- Daily - CERT.at

Tageszusammenfassung - 25.05.2018
by Daily end-of-shift report 25 May '18

25 May '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-05-2018 18:00 − Freitag 25-05-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Z-Shave Attack Could Impact Over 100 Million IoT Devices ∗∗∗ --------------------------------------------- The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/z-shave-attack-could-impact-… ∗∗∗ Electron: Was es mit dem Patch des Patches auf sich hat... ∗∗∗ --------------------------------------------- Die Entwickler von Electron haben in der vorigen Woche einen Patch für den Januar-Patch ihres Cross-Plattform-Frameworks zur Erstellung von Desktop-Apps veröffentlicht. Ein Sicherheitsforscher von Doyensec erläuterte nun, warum das notwendig war. --------------------------------------------- https://www.heise.de/-4058755 ∗∗∗ Gefälschter Überweisungsauftrag für Vereins-Kassier/innen ∗∗∗ --------------------------------------------- Vereins-Kassier/innen erhalten eine angebliche Benachrichtigung ihrer Obfrau oder ihres Obmanns, in der es heißt, dass der Verein dringend Geld ins Ausland überweisen müsse. Kommen sie der Aufforderung nach, verliert der Verein Geld, denn das Schreiben stammt von Kriminellen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschter-ueberweisungsauftrag-fu… ===================== = Vulnerabilities = ===================== ∗∗∗ VU#338343: strongSwan VPN charon server vulnerable to buffer underflow ∗∗∗ --------------------------------------------- [...] strongSwan VPNs charon server prior to version 5.6.3 does not check packet length and may allow buffer underflow, resulting in denial of service. --------------------------------------------- http://www.kb.cert.org/vuls/id/338343 ∗∗∗ BeaconMedaes TotalAlert Scroll Medical Air Systems ∗∗∗ --------------------------------------------- This medical device advisory includes mitigations for improper access controls, insufficiently protected credentials, and unprotected storage of credentials vulnerabilities in the BeaconMedaes TotalAlert Scroll Medical Air Systems web application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01 ∗∗∗ Schneider Electric Floating License Manager ∗∗∗ --------------------------------------------- This advisory includes mitigations for heap-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and open redirect vulnerabilities in the Schneider Electric Floating License Manager. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, libofx, and thunderbird), Debian (thunderbird, xdg-utils, and xen), Fedora (procps-ng), Mageia (gnupg2, mbedtls, pdns, and pdns-recursor), openSUSE (bash, GraphicsMagick, icu, and kernel), Oracle (thunderbird), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and thunderbird), Scientific Linux (thunderbird), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/755667/ ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Application Error vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016515 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Incorrect Permission Assignment for Critical Resource vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016132 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Query Parameter in SSL Request vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016131 ∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by a vulnerability in Apache CXF (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014053 ∗∗∗ IBM Security Bulletin: Open Source Apache CXF Vulnerabilities affects IBM Spectrum LSF Explorer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027368 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016607 ∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity is affected by an OpenSSL vulnerabilitiy (CVE-2018-0739) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015614 ∗∗∗ IBM Security Bulletin: IBM FileNet Image Services is affected by GSKit and GSKit-Crypto vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014741 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2017-1788 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014729 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016512 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Session Identifier Not Updated vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016513 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.05.2018
by Daily end-of-shift report 24 May '18

24 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-05-2018 18:00 − Donnerstag 24-05-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Patches XXE Vulnerability In Software ∗∗∗ --------------------------------------------- Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data. --------------------------------------------- https://threatpost.com/schneider-electric-patches-xxe-vulnerability-in-plcs… ∗∗∗ Bugtraq: [security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). References: CVE-2018-6495 - Corss-Site Scripting (XSS) --------------------------------------------- http://www.securityfocus.com/archive/1/542037 ∗∗∗ Vuln: Apache Batik CVE-2018-8013 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Apache Batik is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Batik 1.9.1 and prior versions are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/104252 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick), Fedora (curl, glibc, kernel, and thunderbird-enigmail), openSUSE (enigmail, knot, and python), Oracle (procps-ng), Red Hat (librelp, procps-ng, redhat-virtualization-host, rhev-hypervisor7, and unboundid-ldapsdk), Scientific Linux (procps-ng), SUSE (bash, ceph, icu, kvm, and qemu), and Ubuntu (procps and spice, spice-protocol). --------------------------------------------- https://lwn.net/Articles/755540/ ∗∗∗ IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022433&myns=ibmi&mynp=O… ∗∗∗ IBM Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027700 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099807 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099806 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect db2exmig and db2exfmt tools shipped with IBM® Db2® (CVE-2018-1544, CVE-2018-1565) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016143 ∗∗∗ IBM Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® Db2® (CVE-2018-1515). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016140 ∗∗∗ IBM Security Bulletin: Buffer overflow in IBM® Db2® tool db2licm (CVE-2018-1488). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016141 ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to buffer overflow (CVE-2018-1459). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016142 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016181 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015656 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016278 ∗∗∗ IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by OpenSLP vulnerability (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099809 ∗∗∗ IBM Security Bulletin: IBM Chassis Management Module (CMM) is affected by OpenSLP vulnerability (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099808 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016282 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.05.2018
by Daily end-of-shift report 23 May '18

23 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-05-2018 18:00 − Mittwoch 23-05-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Backdoor Account Found in D-Link DIR-620 Routers ∗∗∗ --------------------------------------------- Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet. --------------------------------------------- https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-… ∗∗∗ Six Vulnerabilities Found in Dell EMC's Disaster Recovery System, One Critical ∗∗∗ --------------------------------------------- A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise. --------------------------------------------- https://threatpost.com/six-vulnerabilities-found-in-dell-emcs-disaster-reco… ∗∗∗ VPNFilter – is a malware timebomb lurking on your router? ∗∗∗ --------------------------------------------- A Cisco paper reports on zombie malware that has apparently infected more than 500,000 home routers. --------------------------------------------- https://nakedsecurity.sophos.com/2018/05/23/vpnfilter-is-a-malware-timebomb… ∗∗∗ An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners ∗∗∗ --------------------------------------------- As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the ease of mining at the expense of system administrators, website owners, and their visitors. Another Way Hackers are Tricking Website Visitors into Stealth Cryptomining [...] --------------------------------------------- https://blog.sucuri.net/2018/05/cryptomining-through-disguised-url-shortene… ∗∗∗ CPU-Sicherheitslücken Spectre-NG: Updates und Info-Links ∗∗∗ --------------------------------------------- Hersteller von Hardware, Betriebssystemen und Software stellen Webseiten mit Informationen und Sicherheitsupdates für die neuen Spectre-Lücken Spectre V3a und Spectre V4 bereit: Ein Überblick. --------------------------------------------- https://www.heise.de/ct/artikel/CPU-Sicherheitsluecken-Spectre-NG-Updates-u… ∗∗∗ Angreifer könnten aktuelle BMW-Modelle über Mobilfunk kapern ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Sicherheitslücken im Infotainment-System von verschiedenen BMW-Modellen ausgenutzt und so die Kontrolle übernommen. Ein Angriff aus der Ferne ist aber ziemlich aufwendig. --------------------------------------------- https://www.heise.de/security/meldung/Angreifer-koennten-aktuelle-BMW-Model… ∗∗∗ Efail: Welche E-Mail-Clients sind wie sicher? ∗∗∗ --------------------------------------------- Nach Veröffentlichung der Efail-Lücken in PGP und S/MIME herrscht unter Anwendern, die ihre E-Mails verschlüsseln viel Verunsicherung. Wir haben uns im Detail angeschaut, welche E-Mail-Programme bisher wie abgesichert wurden. --------------------------------------------- https://www.heise.de/security/meldung/Efail-Welche-E-Mail-Clients-sind-wie-… ∗∗∗ Angebliche Lilihill DevCon GmbH versendet Schadsoftware ∗∗∗ --------------------------------------------- Betrüger versenden als angebliche Lilihill DevCon GmbH massenhaft Schadsoftware an Unternehmen. EmpfängerInnen finden eine E-Mail von sales(a)european-gmbh.pw mit dem Betreff "AW: Zahlung – EWT" in ihrem Posteingang. Darin werden Betroffene dazu aufgefordert eine ZIP-Datei aus dem Anhang der Mail zu öffnen. Doch Vorsicht! Die Datei enthält Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/angebliche-lilihill-devcon-gmbh-vers… ===================== = Vulnerabilities = ===================== ∗∗∗ VMware Workstation und Fusion: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Die Virtualisierungssoftware von VMware ermöglicht die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/05/warn… ∗∗∗ [20180505] - Core - XSS Vulnerabilities & additional hardening ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Versions: 3.0.0 through 3.8.7 --------------------------------------------- https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerab… ∗∗∗ Synology-SA-18:25 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_25 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Debian (procps), Fedora (curl, mariadb, and procps-ng), Gentoo (samba, shadow, and virtualbox), openSUSE (opencv, openjpeg2, pdns, qemu, and wget), Oracle (java-1.8.0-openjdk and kernel), Red Hat (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, redhat-virtualization-host, and vdsm), Scientific Linux (java-1.7.0-openjdk, [...] --------------------------------------------- https://lwn.net/Articles/755386/ ∗∗∗ Vuln: Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104239 ∗∗∗ Security Advisory - Three JSON Injection Vulnerabilities in Huawei Some Products ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ Security Advisory - Information Exposure Vulnerability in Some Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ Security Advisory - Numeric Errors Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Netezza Firmware Diagnostics. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012498 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015655 ∗∗∗ IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15706) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012273 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012293 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012274 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential spoofing attack in IBM WebSphere Application Server vulnerability (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016546 ∗∗∗ IBM Security Bulletin: Multiple Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15275, CVE-2017-14746 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012289 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential denial of service used by IBM WebSphere Application Server vulnerability (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016545 ∗∗∗ IBM Security Bulletin: Authenticated Users in IBM UrbanCode Deploy can Obtain Secure Properties (CVE-2017-1752) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000376 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016488 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2018
by Daily end-of-shift report 22 May '18

22 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-05-2018 18:00 − Dienstag 22-05-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitsupdates: Attacken auf DrayTek-Router ∗∗∗ --------------------------------------------- Unbekannte Angreifer haben es derzeit auf verschiedene Router von DrayTek abgesehen. Ist ein Übergriff erfolgreich, verbiegen sie die DNS-Einstellungen. --------------------------------------------- https://heise.de/-4053059 ===================== = Vulnerabilities = ===================== ∗∗∗ VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks ∗∗∗ --------------------------------------------- CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Also known as "Variant 4" or "SpectreNG". --------------------------------------------- http://www.kb.cert.org/vuls/id/180049 ∗∗∗ Firewall information leak to regular SSL VPN web portal users ∗∗∗ --------------------------------------------- A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically crafted URLs. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-17-231 ∗∗∗ Xen Security Advisory CVE-2018-3639 / XSA-263 ∗∗∗ --------------------------------------------- However, in most configurations, within-guest information leak is possible. Mitigation for this generally depends on guest changes (for which you must consult your OS vendor) *and* on hypervisor support, provided in this advisory. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-263.html ∗∗∗ HPSBHF02981 rev.3 - HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC. The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information. --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/755076/ ∗∗∗ Security vulnerabilities fixed in Thunderbird 52.8 ∗∗∗ --------------------------------------------- * CVE-2018-5183: Backport critical security fixes in Skia * CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack * CVE-2018-5154: Use-after-free with SVG animations and clip paths * CVE-2018-5155: Use-after-free with SVG animations and text paths ... --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ ∗∗∗ Security Notice -Statement on the Side-Channel Vulnerability Variants 3a and 4 ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-notices/2018/huawei… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2017/hua… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027633 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21974627 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012415 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016122 ∗∗∗ IBM Security Bulletin: Atlas eDiscovery Process Management is affected by Apache Open Source Commons FileUpload Vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014477 ∗∗∗ IBM Security Bulletin: Open Source Commons FileUpload Apache Vulnerabilities (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016234 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects the IBM Performance Management product (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015310 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012317 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016185 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012291 ∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012292 ∗∗∗ Java Bouncy Castle vulnerability CVE-2015-7940 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10105323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.05.2018
by Daily end-of-shift report 18 May '18

18 May '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-05-2018 18:00 − Freitag 18-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DrayTek Router Zero-Day Under Attack ∗∗∗ --------------------------------------------- DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/draytek-router-zero-day-unde… ∗∗∗ Business Email Compromise incidents, (Fri, May 18th) ∗∗∗ --------------------------------------------- Over the past 12 months we have seen a sharp increase in the number of incidents relating to the compromise of business emails. Often O365, but also some Gmail and on premise systems with webmail access. --------------------------------------------- https://isc.sans.edu/diary/rss/23669 ∗∗∗ MEWKit phishing campaign steals MyEtherWallet credentials to perform automated fund transfers ∗∗∗ --------------------------------------------- The cybercriminals who last April executed a man-in-the-middle attack on a Amazon DNS server to steal $152,000 in Ethereum cryptocurrency from MyEtherWallet.com pulled off their heist using a newly discovered phishing kit that includes an automated transfer system (ATS) malware component. --------------------------------------------- https://www.scmagazine.com/mewkit-phishing-campaign-steals-myetherwallet-cr… ∗∗∗ WordPress 4.9.6 Privacy and Maintenance Release ∗∗∗ --------------------------------------------- WordPress 4.9.6 is now available. This is a privacy and maintenance release. We encourage you to update your sites to take advantage of the new privacy features. --------------------------------------------- https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-… ∗∗∗ Spectre-NG: Patches für Pfingstmontag erwartet ∗∗∗ --------------------------------------------- Achtung bei der Urlaubsplanung: Intel bereitet für den 21. Mai Updates gegen die ersten Spectre-Next-Generation-Lücken vor. Parallel dazu wird es dazu dann wohl auch endlich konkrete Informationen zu den Lücken geben. --------------------------------------------- https://www.heise.de/-4051247 ∗∗∗ Updates fixen böses Loch in Signals Desktop-App ∗∗∗ --------------------------------------------- Mit einfachen Nachrichten konnte ein Angreifer HTML-Code in die Desktop-App des verschlüsselnden Messengers einschleusen und damit sogar alle Nachrichten seines Opfers auslesen. Die aktuelle Version 1.11 beseitigt diese Lücken. --------------------------------------------- https://www.heise.de/-4052040 ∗∗∗ WhatsApp wird nicht kostenpflichtig ∗∗∗ --------------------------------------------- Aktuell kursiert auf WhatsApp die Nachricht, dass der Messenger-Dienst in Zukunft kostenpflichtig werde. Die angeblichen Kosten dafür können Nutzer/innen vermeiden, wenn sie den Hinweis darüber an zehn ihrer Kontakte weiterleiten. Diese Behauptungen sind falsch, denn bei dem Schreiben handelt es sich um einen erfundenen Kettenbrief. Er kann bedenkenlos gelöscht werden. --------------------------------------------- https://www.watchlist-internet.at/news/whatsapp-wird-nicht-kostenpflichtig/ ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic NVision Clinician Programmer ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for a missing encryption of sensitive data vulnerability in Medtronics NVision Clinician Programmer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01 ∗∗∗ GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi industrial Internet controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01 ∗∗∗ PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for command injection, information exposure, and stack-based buffer overflow vulnerabilities in the PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02 ∗∗∗ Delta Electronics Delta Industrial Automation TPEditor ∗∗∗ --------------------------------------------- This advisory includes mitigations for a heap-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation TPEditor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04 ∗∗∗ Client for Open Enterprise Server 2 SP4 (IR8a) ∗∗∗ --------------------------------------------- Abstract: This is interim release (IR8a) of Client for Open Enterprise Server 2 SP4 (formerly "Novell Client 2 SP4 for Windows"). It includes fixes for problems found after Client for Open Enterprise Server 2 SP4 was released. It also includes support for Microsoft Windows Server 2016. --------------------------------------------- https://download.novell.com/Download?buildid=wdhtRhxCLdg~ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl and zathura-pdf-mupdf), Debian (libmad and vlc), openSUSE (enigmail), Red Hat (collectd, Red Hat OpenStack Platform director, and sensu), and SUSE (firefox, ghostscript, and mysql). --------------------------------------------- https://lwn.net/Articles/754854/ ∗∗∗ Red Hat JBoss Enterprise Application Platform: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0955/ ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a privilege escalation vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016465 ∗∗∗ IBM Security Bulletin: IBM BigFix Platform is affected by multiple vulnerabities (CVE-2017-3735, CVE-2017-1000100, CVE-2017-1000254) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011879 Next End-of-Day report: 2018-05-22 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.05.2018
by Daily end-of-shift report 17 May '18

17 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-05-2018 18:00 − Donnerstag 17-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Oh, great, now theres a SECOND remote Rowhammer exploit ∗∗∗ --------------------------------------------- Send enough crafted packets to a NIC to put nasties into RAM, then the fun really starts Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/17/nethammer_s… ∗∗∗ The Rowhammer: the Evolution of a Dangerous Attack ∗∗∗ --------------------------------------------- The Rowhammer Attack Back in 2015, security researchers at Google's Project Zero team demonstrated how to hijack an Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips. The attack technique devised by the experts was dubbed "Rowhammer" [...] --------------------------------------------- http://resources.infosecinstitute.com/rowhammer-evolution-dangerous-attack-… ∗∗∗ TeleGrab - Grizzly Attacks on Secure Messaging ∗∗∗ --------------------------------------------- This post was written by Vitor Ventura with contributions from Azim KhodjibaevIntroductionOver the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. This malware was first seen on April 4, 2018, with a second variant emerging on April 10. --------------------------------------------- https://blog.talosintelligence.com/2018/05/telegrab.html ∗∗∗ Mahnungen über 479,16 Euro der DEBTSOLUTIONS LTD ignorieren! ∗∗∗ --------------------------------------------- Betroffene Internetnutzer/innen finden eine angebliche letzte Zahlungsaufforderung vor einem Mahnverfahren von der Debtsolutions LTD in Ihrem Posteingang. Als Begründung wird genannt, dass eine betrügerische Rechnung der MOVIES DARLING LTD nicht bezahlt wurde. Aus diesem Grund sollen die Empfänger/innen 479,16 Euro an die Debtsolutions LTD überweisen. Doch Vorsicht! Auch dieses Schreiben ist betrügerisch und der Geldbetrag sollte auf keinen Fall bezahlt werden. --------------------------------------------- https://www.watchlist-internet.at/news/mahnungen-ueber-47916-euro-der-debts… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Cisco vergisst mal wieder Standard-Passwort in Netzwerk-Software ∗∗∗ --------------------------------------------- Cisco hat wichtige Patches veröffentlicht und stopft damit Sicherheitslücken in seinem Produktportfolio. Drei Lücken gelten als äußerst kritisch. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Cisco-vergisst-mal-wieder-S… ∗∗∗ SECURITY BULLETIN: Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Trend Micro has released a new critical patch (CP) for Trend Micro Endpoint Application Control 2.0 SP1. This CP resolves a FileDrop directory traversal remote code execution (RCE) vulnerability. --------------------------------------------- https://success.trendmicro.com/solution/1119811 ∗∗∗ [R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- Industrial Security leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. --------------------------------------------- https://www.tenable.com/security/tns-2018-06 ∗∗∗ [R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. --------------------------------------------- https://www.tenable.com/security/tns-2018-07 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (runc), Debian (curl), Fedora (xdg-utils), Mageia (firefox), openSUSE (libreoffice, librsvg, and php5), Slackware (curl and php), SUSE (curl, firefox, kernel, kvm, libapr1, libvorbis, and memcached), and Ubuntu (curl, dpdk, php5, and qemu). --------------------------------------------- https://lwn.net/Articles/754773/ ∗∗∗ Vuln: Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104164 ∗∗∗ Vuln: Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104163 ∗∗∗ 2018-05-15: Vulnerability in Welcome IP-Gateway - Command Injection, Missing Session Management, Clear Text Passwords in Cookies ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=ABB-VU-EPBP-R-2505&L… ∗∗∗ FortiWeb Recursive URL Decoding is not enabled by default ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-058 ∗∗∗ FortiOS SSL Deep-Inspection badssl.com Compliance ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-17-160 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Linux Kernel affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099805 ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099804 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015305 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016198 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015347 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016159 ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014553 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016029 ∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000380 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.05.2018
by Daily end-of-shift report 16 May '18

16 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-05-2018 18:00 − Mittwoch 16-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers ∗∗∗ --------------------------------------------- An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when theyve uploaded a weaponized PDF file to a public malware scanning engine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/shadowy-hackers-accidentally… ∗∗∗ UPnP joins the just turn it off on consumer devices, already club ∗∗∗ --------------------------------------------- Before it amplifies DDoS attacks Universal Plug n Play, that eternal feast of the black-hat, has been identified as helping to amplify denial-of-service attacks. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/16/upnp_amplif… ∗∗∗ CPU-Lücke Spectre V2: Microcode-Updates jetzt unter Windows 10 1803, unter Linux lückenhaft ∗∗∗ --------------------------------------------- Microcode-Updates für Intel-Prozessoren, die unter Windows zum Schutz vor der Sicherheitslücke Spectre V2 nötig sind, kommen nun auch per Windows Update für aktuelle Installationen; bei Linux gibt es aber noch Probleme. --------------------------------------------- https://www.heise.de/-4050379 ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory includes mitigations for numerous vulnerabilities in Advantechs WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 ∗∗∗ Red Hat Addresses DHCP Client Vulnerability ∗∗∗ --------------------------------------------- Original release date: May 16, 2018 Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol (DHCP) client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/05/16/Red-Hat-Addresses-… ∗∗∗ XXE & XSS vulnerabilities in RSA Authentication Manager ∗∗∗ --------------------------------------------- RSA Authentication Manager is affected by several security vulnerabilities which can be exploited by an attacker to read arbitrary files, cause denial of service or attack other users of the web application with JavaScript code, browser exploits or Trojan horses. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/xxe-xss-vulnerabilities-in-r… ∗∗∗ CVE-2018-8176 | Microsoft PowerPoint Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Affected Products: Microsoft Office 2016 for Mac Microsoft recommends that customers running Microsoft Office 2016 for Mac install the update to be protected from this vulnerability. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dhcp), Debian (xen), Fedora (dhcp, flac, kubernetes, leptonica, libgxps, LibRaw, matrix-synapse, mingw-LibRaw, mysql-mmm, patch, seamonkey, webkitgtk4, and xen), Mageia (389-ds-base, exempi, golang, graphite2, libpam4j, libraw, libsndfile, libtiff, perl, quassel, spring-ldap, util-linux, and wget), Oracle (dhcp and kernel), Red Hat (389-ds-base, chromium-browser, dhcp, docker-latest, firefox, kernel-alt, libvirt, qemu-kvm, redhat-vertualization-host, [...] --------------------------------------------- https://lwn.net/Articles/754653/ ∗∗∗ ZDI-18-468: (0Day) Delta Industrial Automation TPEditor TPE File Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-468/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015806 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016091 ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-15698, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015795 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates Jan 2018 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015927 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015591 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2017-16931, CVE-2017-16932) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099803 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by an OPENSSL vulnerability (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015811 ∗∗∗ [R1] Nessus 7.1.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-05 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2799 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33924005 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2018
by Daily end-of-shift report 15 May '18

15 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 14-05-2018 18:00 − Dienstag 15-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Containers are here. What about container security? ∗∗∗ --------------------------------------------- The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19 percent of hybrid cloud production workloads today, but in just two years’ time, containers will make up one-third of hybrid cloud production workloads. (Note: I am an ESG employee.) Container security issuesNot surprisingly, cybersecurity professionals say rapid growth and proliferation of application containers have led to several security issues:35 --------------------------------------------- https://www.csoonline.com/article/3273347/security/containers-are-here-what… ∗∗∗ IDG Contributor Network: Fact vs. fiction: 6 myths about container security ∗∗∗ --------------------------------------------- DevOps, containers and microservices are eating software development just as software is eating the world. But with the explosive growth of these technologies and methodologies, it’s becoming increasingly difficult to separate fact from fiction. This is particularly the case when talking container security. In this article, we take a look specifically at the myths surrounding container security [...] --------------------------------------------- https://www.csoonline.com/article/3272830/containers/fact-vs-fiction-6-myth… ∗∗∗ Code-Injection: Sicherheitslücke in Signals Desktop-Client ∗∗∗ --------------------------------------------- Eine Code-Injection-Lücke in Signals Desktop-Client ermöglicht es, aus der Ferne JavaScript auszuführen. Ein Update für die Electron-App steht bereit. (Signal, Sicherheitslücke) --------------------------------------------- https://www.golem.de/news/code-injection-sicherheitsluecke-in-signals-deskt… ∗∗∗ Warnung vor CryptoCode ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine E-Mail von Bitcoin Austria. Bei dem Schreiben handelt es sich um Werbung für CryptoCode. Ein Link in der Nachricht führt auf cryptocode.online. Auf der Plattform sollen Besucher/innen Geld einzahlen, damit sie jeden Tag "$15.000" verdienen können. Das einbezahlte Geld ist verloren, denn eine Gewinnausschüttung gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-cryptocode/ ∗∗∗ NIS Update ∗∗∗ --------------------------------------------- Am 9. Mai hätte Österreich die NIS-Direktive umgesetzt haben sollen. Das haben wir verpasst. Wir haben noch immer kein NIS-Gesetz, und leider auch noch keinen Entwurf dazu in Begutachtung. Aber: ein Teil der NIS-Thematik (Anbieter digitaler Dienste) fällt unter die Vollharmonisierung und wird daher direkt aus Brüssel heraus gültig. Die entsprechende Verordnung wurde im Jänner veröffentlicht und ist seit 10. Mai in Kraft. Will man wissen, [...] --------------------------------------------- http://www.cert.at/services/blog/20180515161108-2242.html ===================== = Vulnerabilities = ===================== ∗∗∗ SSA-914382 (Last Update: 2018-05-15): Denial-of-Service Vulnerability in SIMATIC S7-400 ∗∗∗ --------------------------------------------- SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed.The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a new version or implementing specific countermeasures. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf ∗∗∗ VMSA-2018-0011 ∗∗∗ --------------------------------------------- Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0011.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, llpp, and webkit2gtk), Debian (kwallet-pam), Fedora (kernel and pam-kwallet), Gentoo (mpv), Oracle (389-ds-base, firefox, libvirt, and qemu-kvm), and Ubuntu (php5 and php5, php7.0, php7.1, php7.2). --------------------------------------------- https://lwn.net/Articles/754495/ ∗∗∗ BlackBerry powered by Android Security Bulletin - May 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0922/ ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015829 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2018-1512) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012325 ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012281 ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012280 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012283 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012282 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012263 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015254 ∗∗∗ IBM Security Bulletin: IBM Data Risk Manager has released VM v2.0.1 in response to the vulnerability known as Spectre. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013157 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016207 ∗∗∗ Linux kernel vulnerability CVE-2018-8897 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K17403481 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2018
by Daily end-of-shift report 14 May '18

14 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-05-2018 18:00 − Montag 14-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ #efail #fail ∗∗∗ --------------------------------------------- Aktuell gehen Berichte um (Twitter, ars technica, EFF, ...), die vor einem Sicherheitsproblem mit verschlüsselten Mails berichten. Die EFF geht soweit, eine Deinstallation diverser Tools zu empfehlen. Während ich diesen Blogpost schreibe, gingen die Researcher mit ihren Ergebnissen online: https://efail.de/ Yay! Eine Vuln mit coolem Namen und Logo. Hier die wichtigsten Punkte: Das Problem ist nicht die Verschlüsselung, sondern liegt im automatischen [...] --------------------------------------------- http://www.cert.at/services/blog/20180514123156-2221.html ∗∗∗ Mit Electron entwickelte Cross-Plattform-Apps angreifbar ∗∗∗ --------------------------------------------- Cross-Plattform Desktop-Apps, die mit dem Electron Framework erstellt werden, können eine gefährliche Sicherheitslücke aufweisen, durch die ein Cross-Site Scripting Angriff auf sie denkbar ist. Das Electron-Team stellt ein Update zur Verfügung. --------------------------------------------- https://www.heise.de/-4048915 ∗∗∗ Some notes on eFail ∗∗∗ --------------------------------------------- Ive been busy trying to replicate the "eFail" PGP/SMIME bug. I thought Id write up some notes.PGP and S/MIME encrypt emails, so that eavesdroppers cant read them. The bugs potentially allow eavesdroppers to take the encrypted emails theyve captured and resend them to you, reformatted in a way that allows them to decrypt the messages. Disable remote/external content in email The most important defense is to disable "external" or "remote" content from being [...] --------------------------------------------- https://blog.erratasec.com/2018/05/some-notes-on-efail.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-09) and AdobePhotoshop CC (APSB18-17). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1553 ∗∗∗ Rockwell Automation FactoryTalk Activation Manager ∗∗∗ --------------------------------------------- This advisory was posted originally to the HSIN ICS-CERT library on April 12, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory contains mitigations for cross-site scripting, and improper restriction of operations within the bounds of a memory buffer vulnerabilities in Rockwell Automation's FactoryTalk Activation Manager products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02 ∗∗∗ Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet ∗∗∗ --------------------------------------------- MyBiz MyProcureNet is affected by a critical arbitrary file upload vulnerability allowing an attacker to compromise the server by uploading a web shell for issuing OS commands. Furthermore it is affected by cross site scripting issues. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (tiff and tiff3), Fedora (glusterfs, kernel, libgxps, LibRaw, postgresql, seamonkey, webkit2gtk3, wget, and xen), Mageia (afflib, flash-player-plugin, imagemagick, qpdf, and transmission), openSUSE (Chromium, opencv, and xen), SUSE (kernel), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/754430/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.05.2018
by Daily end-of-shift report 11 May '18

11 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-05-2018 18:00 − Freitag 11-05-2018 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-09) ∗∗∗ --------------------------------------------- A prenotification Security Advisory (APSB18-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Monday, May 14, 2018. We will continue to provide updates on the upcoming release via the Security Advisory as well as the Adobe … Continue [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1553 ∗∗∗ Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets ∗∗∗ --------------------------------------------- Five academics from the Vrije University in Amsterdam and one from the University of Cyprus have discovered a way for launching Rowhammer attacks via network packets and network cards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-come-up-with-a-w… ∗∗∗ Lücke in Windows, Linux, macOS: Entwickler missverstehen Intel-Dokumentation ∗∗∗ --------------------------------------------- Weil ihre Entwickler die Dokumentation einer CPU-Funktion missverstanden haben, sind nun fast alle Betriebssysteme anfällig für Manipulationen des Kernel-Speichers. Updates für die Lücke wurden bereits verteilt. --------------------------------------------- https://www.heise.de/security/meldung/Luecke-in-Windows-Linux-macOS-Entwick… ∗∗∗ ATM attacks: How hackers are going for gold ∗∗∗ --------------------------------------------- Imagine winning the lottery and having an ATM spit huge amounts of cash at you. That's exactly what some cyber criminals are after. They're targeting ATMs and launching "jackpotting" attacks, forcing them to dispense bills like a winning slot machine. --------------------------------------------- https://www.helpnetsecurity.com/2018/05/11/atm-attacks/ ∗∗∗ Sicherheitslücke bei "Signal"-App für Mac ∗∗∗ --------------------------------------------- Nachrichten, die verschwinden sollen, leben in der Benachrichtigungsleiste weiter --------------------------------------------- http://derstandard.at/2000079519326 ∗∗∗ One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak ∗∗∗ --------------------------------------------- The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems --------------------------------------------- https://www.welivesecurity.com/2018/05/10/one-year-later-eternalblue-exploi… ∗∗∗ LG patches RCE bug in smartphone keyboards ∗∗∗ --------------------------------------------- LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models. --------------------------------------------- https://www.scmagazineuk.com/news/lg-patches-rce-bug-in-smartphone-keyboard… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (freetype2, libraw, and powerdns), CentOS (389-ds-base and kernel), Debian (php5, prosody, and wavpack), Fedora (ckeditor, fftw, flac, knot-resolver, patch, perl, and perl-Dancer2), Mageia (cups, flac, graphicsmagick, libcdio, libid3tag, and nextcloud), openSUSE (apache2), Oracle (389-ds-base and kernel), Red Hat (389-ds-base and flash-plugin), Scientific Linux (389-ds-base), Slackware (firefox and wget), SUSE (xen), and Ubuntu (wget). --------------------------------------------- https://lwn.net/Articles/754145/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmupdf, mupdf, mupdf-gl, and mupdf-tools), Debian (firebird2.5, firefox-esr, and wget), Fedora (ckeditor, drupal7, firefox, kubernetes, papi, perl-Dancer2, and quassel), openSUSE (cairo, firefox, ImageMagick, libapr1, nodejs6, php7, and tiff), Red Hat (qemu-kvm-rhev), Slackware (mariadb), SUSE (xen), and Ubuntu (openjdk-8). --------------------------------------------- https://lwn.net/Articles/754257/ ∗∗∗ Oracle Java SE vulnerability CVE-2018-2783 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44923228 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.05.2018
by Daily end-of-shift report 09 May '18

09 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-05-2018 18:00 − Mittwoch 09-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ "Hide and Seek" Becomes First IoT Botnet Capable of Surviving Device Reboots ∗∗∗ --------------------------------------------- Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hide-and-seek-becomes-first-… ∗∗∗ PoC Developed for CoinHive Mining In Excel Using Custom JavaScript Functions ∗∗∗ --------------------------------------------- Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poc-developed-for-coinhive-m… ∗∗∗ Call for speakers One Conference ∗∗∗ --------------------------------------------- The international One Conference 2018 will take place on October 2 & 3 in The Hague. Overall theme of this edition is "Merging Worlds – Securing the connected future". --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/call-for-speakers-one-confe… ∗∗∗ Nice Phishing Sample Delivering Trickbot, (Wed, May 9th) ∗∗∗ --------------------------------------------- Users have to deal with phishing for a very long time. Today, most of them remain dumb messages quickly redacted with a simple attached file and a message like "Click on me, its urgent!". Yesterday, I put my hands on a very nice sample that deserve to be dissected to demonstrate that phishing campaigns remain an excellent way to infect a computer! --------------------------------------------- https://isc.sans.edu/diary/rss/23641 ∗∗∗ Massive localstorage[.]tk Drupal Infection ∗∗∗ --------------------------------------------- After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: [...] --------------------------------------------- https://blog.sucuri.net/2018/05/massive-localstorage-tk-drupal-infection.ht… ∗∗∗ Its 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V ∗∗∗ --------------------------------------------- Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon peoples personal information, and so on. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/09/microsoft_w… ∗∗∗ Introducing Orchestrator decryption tool ∗∗∗ --------------------------------------------- Researched and written by Donny Maasland and Rindert Kramer Introduction During penetration tests we sometimes encounter servers running software that use sensitive information as part of the underlying process, such as Microsoft’s System Center Orchestrator. According to Microsoft, Orchestrator is a workflow management solution for data centers and can be used to automate the creation, [...] --------------------------------------------- https://blog.fox-it.com/2018/05/09/introducing-orchestrator-decryption-tool/ ∗∗∗ Netzwerkfähige Medizinprodukte besser schützen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/sicherheits… ∗∗∗ Gandcrab Ransomware Walks its Way onto Compromised Sites ∗∗∗ --------------------------------------------- This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski.Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft. --------------------------------------------- https://blog.talosintelligence.com/2018/05/gandcrab-compromised-sites.html ∗∗∗ Google CTF 2018 is here ∗∗∗ --------------------------------------------- https://security.googleblog.com/2018/05/google-ctf-2018-is-here.html ∗∗∗ Gefälschte Mobilis GmbH-Bestellung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bestellung der Mobilis GmbH. In dem geschäftlichen Schreiben fordern sie von Unternehmen, dass diese den Dateianhang für weiterführende Informationen zum Einkauf öffnen. In Wahrheit verbirgt er Schadsoftware. Aus diesem Grund ist es wichtig, dass Empfänger/in die vermeintliche Bestellung nicht öffnen und die Nachricht in ihren Spam-Ordner verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-mobilis-gmbh-bestellung-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2018-8897 ∗∗∗ --------------------------------------------- Aktuell gehen Medienberichte über einen Bug im Umgang von Betriebssystemen mit Intel und AMD CPUs umher, dazu hatten wir die ersten Rückfragen bezüglich der Kritikalität. Wir sehen das nicht tragisch: der Bug ist nach momentanem Wissensstand weder remote noch via JavaScript etc. ausnutzbar, und daher "nur" eine klassische Privilege Escalation. --------------------------------------------- http://www.cert.at/services/blog/20180509142228-2199.html ∗∗∗ Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and OS command injection vulnerabilities in Silex Technology SX-500, SD-320AN, and GE Healthcare MobileLink devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01 ∗∗∗ Siemens Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation vulnerabilities in Siemens SINAMICS modular drive systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-01 ∗∗∗ Siemens Siveillance VMS ∗∗∗ --------------------------------------------- This advisory includes mitigations for a deserialization of untrusted data vulnerability in the Siemens Siveillance Video Management Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-02 ∗∗∗ Siemens Siveillance VMS Video Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper certificate validation vulnerability in the Siemens Siveillance VMS mobile app. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-03 ∗∗∗ May 2018 Office Update Release ∗∗∗ --------------------------------------------- The May 2018 Public Update releases for Office are now available! This month, there are 30 security updates and 22 non-security updates. All of the security and non-security updates are listed in KB article 4133083. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/05/08… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Gentoo (rsync), openSUSE (Chromium), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and php7), and Ubuntu (dpdk, libraw, linux, linux-lts-trusty, linux-snapdragon, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/754021/ ∗∗∗ Security Update Summary ∗∗∗ --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/summary ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ [R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-04 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01294982 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2796 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K71021401 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2798 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24593421 Next End-of-Day report: 2018-05-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2018
by Daily end-of-shift report 08 May '18

08 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 07-05-2018 18:00 − Dienstag 08-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Office 365 Zero-Day Used in Real-World Phishing Campaigns ∗∗∗ --------------------------------------------- A new email attack known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/office-365-zero-day-used-in-… ∗∗∗ Don’t Share Email with Scripts and Macros ∗∗∗ --------------------------------------------- Sharing documents scripts and macros over email is a habit you want to break, says Broderick Aquilino, Senior Researcher at F-Secure. "Both scripts and macros are commonly used attack vectors," he told us. "Users practicing this increase their risk because it becomes harder for them to distinguish something malicious from what they are receiving day [...] --------------------------------------------- https://safeandsavvy.f-secure.com/2018/05/08/dont-share-email-with-scripts-… ∗∗∗ How to Protect Your Web Applications From XXE Attacks ∗∗∗ --------------------------------------------- XML External Entities (XXE) Attacks are now the 4th greatest risk to web applications as per OWAPS Top 10. --------------------------------------------- https://www.htbridge.com/blog/how-to-protect-your-web-applications-from-xxe… ∗∗∗ Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users ∗∗∗ --------------------------------------------- We discovered a malware family called Maikspy - a multi-platform spyware that can steal users' private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016. Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware… ∗∗∗ Drupal-Lücken: Lenovo versäumt Webseiten-Update und fängt sich Krypto-Miner ein ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt, dass Angreifer gegenwärtig ungepatchte Drupal-Webseiten attackieren, um dort einen Kryptogeld-Miner zu platzieren. Sicherheitsupdates sind schon länger verfügbar. --------------------------------------------- https://www.heise.de/-4044683 ∗∗∗ Mobile Menace Monday: re-emergence of a fake Android AV ∗∗∗ --------------------------------------------- Way back in early 2013, a new antivirus (AV) company emerged into the mobile security software industry that had everyone perplexed. It seemed like a fake Android AV, but received certification by a reputable AV testing organization! Now, five years later, its back. Heres why you shouldnt trust it. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2018/05/mobile-menace-monda… ∗∗∗ 8 Tips to Harden Your Joomla Installation ∗∗∗ --------------------------------------------- Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla [...] --------------------------------------------- https://www.tripwire.com/state-of-security/featured/8-tips-harden-joomla-in… ∗∗∗ Hacking train passenger Wi-Fi ∗∗∗ --------------------------------------------- After speaking about Wi-Fi security at a rail industry conference last week, it struck me that very insecure passenger networks are making their way on to trains. So, here's a quick check list for making sure your pax Wi-Fi network is secure. Similar checks could be applied to your guest network in your office, Wi-Fi [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/hacking-train-passenger-wi-fi/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-12), Adobe Flash Player (APSB18-16), and Adobe Connect (APSB18-18). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1557 ∗∗∗ iPrint Appliance 2.1 Patch 7 ∗∗∗ --------------------------------------------- Abstract: iPrint Appliance 2.1 Patch 7 is a cumulative patch including fixes from all the previous 2.1 patches and hot fixes. Document ID: 5377430Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:iPrint-2.1.0.87.HP.zip (950.24 MB)Products:iPrint Appliance 2.1Superceded Patches:iPrint Appliance 2.1 --------------------------------------------- https://download.novell.com/Download?buildid=uKzGH3eCxf0~ ∗∗∗ SAP Security Patch Day - May 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ ∗∗∗ Android Security Bulletin - May 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-05-05 or later address all of these issues. To learn how to check a devices security patch level, see Check & update your Android version. --------------------------------------------- https://source.android.com/security/bulletin/2018-05-01 ∗∗∗ USN-3639-1: LibRaw vulnerabilities ∗∗∗ --------------------------------------------- libraw vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.04 LTSUbuntu 17.10Ubuntu 16.04 LTSSummarySeveral security issues were fixed in LibRaw.Software Descriptionlibraw - raw image decoder libraryDetailsIt was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to execute arbitrary code.(CVE-2018-10528)It was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to [...] --------------------------------------------- https://usn.ubuntu.com/3639-1/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (wget), SUSE (patch), and Ubuntu (qpdf). --------------------------------------------- https://lwn.net/Articles/753882/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0004 ∗∗∗ --------------------------------------------- Date Reported: May 07, 2018 Advisory ID: WSA-2018-0004 CVE identifiers: CVE-2018-4121, CVE-2018-4200,CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4121 Versions affected: WebKitGTK+ before 2.20.0. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Description: Multiple memory corruptionissues were addressed with improved memory handling. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0004.html ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011364 ∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15526101 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2018
by Daily end-of-shift report 07 May '18

07 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-05-2018 18:00 − Montag 07-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Drupal Sites Fall Victims to Cryptojacking Campaigns ∗∗∗ --------------------------------------------- After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining. --------------------------------------------- https://www.bleepingcomputer.com/news/security/drupal-sites-fall-victims-to… ∗∗∗ SynAck Ransomware Uses Process Doppelgänging Technique ∗∗∗ --------------------------------------------- A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique. --------------------------------------------- https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-proce… ∗∗∗ How to Protect Yourself From GDPR-Related Phishing Scams ∗∗∗ --------------------------------------------- Fourteen emails. That’s the amount of GDPR policy notification emails I’ve received in the past few weeks. The EU’s General Data Protection Regulation (GDPR) compliance deadline is May 25, requiring companies around the world to notify their contacts about data privacy changes under this new rule. --------------------------------------------- http://resources.infosecinstitute.com/protect-gdpr-phishing-scams/ ∗∗∗ Lenovo Patches Arbitrary Code Execution Flaw ∗∗∗ --------------------------------------------- Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line. --------------------------------------------- https://threatpost.com/lenovo-patches-arbitrary-code-execution-flaw/131725/ ∗∗∗ Umsetzung NIS-Richtlinie abgeschlossen - neue Pflichten für Anbieter digitaler Dienste ∗∗∗ --------------------------------------------- Im Zuge der Umsetzung der EU-Richtlinie zur Netzwerk- und Informationssicherheit (NIS-Richtlinie) müssen Anbieter von Suchmaschinen, Cloud-Computing-Diensten und Online-Marktplätzen mit Sitz in Deutschland ab 10. Mai 2018 IT-Sicherheitsvorfälle mit erheblichen Auswirkungen auf den betriebenen Dienst an das Bundesamt für Sicherheit in der Informationstechnik (BSI) melden. Gleichzeitig gelten dann europaweit einheitliche Mindestanforderungen [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/NIS-Richtli… ∗∗∗ MassMiner: Kryptogeld-Miner hat es auf Web-Server abgesehen ∗∗∗ --------------------------------------------- Unbekannte Angreifer attackieren Sicherheitsforschern zufolge derzeit gezielt Server mit verwundbaren Versionen von Apache Struts, Oracle WebLogic und Windows SMB. Sicherheitspatches sind schon länger verfügbar. --------------------------------------------- https://heise.de/-4043366 ∗∗∗ Spectre-NG: Intel verschiebt die ersten Patches – koordinierte Veröffentlichung aufgeschoben ∗∗∗ --------------------------------------------- Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehensoll. --------------------------------------------- https://www.heise.de/-4043790 ∗∗∗ Windows Defender Exploit Guard – Attack Surface Reduction Rules aktivieren ∗∗∗ --------------------------------------------- Mit Windows 10 v1709 hat Microsoft der Defender-Plattform zusätzliche, interessante Features spendiert, die nun mit Win10-Release 1803 um weitere Möglichkeiten ergänzt wurden. So lassen sich zum Beispiel folgende Regeln aktivieren, welche das Risiko einer Malware-Infektion in einigen Szenarien deutlich reduzieren können: [...] --------------------------------------------- https://hitco.at/blog/windows-defender-exploit-guard-attack-surface-reducti… ===================== = Vulnerabilities = ===================== ∗∗∗ Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch") ∗∗∗ --------------------------------------------- Some platforms with integrated GPUs, such as smartphones, may allow both side-channel and rowhammer attacks via WebGL, which may allow a remote attacker to compromise the browser on an affected platform. An attack technique that leverages these vulnerabilities is called "GLitch." --------------------------------------------- https://www.kb.cert.org/vuls/id/283803 ∗∗∗ Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM (Multi-Master Replication Manager for MySQL) it ensures that only one node is writeable at a time. Using MySQL MMM an end user can also choose to move their Virtual IP addresses to different servers depending on their replication [...] --------------------------------------------- https://blog.talosintelligence.com/2018/05/vulnerability-spotlight-mysql-mm… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl, libmad, lucene-solr, tzdata, and wordpress), Fedora (drupal7, scummvm, scummvm-tools, and zsh), Mageia (boost, ghostscript, gsoap, java-1.8.0-openjdk, links, and php), openSUSE (pam_kwallet), and Slackware (python). --------------------------------------------- https://lwn.net/Articles/753687/ ∗∗∗ Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208804 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016092 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015944 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016039 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011857 ∗∗∗ RSA Authentication Manager Bugs Let Remote Users Inject HTTP Headers and Remote Authenticated Users Conduct XML External Entity Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040835 ∗∗∗ Side-channel processor vulnerability CVE-2018-9056 (BranchScope) ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35135935 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.05.2018
by Daily end-of-shift report 04 May '18

04 May '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-05-2018 18:00 − Freitag 04-05-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Dateikompression: Bug in 7-Zip 18.01 ermöglicht Codeausführung beim Entpacken ∗∗∗ --------------------------------------------- Ein Bug macht sich uninitialisierten Speicher zunutze, um darüber beliebigen Code beim Entpacken von Dateiarchiven mit 7-Zip auszuführen. Ein Softwareentwickler hat die Lücke entdeckt und zu Demonstrationszwecken ausgenutzt. Statt dem Windows-Taschenrechner könnte darüber auch Schlimmeres ausgeführt werden. --------------------------------------------- https://www.golem.de/news/dateikompression-bug-in-7-zip-18-01-ermoeglicht-c… ∗∗∗ IMHO: Ein Lob für Twitter und Github ∗∗∗ --------------------------------------------- Bei Github wurden Passwörter versehentlich im Klartext gespeichert. Kurze Zeit später meldete Twitter ein ähnliches Problem. Es gibt keinen Hinweis darauf, dass dadurch Nutzer gefährdet wurden. Trotzdem gingen die Firmen damit transparent um - richtig so! --------------------------------------------- https://www.golem.de/news/imho-ein-lob-fuer-twitter-und-github-1805-134232.… ∗∗∗ Rooting a Logitech Harmony Hub: Improving Security in Todays IoT World ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Red Team recently discovered vulnerabilities present on the Logitech Harmony Hub Internet of Things (IoT) device that could potentially be exploited, resulting in root access to the device via SSH. The Harmony Hub is a home control system designed to connect to and control a variety of devices in the user’s .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/05/rooting-logitech-harmon… ∗∗∗ ICS-Systeme von Schneider Electric: Angreifer könnten Fabriken übernehmen ∗∗∗ --------------------------------------------- In den Industrie-Kontrollsystemen InduSoft Web Studio und InTouch Machine Edition von Schneider Electric klaffen kritische Sicherheitslücken. Patches sind verfügbar. --------------------------------------------- https://www.heise.de/meldung/ICS-Systeme-von-Schneider-Electric-Angreifer-k… ∗∗∗ Wie Google mit veralteten und unsicheren Android-Apps aufräumen will ∗∗∗ --------------------------------------------- Entwickler sehen sich künftig mit wesentlich härteren Vorschriften konfrontiert – Umstellung bringt Mehrarbeit --------------------------------------------- http://derstandard.at/2000078894766 ∗∗∗ Google rolls out .app domains with built-in HTTPS ∗∗∗ --------------------------------------------- The move is part of the company’s HTTPS-everywhere vision for the internet .. --------------------------------------------- https://www.welivesecurity.com/2018/05/04/google-rolls-app-domain-built-htt… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips Brilliance Computed Tomography (CT) System ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for execution with unnecessary privileges, exposure of resource to wrong sphere, and use of hard-coded credentials vulnerabilities in Philips Brillance CT Scanners. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01 ∗∗∗ Lantech IDS 2102 ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and stack-based buffer overflow vulnerabilities in the Lantech IDS 2102 Ethernet device server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01 ∗∗∗ DSA-4191 redmine - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4191 ∗∗∗ DSA-4189 quassel - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4189 ∗∗∗ Security Advisory 2018-01: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-01-security-update-for-ot… ∗∗∗ Use of hardcoded credentials for communication between Meru access points and FortiWLC ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-274 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2018
by Daily end-of-shift report 03 May '18

03 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-05-2018 18:00 − Donnerstag 03-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Notfall-Hotline für von Cybercrime betroffene Unternehmen in Wien ∗∗∗ --------------------------------------------- Anzeigen wegen Cybercrime-Delikten sind im Vorjahr in Österreich um rund 28 Prozent gestiegen. ... Die WK Wien startete deshalb eine Notfall-Hotline für betroffene Unternehmen. --------------------------------------------- http://derstandard.at/2000079106868 ∗∗∗ Threat Roundup for April 20-27 ∗∗∗ --------------------------------------------- Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 20 and 27. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics, indicators of compromise... --------------------------------------------- http://blog.talosintelligence.com/2018/04 /threat-round-up-0420-0427.html ∗∗∗ Betrug mit gefälschter Microsoft-Warnung ∗∗∗ --------------------------------------------- Mit einer gefälschten Microsoft-Warnung fordern Kriminelle von Konsument/innen, dass sie telefonisch Kontakt mit einem Support-Center aufnehmen. Es teilt ihnen mit, dass ihr Computer mit Schadsoftware befallen sei. Aus diesem Grund sollen sie ein Programm herunterladen und für die Hilfestellung bezahlen. Kommen die Konsument/innen den Aufforderungen nach, verlieren sie Geld und infizieren ihr Endgerät mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news /betrug-mit-gefaelschter-microsoft-warnung/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: * WebEx Advanced Recording Format Remote Code Execution Vulnerability cisco-sa-20180502-war * Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability cisco-sa-20180502-prime-upload * Secure Access Control System Remote Code Execution Vulnerability cisco-sa-20180502-acs1 * Wireless LAN Controller 802.11 Management Frame Denial-of-Service Vulnerability cisco-sa-20180502-wlc-mfdos * Wireless LAN Controller IP Fragment Reassembly Denial-of-Service Vulnerability cisco-sa-20180502-wlc-ip * Meeting Server Remote Code Execution Vulnerability cisco-sa-20180502-cms-cx * Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial-of-Service Vulnerability cisco-sa-20180502-ap-ptp * Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability cisco-sa-20180502-aironet-ssh --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/05/02 /Cisco-Releases-Security-Updates ∗∗∗ Weitere Spectre-Lücken im Anflug ∗∗∗ --------------------------------------------- Ganze acht neue Sicherheitslücken in Intel-CPUs haben mehrere Forscher-Teams dem Hersteller bereits gemeldet, die aktuell noch geheimgehalten werden. ... Die konkrete Gefahr für Privatleute und Firmen-PCs ist hingegen eher gering, weil es dort in aller Regel andere, einfacher auszunutzende Schwachstellen gibt. Trotzdem sollte man sie ernst nehmen und die anstehenden Spectre-NG-Updates nach deren Erscheinen zügig einspielen. --------------------------------------------- https://heise.de/-4039134 ∗∗∗ Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar 3. Mai 2018 Beschreibung Das IT-Security Consulting Unternehmen SEC-Consult hat eine kritische Sicherheitslücke in der verbreiteten Software Oracle Access Manager (OAM) entdeckt, die in vielen Umgebungen für Single-Sign-On und andere Login-Szenarios verwendet wird. CVE-Nummer: CVE-2018-2879 Auswirkungen Angreifer können sich durch Ausnutzen der Lücke mit beliebigen Accounts (auch --------------------------------------------- http://www.cert.at/warnings/all/20180503.html ∗∗∗ Docker für Windows: Microsoft patcht Go-Bibliothek hcsshim ∗∗∗ --------------------------------------------- Wer Docker zur Containervirtualisierung unter Windows nutzt oder selbst Go-Programme entwickelt, sollte dringend die Aktualität des "Windows Host Compute Service Shim" (hcsshim)-Packages auf seinem System überprüfen. --------------------------------------------- https://heise.de/-4040139 ∗∗∗ SSA-546832 (Last Update: 2018-05-03): Vulnerabilities in Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf ∗∗∗ SSA-468514 (Last Update: 2018-05-03): Improper Certificate Validation Vulnerability in Siveillance VMS Video Mobile App for Android and iOS ∗∗∗ --------------------------------------------- The latest update for the Siveillance VMS Video mobile app for Android and iOS fixes a security vulnerability that could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. Precondition for this scenario is that an attacker is able to intercept the communication channel between the affected app and a server, and is also able to generate a certificate that results for the validation algorithm in --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf ∗∗∗ SSA-457058 (Last Update: 2018-05-03): .NET Security Vulnerability in Siveillance VMS ∗∗∗ --------------------------------------------- Siemens has released software updates for Siveillance VMS which fix a security vulnerability with the .NET Remoting deserialization that could allow elevation of privileges and/or causing a Denial-of-Service, if affected ports are exposed. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf ∗∗∗ HPESBHF03841 rev.1 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- Several HPE servers that use AMD processors are vulnerable to security defects (Fallout/Masterkey) which allow local unauthorized elevation of privilege, unauthorized modification of information, unauthorized disclosure of information, and Denial of Service. --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, librelp, patch, and python-paramiko), Debian (kernel and quassel), Gentoo (chromium, hesiod, and python), openSUSE (corosync, dovecot22, libraw, patch, and squid), Oracle (java-1.7.0-openjdk), Red Hat (go-toolset-7 and go-toolset-7-golang, java-1.7.0-openjdk, and rh-php70-php), and SUSE (corosync and patch). --------------------------------------------- https://lwn.net/Articles/753457/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK IBM Rational Software Architect and Rational Software Architect for WebSphere Software. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015990 ∗∗∗ IBM Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013601 ∗∗∗ IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012311 ∗∗∗ IBM Security Bulletin: ISC DHCP vulnerability affects TS4500 Tape Library (CVE-2018-5732) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012247 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.05.2018
by Daily end-of-shift report 02 May '18

02 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 30-04-2018 18:00 − Mittwoch 02-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Millionen Autos von Volkswagen und Audi können gehackt werden ∗∗∗ --------------------------------------------- Zwei Sicherheitsforscher haben eine Sicherheitslücke entdeckt, die zahlreiche populäre Fahrzeuge betrifft. --------------------------------------------- https://futurezone.at/digital-life/millionen-autos-von-volkswagen-und-audi-… ∗∗∗ Security baseline for Windows 10 “April 2018 Update” (v1803) – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 “April 2018 Update,” also known as version 1803, “Redstone 4,” or RS4. Download the .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-f… ∗∗∗ 7-Zip: From Uninitialized Memory to Remote Code Execution ∗∗∗ --------------------------------------------- After my previous post on the 7-Zip bugs CVE-2017-17969 and CVE-2018-5996, I continued to spend time on analyzing antivirus software. As it happens, I found a new bug that (as the last two bugs) .. --------------------------------------------- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-e… ∗∗∗ Jetzt absichern! Oracle WebLogic Server im Visier von Angreifern ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrt Scans nach verwundbaren WebLogic Servern. Updates stehen bereit – Angreifer sollen den Schutz jedoch umgehen können. --------------------------------------------- https://www.heise.de/meldung/Jetzt-absichern-Oracle-WebLogic-Server-im-Visi… ∗∗∗ Windows 10 1803 ohne Microcode-Updates gegen Spectre V2 ∗∗∗ --------------------------------------------- Die Installation des Windows 10 April 2018 Update verdrängt Microcode-Updates für Intel-Prozessoren aus dem Update KB4090007, die vor der Sicherheitslücke Spectre V2 schützen - man braucht also wieder BIOS-Updates. --------------------------------------------- https://www.heise.de/meldung/Windows-10-1803-ohne-Microcode-Updates-gegen-S… ∗∗∗ Spammer missbrauchen ungefilterte Redirects in Google Maps ∗∗∗ --------------------------------------------- Kriminelle nutzen Googles Online-Kartendienst Maps, um Opfer mittels offener Redirects auf gefährliche Irrwege zu führen. Das Unternehmen weiß um das Problem, scheint aber bislang keinen Handlungsbedarf zu sehen. --------------------------------------------- https://www.heise.de/meldung/Spammer-missbrauchen-ungefilterte-Redirects-in… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cups-filters, ghostscript, glusterfs, PackageKit, qpdf, and xen), Mageia (anki, libofx, ming, sox, webkit2, and xdg-user-dirs), Oracle (corosync, java-1.7.0-openjdk, and pcs), Red Hat (java-1.7.0-openjdk), Scientific Linux (corosync, firefox, gcc, glibc, golang, java-1.7.0-openjdk, java-1.8.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/753257/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: CA20180501-01: Security Notice for CA Spectrum ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541977 ∗∗∗ Vuln: PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104020 ∗∗∗ Security Advisory - Two Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2018-1000005, CVE-2018-1000007) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014495 ∗∗∗ IBM Security Bulletin: API Connect is affected by an information leakage vulnerability (CVE-2018-1468) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015968 ∗∗∗ IBM SECURITY BULLETIN: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar SIEM. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015825 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.04.2018
by Daily end-of-shift report 30 Apr '18

30 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-04-2018 18:00 − Montag 30-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Issue with BitLocker/DMA setting in Windows 10 “Fall Creators Update” (v1709) ∗∗∗ --------------------------------------------- Update, 27 April 2018: The problem described in this post has been fixed in the April 2018 quality update. Customers that deployed Microsoft’s security baseline for Windows 10 v1709 might have experienced device and component failures. The .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/01/18/issue-with-bitlocke… ∗∗∗ FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation ∗∗∗ --------------------------------------------- Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targe… ∗∗∗ Please don’t buy this: smart toys ∗∗∗ --------------------------------------------- Smart toys attempt to offer what a lot of us imagined as kids—a toy that we can not only play with, but one that plays back. Many models offer voice recognition, facial expressions, hundreds of words and phrases, reaction to touch and impact, and even the ability to learn and retain new information. These .. --------------------------------------------- https://blog.malwarebytes.com/security-world/2018/04/please-dont-buy-smart-… ∗∗∗ Bundesheer-Hacker nahmen an Nato-Übung teil ∗∗∗ --------------------------------------------- In Tallinn wurde geprobt, wie Cyberangriffe abgewehrt werden können --------------------------------------------- http://derstandard.at/2000078919316 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4181 roundcube - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4181 ∗∗∗ DSA-4182 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4182 ∗∗∗ DSA-4186 gunicorn - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4186 ∗∗∗ DSA-4185 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4185 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.04.2018
by Daily end-of-shift report 27 Apr '18

27 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-04-2018 18:00 − Freitag 27-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PyRoMine Uses NSA Exploit for Monero Mining and Backdoors ∗∗∗ --------------------------------------------- Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. --------------------------------------------- http://threatpost.com/pyromine-uses-nsa-exploit-for-monero-mining-and-backd… ∗∗∗ Analysis of a Malicious Blackhat SEO Script ∗∗∗ --------------------------------------------- An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+ websites and identified that 44% of all website infection cases were misused for SEO spam campaigns. Once a website has been compromised, attackers often use it to distribute malware, host phishing .. --------------------------------------------- https://blog.sucuri.net/2018/04/analysis-of-a-malicious-blackhat-seo-script… ∗∗∗ GravityRAT malware takes your systems temperature ∗∗∗ --------------------------------------------- The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/04/gravityrat-malware-takes-you… ∗∗∗ Phishing für Anspruchsvolle: [A]pache-Kit klont beliebte Online-Shops ∗∗∗ --------------------------------------------- Mitarbeiter des Sicherheitssoftware-Herstellers Check Point haben ein brasilianisches Phishing-Kit unter die Lupe genommen, das zum Abgreifen von Adress- und Kreditkartendaten voll funktionsfähige Marken-Shops imitiert. --------------------------------------------- https://www.heise.de/meldung/Phishing-fuer-Anspruchsvolle-A-pache-Kit-klont… ∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗ --------------------------------------------- Kleinanzeigenportale bieten eine hervorragende Möglichkeit Altes zu Geld zu machen oder das ein oder andere Schnäppchen abzustauben. Die Marktplätze erfreuen sich daher großer Beliebtheit, doch .. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3065&tx_… ===================== = Vulnerabilities = ===================== ∗∗∗ Delta Electronics PMSoft ∗∗∗ --------------------------------------------- This advisory includes mitigations for multiple stack-based overflow vulnerabilities in Delta Electronics PMSoft, a software development tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01 ∗∗∗ WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN08386386/ ∗∗∗ WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "WP Google Map Plugin" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN01040170/ ∗∗∗ WordPress plugin "Events Manager" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Events Manager" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN85531148/ ∗∗∗ Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.04.2018
by Daily end-of-shift report 26 Apr '18

26 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-04-2018 18:00 − Donnerstag 26-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Core-i-Prozessoren: Microsoft liefert Spectre-Schutz für Haswell und Broadwell ∗∗∗ --------------------------------------------- Microsoft erweitert die Auslieferung von Spectre-Updates auf Prozessoren der Haswell- und Broadwell-Serien. Das Update ist optional und muss manuell heruntergeladen werden. Viele Nutzer werden von ihren Mainboardherstellern keine Updates mehr bekommen. --------------------------------------------- https://www.golem.de/news/core-i-prozessoren-microsoft-liefert-spectre-schu… ∗∗∗ DDoS attacks in Q1 2018 ∗∗∗ --------------------------------------------- In Q1 2018, we observed a significant increase in both the total number and duration of DDoS attacks against Q4 2017. The new Linux-based botnets Darkai (a Mirai clone) and AESDDoS are largely responsible for this hike. --------------------------------------------- http://securelist.com/ddos-report-in-q1-2018/85373/ ∗∗∗ Mac-Malware will sich per Konfigurationsprofil einnisten ∗∗∗ --------------------------------------------- Eine neue Variante des Schädlings “Crossrider” manipuliert die Einstellungen, um auch eine manuelle Entfernung der Adware durch den Nutzer zu überdauern, warnt eine Sicherheitsfirma. --------------------------------------------- https://heise.de/-4034258 ∗∗∗ Server-Verwaltung: Erpressungstrojaner hat es auf HPE iLo abgesehen ∗∗∗ --------------------------------------------- Aufgrund von Attacken sollten Server-Admins, die auf die Management-Software Integrated Lights-out 4 (iLO 4) von HPE setzen, prüfen, ob ihre Geräte auf dem aktuellen Stand sind und ob der Fernzugriff aktiviert ist. --------------------------------------------- https://heise.de/-4035630 ∗∗∗ "Mılka" statt "Milka": Neue Fake-Gewinnspiele auf Whatsapp im Umlauf ∗∗∗ --------------------------------------------- Betrügerische Nachrichten enthalten täuschend echt wirkende Links --------------------------------------------- http://derstandard.at/2000078631245 ∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗ --------------------------------------------- Die Marktplätze erfreuen sich daher großer Beliebtheit, doch bei der Nutzung dieser Plattformen ist auch Vorsicht geboten. Kriminelle betreiben hier nämlich systematischen Daten- und Identitätsdiebstahl. Nutzer und Nutzerinnen müssen daher gut darüber nachdenken, welche Daten sie über das Internet an unbekannte Personen preisgeben und sollten keine Fotos diverser Ausweisdokumente versenden. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-datendiebstahl-auf-klein… ===================== = Vulnerabilities = ===================== ∗∗∗ Hyperoptics ZTE-made 1Gbps routers had hyper-hardcoded hyper-root hyper-password ∗∗∗ --------------------------------------------- Firmware updates pushed out to up to 400,000 subscribers A security vulnerability has been found in Brit broadband biz Hyperoptics home routers that exposes tens of thousands of its subscribers to hackers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/04/26/hyperoptics… ∗∗∗ JSON API - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2018-021 ∗∗∗ --------------------------------------------- This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an attacker must be allowed to create or modify entities of a certain type, and a very specific and uncommon CORS configuration that allows all other pre-checks to be skipped. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-021 ∗∗∗ Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020 ∗∗∗ --------------------------------------------- The Media module provides an extensible framework for managing files and multimedia assets, regardless of whether they are hosted on your own site or a third party site. The module contained a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution (RCE) attack. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-020 ∗∗∗ PHP: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. Eine dieser Schwachstellen ermöglicht dem Angreifer einen kompletten Denial-of-Service-Zustand zu bewirken. Eine weitere Schwachstelle ermöglicht dem Angreifer einen Cross-Site-Scripting (XSS)-Angriff. Die offiziellen Releases zur Behebung der Schwachstellen sind PHP 7.2.5, 7.1.17, 7.0.30 und vermutlich 5.6.36 (noch nicht verfügbar). Nähere Informationen zu den genannten Schwachstellen und weiteren Bugs finden sich in den zugehörigen ChangeLogs. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0789/ ∗∗∗ Kritische Sicherheitslücke in Drupal - aktiv ausgenützt - Updates verfügbar ∗∗∗ --------------------------------------------- In der verbreiteten CMS-Software Drupal ist eine kritische Sicherheitslücke entdeckt worden. Durch Ausnutzung dieses Fehlers kann auf betroffenen Systemen beliebiger Code (mit den Rechten des Webserver-Users) ausgeführt werden. CVE-Nummer: CVE-2018-7602 --------------------------------------------- http://www.cert.at/warnings/all/20180426.html ∗∗∗ IE Zero-Day “double kill” And Its First In-The-Wild Attack Found By 360 ∗∗∗ --------------------------------------------- Recently, 360 Security Center discovered an attack that used IE 0-day vulnerability. After analysis, we found that it is the first APT(Advanced Persistent Threat) campaign that forms its attack with an Office document embedding a newly discovered Internet Explorer 0-day exploit. As soon as anyone opens the malicious document, they get infected and give away control of their computers. --------------------------------------------- https://blog.360totalsecurity.com/en/ie-zero-day-double-kill-first-wild-att… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, gcc-4.9-backport, ghostscript, and openslp-dfsg), Fedora (anki, composer, perl, and perl-Module-CoreList), Red Hat (kernel and rh-mysql56-mysql), and SUSE (kernel, kvm, and zsh). --------------------------------------------- https://lwn.net/Articles/752860/ ∗∗∗ IBM Security Bulletin: IBM Campaign Contains Client-side Vulnerability (CVE-2017-1116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015569 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022561 ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-1471, CVE-2018-1473, CVE-2018-1479, CVE-2018-1475) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015754 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014443 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015258 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect eDiscovery Analyzer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012865 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSH vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011165 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects Rational Reporting for Development Intelligence (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015667 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM WebSphere Application Server affects Rational Insight (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015668 ∗∗∗ IBM Security Bulletin: Open Source XStream Vulnerabilities Impact on IBM Campaign (CVE-2017-7957) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015573 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.04.2018
by Daily end-of-shift report 25 Apr '18

25 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-04-2018 18:00 − Mittwoch 25-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ MikroTik Patches Zero-Day Flaw Under Attack in Record Time ∗∗∗ --------------------------------------------- MikroTik has released firmware patches for RouterOS, the operating system that ships with some of its routers. The patches fix a zero-day vulnerability exploited in the wild. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mikrotik-patches-zero-day-fl… ∗∗∗ Austria Cyber Security Challenge 2018 ∗∗∗ --------------------------------------------- Austria Cyber Security Challenge 201825. April 2018Auch heuer wieder gibt es eine Cyber Security Challenge. Wir von CERT.at halten das für eine gute Geschichte und daher auch von uns der Aufruf an Jung und (heuer neu!) Alt, hier mitzumachen.Es folgt der Meldung der Veranstalter:Die Besten Nachwuchs-Hacker Österreichs - und jene die es .. --------------------------------------------- http://www.cert.at/services/blog/20180425145422-2192.html ∗∗∗ BGP leaks and cryptocurrencies ∗∗∗ --------------------------------------------- Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak. --------------------------------------------- https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/ ∗∗∗ Ving Card: Sicherheitslücke in Millionen Hoteltüren gefunden ∗∗∗ --------------------------------------------- Sicherheitsforschern ist es gelungen, einen Generalschlüssel zu erstellen, mit dem alle Türen eines Hotels geöffnet werden können. Weltweit sollen über eine Million Türen betroffen sein, ein Patch steht beriet. --------------------------------------------- https://www.golem.de/news/ving-card-sicherheitsluecke-in-millionen-hoteltue… ∗∗∗ Separate ransomware attacks hit Ukraine and Canada ∗∗∗ --------------------------------------------- Two widely separated ransomware attacks against the Ukrainian energy ministry and the provincial government of Canadas Prince Edward Island (PEI) have knocked each agencies primary website offline. --------------------------------------------- https://www.scmagazine.com/separate-ransomware-attacks-hit-ukraine-and-cana… ∗∗∗ Steps to Keep Your Site Clean: Updates ∗∗∗ --------------------------------------------- This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates. Updates Repeatedly we see websites being infected or reinfected when important security updates are not taken seriously. Most software updates are created due to a security breach .. --------------------------------------------- https://blog.sucuri.net/2018/04/steps-to-keep-your-site-clean-updates.html ∗∗∗ Sicherheits- und Bugfix-Updates für iPhone, iPad und Mac ∗∗∗ --------------------------------------------- Apple hat am Dienstagabend iOS 11.3.1 und das Security Update 2018-001 für macOS High Sierra 10.13.4 veröffentlicht, die teils kritische Fehler beheben. Einen neuen Build von Safari 11.1 gibts obendrein. --------------------------------------------- https://www.heise.de/meldung/Sicherheits-und-Bugfix-Updates-fuer-iPhone-iPa… ∗∗∗ Angriffe auf Drupal-Webseiten: Erneut äußerst wichtige Sicherheitsupdates im Anflug ∗∗∗ --------------------------------------------- Admins von Drupal-Webseiten müssen erneut Hand anlegen: Die Entwickler haben Updates angekündigt, um eine kritische Sicherheitslücke zu schließen. --------------------------------------------- https://www.heise.de/meldung/Angriffe-auf-Drupal-Webseiten-Erneut-aeusserst… ∗∗∗ Europol: Weltweit größter Marktplatz für DDoS-Attacken vom Netz genommen ∗∗∗ --------------------------------------------- Europäischen Strafverfolgern ist es in einer koordinierten Aktion gelungen, die Drahtzieher des angeblich größten Onlinemarkts für DDoS-Attacken festzunehmen. Der Marktplatz selbst wurde vom Netz genommen. Infrastruktur fand sich auch in Deutschland. --------------------------------------------- https://www.heise.de/meldung/Europol-Weltweit-groesster-Marktplatz-fuer-DDo… ∗∗∗ Vier von fünf heimischen Online-Shops von Betrug betroffen ∗∗∗ --------------------------------------------- Identitätsdiebstahl und Zahlungsunfähigkeit als häufigste Betrugsform in Österreich --------------------------------------------- http://derstandard.at/2000078615586 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4179 linux-tools - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4179 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.04.2018
by Daily end-of-shift report 24 Apr '18

24 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 23-04-2018 18:00 − Dienstag 24-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mobilfunk: Was 5G im Bereich Security bringt ∗∗∗ --------------------------------------------- In 5G-Netzwerken werden Sim-Karten für einige Anwendungsbereiche optional, das Roaming wird für Netzbetreiber nachvollziehbarer und sicherer. Außerdem verschwinden die alten Signalisierungsprotokolle. Golem.de hat mit einem Experten über Sicherheitsmaßnahmen im kommenden 5G-Netzwerk gesprochen. --------------------------------------------- https://www.golem.de/news/mobilfunk-was-5g-im-bereich-security-bringt-1804-… ∗∗∗ Atlanta Spent $2.6M to Recover From $52,000 Ransomware Scare ∗∗∗ --------------------------------------------- Whether to pay ransomware is a complicated—and costly—calculation. --------------------------------------------- https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare ∗∗∗ Veröffentlichter Boot-Exploit knackt alle Nintendo-Switch-Konsolen ∗∗∗ --------------------------------------------- Mehrere Hacker-Gruppen zeigen, wie sie in Nintendos Switch einsteigen und beispielsweise Linux mit offensichtlich vollem Hardwarezugriff auf der Spielkonsole laufen lassen. --------------------------------------------- https://www.heise.de/meldung/Veroeffentlichter-Boot-Exploit-knackt-alle-Nin… ∗∗∗ Fake-Support per Telefon: Microsoft meldet Zunahme von Betrugsfällen ∗∗∗ --------------------------------------------- Offenbar ist es ein lohnendes Geschäft, sich als angeblicher Windows-Support-Mitarbeiter Remote-Zugriff auf fremde Rechner zu verschaffen: Jüngst veröffentlichte Zahlen dokumentieren eine starke Zunahme von "Tech Support Scam" im Jahr 2017. --------------------------------------------- https://www.heise.de/meldung/Fake-Support-per-Telefon-Microsoft-meldet-Zuna… ∗∗∗ Cryptomining Campaign Returns Coal and Not Diamond ∗∗∗ --------------------------------------------- Executive summarySoon after a launch of a new cryptocurrency, Bitvote, in January, Talos discovered a new mining campaign affecting systems in India, Indonesia, Vietnam and several other countries that were tied to Bitvote. Apart from the fact that the attackers have chosen to target the new bitcoin fork in order to gain the early adoption advantage, this .. --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/5RBkUbicJr4/cryptomining… ∗∗∗ Sednit update: Analysis of Zebrocy ∗∗∗ --------------------------------------------- Zebrocy heavily used by the Sednit group over last two years The post Sednit update: Analysis of Zebrocy appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy ∗∗∗ Angebliche Sicherheits-App der Erste Bank und Sparkasse ist schädlich! ∗∗∗ --------------------------------------------- Betrüger fälschen eine Erste Bank und Sparkasse-Nachricht und versenden diese massenhaft. In der Nachricht wird behauptet, dass das Bankkonto des/der Empfänger/in eingeschränkt werden musste und zur weiteren Nutzung die Installation einer Sicherheits-App nötig sei. Doch Vorsicht: es handelt sich bei der E-Mail um Phishing und .. --------------------------------------------- https://www.watchlist-internet.at/news/angebliche-sicherheits-app-der-erste… ∗∗∗ Drupal 7 and 8 core critical release on April 25th, 2018 PSA-2018-003 ∗∗∗ --------------------------------------------- There will be a security release of Drupal 7.x, 8.4.x, and 8.5.x on April 25th, 2018 between 16:00 - 18:00 UTC. This PSA is to notify that the Drupal core release is outside of the regular schedule of security releases. For all security updates, the Drupal Security Team urges you to reserve time for core updates at that time because there is some risk .. --------------------------------------------- https://www.drupal.org/psa-2018-003 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100 percent utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal software .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Wireless LAN Controller Default Simple Network Management Protocol Community Strings ∗∗∗ --------------------------------------------- With new installations of Cisco Wireless LAN Controller Software, the installation scripts create default communities for Simple Network Management Protocol (SNMP) Version 2 (SNMPv2) and a default username for SNMP Version 3 (SNMPv3), both allowing for read and write access. As documented in the Cisco Wireless LAN Controller Configuration Best Practices .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Reflected Cross-Site Scripting in Zyxel Zywall ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/reflected-cross-site-scripti… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.04.2018
by Daily end-of-shift report 23 Apr '18

23 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-04-2018 18:00 − Montag 23-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Datenleck bei Sicherheitskonferenz ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in der App zur RSA Sicherheitskonferenz ermöglichte es, die Namen von Konferenzteilnehmern auszulesen. --------------------------------------------- https://futurezone.at/digital-life/datenleck-bei-sicherheitskonferenz/40002… ∗∗∗ UMCI: Project Zero veröffentlicht Windows-10-Sicherheitslücke ∗∗∗ --------------------------------------------- Wieder einmal haben sich Google und Microsoft über die Veröffentlichung einer Sicherheitslücke gestritten. Der Fehler in .Net ermöglicht es einem Angreifer, trotz enger Beschränkungen Code unter Windows 10 S oder auf UMCI-Systemen auszuführen. (Project Zero, Google) --------------------------------------------- https://www.golem.de/news/umci-project-zero-veroeffentlicht-windows-10-sich… ∗∗∗ Chinese web giant finds Windows zero-day, stays shtum on specifics ∗∗∗ --------------------------------------------- Quihoo 360 plays the responsible disclosure game Chinese company Quihoo 360 says its found a Windows zero-day in the wild, but because its notified Microsoft, its not telling anyone else how it works. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/04/23/quihoo_360_… ∗∗∗ Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant ∗∗∗ --------------------------------------------- We came across a new version of a cryptocurrency-mining RETADUP worm (detected by Trend Micro as WORM_RETADUP.G) through feedback from our managed detection and response-related monitoring. This new variant is coded in AutoHotKey, an open-source scripting language used in Windows for creating hotkeys (i.e., keyboard shortcuts, macros, software automation). AutoHotKey is relatively similar to the script automation utility AutoIt, from which RETADUP’s earlier variants were based on and used [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/3PgT2t0-HwE/ ∗∗∗ Loading Kernel Shellcode ∗∗∗ --------------------------------------------- In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around packing or obfuscation and quickly identify the structures, system routines, and processes that a kernel shellcode sample is accessing. This post begins a series centered on kernel software analysis, and [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcod… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gunicorn, libreoffice, libsdl2-image, ruby1.8, and ruby1.9.1), Fedora (java-1.8.0-openjdk, jgraphx, memcached, nghttp2, perl, perl-Module-CoreList, and roundcubemail), Gentoo (clamav, librelp, mbedtls, quagga, tenshi, and unadf), Mageia (freeplane, libcdio, libtiff, thunderbird, and zsh), openSUSE (cfitsio, chromium, mbedtls, and nextcloud), and Red Hat (chromium-browser, kernel, and rh-perl524-perl). --------------------------------------------- https://lwn.net/Articles/752544/ ∗∗∗ FortiClient insecure VPN credential storage and encryption ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-214 ∗∗∗ IBM Security Bulletin: IBM Content Manager Enterprise Edition Resource Manager is affected by a Remote Code Execution Cross-site Scripting vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=swg22014917 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affect IBM Cloud Application Performance Management Private 8.1.4. and IBM Cloud Application Performance Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015278 ∗∗∗ Multiple Stored XSS Vulnerabilities in WSO2 Carbon and WSO2 Dashboard Server ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-stored-xss-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.04.2018
by Daily end-of-shift report 20 Apr '18

20 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-04-2018 18:00 − Freitag 20-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Patschn am Patscherkofel ∗∗∗ --------------------------------------------- Nachdem einige Medien über einen Vorfall berichten, bei dem auch wir involviert waren, will ich hier ein paar Fakten klarstellen: Wir bekommen immer wieder von Researchern - und da ist die "Internetwache" nur einer unter vielen - Hinweise zu konkreten Sicherheitsproblemen im österreichischen Internet. Unsere Rolle hier ist, diese Meldungen (auf Wunsch anonymisiert) an die Betroffenen weiterzuleiten und dort für die entsprechende [...] --------------------------------------------- http://www.cert.at/services/blog/20180420131015-2180.html ∗∗∗ Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training ∗∗∗ --------------------------------------------- Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable. --------------------------------------------- https://www.darkreading.com/careers-and-people/firms-more-likely-to-tempt-s… ∗∗∗ First Public Demo of Data Breach via IoT Hack Comes to RSAC ∗∗∗ --------------------------------------------- At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools. --------------------------------------------- https://www.darkreading.com/vulnerabilities---threats/first-public-demo-of-… ∗∗∗ Doctor Web: a Trojan on Google Play subscribes users to paid services ∗∗∗ --------------------------------------------- April 16, 2018 Doctor Web virus analysts have detected a Trojan Android.Click.245.origin on Google Play. When ordered by cybercriminals, it loads websites where users are tricked into subscribing to paid content services. In some cases the subscription is executed automatically when users click on a fake "download program" button. Cybercriminals distributed Android.Click.245.origin on behalf of developer Roman Zencov and disguised the Trojan as popular applications. --------------------------------------------- https://news.drweb.com/show/?i=12540&lng=en&c=9 ∗∗∗ Introducing Windows Defender System Guard runtime attestation ∗∗∗ --------------------------------------------- At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware. Windows Defender System Guard runtime attestation, a new Windows platform security technology, fills this need. In Windows 10 Fall Creators Update, we reorganized all system [...] --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-win… ∗∗∗ NCSC publishes factsheet on considerations and preconditions for the deployment of TLS interception ∗∗∗ --------------------------------------------- TLS interception makes encrypted connections within the network of an organisation accessible for inspection. The use of this technical measure should be carefully considered in the light of additional risks and should meet a number of important preconditions. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-on… ∗∗∗ Botnet Muhstik is Actively Exploiting Drupal CVE-2018-7600 in a Worm Style ∗∗∗ --------------------------------------------- On March 28, 2018, drupal released a patch for CVE-2018-7600. Drupal is an open-source content management system written in PHP, quite popular in many sites to provide web service. This vulnerability exists in multiple drupal versions, which may be exploited by an attacker to take full control of the target. --------------------------------------------- http://blog.netlab.360.com/botnet-muhstik-is-actively-exploiting-drupal-cve… ∗∗∗ XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing ∗∗∗ --------------------------------------------- We have been detecting a new wave of network attacks since early March, which, for now, are targeting Japan, Korea, China, Taiwan, and Hong Kong. The attacks use Domain Name System (DNS) cache poisoning/DNS spoofing, possibly through infringement techniques such as brute-force or dictionary attacks, to distribute and install malicious Android apps. Trend Micro detects these as ANDROIDOS_XLOADER.HRX. These malware pose as legitimate Facebook or Chrome applications. They are distributed from [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/a9ANfAHCd0c/ ∗∗∗ iPhone-Unlock-Tool GrayKey: Apple streicht Gegenmittel aus iOS 11.3 ∗∗∗ --------------------------------------------- iOS 11.3 sollte es eigentlich schwerer machen, iPhone-Daten über eine Kabelverbindung auszulesen. Die wichtige Sicherheitsfunktion fehlt jedoch in der finalen Fassung, sodass sich Entsperr-Tools wie GrayKey offenbar weiter ungehindert einsetzen lassen. --------------------------------------------- https://www.heise.de/-4027793 ∗∗∗ Android: Google Safe Browsing schützt nun auch WebView in Apps ∗∗∗ --------------------------------------------- Google Safe Browsing schützt Chrome-Nutzer vor schädlichen Webseiten, Malware und Phishing-Attacken. Künftig ist der Schutzmechanismus auch in Android-WebView standardmäßig aktiv. --------------------------------------------- https://www.heise.de/-4028504 ∗∗∗ When BEC scammers specialize ∗∗∗ --------------------------------------------- A group of BEC scammers has been focusing its efforts on the global maritime shipping industry, compromising emails accounts and attempting to trick targets into delivering considerable sums to bank accounts set up by the group. Secureworks researchers have been tracking the group's activities for quite a while and have been warning the targets. They estimate that between June 2017 and January 2018, the scammers attempted to steal a minimum of $3.9 million U.S. dollars [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/04/20/bec-scammers-specialize/ ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC WinCC OA Operator IOS App ∗∗∗ --------------------------------------------- This advisory includes mitigations for a file and directory information exposure vulnerability identified in the Siemens WinCC OA iOS App. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-109-01 ∗∗∗ Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Login screen of the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2018-0010 ∗∗∗ --------------------------------------------- Horizon DaaS update addresses a broken authentication issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0010.html ∗∗∗ Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader ∗∗∗ --------------------------------------------- Talos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Update to the current version of Foxit PDF Reader. --------------------------------------------- https://blog.talosintelligence.com/2018/04/multiple-vulns-foxit-pdf-reader.… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libreoffice and mysql-5.5), Fedora (corosync), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), and Ubuntu (openssl). --------------------------------------------- https://lwn.net/Articles/752405/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.04.2018
by Daily end-of-shift report 19 Apr '18

19 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-04-2018 18:00 − Donnerstag 19-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Data Firm Left Profiles of 48 Million Users on a Publicly Accessible AWS Server ∗∗∗ --------------------------------------------- LocalBlox, a company that scrapes data from public web profiles, has left the details of over 48 million users on a publicly accessible Amazon Web Services (AWS) S3 bucket, according to an UpGuard security researcher who discovered the data on February 28, this year. --------------------------------------------- https://www.bleepingcomputer.com/news/security/data-firm-left-profiles-of-4… ∗∗∗ Relieve Stress Paint Tool: Mal-Malware kopiert Facebook-Zugangsdaten ∗∗∗ --------------------------------------------- Eine Malware tarnt sich mit gefälschten Unicode-Domains und sucht gezielt nach Facebook-Zugangsdaten. Nutzern wird hingegen ein Anti-Stress-Malprogramm versprochen. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/relieve-stress-paint-tool-mal-malware-kopiert-fac… ∗∗∗ Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege ∗∗∗ --------------------------------------------- Previously I presented a technique to exploit arbitrary directory creation vulnerabilities on Windows to give you read access to any file on the system. In the upcoming Spring Creators Update (RS4) the abuse of mount points to link to files as I exploited in the previous blog post has been remediated. This is an example of a long term security benefit from detailing how vulnerabilities might be exploited, giving a developer an incentive to find ways of [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-… ∗∗∗ Trustjacking exploit abuses iTunes feature to spy on iOS devices ∗∗∗ --------------------------------------------- Researchers presenting at RSA 2018 on Wednesday disclosed how attackers can gain persistent remote control over iOS devices by abusing a weakness in iTunes Wi-Fi sync, a feature that allows users to sync up iTunes content and data between Apple devices. --------------------------------------------- https://www.scmagazine.com/trustjacking-exploit-abuses-itunes-feature-to-sp… ∗∗∗ From Baidu to Google's Open Redirects ∗∗∗ --------------------------------------------- Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn't last long. Soon after the publication of that article, the bad actors changed the links to use compromised third-party sites and a couple of day later they began using Google's goo.gl URL shortening service. This is a snippet from their decoded script: The Redirect Chain If you check Google's own information about that [...] --------------------------------------------- https://blog.sucuri.net/2018/04/from-baidu-to-googles-open-redirects.html ∗∗∗ Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts ∗∗∗ --------------------------------------------- Science-fiction horror trope now a reality in 2018 Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/04/18/boffins_bre… ∗∗∗ New paper: Powering the distribution of Tesla stealer with PowerShell and VBA macros ∗∗∗ --------------------------------------------- Since their return four years ago, Office macros have been one of the most common ways to spread malware. Today, we publish a research paper which looks in detail at a campaign in which VBA macros are used to execute PowerShell code, which in turn downloads the Tesla information-stealing trojan. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/04/new-paper-powering-distribut… ∗∗∗ Microsoft veröffentlicht "Windows Defender" als Chrome-Erweiterung ∗∗∗ --------------------------------------------- Microsoft hat seinen Echtzeitschutz als Chrome-Erweiterung veröffentlicht: Die "Windows Defender Browser Protection" verspricht "besseren Schutz" vor betrügerischen Phishing-Seiten und Malware. --------------------------------------------- https://heise.de/-4027458 ∗∗∗ Sicherheitsupdates: Flash-Datei kann Ciscos WebEx Client kompromittieren ∗∗∗ --------------------------------------------- Cisco hat zahlreiches Patches veröffentlicht und schließt mitunter kritische Sicherheitslücken. Zudem geben sie Tipps, wie Admins Netzwerke absichern sollten. --------------------------------------------- https://www.heise.de/-4027370 ∗∗∗ Gefälschte UPC-Phishingmail im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte UPC-Nachricht. Darin erklären sie, dass das E-Mailkonto von Kund/innen gesperrt worden sei. Damit diese es weiterhin nützen können, sollen sie eine externe Website aufrufen und ihre persönlichen Zugangsdaten bekannt geben. Konsument/innen, die der Aufforderung nachkommen, übermitteln ihr UPC-Passwort an Datendiebe. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-upc-phishingmail-im-umla… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2018-003 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). --------------------------------------------- https://www.drupal.org/sa-core-2018-003 ∗∗∗ Display Suite - Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019 ∗∗∗ --------------------------------------------- Project: Display SuiteVersion: 7.x-2.147.x-1.9Date: 2018-April-18Security risk: Critical 17∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross site scripting (XSS)Description: Display Suite allows you to take full control over how your content is displayed using a drag and drop interface. The module doesnt sufficiently validate view modes provided dynamically via URLs leading to a reflected cross site scripting (XSS) attack. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-019 ∗∗∗ PMASA-2018-2 ∗∗∗ --------------------------------------------- CSRF vulnerability allowing arbitrary SQL executionAffected VersionsVersion 4.8.0 is affectedCVE ID(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188, uCVE-2018-10188) --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2018-2/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (opencv and wireshark), Fedora (corosync and pcs), Oracle (firefox, kernel, libvncserver, and libvorbis), Slackware (gd), SUSE (kernel), and Ubuntu (apache2). --------------------------------------------- https://lwn.net/Articles/752324/ ∗∗∗ Cisco WebEx Connect IM Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Clients Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Shell Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015077 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by an Apache HTTP Server vulnerability (CVE-2014-0226) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015233 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for IBM Cloud January 2018 CPU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015289 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud January 2018 CPU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015290 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027494 ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability affects IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for Unix (CVE-2017-3737) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013612 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the GSKit component of IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015424 ∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a memory leak in pubsub (CVE-2017-1786) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013023 ∗∗∗ IBM Security Bulletin: Vulnerability affects Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console and Watson Content Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011118 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015635 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Impact IBM Predictive Insights ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015539 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.04.2018
by Daily end-of-shift report 18 Apr '18

18 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-04-2018 18:00 − Mittwoch 18-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Android: Google integriert sichere DNS-Abfrage in Android P ∗∗∗ --------------------------------------------- In der kommenden Android-Version mit dem Anfangsbuchstaben P führt Google DNS over TLS ein. Damit würden DNS-Abfragen über einen sicheren Kanal erfolgen. Nutzer können in den Einstellungen auch einen eigenen Hostnamen eingeben oder die Funktion abstellen. --------------------------------------------- https://www.golem.de/news/android-google-integriert-sichere-dns-abfrage-in-… ∗∗∗ Leaking ads ∗∗∗ --------------------------------------------- We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relehttps://www.heise.de/security/meldung/Critical-Patch-Update-Oracle-will-mit-254-Updates-die-Sicherheit-steigern-4026726.htmlvant ads, but often fail to protect that data when sending it to their servers. --------------------------------------------- http://securelist.com/leaking-ads/85239/ ∗∗∗ Malicious Activities with Google Tag Manager ∗∗∗ --------------------------------------------- If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say "yes" or even "absolutely". But when malicious behavior ensues, everything should be double-checked and suspected, even assets that come from "trusted sources" like Google, Facebook, and Youtube. In the past, we saw how adsense was abused with a malvertising campaign. Even more recently, we saw how attackers injected malware that called [...] --------------------------------------------- https://blog.sucuri.net/2018/04/malicious-activities-google-tag-manager.html ∗∗∗ Critical Patch Update: Oracle will mit 254 Updates die Sicherheit steigern ∗∗∗ --------------------------------------------- Oracle hangelt sich durch sein Software-Portfolio und schließt zum Teil äußerst kritische Sicherheitslücken. Admins sollten jetzt handeln. --------------------------------------------- https://heise.de/-4026726 ∗∗∗ Chrome 66 warnt vor Webseiten mit Symantec-Zertifikaten ∗∗∗ --------------------------------------------- Die aktuelle Version des Webbrowser Chrome vertraut ab sofort einigen TLS-Zertifikaten von Symantec nicht mehr. Das ist ein weiterer Schritt von Google gegen die Zertifizierungsstelle. --------------------------------------------- https://www.heise.de/-4026854 ∗∗∗ Erpressungstrojaner XiaoBa verwandelt sich in Krypto-Miner ∗∗∗ --------------------------------------------- Die Malware-Autoren des Verschlüsselungstrojaners XiaoBa schwenken um und wollen statt der Erpressung von Lösegeld nun Kryptogeld auf infizierten Computern schürfen. Doch dabei läuft noch nicht alles rund. --------------------------------------------- https://www.heise.de/-4026455 ∗∗∗ Cryptominers displace ransomware as the number one threat ∗∗∗ --------------------------------------------- During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware as the number one threat, Comodo's Global Malware Report Q1 2018 has found. Another surprising finding: Altcoin Monero became the leading target for cryptominers' malware, replacing Bitcoin. The surge of cryptominers For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users' computers to mine cryptocurrencies --------------------------------------------- https://www.helpnetsecurity.com/2018/04/18/q1-2018-malware-trends/ ∗∗∗ PBot: a Python-based adware ∗∗∗ --------------------------------------------- Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/04/pbot-python-based-adw… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freeplane and jruby), Fedora (kernel and python-bleach), Gentoo (evince, gdk-pixbuf, and ncurses), openSUSE (kernel), Oracle (gcc, glibc, kernel, krb5, ntp, openssh, openssl, policycoreutils, qemu-kvm, and xdg-user-dirs), Red Hat (corosync, glusterfs, kernel, and kernel-rt), SUSE (openssl), and Ubuntu (openssl and perl). --------------------------------------------- https://lwn.net/Articles/752183/ ∗∗∗ Abbott Laboratories Defibrillator ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and improper restriction of power consumption vulnerabilities identified in Abbott Laboratories defibrillators. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-107-01 ∗∗∗ Schneider Electric Triconex Tricon ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer vulnerabilities in Schneider Electrics Triconex Tricon safety instrumented system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02 ∗∗∗ Rockwell Automation Stratix Services Router ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation, improper restriction of operations, and use of externally-controlled format string vulnerabilities in the Rockwell Automation Stratix 5900 router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 ∗∗∗ Rockwell Automation Stratix and ArmorStratix Switches ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper improper input validation, resource management, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Allen-Bradley Stratix and ArmorStratix Switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 ∗∗∗ Rockwell Automation Stratix Industrial Managed Ethernet Switch ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper imput validation, resource managment, 7PK, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Stratix Industrial Managed Switch. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Inputhub Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180418-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily