- Daily - CERT.at

Tageszusammenfassung - 11.09.2018
by Daily end-of-shift report 11 Sep '18

11 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Montag 10-09-2018 18:00 − Dienstag 11-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mongo Lock Attack Ransoming Deleted MongoDB Databases ∗∗∗ --------------------------------------------- An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-… ∗∗∗ OpenSSL 1.1.1 Is Released ∗∗∗ --------------------------------------------- Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible. For most applications this should be straight forward if they are written to work with OpenSSL 1.1.0. --------------------------------------------- https://www.openssl.org/blog/blog/2018/09/11/release111/ ∗∗∗ "Google Fonts" popup leads to malware ∗∗∗ --------------------------------------------- A recent malware injection in a client's WordPress file was found to be targeting website visitors that were using the Google Chrome browser to access the infected website. It uses Javascript to detect the visitor's use of Google Chrome and then upon the visitor clicking it generates a popup notification which falsely claims that the visitor's Google Chrome is missing the "HoeflerText" font ... --------------------------------------------- http://labs.sucuri.net/?note=2018-09-10 ∗∗∗ Nicht auf gamingkoenig.org reinfallen ∗∗∗ --------------------------------------------- Bei gamingkoenig.org wird Computerzubehör zu Schnäppchenpreisen angeboten. Konsument/innen dürfen bei dem Anbieter auf keinen Fall bestellen, denn es handelt sich um einen Fakeshop. Die bestellte Ware wird sie nie erreichen und Konsument/innen verlieren einen hohen Geldbetrag. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-auf-gamingkoenigorg-reinfallen/ ∗∗∗ Anwaltsschreiben mit Schadsoftware im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden unter dem Namen von erfundenden Anwaltskanzleien betrügerische E-Mails. Darin behauten sie, dass Empfänger/innen einen pornografischen Film angesehen und damit eine Urheberrechtsverletzung begangen haben. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/anwaltsschreiben-mit-schadsoftware-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe ColdFusion(APSB18-33) and Adobe Flash Player (APSB18-31). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1607 ∗∗∗ eDirectory 9.1.1 Hot Patch 1 ∗∗∗ --------------------------------------------- This update is being provided to resolve potential critical issues found since the latest patch: - Open unvalidated redirect vulnerability in iMonitor (Bug 1082040) (CVE-2018-7692) --------------------------------------------- https://download.novell.com/Download?buildid=vP3nS-Hctkk~ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libextractor), Fedora (godot and iniparser), Oracle (kernel), Red Hat (chromium-browser and Fuse 7.1), SUSE (compat-openssl098, openssh, php5, php53, qemu, and tiff), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, and linux-hwe, linux-azure, linux-gcp). --------------------------------------------- https://lwn.net/Articles/764575/ ∗∗∗ Vuln: SAP Business One For Android CVE-2018-2460 Certificate Validation Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105309 ∗∗∗ Vuln: SAP NetWeaver WebDynpro Java CVE-2018-2464 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105308 ∗∗∗ Vuln: SAP Business One CVE-2018-2458 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105307 ∗∗∗ Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Insufficient Input Validation Vulnerabilities in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180911-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10730799 ∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10719697 ∗∗∗ IBM Security Bulletin: Datacap Taskmaster Capture, Datacap Fastdoc Capture and Datacap Navigator is affected by vulnerability due to unexpected authentication behavior ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729013 ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720295 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729699 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0732, CVE-2018-0737) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10730811 ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0739) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10726053 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in bind (CVE-2017-3145) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719051 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728841 ∗∗∗ SSA-268644 (Last Update: 2018-09-11): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf ∗∗∗ SSA-346256 (Last Update: 2018-09-11): Vulnerability in SIMATIC WinCC OA V3.14 and prior ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf ∗∗∗ SSA-198330 (Last Update: 2018-09-11): Local Privilege Escalation in TD Keypad Designer ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf ∗∗∗ SSA-447396 (Last Update: 2018-09-11): Denial-of-Service in SCALANCE X300, SCALANCE X408 and SCALANCE X414 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.09.2018
by Daily end-of-shift report 10 Sep '18

10 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-09-2018 18:00 − Montag 10-09-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VLAN Hopping and Mitigation ∗∗∗ --------------------------------------------- We'll start with a few concepts: VLAN A VLAN is used to share the physical network while creating virtual segmentations to divide specific groups. For example, a host on VLAN 1 is separated from any host on VLAN 2. Any packets sent between VLANs must go through a router or other layer 3 devices. Security is one of the many reasons network administrators configure VLANs. However, with an exploit known as VLAN Hopping, an attacker is able to bypass these security implementations. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/vlan-hopping-and-mitig… ∗∗∗ Keybase Browser Extension Could Allow Sites to See Messages ∗∗∗ --------------------------------------------- The browser extension for the Keybase app fails to keep the end-to-end encryption promised by its desktop variant as sites could see the text being types into the chat area. --------------------------------------------- https://www.bleepingcomputer.com/news/security/keybase-browser-extension-co… ∗∗∗ Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall ∗∗∗ --------------------------------------------- Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since. --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-io… ∗∗∗ Knuddels.de: Millionen Nutzerdaten mit Passwörtern geleakt ∗∗∗ --------------------------------------------- Bei der deutschen Chat-Community Knuddels.de gab es ein immenses Datenleck: Die Accountdaten fast aller Nutzer standen im Netz. --------------------------------------------- https://heise.de/-4158265 ∗∗∗ Apps that steal users' browser histories kicked out of the Mac App store ∗∗∗ --------------------------------------------- Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasnt the only popular app stealing users private information. --------------------------------------------- https://www.tripwire.com/state-of-security/featured/apps-that-steal-users-b… ∗∗∗ Irreführende Rechnung von ITR Register ∗∗∗ --------------------------------------------- Unternehmen, die ihre Marke oder ihr Geschmacksmuster beim Amt der Europäischen Union für Geistiges Eigentum (EuIPO) registrieren, erhalten eine Rechnung von ITR Register. Sie sollen 1.380 Euro für einen Eintrag auf itr-service.com bezahlen. Die Zahlungsaufforderung von ITR Register ist ein irreführendes Vertragsangebot. Unternehmen müssen den Geldbetrag nicht bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/irrefuehrende-rechnung-von-itr-regis… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser, curl, discount, firefox-esr, ghostscript, and openssh), Fedora (curl, firefox, ghostscript, glibc, mod_perl, thunderbird, and unixODBC), openSUSE (chromium, firefox, GraphicsMagick, nodejs4, and thunderbird), Oracle (kernel), and SUSE (java-1_7_1-ibm and kvm). --------------------------------------------- https://lwn.net/Articles/764511/ ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by multiple issues ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10726039 ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730341 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DataPower Gateways ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10726009 ∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a vulnerability in OpenSSL (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730515 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728351 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718249 ∗∗∗ RSA BSAFE Crypto-J Crypto Timing Error Lets Remote Users Obtain Keys ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041615 ∗∗∗ RSA BSAFE SSL-J Crypto Timing and Memory Access Errors Let Remote or Physically Local Users Obtain Keys ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041614 ∗∗∗ QNAP Storage Devices PHP Buffer Error Lets Remote Users Deny Service ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041607 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.09.2018
by Daily end-of-shift report 07 Sep '18

07 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-09-2018 18:00 − Freitag 07-09-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Chainshot Malware Found By Cracking 512-Bit RSA Key ∗∗∗ --------------------------------------------- Security researchers exploited a threat actors poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-… ∗∗∗ Hotspot Honeypot ∗∗∗ --------------------------------------------- Introduction The Hotspot Honeypot is an illegitimate Wi-Fi access point which can appear as an authorized and secure hotspot. Despite appearances, it is actually set up by black-hat attackers or malicious hackers to steal your bank and credit card details, passwords and other personal information. --------------------------------------------- https://resources.infosecinstitute.com/hotspot-honeypot/ ∗∗∗ British Airways Website, Mobile App Breach Compromises 380k ∗∗∗ --------------------------------------------- The airline said information like name, address and bank card details like CVC code were compromised. --------------------------------------------- https://threatpost.com/british-airways-website-mobile-app-breach-compromise… ∗∗∗ 2018 CEF Telecom Call - €13 million to reinforce the EUs Cybersecurity capacity ∗∗∗ --------------------------------------------- The European Commission calls for proposals under the Connecting Europe Facility (CEF) to reinforce the EUs cybersecurity capacity, with up to €13 million available in grant funding, open until the 22 November 2018. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/2018-cef-telecom-call2013-20ac1… ∗∗∗ Jetzt patchen! Die Ransomware Gandcrab schlüpft durch Flash- und Windows-Lücken ∗∗∗ --------------------------------------------- Auf einigen kompromittierten Webseiten lauert ein Exploit Kit, das nach Sicherheitslücken in Flash und Windows Ausschau hält. --------------------------------------------- https://heise.de/-4157172 ∗∗∗ Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user. --------------------------------------------- https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-pr… ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0017.3 - VMware Tools update addresses an out-of-bounds read vulnerability ∗∗∗ --------------------------------------------- [...] VMware Tools 10.3.0 is is discontinued because of a functional issue with 10.3.0 in ESXi 6.5, please refer to KB55796 for more information. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0017.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (qemu and xen), Mageia (libxkbcommon, sleuthkit, and wireshark), openSUSE (apache-pdfbox, dovecot22, and php7), SUSE (enigmail, kernel, nodejs4, and php7), and Ubuntu (firefox and transfig). --------------------------------------------- https://lwn.net/Articles/764386/ ∗∗∗ (0Day) Remote Code Execution Vulnerabilities in Hewlett Packard Enterprise Intelligent Management Center ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-999/ http://www.zerodayinitiative.com/advisories/ZDI-18-1000/ http://www.zerodayinitiative.com/advisories/ZDI-18-1001/ http://www.zerodayinitiative.com/advisories/ZDI-18-1002/ http://www.zerodayinitiative.com/advisories/ZDI-18-1003/ http://www.zerodayinitiative.com/advisories/ZDI-18-1004/ http://www.zerodayinitiative.com/advisories/ZDI-18-1005/ http://www.zerodayinitiative.com/advisories/ZDI-18-1006/ http://www.zerodayinitiative.com/advisories/ZDI-18-1007/ --------------------------------------------- ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730727 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016006 ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10730717 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Public disclosed vulnerability from Bouncy Castle ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016292 ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by an Information disclosure vulnerability (CVE-2017-1679) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728737 ∗∗∗ Apache Tomcat vulnerability CVE-2018-1336 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73008537 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.09.2018
by Daily end-of-shift report 06 Sep '18

06 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-09-2018 18:00 − Donnerstag 06-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Nicht bestellen bei apothekerezeptfrei.com ∗∗∗ --------------------------------------------- KonsumentInnen, die auf der Suche nach Medikamenten und insbesondere Potenzmitteln sind, finden auf apothekerezeptfrei.com ein großes Angebot an teils verschreibungspflichtigen Medikamenten. InteressentInnen sollten hier auf keinen Fall bestellen, denn es handelt sich um einen Fake-Shop, der trotz Bezahlung keine Ware liefert. Zusätzlich sollten verschreibungspflichtige Medikamente nicht ohne entsprechende Verschreibung gekauft werden. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-bei-apothekerezeptfr… ∗∗∗ Browser Extensions: Are They Worth the Risk? ∗∗∗ --------------------------------------------- Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or --------------------------------------------- https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-r… ∗∗∗ Malicious PowerShell Compiling C# Code on the Fly, (Wed, Sep 5th) ∗∗∗ --------------------------------------------- What I like when hunting is to discover how attackers are creative to find new ways to infect their victims computers. I came across a Powershell sample that looked new and interesting to me. --------------------------------------------- https://isc.sans.edu/diary/rss/24072 ∗∗∗ Using just a laptop, boffins sniff, spoof and pry – without busting browser padlock ∗∗∗ --------------------------------------------- In a paper seen by The Register, to be presented at the ACM's Conference on Computer and Communications Security (Toronto in October), Dr Shulman's team wrote: "The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker's public key to a victim domain." --------------------------------------------- https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validatio… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: September 05, 2018 Cisco has released updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/09/05/Cisco-Releases-Sec… ∗∗∗ DokuWiki CSV Formula Injection Vulnerability ∗∗∗ --------------------------------------------- The administration panel of the application has a “CSV export of users” feature which allows the export of user data (username, real name, email address and user groups) as a CSV file. On the registration page, it is possible for an attacker to set certain values in the Real Name field that – when exported and opened with a spreadsheet application (Microsoft Excel, Open Office, etc.) – will be interpreted as a formula. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injecti… ∗∗∗ VMSA-2018-0023: AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities ∗∗∗ --------------------------------------------- * The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. CVE-2018-6975 * The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker. CVE-2018-6976 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0023.html ∗∗∗ Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities ∗∗∗ --------------------------------------------- Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning (ERP) cloud application. These vulnerabilities enable an attacker to bypass authentication and get unauthenticated access to sensitive data. An attacker can use a normal web browser to trigger these vulnerabilities — no special tools are required. --------------------------------------------- https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-talos-20… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, gdm3, git-annex, lcms2, and sympa), Fedora (discount, dolphin-emu, gd, obs-build, osc, tcpflow, and yara), openSUSE (wireshark), Slackware (curl, firefox, ghostscript, and thunderbird), SUSE (apache-pdfbox, curl, dovecot22, and libvirt), and Ubuntu (libtirpc). --------------------------------------------- https://lwn.net/Articles/764300/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in Kerberos affect Power Hardware Management Console (CVE-2017-11368, CVE-2017-7562) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717893 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from PHP ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10719483 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Oracle Outside In Technology Affect IBM WebSphere Portal (CVE-2018-2768, CVE-2018-2801, CVE-2018-2806) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10715935 ∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2018-1567) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016254 ∗∗∗ Apache Tomcat vulnerability CVE-2018-8034 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34468163 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.09.2018
by Daily end-of-shift report 05 Sep '18

05 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-09-2018 18:00 − Mittwoch 05-09-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Verschlüsselung: NSA-Chiffre Speck fliegt aus dem Linux-Kernel ∗∗∗ --------------------------------------------- Mit der NSA-Chiffre Speck wollte Google ursprünglich den Speicher von Low-End-Android-Smartphones verschlüsseln, doch nun hat das Unternehmen seine Unterstützung dafür zurückgezogen. Die umstrittene Verschlüsselung wird deshalb wieder aus dem Linux-Kernel entfernt. (Linux-Kernel, Verschlüsselung) --------------------------------------------- https://www.golem.de/news/verschluesselung-nsa-chiffre-speck-fliegt-aus-dem… ∗∗∗ Multiple Remote Code-Execution Flaws Patched in Opsview Monitor ∗∗∗ --------------------------------------------- Five flaws were disclosed Tuesday in monitoring software Opsview Monitor. --------------------------------------------- https://threatpost.com/multiple-remote-code-execution-flaws-patched-in-opsv… ∗∗∗ WordPress Database Upgrade Phishing Campaign ∗∗∗ --------------------------------------------- We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this: The email’s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content is the deadline. --------------------------------------------- https://blog.sucuri.net/2018/09/wordpress-database-upgrade-phishing-campaig… ∗∗∗ PowerPool malware exploits ALPC LPE zero-day vulnerability ∗∗∗ --------------------------------------------- Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure --------------------------------------------- https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-d… ∗∗∗ Lets Trade: You Read My Email, Ill Read Your Password! ∗∗∗ --------------------------------------------- Its been a while, but my last few posts have been on password spraying, which is great approach if your customer has an userid / password interface that faces the internet. I also ran a walk-through on using responder and LLMNR. But what if you are on the outside, and your customer is wise enough to front all of those interfaces with two-factor authentication, or mutual certificate authentication? --------------------------------------------- https://isc.sans.edu/forums/diary/Lets+Trade+You+Read+My+Email+Ill+Read+You… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#598349: Problems with automatic DNS registration and autodiscovery ∗∗∗ --------------------------------------------- Problems with automatic DNS registration and autodiscovery. If an attacker with access to the network adds a malicious device to the network with the name WPAD, such an attacker may be able to utilize DNS autoregistration and autodiscovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and [...] --------------------------------------------- http://www.kb.cert.org/vuls/id/598349 ∗∗∗ Opto22 PAC Control Basic and PAC Control Professional ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in Opto22s PAC Control software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01 ∗∗∗ Android Security Bulletin - September 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-09-01 ∗∗∗ (0Day) Cisco WebEx Network Recording Player Improper Access Control Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on vulnerable installations of Cisco WebEx Network Recording Player. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-18-998/ ∗∗∗ Remote Code Execution Vulnerabilities in WECON LeviStudioU ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-989/ http://www.zerodayinitiative.com/advisories/ZDI-18-990/ http://www.zerodayinitiative.com/advisories/ZDI-18-991/ http://www.zerodayinitiative.com/advisories/ZDI-18-992/ http://www.zerodayinitiative.com/advisories/ZDI-18-993/ http://www.zerodayinitiative.com/advisories/ZDI-18-994/ http://www.zerodayinitiative.com/advisories/ZDI-18-995/ http://www.zerodayinitiative.com/advisories/ZDI-18-996/ http://www.zerodayinitiative.com/advisories/ZDI-18-997/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (lcms2), openSUSE (yubico-piv-tool), Oracle (kernel), and SUSE (cobbler and kvm). --------------------------------------------- https://lwn.net/Articles/764182/ ∗∗∗ Synology-SA-18:52 Android Moments ∗∗∗ --------------------------------------------- A vulnerability allows man-in-the-middle attackers to execute arbitrary code via a susceptible version of Android Moments. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_52 ∗∗∗ Red Hat Gluster Storage Wed Administration, tendrl-api: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1790/ ∗∗∗ Red Hat Virtualization: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1798/ ∗∗∗ cURL: Eine Schwachstelle ermöglicht u. a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1796/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-… ∗∗∗ Python vulnerability CVE-2014-9365 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11068141 ∗∗∗ HPESBST03884 rev.1 - HPE ConvergedSystem 700 Solutions Using HPE 3PAR Service Processor, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.09.2018
by Daily end-of-shift report 04 Sep '18

04 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Montag 03-09-2018 18:00 − Dienstag 04-09-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Thousands of Compromised MikroTik Routers Send Traffic to Attackers ∗∗∗ --------------------------------------------- Attackers compromising MikroTik routers have configured the devices to forward network traffic to a handful of IP addresses under their control. --------------------------------------------- https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mik… ∗∗∗ New Banking Trojan Poses As A Security Module ∗∗∗ --------------------------------------------- A newly discovered banking Trojan departs from the regular tactics observed by malware researchers by choosing visible installation and by adding social engineering components. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-banking-trojan-poses-as-… ∗∗∗ Credit card gobbling code found piggybacking on ecommerce sites ∗∗∗ --------------------------------------------- Be careful! If crooks can upload malicious JavaScript to your ecommerce server, then youre helping the them rip off your own customers. --------------------------------------------- https://nakedsecurity.sophos.com/2018/09/04/credit-card-gobbling-code-found… ∗∗∗ You cant contain me! :: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows ∗∗∗ --------------------------------------------- I have been continuing my journey of searching for windows breakout vulnerabilities in popular applications and one that I discovered in March I found interesting enough to share. Whilst kernel vulnerabilities are fun to discover, there are many core windows and third party applications that are fundamentally broken in regards to logic [...] --------------------------------------------- https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-expl… ∗∗∗ Googles Doors Hacked Wide Open By Own Employee ∗∗∗ --------------------------------------------- Last July, in Google’s Sunnyvale offices, a hacker found a way to trick doors into opening without the requisite RFID keycard. Luckily for Google, it was David Tomaschik, an employee at the tech giant, who only had good intentions. --------------------------------------------- https://www.forbes.com/sites/thomasbrewster/2018/09/03/googles-doors-hacked… ∗∗∗ Erpressungstrojaner Gandcrab verbreitet sich über gefälschte Bewerbungsmails ∗∗∗ --------------------------------------------- Momentan sind vermehrt Fake-Bewerbungen als Mail in Umlauf, die einen gefährlichen Trojaner als Dateianhang haben. --------------------------------------------- http://heise.de/-4154167 ∗∗∗ Sicherheitsforscher warnt vor Browser-Angriffen auf dem Mac ∗∗∗ --------------------------------------------- Mittels URL-Schemata ist es unter macOS möglich, Programme zu aktivieren, die ein Nutzer nicht ausgelöst haben möchte. --------------------------------------------- http://heise.de/-4154059 ∗∗∗ Of ML and malware: What’s in store? ∗∗∗ --------------------------------------------- All things labeled Artificial Intelligence (AI) or Machine Learning (ML) are making waves, but talk of them in cybersecurity contexts often muddies the waters. A new ESET white paper sets out to bring some clarity to a subject where confusion often reigns supreme The post Of ML and malware: What’s in store? appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2018/09/04/ml-malware-whats-in-store/ ∗∗∗ Gefälschte Microsoft-Nachricht im Umlauf ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Microsoft-Nachricht. Darin behaupten sie, dass das E-Mailkonto von Empfänger/innen gesperrt sei. Damit Nutzer/innen wieder auf ihr Postfach zugreifen können, sollen sie ihre Identität auf einer unbekannten Website bestätigen. Das führt zur Datenübermittlung an Kriminelle. Diese können dadurch Verbrechen unter dem Namen ihrer Opfer begehen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-microsoft-nachricht-im-u… ===================== = Vulnerabilities = ===================== ∗∗∗ Lenovo Computer: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- Es existiert eine Schwachstelle in Lenovo Computern mit Intel Prozessoren und Intel Optane Speichermodulen bezüglich der Festplattenverschlüsselung. Wenn die Optane Speichermodule konfiguriert werden, bevor die Festplattenverschlüsselung aktiviert wird, bleiben Teile des Speichers unverschlüsselt. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/09/warn… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (ImageMagick, libressl, postgresql10, spice, and spice-gtk), Red Hat (collectd, kernel, Red Hat Gluster Storage, Red Hat Virtualization, RHGS WA, rhvm-appliance, and samba), and SUSE (crowbar, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, kernel, spice, and spice-gtk). --------------------------------------------- https://lwn.net/Articles/764130/ ∗∗∗ Red Hat Gluster Storage, collectd: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1787/ ∗∗∗ Red Hat Gluster Storage, Samba: Mehrere Schwachstellen ermöglichen u. a. die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1786/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.09.2018
by Daily end-of-shift report 03 Sep '18

03 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 31-08-2018 18:00 − Montag 03-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ CryptoNar Ransomware Discovered and Quickly Decrypted ∗∗∗ --------------------------------------------- This week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cryptonar-ransomware-discove… ∗∗∗ Kostenpflichtige Gratisproben von BeautyShop International ∗∗∗ --------------------------------------------- Konsument/innen bestellen von BeautyShop International Kosmetika als kostenlose Produktproben. Diese erhalten sie mit einer Rechnung von AB Commerce Collect. Bezahlen sie den geforderten Geldbetrag nicht, folgen hohe Mahnungen. Nachdem zwischen Konsument/innen und BeautyShop International kein kostenpflichtiger Vertrag zustande kommt, müssen sie den geforderten Betrag nicht bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/kostenpflichtige-gratisproben-von-be… ===================== = Vulnerabilities = ===================== ∗∗∗ [20180802] - Core - Stored XSS vulnerability in the frontend profile ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 1.5.0 through 3.8.11 Exploit type: XSS CVE Number: CVE-2018-15880 Inadequate output filtering on the user profile page could lead to a stored XSS attack. Affected Installs Joomla! CMS versions 1.5.0 through 3.8.11 Solution Upgrade to version 3.8.12 Contact The JSST at the Joomla! Security Centre. Reported By: Fouad Maakor --------------------------------------------- https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-v… ∗∗∗ CA Release Automation Object Deserialization Error Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- Version(s): 6.3, 6.4, 6.5; possibly older versions Description: A vulnerability was reported in CA Release Automation. A remote user can execute arbitrary code on the target system. A remote user can send specially crafted data to trigger an object deserialization error and execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1041591 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dojo, libtirpc, mariadb-10.0, php5, ruby-json-jwt, spice, spice-gtk, tomcat8, and trafficserver), Fedora (ghc-hakyll, ghc-hs-bibutils, ghostscript, mariadb, pandoc-citeproc, phpMyAdmin, and xen), Mageia (java-1.8.0-openjdk, libarchive, libgd, libraw, libxcursor, mariadb, mercurial, openssh, openssl, poppler, quazip, squirrelmail, and virtualbox), openSUSE (cobbler, libressl, wireshark, and zutils), and SUSE (couchdb, java-1_7_0-ibm, java-1_7_1-ibm, spice). --------------------------------------------- https://lwn.net/Articles/764046/ ∗∗∗ Cisco: CPU Side-Channel Information Disclosure Vulnerabilities: August 2018 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement About the Vulnerability in Huawei B315s-22 Products Disclosed by Security Researcher ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180903-01-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.08.2018
by Daily end-of-shift report 31 Aug '18

31 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-08-2018 18:00 − Freitag 31-08-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Firework: Leveraging Microsoft Workspaces in a Penetration Test ∗∗∗ --------------------------------------------- WCX files can be used to configure a Microsoft Workplace on a system with a couple of clicks. The enrollment process could disclose credentials in the form of a NetNTLM hash. Authentication will either take place automatically on older [...] --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/Firework--Leveraging-Micros… ∗∗∗ BEC fraud burgeoning despite training ∗∗∗ --------------------------------------------- Business email compromises (BEC) - commonly referred to as CEO Fraud because the CEOs identity is being impersonated - continues to grow and, more significantly, succeed due to the simplicity and urgency of the attacks, according to recent study from Barracuda of some 3,000 attacks. --------------------------------------------- https://www.scmagazine.com/bec-fraud-burgeoning-despite-training/article/79… ∗∗∗ John McAfees "unhackbares" Bitcoin-Wallet Bitfi gehackt – mehrmals ∗∗∗ --------------------------------------------- Zum wiederholten Male haben Sicherheitsforscher eigentlich geheime Passphrasen aus dem Bitcoin-Wallet Bitfi ausgelesen. --------------------------------------------- http://heise.de/-4152116 ∗∗∗ How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN) ∗∗∗ --------------------------------------------- [...] Earlier this week security researcher SandboxEscaper published details and proof-of-concept (POC) for a "0day" local privilege escalation vulnerability in Windows Task Scheduler service, which allows a local unprivileged user to change permissions of any file on the system - and thus subsequently replace or modify that file. As the researchers POC demonstrates, one can use this vulnerability [...] --------------------------------------------- https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html ===================== = Vulnerabilities = ===================== ∗∗∗ Philips e-Alert Unit ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for numerous vulnerabilities in Phillips e-Alert Unit, a non-medical device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, bind9, and squirrelmail), Fedora (dolphin-emu), openSUSE (libX11), SUSE (cobbler, GraphicsMagick, ImageMagick, liblouis, postgresql10, qemu, and spice), and Ubuntu (libx11). --------------------------------------------- https://lwn.net/Articles/763906/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.08.2018
by Daily end-of-shift report 30 Aug '18

30 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-08-2018 18:00 − Donnerstag 30-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ What are botnets downloading? ∗∗∗ --------------------------------------------- Every day we intercept numerous file-download commands sent to bots of various types and families. Here we present the results of our botnet activity analysis for H2 2017 and H1 2018. --------------------------------------------- https://securelist.com/what-are-botnets-downloading/87658/ ∗∗∗ Crypto Mining Is More Popular Than Ever!, (Thu, Aug 30th) ∗∗∗ --------------------------------------------- We already wrote some diaries about crypto miners and they remain more popular than ever. Based on my daily hunting statistics, we can see that malicious scripts performing crypto mining operations .. --------------------------------------------- https://isc.sans.edu/diary/rss/24050 ∗∗∗ Kritische Lücke in der Klinik: Netzwerk-Gateways am Krankenbett angreifbar ∗∗∗ --------------------------------------------- Capsule-Netzwerkgeräte der Firma Qualcomm Life verbinden Geräte am Krankenbett mit dem Krankenhaus-Netzwerk. Hier klafft eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4151345 ∗∗∗ Intel entwickelt Spezial-Linux für sicherheitskritische Einsätze ∗∗∗ --------------------------------------------- Das Intel Safety Critical Project for Linux OS soll autonome Roboter, Drohnen und selbstfahrende Autos sicher machen. --------------------------------------------- http://heise.de/-4151374 ∗∗∗ Rocke: The Champion of Monero Miners ∗∗∗ --------------------------------------------- Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine .. --------------------------------------------- https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.… ∗∗∗ Cyberkriminalität - Schwedischer Wahlkampf vermehrt Cyberangriffen ausgesetzt ∗∗∗ --------------------------------------------- Gefälschte Social-Media-Accounts verbreiten vermehrt falsche Informationen --------------------------------------------- https://derstandard.at/2000086347410/Schwedischer-Wahlkampf-vermehrt-Cybera… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libx11), Fedora (bouncycastle, libxkbcommon, libzypp, nodejs, ntp, openssh, tomcat, xen, and zypper), Red Hat (ansible, kernel, and opendaylight), and SUSE (apache2, cobbler, ImageMagick, libtirpc, libzypp, zypper, and qemu). --------------------------------------------- https://lwn.net/Articles/763824/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - August 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Bing Autosuggest API - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-058 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-058 ∗∗∗ Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2018-057 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-057 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.08.2018
by Daily end-of-shift report 29 Aug '18

29 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-08-2018 18:00 − Mittwoch 29-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776 ∗∗∗ --------------------------------------------- After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week. --------------------------------------------- https://www.bleepingcomputer.com/news/security/active-attacks-detected-usin… ∗∗∗ OpenSSH Versions Since 2011 Vulnerable to Oracle Attack ∗∗∗ --------------------------------------------- OpenSSH continues to be vulnerable to oracle attacks, and the issue affects all versions of the suite since September 2011. Developers fixed a similar bug less than a week ago. --------------------------------------------- https://www.bleepingcomputer.com/news/security/openssh-versions-since-2011-… ∗∗∗ Loki Bot: On a hunt for corporate passwords ∗∗∗ --------------------------------------------- Starting in early July, we have seen malicious spam activity that has targeted corporate mailboxes. Messages .. --------------------------------------------- https://securelist.com/loki-bot-stealing-corporate-passwords/87595/ ∗∗∗ 3D Printers in The Wild, What Can Go Wrong?, (Wed, Aug 29th) ∗∗∗ --------------------------------------------- Richard wrote a quick diary yesterday about an interesting information that we received from one of our readers. It&#;x26;#;39;s about a huge amount of OctoPrint interfaces that are publicly facing the Internet. Octoprint[1] is a web interface for .. --------------------------------------------- https://isc.sans.edu/diary/rss/24044 ∗∗∗ PHP-Paket-Repository Packagist.org war für Schadcode anfällig ∗∗∗ --------------------------------------------- In der Webseite Packagist.org klaffte eine gefährliche Sicherheitslücke. Angreifer hätten mit vergleichsweise wenig Aufwand Schadcode ausführen können. --------------------------------------------- http://heise.de/-4149216 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4281 tomcat8 - security update ∗∗∗ --------------------------------------------- Several issues were discovered in the Tomcat servlet and JSPengine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak. --------------------------------------------- https://www.debian.org/security/2018/dsa-4281 ∗∗∗ Cisco Data Center Network Manager Path Traversal Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system.The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.08.2018
by Daily end-of-shift report 28 Aug '18

28 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Montag 27-08-2018 18:00 − Dienstag 28-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitsforscher warnen vor kritischer Lücke in Windows ∗∗∗ --------------------------------------------- Eine neue Schwachstelle betrifft offenbar auch vollständig aktualisierte Windows-10-Computer. --------------------------------------------- https://futurezone.at/produkte/sicherheitsforscher-warnen-vor-kritischer-lu… ∗∗∗ Android-Smartphones durch AT-Modembefehle aus den 80ern angreifbar ∗∗∗ --------------------------------------------- Angreifer können neue Firmware flashen, Spionage betreiben und Android-Sicherheitsfunktionen deaktivieren. --------------------------------------------- http://heise.de/-4147013 ∗∗∗ Apache Struts: Exploit für kritische Lücke aufgetaucht ∗∗∗ --------------------------------------------- Admins von Webseiten, die Apache Struts nutzen, sollten dringendst prüfen, ob sie Updates für eine vor kurzem entdeckte Sicherheitslücke eingespielt haben. --------------------------------------------- http://heise.de/-4147203 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Creative Cloud Desktop Application (APSB18-32) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1602 ∗∗∗ [20180803] - Core - ACL Violation in custom fields ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/745-20180803-core-acl-violatio… ∗∗∗ [20180802] - Core - Stored XSS vulnerability in the frontend profile ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-v… ∗∗∗ [20180801] - Core - Hardening the InputFilter for PHAR stubs ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/743-20180801-core-hardening-th… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.08.2018
by Daily end-of-shift report 27 Aug '18

27 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-08-2018 18:00 − Montag 27-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability ∗∗∗ --------------------------------------------- Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability. --------------------------------------------- https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnera… ∗∗∗ Password Protected Word Document Delivers HERMES Ransomware ∗∗∗ --------------------------------------------- Evading AV detection is part of a malware authors routine in crafting spam campaigns and an old and effective way of achieving this is spamming a password protected document. Recently, we observed such a .. --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/Password-Protected-Word-Doc… ∗∗∗ Well, cant get hacked if your PC doesnt work... McAfee yanks BSoDing Endpoint Security patch ∗∗∗ --------------------------------------------- Dont install August update, world+dog warned McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their .. --------------------------------------------- www.theregister.co.uk/2018/08/24/mcafee_blue_screen_of_death/ ∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: An own goal and serious foul: Spanish football league’s app turns 10 million users into involuntarily .. --------------------------------------------- https://securityblog.switch.ch/2018/08/27/a-new-issue-of-our-switch-securit… ∗∗∗ Schwachstelle Royale: Fortnite-Installer für Android offen für freies Nachladen ∗∗∗ --------------------------------------------- Bei der Android-Version von Fortnite Battle Royale umging Epic Games den Play Store und lieferte einen eigenen Installer – mit gravierender Sicherheitslücke. --------------------------------------------- http://heise.de/-4145876 ∗∗∗ Who’s Behind the Screencam Extortion Scam? ∗∗∗ --------------------------------------------- The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, its likely that additional spammers and scammers piled on with their own versions of the phishing email after .. --------------------------------------------- https://krebsonsecurity.com/2018/08/whos-behind-the-screencam-extortion-sca… ∗∗∗ Verschlüsselung - Wenn Paypal und Co plötzlich nicht mehr funktionieren ∗∗∗ --------------------------------------------- Mozilla und Google vertrauen Symantec-Zertifikaten in Entwicklungsversionen ihrer Browser nicht mehr --------------------------------------------- https://derstandard.at/2000086139348/Wenn-Paypal-und-Co-ploetzlich-nicht-me… ===================== = Vulnerabilities = ===================== ∗∗∗ Synology-SA-18:50 Drive ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Drive. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_50 ∗∗∗ File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-056 ∗∗∗ Multiple Cross Site Scripting on FortiCloud Web Interface Login ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-026 ∗∗∗ Forgot password link doesnt expire after use ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-074 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.08.2018
by Daily end-of-shift report 24 Aug '18

24 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-08-2018 18:00 − Freitag 24-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Botnetz: Mirai-Malware gefährdet durch Cross-Compiling noch mehr Systeme ∗∗∗ --------------------------------------------- Eine neue Mirai-Variante kann mittels Aboriginal Linux nun u.a. auch Android- und Debian-Systeme infizieren und in ein Botnetz einspannen. --------------------------------------------- http://heise.de/-4144912 ∗∗∗ Warnung vor hoverboardmarkt.at ∗∗∗ --------------------------------------------- Auf hoverboardmarkt.at finden Konsument/innen stark rabattierte Hoverboards. Es ist unbekannt, wer den Online-Shop betreibt. Es zeigen sich weitere Auffälligkeiten bei dem Anbieter. Aus diesem Grund ist es am sichersten, wenn Konsument/innen nicht bei hoverboardmarkt.at einkaufen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-hoverboardmarktat/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMware Virtual Appliances, L1 Terminal Fault (L1TF): Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein lokaler, nicht authentisierter Angreifer kann diese Schwachstelle über einen Terminal Seitenfehler (Terminal Page Fault) ausnutzen, um in einem Seitenkanalangriff (Side-Channel Analysis) unautorisiert Informationen aus dem L1 Data Cache auszuspähen. Die Schwachstelle betrifft auch eine Reihe von VMware Produkten, unter anderem vCenter Server (vCSA) 6.0, 6.5 und 6.7 und vSphere Data Protection (VDP) 6.x. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1622/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (kernel-headers), Mageia (bind, cgit, dpkg, sssd, and thunderbird), openSUSE (libXcursor and python-Django), Oracle (postgresql), Red Hat (postgresql), Scientific Linux (postgresql), SUSE (libreoffice, openssl, and xen), and Ubuntu (kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-lts-xenial, linux-aws, and spice, spice-protocol). --------------------------------------------- https://lwn.net/Articles/763429/ ∗∗∗ Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018 ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence IX5000 Series and TelePresence TX9000 Series Cross-Frame Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability When Using the RememberMe feature affects WebSphere Commerce ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728829 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by multiple kernel vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728537 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (SNSC) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729112 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Insight ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10719165 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Reporting for Development Intelligence ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10719163 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.08.2018
by Daily end-of-shift report 23 Aug '18

23 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-08-2018 18:00 − Donnerstag 23-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Intel erklärt Hardware-Schutz gegen Spectre- & Meltdown-Lücken ∗∗∗ --------------------------------------------- Kommende "Cascade Lake"-Xeons sind gegen Meltdown-Attacken unempfindlich und auch gegen viele Spectre-Attacken – aber Software-Patches bleiben nötig. --------------------------------------------- http://heise.de/-4144368 ∗∗∗ Tool - OpenSSH: Neue Version beseitigt 19 Jahre alte Lücke ∗∗∗ --------------------------------------------- War bereits in der allerersten Version der Software enthalten – Angreifer konnten Nutzernamen raten --------------------------------------------- https://derstandard.at/2000085926326/OpenSSH-Neue-Version-beseitigt-19-Jahr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel and tomcat-native), Fedora (axis, CuraEngine-lulzbot, nodejs, python-uranium-lulzbot, and sleuthkit), Gentoo (chromium, lxc, networkmanager-vpnc, and .. --------------------------------------------- https://lwn.net/Articles/763283/ ∗∗∗ Synology-SA-18:49 Ghostscript ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM) when the AirPrint feature is enabled. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_49 ∗∗∗ Vuln: Multiple Symantec Products CVE-2018-5238 DLL Loading Local Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105100 ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2018-1755) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728689 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a remote command injection vulnerability (CVE-2018-1722) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10719623 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection. (CVE-2018-1699) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10725805 ∗∗∗ Side-channel processor vulnerability CVE-2018-3693 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54252492 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.08.2018
by Daily end-of-shift report 22 Aug '18

22 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-08-2018 18:00 − Mittwoch 22-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Android Triout Malware Can Record Phone Calls, Steal Pictures ∗∗∗ --------------------------------------------- Security researchers from Bitdefender have discovered a new Android malware strain named Triout that comes equipped with intrusive spyware capabilities, such as the ability to record phone calls and steal pictures taken with the device. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-android-triout-malware-c… ∗∗∗ Unterkunft nicht bei benaco-ferienwohnungen.de buchen ∗∗∗ --------------------------------------------- Auf benaco-ferienwohunungen.de findet man günstige Unterkünfte am Gardasee. Die Inserate wurden jedoch zu betrügerischen Zwecken von echten Portalen kopiert. Die gebotenen Unterkünfte können nicht gebucht werden und Kunden werden um ihr Geld betrogen. --------------------------------------------- https://www.watchlist-internet.at/news/unterkunft-nicht-bei-benaco-ferienwo… ===================== = Vulnerabilities = ===================== ∗∗∗ Bislang kein Patch: Gefährliche Sicherheitslücken im PDF/Postscript-Interpreter Ghostscript ∗∗∗ --------------------------------------------- Angreifer könnten über Schwachstellen im weit verbreiteten Ghostscript-Interpreter Schadcode ausführen. Derzeit gibt es nur einen Workaround zum Schutz. --------------------------------------------- http://heise.de/-4143153 ∗∗∗ Kritische Sicherheitslücke in Apache Struts 2 - Patches verfügbar ∗∗∗ --------------------------------------------- Es wurde eine kritische Sicherheitslücke in Apache Struts 2 gefunden, die schwerwiegende Folgen für die Sicherheit von Webservern, die dieses Framework einsetzen, haben kann. --------------------------------------------- http://www.cert.at/warnings/all/20180822.html ∗∗∗ Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades ∗∗∗ --------------------------------------------- A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999. [...] This bug allows a remote attacker to guess the usernames registered on an OpenSSH server. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-op… ∗∗∗ Philips IntelliVue Information Center iX ∗∗∗ --------------------------------------------- This medical device advisory includes mitigation recommendations for a resource exhaustion vulnerability in Philips IntelliVue Information Center iX real-time central monitoring system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01 ∗∗∗ Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for stack-based buffer overflow vulnerabilities in Yokogawas iDefine, STARDOM, ASTPLANNER, and TriFellows products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-233-01 ∗∗∗ PMASA-2018-5 ∗∗∗ --------------------------------------------- A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Assigned CVE ids: CVE-2018-15605 --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2018-5/ ∗∗∗ Adobe Photoshop CC: Zwei Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Zwei Schwachstellen in Adobe Photoshop CC 2017 18.1.5 und CC 2018 19.1.5 sowie den jeweils früheren Versionen für Windows und macOS ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes im Sicherheitskontext des aktiven Benutzers. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1697/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openssh and otrs2), Fedora (gifsicle, lighttpd, quazip, and samba), Red Hat (openstack-keystone), Scientific Linux (mutt), Slackware (libX11), SUSE (gtk2, ImageMagick, libcgroup, and libgit2), and Ubuntu (base-files). --------------------------------------------- https://lwn.net/Articles/763157/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affects IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10726077 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016774 ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10726081 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in IBM WebSphere Application Server (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728345 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack (CVE-2018-1739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10725439 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by NTP vulnerabilities (CVE-2017-6462, CVE-2017-6463, CVE-2017-6464) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728215 ∗∗∗ IBM Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security Access Manager releases are affected by a Kerberos vulnerability (CVE-2017-11462) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015092 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.08.2018
by Daily end-of-shift report 21 Aug '18

21 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Montag 20-08-2018 18:00 − Dienstag 21-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ USB-Kabel können Computer mit Trojanern infizieren ∗∗∗ --------------------------------------------- Sicherheitsforschern ist es gelungen, USB-Ladekabel so zu modifizieren, dass sie Trojaner einschleusen können. --------------------------------------------- https://futurezone.at/produkte/usb-kabel-koennen-computer-mit-trojanern-inf… ∗∗∗ TLS developers should ditch pseudo constant time crypto processing ∗∗∗ --------------------------------------------- Fixes for Lucky 13-type bugs could still be vulnerable More than five years after cracks started showing in the Transport Layer Security (TLS) network crypto protocol, the author of the "Lucky 13" attack has poked holes in the fixes .. --------------------------------------------- www.theregister.co.uk/2018/08/21/tls_developers_should_ditch_pseudo_constan… ∗∗∗ Microsoft: Russische Hacker nehmen Trump-kritische Republikaner ins Visier ∗∗∗ --------------------------------------------- Im Kampf gegen mutmaßlich russische Hacker hat Microsoft weitere Erfolge verkündet: Für Phising-Angriffe auf Republikaner nutzbare Domains wurden entschärft. --------------------------------------------- http://heise.de/-4142219 ∗∗∗ How often are users’ DNS queries intercepted? ∗∗∗ --------------------------------------------- A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix Security Symposium last week. The problem Most Internet connections are preceded by a DNS address lookup request, as the Domain Name System (DNS) “translates” .. --------------------------------------------- https://www.helpnetsecurity.com/2018/08/21/dns-interception/ ∗∗∗ The enemy is us: a look at insider threats ∗∗∗ --------------------------------------------- It could be the engineer in the IT department, the janitor mopping the lobby, one of the many managers two floors up, or the contractor who’s been in and out the office for weeks now. Or, maybe it could be you. It .. --------------------------------------------- https://blog.malwarebytes.com/101/2018/08/the-enemy-is-us-a-look-at-insider… ∗∗∗ Darkhotel APT is back: Zero-day vulnerability in Microsoft VBScript is exploited ∗∗∗ --------------------------------------------- VBScript is available in the latest versions of Windows and Internet Explorer 11. However, Microsoft disabled VBScript execution in the latest version of Windows .. --------------------------------------------- https://blog.360totalsecurity.com/en/darkhotel-apt-is-back-zero-day-vulnera… ∗∗∗ Skype - Skype führt "Ende-zu-Ende-Verschlüsselung" ein ∗∗∗ --------------------------------------------- Die Verschlüsselung ist allerdings nicht automatisch aktiviert --------------------------------------------- https://derstandard.at/2000085764456/Skype-fuehrt-Ende-zu-Ende-Verschluesse… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4279 linux - security update ∗∗∗ --------------------------------------------- Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw .. --------------------------------------------- https://www.debian.org/security/2018/dsa-4279 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.08.2018
by Daily end-of-shift report 20 Aug '18

20 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-08-2018 18:00 − Montag 20-08-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Week in Ransomware - August 17th 2018 - Princess Evolution & Dharma ∗∗∗ --------------------------------------------- The biggest news was the release of the Princess Evolution RaaS and a new variant of the Dharma ransomware utilizing the .cmb extension for encrypted files. Otherwise, it was mostly small variants released that will not likely have many victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-augus… ∗∗∗ New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles ∗∗∗ --------------------------------------------- A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-va… ∗∗∗ New "Turning Tables" Technique Bypasses All Windows Kernel Mitigations ∗∗∗ --------------------------------------------- Security researchers have discovered a new exploitation technique that they say can bypass the kernel protection measures present in the Windows operating systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-turning-tables-technique… ∗∗∗ Malspam Campaign Targets Banks Using Microsoft Publisher ∗∗∗ --------------------------------------------- Its very unusual for malware authors to utilize publishing software like Microsoft Publisher which is mainly used for fancy documents and desktop publishing tasks. So when we saw an email sample with a .pub attachment (Microsoft Office Publisher file) and [...] --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Malspam-Campaign-Target… ∗∗∗ Fake Plugins with Popuplink.js Redirect to Scam Sites ∗∗∗ --------------------------------------------- Since July, we've been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin that has been called either "index" or "wp_update", and a malicious popuplink.js file. --------------------------------------------- https://blog.sucuri.net/2018/08/fake-plugins-with-popuplink-js-redirect-to-… ∗∗∗ Fax-Lücke in HP-Druckern: Mac-Nutzer weiter angreifbar ∗∗∗ --------------------------------------------- Firmware-Updates für eine schwere Lücke in seinen Multifunktionsdruckern liefert Hewlett-Packard zum Teil nur für Windows. Es gibt aber Abhilfe. --------------------------------------------- http://heise.de/-4141384 ∗∗∗ Firefox-Add-on "Web Security": Entwickler räumen Fehler ein ∗∗∗ --------------------------------------------- Das Firefox-Add-on "Web Security" sammelte zu viele Daten und übertrug sie unverschlüsselt. Das war ein Fehler, räumen die Entwickler ein und geloben Besserung. --------------------------------------------- http://heise.de/-4141593 ∗∗∗ Banker Trojan, "TrickBot", is preparing for the next global outbreak by using new techniques ∗∗∗ --------------------------------------------- Recently, 360 Security Center detected a new variant of "TrickBot" banker Trojan. Compared to the previous "TrickBot", the functions of the latest "TrickBot" are all [...] --------------------------------------------- https://blog.360totalsecurity.com/en/banker-trojan-trickbot-is-preparing-fo… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (confuse, jetty9, kamailio, kernel, libxcursor, and mutt), Fedora (blktrace, docker-latest, libgit2, and yubico-piv-tool), Mageia (chromium-browser-stable, flash-player-plugin, kernel, kernel-linus, kernel-tmb, microcode, openslp, and wpa_supplicant), openSUSE (apache2, curl, GraphicsMagick, perl-Archive-Zip, and xen), Oracle (kernel and mariadb), Red Hat (rh-postgresql95-postgresql), Slackware (ntp and samba), SUSE (apache2, curl, kernel, [...] --------------------------------------------- https://lwn.net/Articles/763045/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016776 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a systemd vulnerability (CVE-2018-1049) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728209 ∗∗∗ Linux kernel vulnerability (FragmentSmack) CVE-2018-5391 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74374841 ∗∗∗ HPESBHF03850 rev.5 - Certain HPE Products using Intel-based Processors, Local Disclosure of Information, Speculative Execution Side Channel Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.08.2018
by Daily end-of-shift report 17 Aug '18

17 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-08-2018 18:00 − Freitag 17-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PHP Deserialization Issue Left Unfixed in WordPress CMS ∗∗∗ --------------------------------------------- WordPress CMS installations are vulnerable to a PHP bug related to data unserialization (also known as deserialization), a security researcher has revealed at the start of the month. --------------------------------------------- https://www.bleepingcomputer.com/news/security/php-deserialization-issue-le… ∗∗∗ New Trickbot Variant Touts Stealthy Code-Injection Trick ∗∗∗ --------------------------------------------- Trickbot is back, this time with a stealthy code injection trick. --------------------------------------------- https://threatpost.com/new-trickbot-variant-touts-stealthy-code-injection-t… ∗∗∗ Highly Flexible Marap Malware Enters the Financial Scene ∗∗∗ --------------------------------------------- A new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module. --------------------------------------------- https://threatpost.com/highly-flexible-marap-malware-enters-the-financial-s… ∗∗∗ Anti-Coinminer Mining Campaign ∗∗∗ --------------------------------------------- Coinminer malware has been on the rise for some time. As more and more users become aware of this threat and try to take measures to protect themselves, cybercriminals are attempting to cash on that fear by serving crypto-miner malware from a website claiming to offer a coinminer blocker. --------------------------------------------- https://www.zscaler.com/blogs/research/anti-coinminer-mining-campaign ∗∗∗ Detecting SSH Username Enumeration ∗∗∗ --------------------------------------------- A very quick post about a new thread which has been started yesterday on the OSS-Security mailing list. It's about a vulnerability affecting almost ALL SSH server version. --------------------------------------------- https://blog.rootshell.be/2018/08/16/detecting-ssh-username-enumeration/ ∗∗∗ Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe ∗∗∗ --------------------------------------------- Microsoft.Workflow.Compiler.exe, a utility included by default in the .NET framework, permits the execution of arbitrary, unsigned code by supplying a serialized workflow in the form of a XOML workflow file (dont worry. I had no clue what that was either) and an XML file consisting of serialized compiler arguments. --------------------------------------------- https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-mic… ∗∗∗ Back to the 90s: FragmentSmack ∗∗∗ --------------------------------------------- As we had the previous week SegmentSmack (CVE-2018-5390) allowing remote DoS attacks by sending crafted TCP packets, this week a similar vulnerability has been reported on IP fragments. --------------------------------------------- https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/ ===================== = Vulnerabilities = ===================== ∗∗∗ Philips PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs ∗∗∗ --------------------------------------------- This medical device advisory includes mitigation recommendations for improper input validation and use of hard-coded credentials vulnerabilities in Philips PageWriter Cardiographs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01 ∗∗∗ Emerson DeltaV DCS Workstations ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities in Emersons Delta V workstations. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 ∗∗∗ Tridium Niagara ∗∗∗ --------------------------------------------- This advisory was originally posted to the HSIN ICS-CERT library on July 10, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory includes mitigation recommendations for path traversal and improper authentication vulnerabilities in Tridums Niagara systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03 ∗∗∗ WAGO 750-8xx Controller Denial of Service ∗∗∗ --------------------------------------------- The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2018-013 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (intel-microcode, keystone, php-horde-image, and xen), Fedora (rsyslog), openSUSE (apache2, clamav, kernel, php7, qemu, samba, and Security), Oracle (mariadb and qemu-kvm), Red Hat (docker, mariadb, and qemu-kvm), Scientific Linux (mariadb and qemu-kvm), SUSE (GraphicsMagick, kernel, kgraft, mutt, perl-Archive-Zip, python, and xen), and Ubuntu (postgresql-10, postgresql-9.3, postgresql-9.5, procps, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/762914/ ∗∗∗ Jenkins: Mehrere Schwachstellen ermöglichen u. a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1645/ ∗∗∗ Red Hat JBoss Core Services Apache HTTP Server: Mehrere Schwachstellen ermöglichen u. a. verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1673/ ∗∗∗ Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1674/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719653 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10713739 ∗∗∗ BIG-IP APM client for Linux and macOS X vulnerabilitiy CVE-2018-5546 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54431371 ∗∗∗ BIG-IP APM client for Windows vulnerability CVE-2018-5547 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10015187 ∗∗∗ BIG-IP APM client for Linux and macOS vulnerabilitiy CVE-2018-5546 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54431371 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.08.2018
by Daily end-of-shift report 16 Aug '18

16 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-08-2018 18:00 − Donnerstag 16-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VORACLE Attack Can Recover HTTP Data From VPN Connections ∗∗∗ --------------------------------------------- A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-h… ∗∗∗ Microsoft Flaw Allows Full Multi-Factor Authentication Bypass ∗∗∗ --------------------------------------------- This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. --------------------------------------------- https://threatpost.com/microsoft-flaw-allows-full-multi-factor-authenticati… ∗∗∗ Linux: Kernel und Distributionen schützen vor Prozessorlücke Foreshadow/L1TF ∗∗∗ --------------------------------------------- Mit neuen Kernel-Updates kann man sich vor den als Foreshadow oder L1TF genannten Prozessorlücken schützen, die viele moderne Intel-Prozessoren betreffen. --------------------------------------------- http://heise.de/-4137264 ∗∗∗ Patchday Microsoft: Angreifer attackieren Internet Explorer ∗∗∗ --------------------------------------------- In diesem Monat veröffentlicht Microsoft Sicherheitsupdates für 60 Lücken in Windows & Co. Zwei Schwachstellen sind derzeit im Fokus von Angreifern. --------------------------------------------- http://heise.de/-4137351 https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/ ∗∗∗ August 2018 Office Update Release ∗∗∗ --------------------------------------------- The August 2018 Public Update releases for Office are now available! This month, there are 23 security updates and 23 non-security updates. All of the security and non-security updates are listed in KB article 4346823. A new version of Office 2013 Click-To-Run is available: 15.0.5059.1000 A new version of Office 2010 Click-To-Run is available: 14.0.7212.5000 --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/08/14… ∗∗∗ Betrügerische E-Mail der Internet Domain Services Austria (IDSA) ∗∗∗ --------------------------------------------- Selbstständige, Vereine und Unternehmen erhalten von den Internet Domain Services Austria (IDSA) eine E-Mail. Sie sollen 197,50 Euro an idsa.at zahlen, damit Fremde keine Domain registrieren, die ihrer ähnelt. Empfänger/innen können die Nachricht ignorieren, denn ihr Inhalt ist betrügerisch und erfunden. Ebenso wenig gibt es die Internet Domain Services Austria. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-e-mail-der-internet-d… ∗∗∗ Pfändungstermine wegen Urheberrechtsverletzung ignorieren ∗∗∗ --------------------------------------------- KonsumentInnen erhalten von der ADVOKAT RECHTSANWALT AG eine Nachricht, in der ein Pfändungstermin wegen nicht Bezahlens einer Abmahnung zu einer Urheberrechtsverletzung genannt wird. Grund sei das illegale Streamen von Filmen auf kinox.to. KonsumentInnen müssen die 426,55 Euro nicht bezahlen und die angedrohte Pfändung findet nie statt. --------------------------------------------- https://www.watchlist-internet.at/news/pfaendungstermine-wegen-urheberrecht… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips IntelliSpace Cardiovascular Vulnerabilities ∗∗∗ --------------------------------------------- This medical advisory includes mitigation recommendations for improper privilege management and unquoted search path vulnerabilities in Philips IntelliSpace Cardiovascular (ISCV) software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01 ∗∗∗ File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056 ∗∗∗ --------------------------------------------- Project: File (Field) PathsDate: 2018-August-15Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: This module enables you to automatically sort and rename your uploaded files using token based replacement patterns to maintain a nice clean filesystem.The module doesnt sufficiently sanitize the path while a new file is uploading, allowing a remote attacker to execute arbitrary PHP code. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-056 ∗∗∗ VMSA-2018-0020 ∗∗∗ --------------------------------------------- VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0020.html ∗∗∗ VMSA-2018-0021 ∗∗∗ --------------------------------------------- Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0021.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (kernel, linux-4.9, postgresql-9.4, and ruby-zip), Fedora (cgit, firefox, knot-resolver, mingw-LibRaw, php-symfony, php-symfony3, php-symfony4, php-zendframework-zend-diactoros, php-zendframework-zend-feed, php-zendframework-zend-http, python2-django1.11, quazip, sox, and thunderbird-enigmail), openSUSE (python-Django and seamonkey), Oracle (kernel), Red Hat (kernel, kernel-rt, and redhat-virtualization-host), Scientific Linux [...] --------------------------------------------- https://lwn.net/Articles/762706/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (fuse), Fedora (cri-o, gdm, kernel-headers, postgresql, units, and wpa_supplicant), Mageia (iceaepe, kernel-linus, kernel-tmb, and libtomcrypt), openSUSE (aubio, libheimdal, nemo-extensions, and python-Django1), Red Hat (flash-plugin), SUSE (apache2, kernel, php7, qemu, samba, and ucode-intel), and Ubuntu (gnupg). --------------------------------------------- https://lwn.net/Articles/762804/ ∗∗∗ ZDI-18-939: Foxit Reader PDF File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-939/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ Xen Security Advisories ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/ ∗∗∗ F5 Security Advisories ∗∗∗ --------------------------------------------- https://support.f5.com/csp/new-updated-articles ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180725-… ∗∗∗ Security Advisory - Side-Channel Vulnerability Variants 3a and 4 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180615-… ∗∗∗ Security Advisory - CPU Side Channel Vulnerability "L1TF" ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180815-… ∗∗∗ Security Notice - Statement About the Side Channel Vulnerability "L1TF" of Chips ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180815-01-… ∗∗∗ VMSA-2018-0022 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0022.html ∗∗∗ VMSA-2018-0019.1 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0019.html ∗∗∗ HPESBHF03874 rev.1 - Certain HPE Products using Intel-based Processors, L1 Terminal Fault (L1TF) Speculative Side-channel Vulnerabilities, Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03875 rev.1 - HPE Integrated Lights Out 4 and 5, (iLO 4, 5), Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.08.2018
by Daily end-of-shift report 14 Aug '18

14 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Montag 13-08-2018 18:00 − Dienstag 14-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Badness, Enumerated by Robots ∗∗∗ --------------------------------------------- A condensed summary of the blacklist data generated from traffic hitting bsdly.net and cooperating sites. --------------------------------------------- https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html ∗∗∗ Brazilian banking customers targeted by IoT DNS hijacking attacks ∗∗∗ --------------------------------------------- Attackers launched a DNS hijacking campaign targeting Brazilian bank customer credentials through the end-user IoT devices. --------------------------------------------- https://www.scmagazine.com/brazilian-banking-customers-targeted-by-iot-dns-… ∗∗∗ CVE? Nope. NVD? Nope. Serious must-patch type flaws skipping mainstream vuln lists - report ∗∗∗ --------------------------------------------- Infosec firm fingers decentralised reporting The first half of 2018 saw a record haul of reported software vulnerabilities yet a high proportion of these won't appear in any mainstream flaw-tracking lists, researcher Risk Based Security (RBS) has claimed. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/08/14/record_soft… ∗∗∗ Patchday: SAP kümmert sich um seine Software ∗∗∗ --------------------------------------------- Im August hat SAP zwölf neue Sicherheitshinweise für verschiedene Anwendungen veröffentlicht. --------------------------------------------- http://heise.de/-4137050 ∗∗∗ Erpresserische E-Mail nennt Telefonnummer ∗∗∗ --------------------------------------------- Kriminelle versenden eine erpresserische E-Mail. Darin nennen sie die letzten vier Ziffern einer Telefonnummer und behaupten, dass sie über intimite Aufnahmen verfügen. Empfänger/innen sollen innerhalb von 48 Stunden 1000 US-Dollar in Bitcoins bezahlen, damit es zu keiner Veröffentlichung kommt. Konsument/innen müssen keine Reaktion zeigen. --------------------------------------------- https://www.watchlist-internet.at/news/erpresserische-e-mail-nennt-telefonn… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-20), Adobe Flash Player (APSB18-25), Adobe Experience Manager (APSB18-26) and Adobe Acrobat and Reader (APSB18-29). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1594 ∗∗∗ SQL Injection, XSS & CSRF vulnerabilities in Pimcore software ∗∗∗ --------------------------------------------- Pimcore is affected by several security vulnerabilities, which can be exploited by an attacker to read data records from the database, attack other users of the web application with JavaScript code, browser exploits or Trojan horses, and perform arbitrary actions in the context of the logged-in user (CSRF). --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulne… ∗∗∗ Cisco IOS, IOS XE: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle in Cisco IOS und IOS XE ausnutzen, indem er einen speziell präparierten Ciphertext an ein mit IKEv1 (Internet Key Exchange Version 1) konfiguriertes Gerät sendet. Dieses Gerät reagiert fehlerhaft auf dabei auftretende Entschlüsselungsfehler, wodurch verschlüsselte Nonces ausgespäht werden können. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1591/ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (thunderbird), Debian (gdm3 and samba), openSUSE (cgit and lxc), SUSE (grafana, kafka, logstash, openstack-monasca-installer and samba), and Ubuntu (gdm3 and libarchive). --------------------------------------------- https://lwn.net/Articles/762556/ ∗∗∗ Synology-SA-18:43 MailPlus Server ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of MailPlus Server. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_43 ∗∗∗ Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180813-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720115 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-2783, CVE-2018-2800, CVE-2018-2790). ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720313 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718949 ∗∗∗ IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to cross-site request forgery (CVE-2018-1455) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016659 ∗∗∗ HPESBHF03868 rev.1 - HPE ML10 Gen9 using Intel Xeon Processor E3-1200 v5 with Intel Active Management Technology, multiple local and remote vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.08.2018
by Daily end-of-shift report 13 Aug '18

13 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-08-2018 18:00 − Montag 13-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Popular Android Apps Vulnerable to Man-in-the-Disk Attacks ∗∗∗ --------------------------------------------- Some of the most popular Android applications installed on your phone may be vulnerable to a new type of attack named "Man-in-the-Disk" that can grant a third-party app the ability to crash them and/or run malicious code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/popular-android-apps-vulnera… ∗∗∗ KeyPass ransomware ∗∗∗ --------------------------------------------- In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. According to our information, the malware is propagated by means of fake installers that download the ransomware module. --------------------------------------------- https://securelist.com/keypass-ransomware/87412/ ∗∗∗ DEF CON 2018: Hacking Medical Protocols to Change Vital Signs ∗∗∗ --------------------------------------------- LAS VEGAS – In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other gadgets found in hospital rooms use aging protocol to communicate with nurses' [...] --------------------------------------------- https://threatpost.com/def-con-2018-hacking-medical-protocols-to-change-vit… ∗∗∗ Angreifer können per Fax in Firmennetze eindringen ∗∗∗ --------------------------------------------- Sicherheitsexperten haben in Multifunktionsdruckern, wie sie in vielen Büros vorhanden sind, eine Sicherheitslücke entdeckt. Angreifer könnten sich durch Senden eines manipulierten Fax Zugang zum Firmennetzwerk verschaffen. --------------------------------------------- https://help.orf.at/stories/2929974/ ∗∗∗ Apple macOS vulnerability paves the way for system compromise with a single click ∗∗∗ --------------------------------------------- A security researcher uncovered a zero-day in Apple software by tweaking a few lines of code. Speaking at Defcon in Las Vegas last week, Patrick Wardle, Chief Research Officer of Digita Security, described his research into "synthetic" interactions with a user interface (UI) that can lead to severe macOS system security issues. --------------------------------------------- https://www.zdnet.com/article/apple-zero-day-vulnerability-permits-attacker… ∗∗∗ Erpresser-Mails: Online-Gauner kassieren jetzt mit Handynummern ab ∗∗∗ --------------------------------------------- Online-Abzocker verschicken Mails, in denen sie behaupten, das Handy des Empfängers gehackt zu haben. Sie untermauern dies mit einem Auszug der Handynummer. --------------------------------------------- https://heise.de/-4134298 ∗∗∗ Gebäudeautomatisierung wird zur Wanze: Bugs in Crestron-Systemen ∗∗∗ --------------------------------------------- Büros, Unis, Flughäfen, Hotels, Privathäuser - Bugs in Crestron-Produkten lassen die Komponenten zu Wanzen werden - übers Internet, Kamerabilder inklusive. --------------------------------------------- http://heise.de/-4133763 ∗∗∗ Vulnerabilities in smart card drivers open systems to attackers ∗∗∗ --------------------------------------------- Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into the target system without valid credentials and achieve root/admin privileges. "A lot of attacks against smart cards have been performed in the past but not much work has focused on hacking the driver side of the smart card stack [the piece of software that interacts with chip [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/08/13/vulnerabilities-smart-card-drive… ∗∗∗ FBI Warns of 'Unlimited' ATM Cashout Blitz ∗∗∗ --------------------------------------------- The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. --------------------------------------------- https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blit… ∗∗∗ Warnung vor betrügerischen Maschinenangeboten ∗∗∗ --------------------------------------------- Auf Kleinanzeigen-Plattformen finden Interessent/innen günstige Nutzfahrzeuge und Landmaschinen. Sie führen zu den Anbietern insolvenzamt.com, maschinen-insolvenzamt.com und anbud-spzoo.eu. Bei den Händlern handelt es sich um Fake-Shops. Sie liefern trotz Bezahlung keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-betruegerischen-maschine… ===================== = Vulnerabilities = ===================== ∗∗∗ 2018-1581: Oracle Datenbankserver: Eine Schwachstelle ermöglicht die vollständige Kompromittierung der Software ∗∗∗ --------------------------------------------- [...] Die Schwachstelle betrifft auch Oracle Database 12.1.0.2 für Windows und jede Version der Software auf Linux- und Unix-Systemen. Die Patches für diese Systeme wurden bereits mit dem letzten Oracle Critical Patch Update im Juli 2018 ausgeliefert. Anwender, die bisher keine Patches eingespielt haben, sollten dies unverzüglich nachholen. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1581/ http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-503… ∗∗∗ 2018-1582: NextCloud: Zwei Schwachstellen ermöglichen Stored Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- Zwei Schwachstellen in Nextcloud Server sowie Nextcloud Talk ermöglichen einem entfernten, einfach authentisierten Angreifer die Durchführung von Stored Cross-Site-Scripting (XSS)-Angriffen. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1582/ https://nextcloud.com/security/advisory/?id=NC-SA-2018-008 https://nextcloud.com/security/advisory/?id=NC-SA-2018-009 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (blender, openjdk-8, postgresql-9.6, and sam2p), Fedora (libmspack, mingw-glib2, mingw-glibmm24, and rsyslog), Mageia (blender, glpi, godot, kernel, lftp, libjpeg, libsndfile, libsoup, mariadb, mp3gain, openvpn, and soundtouch), openSUSE (cgit, libvirt, mailman, NetworkManager-vpnc, and sddm), Slackware (bind), and SUSE (ffmpeg, glibc, and libvirt). --------------------------------------------- https://lwn.net/Articles/762502/ ∗∗∗ 2018-08-10: Vulnerability in eSOMS LDAP Integration ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821… ∗∗∗ IBM Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719481 ∗∗∗ HPESBST03861 rev.1 - HPE 3PAR Service Processor (SP), Multiple Local and Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03870 rev.1 - HPE 3PAR Service Processor (SP), Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03858 rev.1 - HPE OfficeConnect 1810 Switch Series Local Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.08.2018
by Daily end-of-shift report 10 Aug '18

10 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-08-2018 18:00 − Freitag 10-08-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Neue Macs können beim ersten Kontakt mit WLAN gehackt werden ∗∗∗ --------------------------------------------- Betroffen sind Firmenkunden von Apple. Die Schwachstelle wurde auf der Black Hat Konferenz präsentiert. --------------------------------------------- https://futurezone.at/digital-life/neue-macs-koennen-beim-ersten-kontakt-mi… ∗∗∗ The 10 Best Practices for Identifying and Mitigating Phishing ∗∗∗ --------------------------------------------- Phishing (a form of social engineering) is escalating in both frequency and sophistication; consequently, it is even more challenging to defend against cyber-related attacks. These days, any industry, any workplace, any work role can be targeted by a phishing scam that is spreading beyond simple malicious email attachments and link manipulation techniques (i.e., phishers may [...] --------------------------------------------- https://resources.infosecinstitute.com/the-10-best-practices-for-identifyin… ∗∗∗ Practical Web Cache Poisoning ∗∗∗ --------------------------------------------- Web cache poisoning has long been an elusive vulnerability, a theoretical threat used mostly to scare developers into obediently patching issues that nobody could actually exploit. In this paper Ill show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage. --------------------------------------------- https://portswigger.net/blog/practical-web-cache-poisoning ∗∗∗ VIA C3: "God Mode"-Sicherheitslücke in Prozessoren entdeckt ∗∗∗ --------------------------------------------- Ein IT-Experte hat einen schwerwiegenden Bug in alten CPUs von VIA Technologies aufgespürt und auch gleich eine Gegenmaßnahme programmiert. --------------------------------------------- http://heise.de/-4133425 ∗∗∗ Vulnerabilities in mPOS devices could lead to fraud and theft ∗∗∗ --------------------------------------------- Vulnerabilities in mPOS (mobile point-of-sale) machines could allow malicious merchants to defraud customers and attackers to steal payment card data, Positive Technologies researchers have found. The use of mPOS devices has seen huge growth over the last few years as the barriers to entry to be provided a device and start accepting card payments are effectively zero. --------------------------------------------- https://www.helpnetsecurity.com/2018/08/10/mpos-vulnerabilities/ ∗∗∗ Nicht bei shop-and-smile.com einkaufen ∗∗∗ --------------------------------------------- Auf shop-and-smile.com finden Konsument/innen Elektroartikel. Die angebotenen Produkte sind gebraucht und nicht neu. Das ist im Rahmen eines Einkaufs nicht offensichtlich. Eine Bezahlung der Ware ist entgegen anderer Aussagen nur im Voraus möglich. Die Watchlist Internet rät von einem Einkauf bei shop-and-smile.com ab. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bei-shop-and-smilecom-einkaufe… ===================== = Vulnerabilities = ===================== ∗∗∗ Crestron TSW-X60 and MC3 ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for OS command injection, improper access control, and insufficiently protected credentials vulnerabilities in Crestrons TSW-X60 and MC3 devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 ∗∗∗ NetComm Wireless 4G LTE Light Industrial M2M Router ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for information exposure, cross-site forgery, cross-site scripting, and information exposure through directory listing vulnerabilities in NetComm Wireless 4G LTE Light Industrial M2M Router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02 ∗∗∗ PostgreSQL 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24, and 11 Beta 3 Released! ∗∗∗ --------------------------------------------- Two security vulnerabilities have been closed by this release: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses CVE-2018-10925: Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE --------------------------------------------- https://www.postgresql.org/about/news/1878/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (exiv2, kernel-headers, kernel-tools, libgit2, and thunderbird-enigmail), openSUSE (blueman, cups, gdk-pixbuf, libcdio, libraw, libsoup, libtirpc, mysql-community-server, python-mitmproxy, sssd, and virtualbox), Red Hat (cobbler), SUSE (ceph, firefox, NetworkManager-vpnc, openssh, and wireshark), and Ubuntu (openjdk-7 and openjdk-8). --------------------------------------------- https://lwn.net/Articles/762337/ ∗∗∗ wpa_supplicant: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1564/ ∗∗∗ Red Hat Certification: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1571/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10720235 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718367 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-2633, CVE-2018-2603, CVE-2018-2579, CVE-2018-2602, CVE-2018-2794, & CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717207 ∗∗∗ IBM Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718373 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717211 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012479 ∗∗∗ IBM Security Bulletin: A security vulnerability in IBM Rational ClearQuest with SSL/TLS communications (CVE-2016-2922) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718377 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.08.2018
by Daily end-of-shift report 09 Aug '18

09 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-08-2018 18:00 − Donnerstag 09-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Warnung vor Bewerbung bei webex-solutions.at ∗∗∗ --------------------------------------------- Webex Solutions ist eine betrügerische Scheinfirma. Sie sucht Mitarbeiter/innen. Auf ihrer Website webex-solutions.at fragt sie persönliche Daten von Interessent/innen ab. In Wahrheit gibt es keine zu besetzende Stelle. Kriminelle nutzen die Angaben ihrer Opfer, damit sie mit diesen ein Konto eröffnen und darüber Geldwäscherei betreiben können. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-bewerbung-bei-webex-solu… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-29) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-29) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, August 14, 2018. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1591 ∗∗∗ [Drupal] PHP Configuration - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-055 ∗∗∗ --------------------------------------------- This module enables you to add or overwrite PHP configuration on a drupal website. The module doesnt sufficiently allow access to set these configurations, leading to arbitrary PHP configuration execution by an attacker.This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer phpconfig". --------------------------------------------- https://www.drupal.org/sa-contrib-2018-055 ∗∗∗ RSYSLOG: Eine Schwachstelle ermöglicht u. a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle in RSYSLOG ausnutzen, um einen Denial-of-Service (DoS)-Angriff durchzuführen oder möglicherweise auch beliebigen Programmcode zur Ausführung zu bringen. Der Hersteller hat RSYSLOG 8.37.0 (v8-stable) zur Verfügung gestellt. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1558/ https://www.adiscon.com/news/news-release/rsyslog-8-37-0-v8-stable-released/ ∗∗∗ Vulnerabilities in multiple third party TYPO3 CMS extensions ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: * "Heise Shariff" (rx_shariff) * "Register to tt_address" (registeraddress) * "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3) * "Powermail" (powermail) * "AWS SDK for PHP" (aws_sdk_php) * "Front End User Registration" (sr_feuser_register) * "Amazon Web Services SDK " (aws_sdk) * "Frontend Treeview" (mh_treeview) * "TemplaVoilà! Plus" (templavoilaplus) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2018/000429.html ∗∗∗ Black Hat: Windows-10-Assistent Cortana reißt Sicherheitslücken auf ∗∗∗ --------------------------------------------- Auf der Black Hat in Las Vegas haben Forscher mehrere Lücken in Cortana aufgedeckt. So lässt sich zum Beispiel Schadcode über den Sprachassistenten ausführen. --------------------------------------------- http://heise.de/-4132425 ∗∗∗ BIND deny-answer-aliases Bug Lets Remote Users Cause the Target named Service to Crash ∗∗∗ --------------------------------------------- A remote user can trigger an INSIST assertion failure in 'name.c', causing the 'named' service to stop processing. Systems that use the "deny-answer-aliases" feature are affected. --------------------------------------------- http://www.securitytracker.com/id/1041436 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel, linux-hardened, linux-lts, and linux-zen), Debian (kamailio and wpa), Fedora (kernel-headers, kernel-tools, moodle, and vim-syntastic), and openSUSE (clamav, enigmail, and java-11-openjdk). --------------------------------------------- https://lwn.net/Articles/762205/ ∗∗∗ IBM Security Bulletin: IBM UrbanCode Deploy diagnostics files may contain confidential data (CVE-2017-1286) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg2C1000377 ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-1333 and CVE-2018-8011 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720141 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719933 ∗∗∗ IBM Security Bulletin: Plugins can be uploaded to IBM UrbanCode Deploy without Authentication (CVE-2017-1749) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg2C1000374 ∗∗∗ HPESBHF03805 rev.23 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.08.2018
by Daily end-of-shift report 08 Aug '18

08 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-08-2018 18:00 − Mittwoch 08-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Update Mechanism Flaws Allow Remote Attacks on UEFI Firmware ∗∗∗ --------------------------------------------- The glitch stems from a functionality intended to allow updates to the UEFI firmware. --------------------------------------------- https://threatpost.com/update-mechanism-flaws-allow-remote-attacks-on-uefi-… ∗∗∗ Cookie Consent Script Used to Distribute Malware ∗∗∗ --------------------------------------------- Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU General Data Protection Regulation (GDPR). Even though cookie usage is mentioned only once in GDPR, any organization utilizing them to track users' browsing activity have had to add a warning about how they are using them and ask for the user consent. --------------------------------------------- https://blog.sucuri.net/2018/08/cookie-consent-script-used-to-distribute-ma… ∗∗∗ IT-Grundschutz: Neuer Online-Kurs veröffentlicht ∗∗∗ --------------------------------------------- Ein neues Online-Angebot für den modernisierten IT-Grundschutz erleichtert Anwendern den Einstieg in die Umsetzung der IT-Grundschutz-Methodik. Basierend auf dem IT-Grundschutz-Kompendium und den BSI-Standards 200-1,-2 und -3 führt die vom Bundesamt für Sicherheit in der Informationstechnik (BSI) entwickelte und veröffentlichte Web-Schulung die Anwender in unterschiedlichen Lektionen durch die IT-Grundschutz-Vorgehensweise. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/IT-Grundsch… ∗∗∗ PayPal-Betrug mit eigener E-Mailadrese ∗∗∗ --------------------------------------------- Konsument/innen erhalten von PayPal eine Benachrichtigung darüber, dass sie ihre E-Mailadresse für die Eröffnung eines Kontos bestätigen sollen. Das Konto haben Kriminelle eröffnet. Sie kaufen mit der fremden E-Mailadresse und erfundenen Daten ein. Die Rechnungen und Mahnungen dafür erhalten die Opfer. Diese müssen die offenen PayPal-Forderungen nicht bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/paypal-betrug-mit-eigener-e-mailadre… ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic MyCareLink 24950 Patient Monitor ∗∗∗ --------------------------------------------- This medical device advisory includes mitigation recommendations for insufficient verification of data authenticity and storing passwords in a recoverable format vulnerabilities in the Medtronic MyCareLink 24950 Patient Monitor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01 ∗∗∗ Medtronic MiniMed 508 Insulin Pump ∗∗∗ --------------------------------------------- This medical device advisory includes mitigation recommendations for cleartext transmission of sensitive information and authentication bypass by capture-replay vulnerabilities in the Medtronic MiniMed 508 Insulin Pump. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 ∗∗∗ Delta Electronics CNCSoft and ScreenEditor ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics CNCSoft and ScreenEditor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 ∗∗∗ What Do I Need To Know about "SegmentSmack", (Wed, Aug 8th) ∗∗∗ --------------------------------------------- "SegmentSmack" is yet another branded vulnerability, also known as CVE-2018-5390. It hit the "news" yesterday. Succesful exploitation may lead to a denial of service against a targeted system. At this point, not a lot is known about this vulnerability. But here are some highlights: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/What+Do+I+Need+To+Know+about+SegmentSmack… ∗∗∗ HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution ∗∗∗ --------------------------------------------- Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. --------------------------------------------- https://support.hp.com/us-en/document/c06097712 ∗∗∗ Android Security Bulletin - August 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-08-05 or later address all of these issues. [...] The most severe of these issues is a critical vulnerability that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-08-01 ∗∗∗ 2018-08 Out of Cycle Security Bulletin: Junos platforms vulnerable to SegmentSmack attack [VU#962459] ∗∗∗ --------------------------------------------- [...] Crafted sequences of TCP/IP packets may allow a remote attacker to create a denial of service (DoS) condition on routing engines (REs) running Junos OS. The attack requires a successfully established two-way TCP connection to an open port. The rate of attack traffic is lower than typical thresholds for built-in Junos OS distributed denial-of-service (DDoS) protection, so additional configuration is required to defend against these issues on affected platforms. --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10876 ∗∗∗ VMSA-2018-0019 ∗∗∗ --------------------------------------------- Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0019.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Fedora (ceph, exiv2, myrepos, and seamonkey), openSUSE (libofx and znc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (clamav, kernel, and rubygem-sprockets-2_12), and Ubuntu (gnupg, lftp, libxcursor, linux-hwe, linux-azure, linux-gcp, linux-raspi2, and lxc). --------------------------------------------- https://lwn.net/Articles/762022/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (slurm-llnl), Fedora (libmspack), openSUSE (cups, kernel, kernel-firmware, libcgroup, and ovmf), Oracle (kernel), and SUSE (cups, enigmail, libcdio, and pidgin). --------------------------------------------- https://lwn.net/Articles/762098/ ∗∗∗ eDirectory 9.1.1 Hot Patch 1 ∗∗∗ --------------------------------------------- https://download.novell.com/Download?buildid=vP3nS-Hctkk~ ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM® SDK for Node.js™ affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011860 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718421 ∗∗∗ HPESBHF03850 rev.3 - HPE ProLiant, Synergy, and Moonshot Systems: Local Disclosure of Information, CVE-2018-3639 – Speculative Store Bypass and CVE-2018-3640 – Rogue System Register Read ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0006.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2018
by Daily end-of-shift report 07 Aug '18

07 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Montag 06-08-2018 18:00 − Dienstag 07-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Lets Encrypt Is Now Officially Trusted by All Major Root Certificates ∗∗∗ --------------------------------------------- Lets Encrypt announced yesterday that they are now directly trusted by all major root certificates including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Lets Encrypt is now directly trusted by all major browsers and operating systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lets-encrypt-is-now-official… ∗∗∗ DoS-Schwachstelle im Kernel - keine Panik! ∗∗∗ --------------------------------------------- In der Nacht auf heute wurde eine Schwachstelle im Linux Kernel bekannt, die einen DoS-Angriff durch spezielle TCP-Pakete ermöglicht ... Auf den ersten Blick klingt das hochkritisch und stellt eine enorme Gefahr für Unternehmen dar, die Webauftritte und Mailserver auf Linux-Servern betreiben. Auf den zweiten Blick gibt es jedoch einige wichtige Einschränkungen, die das Risiko minimieren. --------------------------------------------- https://www.cert.at/services/blog/20180807131134-2285.html ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple vulnerabilities in multiple I-O DATA network camera products ∗∗∗ --------------------------------------------- Overview: Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities. Products Affected: TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier --------------------------------------------- https://jvn.jp/en/jp/JVN83701666/ ∗∗∗ FreeBSD: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann die Schwachstelle durch den Versand von TCP-Paketen an ein betroffenes System ausnutzen und einen Denial-of-Service (DoS)-Zustand bewirken. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1548/ ∗∗∗ [openssl-announce] Forthcoming OpenSSL releases ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0i and 1.0.2p. These releases will be made available on 14th August 2018 between approximately 1200-1600 UTC. These are bug-fix releases. They also contain the fixes for two LOW severity security issues (CVE-2018-0732 and CVE-2018-0737) --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2018-August/000129.html ∗∗∗ Android Patchday: Monatliches Update beseitigt zahlreiche Schwachstellen ∗∗∗ --------------------------------------------- Wie bereits im Vormonat hat Google auch beim aktuellen Patchday durchweg Sicherheitslücken mit hohem bis kritischem Schweregrad beseitigt. --------------------------------------------- http://heise.de/-4130865 ∗∗∗ Manueller Umstieg nötig: Mozilla Thunderbird 60 mit wichtigen Security-Updates ∗∗∗ --------------------------------------------- Sieht schöner aus – und ist obendrein sicherer: Thunderbird-User sollten auf Version 60 umsteigen. Dazu ist ein manuelles Update erforderlich. --------------------------------------------- http://heise.de/-4131114 ∗∗∗ IBM Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via https-proxy-agent/newrelic(a)3.1.0 (CVE-2018-3739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718999 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717301 ∗∗∗ IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in Brocade Fabric OS (CVE-2017-6225 CVE-2017-6227) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720085 ∗∗∗ JSA10876 - 2018-08 Out of Cycle Security Bulletin: Junos platforms vulnerable to SegmentSmack attack [VU#962459] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10876&actp=RSS ∗∗∗ SSA-179516 (Last Update: 2018-08-07): OpenSSL Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf ∗∗∗ SSA-979106 (Last Update: 2018-08-07): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf ∗∗∗ SSA-920962 (Last Update: 2018-08-07): Vulnerabilities in Automation License Manager ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf ∗∗∗ HPESBHF03835 rev.1 - HPE Integrated Lights-Out 3, 4, 5 (iLO 3, 4, 5), Moonshot Chassis Manager, and Moonshot Component Pack, Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily