xorg-x11-server). --------------------------------------------- https://lwn.net/Articles/769613/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (xorg-server), Debian (graphicsmagick, libmspack, paramiko, ruby2.1, teeworlds, and tiff), Fedora (lldpad), Mageia (bitcoin, blueman, busybox, dhcp, exempi, firefox, kernel, kernel-linus, kernel-tmb, lilypond, ruby, and x11-server), openSUSE (audiofile, clamav, hostapd, ImageMagick, lcms2, libgit2, mercurial, net-snmp, and wpa_supplicant), SUSE (audiofile, binutils, kdelibs3, lcms2, mysql, openssh, and xen), and Ubuntu (mysql-5.5 and xorg-server, [...] --------------------------------------------- https://lwn.net/Articles/769891/ ∗∗∗ WebKitGTK+ 2.22.3 released! ∗∗∗ --------------------------------------------- This is a bug fix release in the stable 2.22 series. What’s new in the WebKitGTK+ 2.22.3 release? [...] Fix a memory leak during media playback when using playbin3. Fix portions of Web views not being rendered after resizing. Fix Resource Timing reporting for elements. Fix the build with the remote Web Inspector [...] --------------------------------------------- https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html ∗∗∗ OpenSSL: Eine Schwachstelle ermöglicht das Ausspähen des privaten Schlüssels ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2188/ ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801r ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737409 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737301 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in CacheMonitor for WebSphere Application Server (CVE-2018-1767) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729547 ∗∗∗ Microsoft Skype for Business Audio File Processing Flaw Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041956 ∗∗∗ Apache Tomcat vulnerability CVE-2018-11784 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64921482 ∗∗∗ Mozilla NSS vulnerability CVE-2018-12384 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41738501 ∗∗∗ HPESBMU03895 rev.1 - HPE Real Time Management System (RTMS), Multiple Remote Security Issues ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03869 rev.1 - HPE Windows Firmware Installer for certain HPE Gen9,Gen8, G7, and G6 Servers, Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.10.2018
by Daily end-of-shift report 25 Oct '18

25 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-10-2018 18:00 − Donnerstag 25-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting ∗∗∗ --------------------------------------------- The sLoad downloader is an example of the stealthy, smart malware trend. --------------------------------------------- https://threatpost.com/sload-banking-trojan-downloader-displays-sophisticat… ∗∗∗ Magecart Cybergang Targets 0days in Third-Party Magento Extensions ∗∗∗ --------------------------------------------- Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign. --------------------------------------------- https://threatpost.com/magecart-cybergang-targets-0days-in-third-party-mage… ∗∗∗ BSI-Mindeststandard zur Protokollierung und Detektion von Cyber-Angriffen ∗∗∗ --------------------------------------------- Cyber-Angriffe auf die IT-Systeme der Bundesverwaltung finden täglich statt. Neben ungezielten Massenangriffen sind die Netze des Bundes auch gezielten Angriffskampagnen ausgesetzt. Um die Detektion von Cyber-Angriffen zu verbessern, hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) einen Mindeststandard zur Protokollierung und der darauf basierenden Erkennung von Cyber-Angriffen definiert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Mindeststan… ∗∗∗ EU-Kommission will Zertifizierung für sichere Internetgeräte schaffen ∗∗∗ --------------------------------------------- Die EU arbeitet an einer Verordnung zur Sicherheitszertifizierung, die insbesondere die Geräte im Internet of Things in den Blick nimmt. --------------------------------------------- http://heise.de/-4202642 ∗∗∗ Sicherheitsupdate: Gefährliche Lücke in Cisco Webex Meetings ∗∗∗ --------------------------------------------- Angreifer könnten den Update-Mechanismus von Webex missbrauchen, um eigenen Code auszuführen. Ein Sicherheitsupdate schließt die Schwachstelle. --------------------------------------------- http://heise.de/-4202886 ∗∗∗ Gandcrab: Aktualisiertes Entschlüsselungstool für Erpressungstrojaner ∗∗∗ --------------------------------------------- Opfer der Ransomware Gandcrab in den Versionen 1, 4 und 5 können ihre Daten nun kostenlos entschlüsseln. --------------------------------------------- http://heise.de/-4203283 ∗∗∗ Sextortion emails: They're probably not watching you ∗∗∗ --------------------------------------------- Yes, those sextortion email scams using old passwords are still making the rounds. How can you spot a real sextortion attempt from an empty threat? And when should you report to authorities? Read on to find out. --------------------------------------------- https://blog.malwarebytes.com/101/2018/10/sextortion-emails-theyre-probably… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled ∗∗∗ --------------------------------------------- When running HVM guests, virtual extensions are enabled in hardware because Xen is using them. As a result, a guest can blindly execute the virtualisation instructions, and will exit to Xen for processing. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2018-10/msg00000.ht… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, clamav, firefox-esr, and mosquitto), openSUSE (Chromium and firefox), Oracle (firefox and kernel), Red Hat (chromium-browser, firefox, java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), SUSE (dom4j, exempi, mercurial, ntp, python-cryptography, tiff, tomcat, and webkit2gtk3), and Ubuntu (audiofile and firefox). --------------------------------------------- https://lwn.net/Articles/769529/ ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2018-15473) Security Bulletin ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733751 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Image for Red Hat Linux Systems on IBM PureApplication ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728607 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10732846 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Admin Console affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1770, CVE-2018-1777) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737065 ∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=ibm10735863 ∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728649 ∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by multiple GSKit vulnerabilities in GPFS ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734249 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by multiple vulnerabilities in GSKit ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016890 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow some server-side code injection (CVE-2018-1808) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735905 ∗∗∗ Reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41704442 Next End-of-Day report: 2018-10-29 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.10.2018
by Daily end-of-shift report 24 Oct '18

24 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-10-2018 18:00 − Mittwoch 24-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Key New Security Features & Capabilities to Know in Windows 10 ∗∗∗ --------------------------------------------- Last year's WannaCry and Petya malware outbreaks couldn't breach Windows 10's latest security defenses, but companies still running outdated [...] --------------------------------------------- https://www.beyondtrust.com/blog/key-new-security-features-in-windows-10/ ∗∗∗ Hacker Discloses New Windows Zero-Day Exploit On Twitter ∗∗∗ --------------------------------------------- A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. --------------------------------------------- https://thehackernews.com/2018/10/windows-zero-day-exploit.html ∗∗∗ Sicherheitsupdates: Backup-Software von Arcserve kann Daten leaken ∗∗∗ --------------------------------------------- Angreifer könnten unberechtigt auf Daten von Host-Systemen, auf denen die Backup-Lösung Arcserve Unified Data Protection läuft, zugreifen. --------------------------------------------- http://heise.de/-4202167 ∗∗∗ Einkaufsbetrug mit gefälschten Smile Bank-Nachrichten ∗∗∗ --------------------------------------------- Privatverkäufer/innen erhalten Nachrichten von Kriminellen. Sie geben vor, im Ausland zu sein und wollen die angebotene Ware kaufen. Sie überweisen angeblich einen überhöhten Geldbetrag an ihre Vertragspartner/innen. Das sollen gefälschte Smile Bank-Nachrichten belegen. Schließlich sollen Verkäufer/innen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie ihre personenbezogenen Daten, ihr Geld und ihre Produkte an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/einkaufsbetrug-mit-gefaelschten-smil… ∗∗∗ Nike-Markenfälscher auf coldenemy.com ∗∗∗ --------------------------------------------- Die neuesten Schuhe von Nike um 70 Prozent vergünstigt? Das gibt's auf coldenemy.com. Wer hier bestellt, erhält minderwertige Ware, die nichts mit dem gekauften Produkt zu tun hat. Außerdem gelangen Kredit- und Personendaten in die Hände von Kriminellen. --------------------------------------------- https://www.watchlist-internet.at/news/nike-markenfaelscher-auf-coldenemyco… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, external control of file name or path, improper privilege management, and path traversal vulnerabilities in Advantechs WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01 ∗∗∗ GAIN Electronic Co. Ltd SAGA1-L Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for authentication bypass by capture-relay, improper access control, and improper authentication vulnerabilities in GAIN Electronics SAGA1-L series transmitters. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 ∗∗∗ Telecrane F25 Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for an authentication bypass by capture-replay vulnerability in the Telecrane F25 Series software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03 ∗∗∗ BitDefender Digital Signature Bypass Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- A remote user can cause arbitrary code that is located elsewhere to be executed on the target users system due to a bypass of the digital signature GravityZone verification tools. Additional information is available at: https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbit… --------------------------------------------- https://www.securitytracker.com/id/1041940 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (hesiod, lighttpd, and opencc), openSUSE (apache-pdfbox, net-snmp, pam_pkcs11, rpm, tiff, udisks2, and wireshark), SUSE (dhcp, ghostscript-library, ImageMagick, libraw, net-snmp, ntp, postgresql96, rust, tiff, xen, and zziplib), and Ubuntu (mysql-5.5, mysql-5.7). --------------------------------------------- https://lwn.net/Articles/769415/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ October 23, 2018 TNS-2018-13 [R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-13 ∗∗∗ October 23, 2018 TNS-2018-14 [R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-14 ∗∗∗ Security vulnerabilities fixed in Firefox ESR 60.3 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/ ∗∗∗ Security vulnerabilities fixed in Firefox 63 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.10.2018
by Daily end-of-shift report 23 Oct '18

23 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 22-10-2018 18:00 − Dienstag 23-10-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Malicious Powershell using a Decoy Picture ∗∗∗ --------------------------------------------- I found another interesting piece of malicious Powershell while hunting. The file size is 1.3MB and most of the file is a PE file Base64 encoded. You can immediately detect it by checking the first characters of the string: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Pictur… ∗∗∗ Jetzt patchen! Scanner und Exploits für kritische libssh-Lücke aufgetaucht ∗∗∗ --------------------------------------------- Da das Angriffsrisiko wächst, sollten Admins zügig die aktuelle libssh-Version auf Servern installieren. --------------------------------------------- http://heise.de/-4198976 ∗∗∗ Serverless botnets could soon become reality ∗∗∗ --------------------------------------------- We have been accustomed to think about botnets as a network of compromised machines – personal devices, IoT devices, servers – waiting for their masters' orders to begin their attack, but Protego researchers say that many compromised machines are definitely not a requirement: botnets can quite as easily be comprised of serverless functions. --------------------------------------------- https://www.helpnetsecurity.com/2018/10/23/serverless-botnets/ ∗∗∗ Who Is Agent Tesla? ∗∗∗ --------------------------------------------- A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity - attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malwares apparent creator seems to have done little to hide his real-life identity. --------------------------------------------- https://krebsonsecurity.com/2018/10/who-is-agent-tesla/ ∗∗∗ Betrug mit Euro-Lottosystem & Goggins-Transport ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine betrügerische E-Mail, in der es heißt, dass sie bei einem Euro-Lottosystem 97.000 Euro gewonnen haben. Sie sollen Geld an Goggings-Transport bezahlen, damit sie den Preis ausbezahlt bekommen. Es folgen weitere Zahlungsaufforderungen. Mit jeder Bezahlung verliert das Opfer Geld, denn den Gewinn gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/betrug-mit-euro-lottosystem-goggins-… ∗∗∗ Konsolen-kobold.de liefert keine Ware! ∗∗∗ --------------------------------------------- Kaufen Sie nicht auf konsolen-kobold.de ein. Die dort angebotenen Playstations, Xboxen, Nintendos und Spiele sind zwar verlockend günstig, werden aber auch nicht geliefert! Bezahlt wird per Vorkasse und Ihr Geld ist somit weg. --------------------------------------------- https://www.watchlist-internet.at/news/konsolen-koboldde-liefert-keine-ware/ ∗∗∗ CVE-2018–8414: A Case Study in Responsible Disclosure ∗∗∗ --------------------------------------------- The process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had tons of bugs go well. I have had tons of bugs go poorly. --------------------------------------------- https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-discl… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.8.0-openjdk), Fedora (mosquitto), openSUSE (binutils, clamav, exiv2, fuse, haproxy, singularity, and zziplib), Slackware (firefox), SUSE (apache-pdfbox, net-snmp, pam_pkcs11, postgresql94, rpm, tiff, and wireshark), and Ubuntu (kernel, libssh, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, net-snmp, paramiko, requests, and texlive-bin). --------------------------------------------- https://lwn.net/Articles/769300/ ∗∗∗ IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by information disclosure vulnerability (CVE-2014-8730) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10736107 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735359 ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734825 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow a remote attacker to obtain sensitive information (CVE-2018-1811) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735589 ∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability affects WebSphere Commerce (CVE-2018-1809) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732972 ∗∗∗ IBM Security Bulletin: A authenticated open redirect vulnerability affects IBM WebSphere Commerce Accelerator Tool (CVE-2018-1807) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735581 ∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability affects WebSphere Commerce (CVE-2018-1806) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733149 ∗∗∗ IBM Security Bulletin: A cross site scripting vulnerability affects IBM WebSphere Commerce Accelerator tool (CVE-2018-1541) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731225 ∗∗∗ IPsec IKEv1 vulnerability CVE-2018-5389 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42378447 ∗∗∗ Linux kernel vulnerability CVE-2018-14634 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20934447 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.10.2018
by Daily end-of-shift report 22 Oct '18

22 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-10-2018 18:00 − Montag 22-10-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Remote Code Execution Flaws Found in FreeRTOS - Popular OS for Embedded Systems ∗∗∗ --------------------------------------------- FreeRTOS, the open-source operating system that powers most of the small microprocessors and microcontrollers in smart homes and critical infrastructure systems has 13 vulnerabilities, a third of them allowing remote code execution. --------------------------------------------- https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-… ∗∗∗ Sicherheitsupdate: Ein Klick zu viel und Microsoft Yammer führt Schadcode aus ∗∗∗ --------------------------------------------- Es gibt einen wichtigen Patch für die Desktop-Anwendung von Yammer. --------------------------------------------- http://heise.de/-4198055 ∗∗∗ Jetzt patchen! Kritische Lücke in den Mediaplayern VLC und MPlayer ∗∗∗ --------------------------------------------- Angreifer könnten Nutzer der Medienabspieler VLC und MPlayer mit vergleichsweise wenig Aufwand attackieren. --------------------------------------------- http://heise.de/-4198129 ∗∗∗ l+f: Snackautomaten-Flatrate ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher wird zum Snackosaurus. --------------------------------------------- http://heise.de/-4198336 ∗∗∗ TCP/IP, Sockets, and SIGPIPE ∗∗∗ --------------------------------------------- There is a spectre haunting the Internet - the spectre of SIGPIPE errors. Its a bug in the original design of Unix networking from 1981 that is perpetuated by college textbooks, which teach students to ignore it. As a consequence, sometimes software unexpectedly crashes. This is particularly acute on industrial and medical networks, where security professionals cant run port/security scans for fear of crashing critical devices. --------------------------------------------- https://blog.erratasec.com/2018/10/tcpip-sockets-and-sigpipe.html ∗∗∗ Warnung vor verda-maehroboter.de ∗∗∗ --------------------------------------------- Der betrügerische Online-Shop verda-maehroboter.de verkauft günstige Mähroboter und Rasentraktoren. Wer bei ihm einkauft, verliert sein Geld und seine Identität an Verbrecher/innen. Zu einer Warenlieferung kommt es nicht. Der Fake-Shop verda-maehroboter.de ist mithilfe einer Internetrecherche, eines Preisvergleichs und einer Überprüfung der Zahlungsmethoden erkennbar. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-verda-maehroboterde/ ∗∗∗ Let's talk about PAKE ∗∗∗ --------------------------------------------- The first rule of PAKE is: nobody ever wants to talk about PAKE. The second rule of PAKE is that this is a shame, because PAKE — which stands for Password Authenticated Key Exchange — is actually one of the most useful technologies that (almost) never gets used. It should be deployed everywhere, and yet it isn't. --------------------------------------------- https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/ ===================== = Vulnerabilities = ===================== ∗∗∗ libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018 ∗∗∗ --------------------------------------------- A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass authentication and gain unauthorized access to a targeted system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ SECURITY BULLETIN: Trend Micro Antivirus for Mac (Consumer) Privilege Escalation Vulnerabilities ∗∗∗ --------------------------------------------- Trend Micro has released fixes for the Trend Micro Antivirus for Mac family of consumer products which resolve vulnerabilities that could allow an attacker to escalate privileges on a vulnerable system that they otherwise would not have had access to. --------------------------------------------- https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (thunderbird), Debian (drupal7, exiv2, and ghostscript), Fedora (apache-commons-compress, git, libssh, and patch), Mageia (389-ds-base, calibre, clamav, docker, ghostscript, glib2.0, libtiff, mgetty, php-smarty, rust, tcpflow, and vlc), openSUSE (Chromium, icinga, and libssh), and SUSE (clamav, fuse, GraphicsMagick, haproxy, libssh, thunderbird, tomcat, udisks2, and Xerces-c). --------------------------------------------- https://lwn.net/Articles/769163/ ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735807 ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU binutils affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733785 ∗∗∗ BIG-IP-reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41704442 ∗∗∗ PEPPERL+FUCHS ecom Mobile devices prone to Android privilege elevation vulnerability ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2018-016 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.10.2018
by Daily end-of-shift report 19 Oct '18

19 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-10-2018 18:00 − Freitag 19-10-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SSH Key Management Overview & 6 Best Practices ∗∗∗ --------------------------------------------- Secure Socket Shell (SSH), also called Secure Shell, is a special network protocol leveraging .. --------------------------------------------- https://www.beyondtrust.com/blog/ssh-key-management-overview-6-best-practic… ∗∗∗ How we discovered a Ukranian cybercrime hotspot ∗∗∗ --------------------------------------------- Our researchers wanted to take a closer look at the GandCrab ransomware. Then they found an entire cybercrime network, operating from Ukraine. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/10/31187-ukranian-cybercrime-hotspo… ∗∗∗ The Underground Job Market ∗∗∗ --------------------------------------------- "Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the .. --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/The-Underground-Job-Market/ ∗∗∗ Hack.lu 2018 Wrap-Up Day #3 ∗∗∗ --------------------------------------------- Here we go with the last wrap-up of the 2018 edition! The first presentation was about worms: “Worms that turn: nematodes and neotodes” by Matt Wixey. The first slide contained the mention: “for educational purposes only”. What could we .. --------------------------------------------- https://blog.rootshell.be/2018/10/18/hack-lu-2018-wrap-up-day-3/ ∗∗∗ Jetzt patchen! Kritische Lücken in Drupal gefährden ganze Websites ∗∗∗ --------------------------------------------- Aufgrund von mehreren Schwachstellen sollten Web-Admins zügig ihre Drupal-Installation auf den aktuellen Stand bringen. --------------------------------------------- http://heise.de/-4196243 ∗∗∗ Sicherheitslücke in jQuery-File-Upload Plug-in macht unzählige Server verwundbar ∗∗∗ --------------------------------------------- Es ist ein wichtiges Sicherheitsupdate für das jQuery-File-Upload-Plug-in erschienen. Eine globale Installation ist jedoch utopisch. --------------------------------------------- http://heise.de/-4196771 ∗∗∗ Encrypted SNI Comes to Firefox Nightly ∗∗∗ --------------------------------------------- TL;DR: Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and .. --------------------------------------------- https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4323 drupal7 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.10.2018
by Daily end-of-shift report 18 Oct '18

18 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-10-2018 18:00 − Donnerstag 18-10-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hack.lu 2018 Wrap-Up Day #2 ∗∗∗ --------------------------------------------- The second day started early with an eye-opener talk: “IPC – the broken dream of inherent security” by Thanh Bui. IPC or “Inter-Process Communications” are everywhere. You can compare them as a network connection between a .. --------------------------------------------- https://blog.rootshell.be/2018/10/17/hack-lu-2018-wrap-up-day-2/ ∗∗∗ Sicherheitslücken-Cocktail bringt D-Link-Router zu Fall ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher kombiniert drei Sicherheitslücken und erlangt die volle Kontrolle über D-Link-Router. Patches gibt es noch nicht. --------------------------------------------- http://heise.de/-4195134 ∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗ --------------------------------------------- Chrome 70 has now been released to the Stable Channel, and users will start to see full screen interstitials on sites which still use certificates issues by the Legacy Symantec .. --------------------------------------------- https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.… ∗∗∗ VestaCP compromised in a new supply-chain attack ∗∗∗ --------------------------------------------- Customers see their admin credentials stolen and their servers infected with .. --------------------------------------------- https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-dist… ===================== = Vulnerabilities = ===================== ∗∗∗ TYPO3-PSA-2018-001: By-passing Protection of PharStreamWrapper Interceptor ∗∗∗ --------------------------------------------- It has been discovered that the protection against insecure deserialization can be by-passed in PharStreamWrapper component. --------------------------------------------- https://typo3.org/security/advisory/typo3-psa-2018-001/ ∗∗∗ Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2018-006 ∗∗∗ Drupal Core - 3rd-party libraries -SA-CORE-2018-005 ∗∗∗ --------------------------------------------- https://www.drupal.org/SA-CORE-2018-005 ∗∗∗ HTML Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-069 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-069 ∗∗∗ Mime Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-068 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-068 ∗∗∗ Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.10.2018
by Daily end-of-shift report 17 Oct '18

17 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-10-2018 18:00 − Mittwoch 17-10-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 1 ∗∗∗ --------------------------------------------- Posted by James Forshaw, Google Project ZeroAt Recon Montreal 2018 I presented "Unknown Known DLLs and other Code Integrity Trust Violations" with Alex Ionescu. We described the implementation of Microsoft Windows' Code Integrity mechanisms and how Microsoft implemented Protected Processes (PP). As part of that I demonstrated various ways of bypassing Protected Process Light (PPL), some requiring administrator privileges, others not. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/10/injecting-code-into-windows-… ∗∗∗ Multiple D-Link Routers Open to Complete Takeover with Simple Attack ∗∗∗ --------------------------------------------- The vendor only plans to patch two of the eight impacted devices, according to a researcher. --------------------------------------------- https://threatpost.com/multiple-d-link-routers-open-to-complete-takeover-wi… ∗∗∗ Party like its 1987... SVGA code bug haunts VMwares house, lets guests flee to host OS ∗∗∗ --------------------------------------------- Malicious code in VMs can leap over ESXi, Workstation, Fusion hypervisor security Get busy, VMware admins and users: the virtualisation virtuoso has patched a programming blunder in ESXi, Workstation Pro and Player, and Fusion and Fusion Pro products that can be exploited by malicious code to jump from guest OS to host machine. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/10/17/vmware_svga… ∗∗∗ Warnung vor gefälschtem A1-Update ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine angebliche Nachricht von A1, in der es heißt, dass der Mobilfunkanbieter ein Update für sie bereit stellt. Kund/innen sollen es installieren, damit sie weiterhin das Mobilfunknetz des Anbieters nutzen können. Kommen sie der Aufforderung nach, installieren sie Schadsoftware auf ihrem Smartphone. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gefaelschtem-a1-update/ ∗∗∗ IT-Sicherheit - 100.000 Geräte: "Netter" Hacker entfernt ungefragt Sicherheitslücken ∗∗∗ --------------------------------------------- Seit April sind verheerende Sicherheitslücken bei Routern der Marke Mikrotik bekannt - vom Hersteller gibt es kein Update --------------------------------------------- https://derstandard.at/2000089517357/Netter-Hacker-entfernt-ungefragt-Siche… ∗∗∗ Persistent Credential Theft with Authorization Plugins ∗∗∗ --------------------------------------------- Credential theft is often one of the first tactics leveraged by attackers once they’ve escalated privileges on a victim’s machine. Credential theft on OSX has become more difficult with the introduction of System Integrity Protection (SIP). Attackers can no longer use methods such as extracting the master keys from the securityd process and decrypting the victim’s login keychain. An example of this can be seen here. --------------------------------------------- https://posts.specterops.io/persistent-credential-theft-with-authorization-… ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-Supervisor ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer, out-of-bounds read, use-after-free, and incorrect type conversion or cast vulnerabilities in Omrons CX-Supervisor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01 ∗∗∗ Authentication bypass in server code in libssh ∗∗∗ --------------------------------------------- There is a vulnerability within the server code which can enable a client to bypass the authentication process and set the internal state machine maintained by the library to authenticated, enabling the (otherwise prohibited) creation of channels. --------------------------------------------- https://www.libssh.org/security/advisories/CVE-2018-10933.txt ∗∗∗ VMSA-2018-0026 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0026.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (tomcat), Debian (asterisk, graphicsmagick, and libpdfbox-java), openSUSE (apache2 and git), Oracle (tomcat), Red Hat (kernel and Satellite 6.4), Slackware (libssh), SUSE (binutils, ImageMagick, and libssh), and Ubuntu (clamav, libssh, moin, and paramiko). --------------------------------------------- https://lwn.net/Articles/768617/ ∗∗∗ Synology-SA-18:55 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to obtain sensitive information via a susceptible version of Synology Diskstation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_55 ∗∗∗ Oracle Critical Patch Update Advisory - October 2018 ∗∗∗ --------------------------------------------- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html ∗∗∗ Solaris Third Party Bulletin - October 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinoct2018-5139632.h… ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181017-… ∗∗∗ HPESBHF03891 rev.1 - HPE UIoT, Remote Unauthorized Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily