- Daily - CERT.at

Tageszusammenfassung - 17.04.2018
by Daily end-of-shift report 17 Apr '18

17 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 16-04-2018 18:00 − Dienstag 17-04-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Cisco Best Practices to Harden Devices Against Cyber Attacks Targeting Network Infrastructure ∗∗∗ --------------------------------------------- Cisco is aware of the recent joint technical alert from US-CERT (TA18-106A) that details known issues which require customers take steps to protect their networks against cyber-attacks. Providing transparency and guidance to help customers best protect their network is a top priority. Cisco security teams have been actively informing customers about the .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Wichtige Sicherheitsupdates für VMware vRealize Automation ∗∗∗ --------------------------------------------- Aktualisierte Versionen von vRealize Automation schließen mehrere Sicherheitslücken. Davon gilt keine als kritisch. --------------------------------------------- https://www.heise.de/meldung/Wichtige-Sicherheitsupdates-fuer-VMware-vReali… ∗∗∗ Kreditkartenklau, DDoS-Angriffe: Facebook löscht 117 Cybercrime-Gruppen ∗∗∗ --------------------------------------------- Von Forscher gemeldet – Waren teils seit vielen Jahren aktiv, größter Auftritt hatte 47.000 Mitglieder --------------------------------------------- http://derstandard.at/2000078122065 ===================== = Vulnerabilities = ===================== ∗∗∗ 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - MMS Path Traversal ∗∗∗ --------------------------------------------- 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - MMS Path Traversal --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS758878&LanguageC… ∗∗∗ 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - Weak Database Encryption ∗∗∗ --------------------------------------------- 2018-04-17: Vulnerability in Relion® 630 series version 1.3 and earlier - Weak Database Encryption --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS758877&LanguageC… ∗∗∗ SSA-845879 (Last Update: 2018-04-17): Firmware Downgrade Vulnerability in EN100 Ethernet Communication Module for SIPROTEC 4, SIPROTEC Compact and Reyrolle ∗∗∗ --------------------------------------------- The EN100 Ethernet communication module, which is an optional extension for SIPROTEC 4, SIPROTEC Compact and Reyrolle devices, allows an unauthenticated upload of firmware updates to the communication module in affected versions.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf ∗∗∗ SSA-203306 (Last Update: 2018-04-17): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families ∗∗∗ --------------------------------------------- SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf ∗∗∗ IBM Security Bulletin: IBM i is affected by DHCP vulnerabilities CVE-2018-5732 and CVE-2018-5733. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022543 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015105 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from PHP. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015535 ∗∗∗ IBM Security Bulletin: Security vulnerability affects IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015454 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.04.2018
by Daily end-of-shift report 16 Apr '18

16 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-04-2018 18:00 − Montag 16-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ CVE-2018-7600: Kritische Drupal-Lücke wird ausgenutzt ∗∗∗ --------------------------------------------- Wer seine Drupal-Installation noch nicht gepatcht hat, soll dies spätestens jetzt nachholen. Nach der Veröffentlichung weiterer Details und einem auf Twitter zirkulierenden Exploit-Code wurden erste Angriffe beobachtet. (Drupal, CMS) --------------------------------------------- https://www.golem.de/news/cve-2018-7600-kritische-drupal-luecke-wird-ausgen… ∗∗∗ The March/April 2018 issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- The topics covered in this report are: - The dark side of the Data Force: Facebook, Cambridge Analytica, and the pressing question of who is using whose data for what - News from the world of state trojans: Microsoft’s analysis of FinFisher - Russian APT28 hackers’ month-long infiltration of the computer network of Germany’s federal government - Bitcoin bounty or close encounter: bizarre side-effects of cryptomining The Security Report is available in both English and German. --------------------------------------------- https://securityblog.switch.ch/2018/04/16/switch-security-report-201802/ ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Advanced Secure Gateway (ASG), ProxySG: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Zwei Schwachstellen in Symantec Advanced Secure Gateway (ASG) und ProxySG ermöglichen einem einfach authentifizierten Angreifer im benachbarten Netzwerk die Durchführung von Cross-Site-Scripting (XSS)-Angriffen und das Umgehen von Sicherheitsvorkehrungen. Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine weitere Schwachstelle zu Denial-of-Service (DoS)-Angriffen ausnutzen. Diese Schwachstellen können nur über die Management-Konsole von ASG und ProxySG ausgenutzt werden. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0705/ ∗∗∗ Schwachstelle in Intels SPI-Flash: Erste Firmware-Updates veröffentlicht ∗∗∗ --------------------------------------------- Ein Sicherheitsproblem in Intel-Chipsätzen ermöglicht lokalen Angreifern Firmware-Manipulationen bis hin zum Denial-of-Service. Als erster Hersteller stellt nun Lenovo BIOS/UEFI-Updates bereit. --------------------------------------------- https://heise.de/-4024853 ∗∗∗ Micro Focus Universal Configuration Management Database Lets Local Users Gain Elevated Privileges ∗∗∗ --------------------------------------------- A vulnerability was reported in Micro Focus Universal Configuration Management Database (UCMDB). A local user can obtain elevated privileges on the target system. A local user can exploit an installation file access control flaw to gain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1040680 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-openssl and zsh), Debian (patch, perl, ruby-loofah, squirrelmail, tiff, and tiff3), Fedora (gnupg2), Gentoo (go), Mageia (firefox, flash-player-plugin, nxagent, puppet, python-paramiko, samba, and thunderbird), Red Hat (flash-plugin), Scientific Linux (python-paramiko), and Ubuntu (patch, perl, and ruby). --------------------------------------------- https://lwn.net/Articles/751947/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015421 ∗∗∗ OpenSSL vulnerability CVE-2018-0739 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K08044291 ∗∗∗ Apache Tomcat vulnerability CVE-2018-1305 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32051722 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.04.2018
by Daily end-of-shift report 13 Apr '18

13 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-04-2018 18:00 − Freitag 13-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code ∗∗∗ --------------------------------------------- The exploitation of a very dangerous Drupal vulnerability has started after the publication of proof-of-concept (PoC) code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploitation-of-drupalgeddon… ∗∗∗ "Early Bird" Code Injection Technique Helps Malware Stay Undetected ∗∗∗ --------------------------------------------- Security researchers have discovered at least three malware strains using a new code injection technique that allowed them to avoid antivirus detection. --------------------------------------------- https://www.bleepingcomputer.com/news/security/early-bird-code-injection-te… ∗∗∗ Office Macros ∗∗∗ --------------------------------------------- Eine kleine Bemerkung aus aktuellem Anlass: Ich hab gestern mal wieder meinen üblichen Vortrag zum Thema "Bedrohungslage" gehalten, und dabei auch - wie immer - erwähnt, dass Office-Macros gefährlich sind und eingeschränkt werden müssen. Im Publikum war klar zu erkennen, dass einige das bei sich nicht machen können. Verständlich, weil in so manchen Firmen wichtige Geschäftsprozesse als Excel-Macros implementiert [...] --------------------------------------------- http://www.cert.at/services/blog/20180413094624-2176.html ∗∗∗ Thousands of WP, Joomla and SquareSpace sites serving malicious updates ∗∗∗ --------------------------------------------- Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been going on since at least December 2017 and has been gaining steam. The malicious actors are injecting JavaScript that triggers the download requests into the content management systems' JavaScript files or directly into the sites' homepage. --------------------------------------------- https://www.helpnetsecurity.com/2018/04/13/wp-joomla-squarespace-malicious-… ∗∗∗ Android-Hersteller belügen Nutzer bei Sicherheits-Updates ∗∗∗ --------------------------------------------- Bis auf Google liefert niemand wirklich alle Patches aus – Samsung patzt manchmal, OnePlus, LG und Co. regelmäßig --------------------------------------------- http://derstandard.at/2000077842490 ∗∗∗ Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers ∗∗∗ --------------------------------------------- https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan… ===================== = Vulnerabilities = ===================== ∗∗∗ Yokogawa CENTUM and Exaopc ∗∗∗ --------------------------------------------- This advisory includes mitigations for a permissions, privileges, and access controls vulnerability in the Yokogawa CENTUM series and Exaopc products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01 ∗∗∗ Oracle Critical Patch Update Pre-Release Announcement - April 2018 ∗∗∗ --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2018, which will be released on Tuesday, April 17, 2018. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html ∗∗∗ VMSA-2018-0009 ∗∗∗ --------------------------------------------- vRealize Automation updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0009.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache), openSUSE (libvirt, openssl, policycoreutils, and zziplib), Oracle (firefox and python-paramiko), and Red Hat (python-paramiko). --------------------------------------------- https://lwn.net/Articles/751780/ ∗∗∗ Bugtraq: [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541942 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014440 ∗∗∗ IBM Security Bulletin: IBM MQ clients connecting to an MQ queue manager can cause a SIGSEGV in the amqrmppa channel process terminating it. (CVE-2018-1371) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012983 ∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities which is used by IBM PureApplication Systems/Service (CVE-2017-3736 CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014945 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015346 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by privilege escalation vulnerability in WebSphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015034 ∗∗∗ IBM Security Bulletin: Content Collector for Email affected by information disclosure vulnerability in Websphere Application Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015032 ∗∗∗ BIG-IP TMM vulnerability CVE-2018-5510 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77671456 ∗∗∗ BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05263202 ∗∗∗ BIG-IP PEM vulnerability CVE-2018-5508 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10329515 ∗∗∗ BIG-IP SOCKS proxy vulnerability CVE-2017-6148 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55225440 ∗∗∗ vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52521791 ∗∗∗ Apache vulnerability CVE-2018-5506 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65355492 ∗∗∗ TMUI vulnerability CVE-2018-5511 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30500703 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6158 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19361245 ∗∗∗ TMM vulnerability CVE-2017-6155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10930474 ∗∗∗ IP Intelligence Feed List vulnerability CVE-2017-6143 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11464209 ∗∗∗ cURL and libcurl vulnerability CVE-2018-1000120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K22052524 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.04.2018
by Daily end-of-shift report 12 Apr '18

12 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-04-2018 18:00 − Donnerstag 12-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali ∗∗∗ --------------------------------------------- In this article, we will be focusing on the Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK files. --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ∗∗∗ APT Trends report Q1 2018 ∗∗∗ --------------------------------------------- In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. --------------------------------------------- http://securelist.com/apt-trends-report-q1-2018/85280/ ∗∗∗ New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection ∗∗∗ --------------------------------------------- Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. --------------------------------------------- http://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-e… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities ∗∗∗ --------------------------------------------- Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog ... --------------------------------------------- http://blog.talosintelligence.com/2018/04/simple-direct-media-layer-vulnera… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (poppler), Fedora (koji and libofx), Gentoo (adobe-flash), Oracle (kernel), Red Hat (qemu-kvm-rhev and sensu), and Scientific Linux (firefox). --------------------------------------------- https://lwn.net/Articles/751668/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013955 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in the Apache Portal Runtime (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014874 ∗∗∗ IBM Security Bulletin: Security vulnerability has been identified in IBM Spectrum Scale which is used by IBM PureApplication Systems/Service (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015239 ∗∗∗ IBM Security Bulletin: IBM Cloud Manager is affected by a OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015344 ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014914 ∗∗∗ JSA10844 - 2018-04 Security Bulletin: Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&actp=RSS ∗∗∗ JSA10845 - 2018-04 Security Bulletin: SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&actp=RSS ∗∗∗ JSA10846 - 2018-04 Security Bulletin: SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies. (CVE-2018-0018) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&actp=RSS ∗∗∗ JSA10847 - 2018-04 Security Bulletin: Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&actp=RSS ∗∗∗ JSA10848 - 2018-04 Security Bulletin: Junos OS: rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&actp=RSS ∗∗∗ JSA10850 - 2018-04 Security Bulletin: NorthStar: Return Of Bleichenbachers Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&actp=RSS ∗∗∗ JSA10851 - 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851&actp=RSS ∗∗∗ JSA10852 - 2018-04 Security Bulletin: Junos OS: Multiple vulnerabilities in stunnel ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&actp=RSS ∗∗∗ JSA10853 - 2018-04 Security Bulletin: NSM Appliance: Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10853&actp=RSS ∗∗∗ Apache HTTPD vulnerability CVE-2018-1301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78131906 ∗∗∗ OpenSSH vulnerability CVE-2016-10708 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32485746 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.04.2018
by Daily end-of-shift report 11 Apr '18

11 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-04-2018 18:00 − Mittwoch 11-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Penetration Tools Walkthrough Series: Apktool ∗∗∗ --------------------------------------------- In this article, we will look at the step by step procedure to setup utility called “Apktool” and its usage in android application penetration testing. Introduction Apktool is a utility that can be used for reverse engineering Android applications resources (APK). --------------------------------------------- http://resources.infosecinstitute.com/android-penetration-tools-walkthrough… ===================== = Vulnerabilities = ===================== ∗∗∗ Patchday: Microsoft kümmert sich um mehr als 60 Lücken in Windows & Co. ∗∗∗ --------------------------------------------- Über Windows Update stehen Sicherheitsptaches bereit. Unter anderem schließen diese eine Lücke, über die Angreifer ein Wireless Keyboard in einen Keylogger verwandeln könnten. --------------------------------------------- https://heise.de/-4016580 ∗∗∗ Sicherheitsforscher: Intel-Modem macht neue iPhones für Schadcode anfällig ∗∗∗ --------------------------------------------- Eine Schwachstelle in Baseband-Prozessoren von Intel erlaubt versierten Angreifern das Einschleusen von Schadcode über das Mobilfunknetz. Betroffen sind laut Sicherheitsforschern neue iPhones bis hin zum iPhone X – iOS 11.3 schließt die Lücke. --------------------------------------------- https://heise.de/-4015828 ∗∗∗ AMD-Prozessoren bekommen Windows-10-Update gegen Spectre-V2-Lücke ∗∗∗ --------------------------------------------- Eine Kombination aus einem Windows-Update mit BIOS-Updates für Mainboards soll Windows-10-Rechner mit AMD-Prozessoren ab der 2011 vorgestellten Bulldozer-Generation schützen. --------------------------------------------- https://heise.de/-4016546 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (pcs), Fedora (drupal7), openSUSE (git and mercurial), Red Hat (firefox and qemu-kvm-rhev), SUSE (libvirt and xen), and Ubuntu (patch). --------------------------------------------- https://lwn.net/Articles/751548/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of PEM Module in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Invalid Memory Access Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ Security Advisory - Information Leak Vulnerability in the NFC Module of Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180411-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache Commons FileUpload vulnerability (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015184 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere MQ 5.3 and MQ 8 for HPE NonStop Server (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014367 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an OpenLDAP vulnerability (CVE-2017-9287) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014873 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by glibc vulnerabilities (CVE-2015-8779, CVE-2015-8776) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014870 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Service Quality Manager is affected by an Open Source Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015185 ∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012660 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by vulnerabilities in the wget package (CVE-2017-13090, CVE-2017-13089) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013885 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013851 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.04.2018
by Daily end-of-shift report 10 Apr '18

10 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Montag 09-04-2018 18:00 − Dienstag 10-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II ∗∗∗ --------------------------------------------- In the previous article "Advanced Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I," we discussed the advanced threat and common strategies that security professionals practice during targeted attacks in a windows infrastructure, using legitimate binaries. We also learned about the techniques to identify Spawned Processes with the help of the windows [...] --------------------------------------------- http://resources.infosecinstitute.com/advance-persistent-threat-lateral-mov… ∗∗∗ Entwickler warnt vor iOS-Angriffen über Kontakt-Berechtigungen ∗∗∗ --------------------------------------------- Apple unterscheidet aktuell nicht zwischen dem Schreiben und Lesen von Kontakten, wenn Nutzer Apps die Zugriffserlaubnis erteilen. Ein Entwickler schildert nun ein mögliches Szenario zum Abgreifen von Passwörtern. --------------------------------------------- https://heise.de/-4014136 ∗∗∗ Jetzt patchen! Angriffe auf Flash Player leichtgemacht ∗∗∗ --------------------------------------------- Derzeit sind vermehrt Exploits im Umlauf, die es auf eine Lücke in Adobes Flash Player abgesehen haben. Ein Sicherheitspatch erschien bereits im Februar. --------------------------------------------- https://www.heise.de/-4014258 ∗∗∗ BSI stellt Entwicklern Prüf-Tool für digitale Zertifikatsketten zur Verfügung ∗∗∗ --------------------------------------------- Software-Anwendungen wie Browser oder E-Mail-Clients und Hardware-Komponenten wie VPN-Gateways, die auf Grund von Programmierfehlern ungültige Zertifikatsketten akzeptieren, stellen ein Sicherheitsrisiko für die authentisierte und vertrauliche Kommunikation über das Internet dar. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) stellt nun ein Prüf-Tool bereit, das Entwickler bei der korrekten Implementierung dieser Zertifikatspfadvalidierung unterstützt. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/pruef_tool_… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-08), Adobe Experience Manager (APSB18-10), Adobe InDesign CC (APSB18-11), Digital Editions (APSB18-13) and the Adobe PhoneGap Push plugin (APSB18-15). Adobe recommends users update their product installations to the latest versions using [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1542 ∗∗∗ Signal Bypass Screen locker ∗∗∗ --------------------------------------------- Signal for iOS, version 2.23.1.1 and prior, is vulnerable to screen lock bypass. The vulnerability, triggered by some click sequence, allows anyone to bypass password and TouchID authentication protections that iOS users can set on their device in order to increase application security and confidentiality. --------------------------------------------- http://nint.en.do/Signal-Bypass-Screen-locker.php ∗∗∗ SAP Security Patch Day - April 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ ∗∗∗ Update: Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Detaillierte Sicherheitshinweise für das Cisco IOS und IOS XE Smart Install Feature verfügbar ∗∗∗ --------------------------------------------- [...] Cisco hat ein Security Advisory mit Informationen zu CVE-2018-0171 und weiteren - teils schon älteren - Sicherheitslücken im Smart Install Feature von Cisco IOS und Cisco IOS XE veröffentlicht. Cisco empfiehlt die Umsetzung der im Advisory angeführten Maßnahmen zur Absicherung betroffener Systeme. --------------------------------------------- http://www.cert.at/warnings/all/20180329-2.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (libvorbis and thunderbird), Debian (pjproject), Fedora (compat-openssl10, java-1.8.0-openjdk-aarch32, libid3tag, python-pip, python3, and python3-docs), Gentoo (ZendFramework), Oracle (thunderbird), Red Hat (ansible, gcc, glibc, golang, kernel, kernel-alt, kernel-rt, krb5, kubernetes, libvncserver, libvorbis, ntp, openssh, openssl, pcs, policycoreutils, qemu-kvm, and xdg-user-dirs), SUSE (openssl and openssl1), and Ubuntu (python-crypto, [...] --------------------------------------------- https://lwn.net/Articles/751454/ ∗∗∗ IBM Security Bulletin: eDiscovery Manager is affected by GSKit and GSKit-Crypto vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014742 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z are affected by a vulnerability. gskit ssl ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013978 ∗∗∗ IBM Security Bulletin: IBM Communications Server for Windows is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015200 ∗∗∗ NTP vulnerability CVE-2018-7185 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04912972 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.04.2018
by Daily end-of-shift report 09 Apr '18

09 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-04-2018 18:00 − Montag 09-04-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ARP Spoofing in 2018: are you protected?, (Mon, Apr 9th) ∗∗∗ --------------------------------------------- This week I was reminded how efficient ARP (Address Resolution Protocol) spoofing attacks might be. A single Android device equipped with offensive tools was enough to fool any device on a network and capture sensitive data. But wait, we are talking about a threat as old as ARP specification from 1982. There arent vulnerable networks to this nowadays, right? Wrong. --------------------------------------------- https://isc.sans.edu/diary/rss/23533 ∗∗∗ Hacked Website Trend Report – 2017 ∗∗∗ --------------------------------------------- We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented stems from the analysis of 34,371 infected websites summarizing the latest trends by bad actors. --------------------------------------------- https://blog.sucuri.net/2018/04/hacked-website-trend-report-2017.html ∗∗∗ The dots do matter: how to scam a Gmail user ∗∗∗ --------------------------------------------- I recently received an email from Netflix which nearly caused caused me to add my card details to someone else’s Netflix account. Here I show that this is a new kind of phishing scam which is enabled by an obscure feature of Gmail called “the dots don’t matter”. I then argue that the dots do matter, and that this Gmail feature is in fact a misfeature. --------------------------------------------- https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-… ∗∗∗ Event Log Auditing, Demystified ∗∗∗ --------------------------------------------- the topic of reviewing event logs has received a fair amount grunts, groans, and questions such as “You honestly expect us to review all of that data?!” or “We have so many systems! Where would we even begin?” or “We already have enough on our plate to worry about!”. Fortunately, the times have changed, and log aggregation has matured over a relatively short amount of time. Its existence alone however is not the complete answer to log auditing woes. --------------------------------------------- https://medium.com/@jeremy.trinka/event-log-auditing-demystified-75b55879f0… ∗∗∗ How to prevent bypassing AppLocker using Alternate Data Streams ∗∗∗ --------------------------------------------- I usually write my blog-posts in german. This one is in english, because Sami Laiho asked me to do a short write-up, to make this problem available to a broader audience. Who is affected and what’s the problem? If you are using AppLocker Application-Whitelisting using Path-Rules with Exceptions you are probably affected. --------------------------------------------- https://hitco.at/blog/howto-prevent-bypassing-applocker-using-alternate-dat… ∗∗∗ Nicht bestellen bei salewaz.top! ∗∗∗ --------------------------------------------- Auf der Website salewaz.top findet man Kleidung und Sportausrüstung der bekannten Marke Salewa. Die Preise der Angebote sind um vieles niedriger als üblich für Salewa-Produkte, weshalb ein Kauf auf den ersten Blick attraktiv erscheint. KonsumentInnen sollten in diesem Shop auf keinen Fall bestellen, denn es handelt sich um betrügerische Anbieter und es wird trotz Bezahlung keine Ware verschickt. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-bei-salewaztop/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure ∗∗∗ --------------------------------------------- Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. --------------------------------------------- http://www.securityfocus.com/archive/1/541931 ∗∗∗ Bugtraq: [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution ∗∗∗ --------------------------------------------- The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. --------------------------------------------- http://www.securityfocus.com/archive/1/541932 ∗∗∗ Authentication Bypass Vulnerability Found in Auth0 Identity Platform ∗∗∗ --------------------------------------------- A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication solutions for a number of platforms including the ability to integrate social media ... --------------------------------------------- https://thehackernews.com/2018/04/auth0-authentication-bypass.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (openssl and zziplib), Debian (ldap-account-manager, ming, python-crypto, sam2p, sdl-image1.2, and squirrelmail), Fedora (bchunk, koji, libidn, librelp, nodejs, and php), Gentoo (curl, dhcp, libvirt, mailx, poppler, qemu, and spice-vdagent), Mageia (389-ds-base, aubio, cfitsio, libvncserver, nmap, and ntp), openSUSE (GraphicsMagick, ImageMagick, spice-gtk, and wireshark), Oracle (kubernetes), Slackware (patch), and SUSE (apache2 and openssl). --------------------------------------------- https://lwn.net/Articles/751346/ ∗∗∗ The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32518458 ∗∗∗ Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180104-01-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022524 ∗∗∗ IBM Security Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027341 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.04.2018
by Daily end-of-shift report 06 Apr '18

06 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-04-2018 18:00 − Freitag 06-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now ∗∗∗ --------------------------------------------- Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. In an [...] --------------------------------------------- https://thehackernews.com/2018/04/spring-framework-hacking.html ∗∗∗ Sicherheitsforscher finden 1,5 Milliarden sensible Daten ∗∗∗ --------------------------------------------- Forscher des IT-Sicherheitsanbieters Digital Shadows haben eigenen Angaben zufolge weltweit rund 1,5 Milliarden Datensätze in falsch konfigurierten und daher frei zugänglichen Online-Speichern gefunden. Darunter befinden sich sensible Informationen wie medizinische Daten, Gehaltsabrechnungen oder Patente. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/news_forscher_fin… ∗∗∗ From PNG tEXt to Persistent XSS ∗∗∗ --------------------------------------------- I was on job for a client and was playing around with various endpoints they have for uploading files. They're really strict on several things and will only accept files with a .PNG extension. In one place, however, you were able to upload files with a .html extension ... score. Well, not really. You're allowed to upload [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/from-png-text-to-persistent-x… ∗∗∗ Warnung vor sportspoort.de ∗∗∗ --------------------------------------------- Der Online-Shop sportspoort.de verkauft günstige Adidas-Schuhe. Es handelt sich um gefälschte Markenware. Konsument/innen können sie ausschließlich über eine unsichere Verbindung mit ihrer Kreditkarte bezahlen. Die Watchlist Internet rät von einem Einkauf auf sportspoort.de ab, denn der Anbieter ist kriminell. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sportspoortde/ ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation MicroLogix ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper authentication vulnerability in the Rockwell MicroLogix Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory includes mitigations for an information exposure vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02 ∗∗∗ LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper check or handling of exceptional conditions vulnerability in LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (sharutils), Fedora (firefox, httpd, and mod_http2), openSUSE (docker-distribution, graphite2, libidn, and postgresql94), Oracle (libvorbis and thunderbird), Red Hat (libvorbis, python-paramiko, and thunderbird), Scientific Linux (libvorbis and thunderbird), SUSE (apache2), and Ubuntu (firefox, linux-lts-xenial, linux-aws, and ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/751146/ ∗∗∗ [local] Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44410/ ∗∗∗ [local] Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44411/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1483) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22015317 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015269 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Insight ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015268 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache commons-fileupload affects IBM Algo One Algo Risk Application (ARA) CVE-2016-1000031 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015340 ∗∗∗ Intel SPI Flash Unsafe Opcodes Lets Local Users Cause Denial of Service Conditions ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040626 ∗∗∗ [R1] SecurityCenter 5.6.2.1 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-03 ∗∗∗ The BIG-IP ASM CSRF token may fail to renew when the original web server renews its session ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K70517410 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.04.2018
by Daily end-of-shift report 05 Apr '18

05 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-04-2018 18:00 − Donnerstag 05-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs ∗∗∗ --------------------------------------------- Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. --------------------------------------------- https://www.bleepingcomputer.com/news/security/intel-tells-users-to-uninsta… ∗∗∗ Natus Neuroworks: Sicherheitslücken in Gehirnscan-Software entdeckt ∗∗∗ --------------------------------------------- Der Scan der Hirnaktivitäten ist nicht gefährdet, das Krankenhaus aber schon: Sicherheitsexperten haben Schwachstellen in der Software von EEG-Geräten gefunden, die es ermöglichen, Code auf dem Gerät auszuführen und sich Zugriff auf das Krankenhausnetz zu verschaffen. (Security, Cisco) --------------------------------------------- https://www.golem.de/news/natus-neuroworks-sicherheitsluecken-in-gehirnscan… ∗∗∗ Apples Dateisystem: APFS-Probleme bleiben bestehen ∗∗∗ --------------------------------------------- Nach dem letzten Problem rund um die Klartextspeicherung von Passwörtern zu verschlüsselten APFS-Datenträgern stellt sich nach weiteren Untersuchungen heraus, dass die Passwörter mit 10.13.4 weiter lesbar sind. Die Passwörter verbleiben auch nach dem Patch in den Logs. (APFS, Apple) --------------------------------------------- https://www.golem.de/news/apples-dateisystem-apfs-probleme-bleiben-bestehen… ∗∗∗ Understanding Code Signing Abuse in Malware Campaigns ∗∗∗ --------------------------------------------- Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/understanding-c… ∗∗∗ Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client ∗∗∗ --------------------------------------------- Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in U.S. CERTs recent alert. --------------------------------------------- http://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.h… ∗∗∗ Keine 358.80 Euro an toxflix.de und ähnliche Streaming-Plattformen zahlen! ∗∗∗ --------------------------------------------- Die CINE STAR LTD ist laut Impressum verantwortlich für Streaming-Webseiten wie toxflix.de, roxflix.de oder laflix.de. Auf den Seiten werden Filme zum Streamen angeboten, vorab ist aber eine Registrierung durch die InteressentInnen notwendig. Die Anmeldung führt nach Ablauf einer 5-Tagesfrist zum Abschluss einer Premium-Mitgliedschaft und Forderungen in der Höhe von 358,80 Euro im Jahr. Der Betrag muss nicht bezahlt werden, denn ein gültiger Vertrag kommt nie zustande! --------------------------------------------- https://www.watchlist-internet.at/news/keine-35880-euro-an-toxflixde-und-ae… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (drupal), Debian (openjdk-7), Fedora (exempi, gd, and tomcat), SUSE (python-paramiko), and Ubuntu (kernel, libvncserver, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-trusty, and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/751026/ ∗∗∗ Vuln: Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/103653 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013308 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014266 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in Liberty for Java for IBM Cloud (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015292 ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM PureApplication System (CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011238 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect™ Plus ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014937 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK that affect IBM PureApplication System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015284 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015161 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Service (CVE-2017-10295, CVE-2017-10355, CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013492 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2017-10295, CVE-2017-10355) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013493 ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation and Information disclosure affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1731, CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014721 ∗∗∗ IBM Security Bulletin: IBM Distributed Marketing Could Allow an Authenticated but Unauthorized User with Special Access to Change Security Policies (CVE-2017-1109) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015044 ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by multiple GSKit vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015252 ∗∗∗ IBM Security Bulletin: XML External Entity Injection (XXE) Vulnerability Impacts IBM Campaign (CVE-2015-0254) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015263 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services for ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014821 ∗∗∗ IBM Security Bulletin: Denial of Service in Apache CXF used by Liberty for Java for IBM Cloud (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015296 ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM HTTP Server and Denial of Service in Apache CXF used by IBM WebSphere Application Server for IBM Cloud (CVE-2017-12613, CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015297 ∗∗∗ FreeBSD IPsec AH Option Header Infinite Loop Lets Remote Users Cause the Target System to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040628 ∗∗∗ HPE integrated Lights Out (iLO) TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040630 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.04.2018
by Daily end-of-shift report 04 Apr '18

04 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-04-2018 18:00 − Mittwoch 04-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Intel Admits It Wont Be Possible to Fix Spectre (V2) Flaw in Some Processors ∗∗∗ --------------------------------------------- As speculated by the researcher who disclosed Meltdown and Spectre flaws in Intel processors, some of the Intel processors will not receive patches for the Spectre (variant 2) side-channel analysis attack In a recent microcode revision guidance (PDF), Intel admits that it would not be possible to address the Spectre design flaw in its specific old CPUs, because it requires changes to the --------------------------------------------- https://thehackernews.com/2018/04/intel-spectre-vulnerability.html ∗∗∗ Pocket cryptofarms - Investigating mobile apps for hidden mining ∗∗∗ --------------------------------------------- We've noticed that attackers no longer limit themselves to servers, desktops, and laptops. They are increasingly drawn to mobile devices, mainly Android. We decided to take a closer look to see which mobile apps stealthily mine digital coins on user devices and how widespread they are. --------------------------------------------- https://securelist.com/pocket-cryptofarms/85137/ ∗∗∗ BSI warnt vor Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apples Medienverwaltung enthält mehrere kritische Fehler – nicht nur in der enthaltenen Browser-Engine WebKit. Sicherheits-Bugs stecken auch in der iCloud-Unterstützung für Windows. --------------------------------------------- https://heise.de/-4010622 ∗∗∗ Nvidia patcht mehrere Lücken in GPU-Treibern ∗∗∗ --------------------------------------------- Lücken in mehreren Nvidia-Grafikkartentreibern können unter anderem für die Code-Ausführung aus der Ferne missbraucht werden. Gepatchte Versionen stehen zum Download bereit. --------------------------------------------- https://www.heise.de/-4010707 ∗∗∗ LockCrypt ransomware: weakness in code can lead to recovery ∗∗∗ --------------------------------------------- A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/04/lockcrypt-ransomware/ ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft Malware Protection Engine: Sicherheitsupdate behebt kritische Schwachstelle ∗∗∗ --------------------------------------------- Am 03.04.18 hat Microsoft ein Update zur Behebung des kritischen Fehlers CVE-2018-0986 in der hauseigenen Antiviren-Software (Microsoft Malware Protection Engine) benutzt in zum Beispiel Windows Defender, Microsoft Security Essentials, Microsoft Intune Endpoint, Microsoft Forefront Endpoint 2010 sowie in Exchange Server 2013 und 2016 unter den Systemen Windows 7 bis Windows 10 beziehungsweise [...] --------------------------------------------- http://www.cert.at/services/blog/20180404151337-2161.html ∗∗∗ Siemens Building Technologies Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for a series of vulnerabilities in Siemens Building Technologies Products, including stack-based buffer overflows, security features, improper restriction of operations within the bounds of a memory buffer, NULL pointer deference, XML entity expansion, heap-based buffer overflow, and improper access control. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 ∗∗∗ USN-3618-1: LibVNCServer vulnerability ∗∗∗ --------------------------------------------- LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. [...] It was discovered that LibVNCServer incorrectly handled certain packetlengths. A remote attacker able to connect to a LibVNCServer could possiblyuse this issue [...] --------------------------------------------- https://usn.ubuntu.com/3618-1/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (apache2, ldap-account-manager, and openjdk-7), Fedora (libuv and nodejs), Gentoo (glibc and libxslt), Mageia (acpica-tools, openssl, and php), SUSE (clamav, coreutils, and libvirt), and Ubuntu (kernel, libraw, linux-hwe, linux-gcp, linux-oem, and python-crypto). --------------------------------------------- https://lwn.net/Articles/750902/ ∗∗∗ IBM Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022442 ∗∗∗ Cacti Input Validation Flaw in get_current_page() Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040620 ∗∗∗ WordPress 4.9.5 Security and Maintenance Release ∗∗∗ --------------------------------------------- https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.04.2018
by Daily end-of-shift report 03 Apr '18

03 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-03-2018 18:00 − Dienstag 03-04-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Java Deserialization Attack Against Windows, (Tue, Apr 3rd) ∗∗∗ --------------------------------------------- Recently we talked a lot about attacks exploiting Java deserialization vulnerabilties in systems like Apache SOLR and WebLogic. Most of these attacks targeted Linux/Unix systems. But recently, I am seeing more attacks that target windows. For example: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/23513 ∗∗∗ Sicherheitslücke in Apple Mail erlaubte Mitlesen verschlüsselter Nachrichten ∗∗∗ --------------------------------------------- Mit macOS 10.13.4 behebt der Mac-Hersteller einen Bug, über den Angreifer im lokalen Netz an Inhalte von mit S/MIME gesicherter Post gelangen konnten. Ob frühere Betriebssysteme weiterhin betroffen sind, bleibt unklar. --------------------------------------------- https://heise.de/-4009761 ∗∗∗ Fake-Profile sammeln auf Facebook Telefonnummern ∗∗∗ --------------------------------------------- Kriminelle erstellen auf Facebook Fake-Profile und geben sich so als Freund oder Freundin möglicher Opfer aus. Anschließend versuchen sie an die Telefonnummer der Betroffenen zu kommen, um Einkäufe über deren Mobilfunkrechnung tätigen zu können. Wer in die Falle tappt, verliert sein Geld. --------------------------------------------- https://www.watchlist-internet.at/news/fake-profile-sammeln-auf-facebook-te… ∗∗∗ iPhone X-Gewinnspiel kostet 89 Euro im Monat ∗∗∗ --------------------------------------------- Für die Teilnahme an einem iPhone X-Gewinnspiel auf braingamemasters.com sollen Konsumenten monatlich 89 Euro bezahlen. Der Betrag wird für eine Mitgliedschaft für das Spiel Trainyourbrainskils in Rechnung gestellt. Konsumenten müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund. --------------------------------------------- https://www.watchlist-internet.at/news/iphone-x-gewinnspiel-kostet-89-euro-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability ∗∗∗ --------------------------------------------- This vulnerability is discovered by Patrick DeSantis and Dave McDaniel of Cisco TalosToday, Talos is disclosing TALOS-2017-0507 (CVE-2017-14459), a vulnerability that has been identified in Moxa AWK-3131A industrial wireless access point. --------------------------------------------- http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-moxa-awk-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot, irssi, libevt, libvncserver, mercurial, mosquitto, openssl, python-django, remctl, rubygems, and zsh), Fedora (acpica-tools, dovecot, firefox, ImageMagick, mariadb, mosquitto, openssl, python-paramiko, rubygem-rmagick, and thunderbird), Mageia (flash-player-plugin and squirrelmail), Slackware (php), and Ubuntu (dovecot). --------------------------------------------- https://lwn.net/Articles/750759/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (beep and jruby), Fedora (libvncserver), and Ubuntu (openjdk-7 and openjdk-8). --------------------------------------------- https://lwn.net/Articles/750829/ ∗∗∗ 21 IBM Security Advisories 2018-04-03 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ [webapps] osCommerce 2.3.4.1 - Remote Code Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44374/?rss ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… ∗∗∗ Security Advisory - MITM Vulnerability in Huawei Themes App in Some Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170908-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-… ∗∗∗ Android Security Bulletin - April 2018 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2018-04-01.html ∗∗∗ Linux kernel vulnerability CVE-2017-17448 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01043241 ∗∗∗ Apache Commons FileUpload vulnerability CVE-2016-1000031 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K25206238 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.03.2018
by Daily end-of-shift report 30 Mar '18

30 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-03-2018 18:00 − Freitag 30-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 10 Steps to Avoid Insecure Deserialization ∗∗∗ --------------------------------------------- You might think that your applications are secure and safe from prying eyes, but hackers are using ever more sophisticated methods to capture your user data over the Internet. We will explore some of the most common insecure deserialization methods that have been uncovered recently, and look at 10 steps that can be implemented [...] --------------------------------------------- http://resources.infosecinstitute.com/10-steps-avoid-insecure-deserializati… ∗∗∗ How to Identify and Mitigate XXE Vulnerabilities ∗∗∗ --------------------------------------------- Security vulnerabilities that are created through the serialization of sensitive data are well known, yet some developers are still falling into this trap. We will look at some basic web application safeguards that you can employ to keep your applications hardened against this growing threat. To help understand this growing problem, we will turn [...] --------------------------------------------- http://resources.infosecinstitute.com/identify-mitigate-xxe-vulnerabilities/ ∗∗∗ ENISA publishes the first comprehensive study on cyber Threat Intelligence Platforms ∗∗∗ --------------------------------------------- ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of consumers, users, developers, vendors and the security research community. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-publishes-first-study-on-… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips iSite/IntelliSpace PACS Vulnerabilities ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for vulnerabilities identified in the Philips Philips iSite and IntelliSpace PACS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01 ∗∗∗ WAGO 750 Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper resource shutdown or release vulnerability in the WAGO 750 series PLC. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01 ∗∗∗ Siemens TIM 1531 IRC ∗∗∗ --------------------------------------------- This advisory includes mitigations for an incorrect implementation of authentication algorithm vulnerability in the Siemens TIM 1531 IRC communications modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-02 ∗∗∗ Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-088-03 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: March 29, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:iOS 11.3, tvOS 11.3, watchOS 4.3, Xcode 9.3 [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/29/Apple-Releases-Mul… ∗∗∗ Kritische Sicherheitslücke in Microsoft Windows - Patch verfügbar ∗∗∗ --------------------------------------------- Microsoft hat ein Security Advisory sowie ein Sicherheitsupdate dazu ausserhalb des normalen Patch-Zyklus veröffentlicht. Der Bug ermöglicht einem Angreifer durch eine Privilege Escalation beliebigen Code mit Kernel Rechten auszuführen. CVE: CVE-2018-1038 Details: Durch Ausnutzen der Lücke kann ein Angreifer höhere Rechte auf betroffenen Systemen erlangen, und [...] --------------------------------------------- http://www.cert.at/warnings/all/20180330.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (memcached, openssl, openssl1.0, php5, thunderbird, and xerces-c), Fedora (python-notebook, slf4j, and unboundid-ldapsdk), Mageia (kernel, libvirt, mailman, and net-snmp), openSUSE (aubio, cacti, cacti-spine, firefox, krb5, LibVNCServer, links, memcached, and tomcat), Slackware (ruby), SUSE (kernel and python-paramiko), and Ubuntu (intel-microcode). --------------------------------------------- https://lwn.net/Articles/750573/ ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by an Apache Poi Vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014912 ∗∗∗ IBM Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012643 ∗∗∗ IBM Security Bulletin: Potential spoofing attack in IBM WebSphere Application Server in IBM Cloud (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014798 ∗∗∗ IBM Security Bulletin: IBM MobileFirst Platform Foundation is vulnerable to cross-site scripting (CVE-2017-1772) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000369 ∗∗∗ IBM Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014179 Next End-of-Day report: 2018-04-03 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.03.2018
by Daily end-of-shift report 29 Mar '18

29 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-03-2018 18:00 − Donnerstag 29-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Total Meltdown? ∗∗∗ --------------------------------------------- Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing. Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse [...] --------------------------------------------- https://blog.frizk.net/2018/03/total-meltdown.html ∗∗∗ Warnung vor Travel Planet Amsterdam ∗∗∗ --------------------------------------------- Urlauber/innen finden auf Travel Planet Amsterdam (travelplanetamsterdam.com) günstige Unterkünfte. Sie sind von fremden Websites kopiert und in Wahrheit nicht bei dem Anbieter buchbar. Die Unterkünfte sollen Reisende vorab bezahlen. Das Geld ist verloren, denn Travel Planet Amsterdam ist ein betrügerischer Anbieter, der keine Leistung erbringt. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-travel-planet-amsterdam/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Angreifer könnten Firefox und Tor Browser lahmlegen ∗∗∗ --------------------------------------------- Die Entwickler haben die Lücke in Firefox 59.0.2, Firefox ESR 52.7.3 und Tor Browser 7.5.3 geschlossen. Alle vorigen Ausgaben sind bedroht. Angriffe sollen aus der Ferne ohne Authentifizierung möglich sein. Das von der Schwachstelle ausgehende Risiko gilt als "hoch". --------------------------------------------- https://heise.de/-4007839 ∗∗∗ Citrix XenServer 7.2 Multiple Security Updates ∗∗∗ --------------------------------------------- A number of security issues have been identified within Citrix XenServer 7.2 which could, if exploited, allow a malicious man-in-the-middle (MiTM) attacker on the management network to decrypt management traffic. Collectively, this has been rated as a medium severity vulnerability; the following issues have been remediated: CVE-2016-2107 CVE-2016-2108 --------------------------------------------- https://support.citrix.com/article/CTX233832 ∗∗∗ Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software - Patches verfügbar 29. März 2018 Beschreibung Cisco hat 20 Security Advisories zu teils kritischen Sicherheitslücken in Cisco IOS, Cisco IOS XE und Cisco IOS XR Software veröffentlicht. Drei der Schwachstellen werden mit einem CVSS Base Score von 9.8 als kritisch eingestuft: ... --------------------------------------------- http://www.cert.at/warnings/all/20180329-2.html ∗∗∗ Kritische Sicherheitslücke in Drupal - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Drupal - Updates verfügbar 29. März 2018 Beschreibung In der verbreiteten CMS-Software Drupal ist eine kritische Sicherheitslücke entdeckt worden. Durch Ausnutzung dieses Fehlers kann auf betroffenen Systemen beliebiger Code (mit den Rechten des Webserver-Users) ausgeführt werden. CVE-Nummer: CVE-2018-7600 --------------------------------------------- http://www.cert.at/warnings/all/20180329.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, graphicsmagick, libdatetime-timezone-perl, thunderbird, and tzdata), Fedora (gd, libtiff, mozjs52, and nmap), Gentoo (thunderbird), Red Hat (openstack-tripleo-common, openstack-tripleo-heat-templates and sensu), SUSE (kernel, libvirt, and memcached), and Ubuntu (icu, librelp, openssl, and thunderbird). --------------------------------------------- https://lwn.net/Articles/750432/ ∗∗∗ Bugtraq: CA20180328-01: Security Notice for CA API Developer Portal ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541902 ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015075 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000372 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10295, CVE-2017-10345, CVE-2017-10355, CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013651 ∗∗∗ IBM Security Bulletin: IBM MQ Clients can send a specially crafted message that could cause a channel to SIGSEGV. (CVE-2017-1747) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012992 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099794 ∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35453761 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.03.2018
by Daily end-of-shift report 28 Mar '18

28 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-03-2018 18:00 − Mittwoch 28-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Many VPN Providers Leak Customers IP Address via WebRTC Bug ∗∗∗ --------------------------------------------- Around 20% of todays top VPN solutions are leaking the customers IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. --------------------------------------------- https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-cust… ∗∗∗ 10 Best Practices for Mobile App Penetration Testing ∗∗∗ --------------------------------------------- Penetration testing is one of the best ways to thoroughly check your defense perimeters for security weaknesses. Pentesting can be used across the entire spectrum of an IT infrastructure, including network, web application and database security. But today [...] --------------------------------------------- http://resources.infosecinstitute.com/10-best-practices-mobile-app-penetrat… ∗∗∗ How to Set Up a Web App Pentesting Lab in 4 Easy Steps ∗∗∗ --------------------------------------------- A pentesting lab can be a small entity used by one security tester, consisting of one or two computers; or it could be a larger set of networked computers behind a closed or secured network, used by a group of security testers. --------------------------------------------- http://resources.infosecinstitute.com/set-web-app-pentesting-lab-4-easy-ste… ∗∗∗ Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the draft release of the security configuration baseline settings for the upcoming Windows 10 version 1803, codenamed "Redstone 4." Please evaluate this proposed baseline and send us your feedback via blog comments below. Download the content here: DRAFT-Windows-10-v1803-RS4 The downloadable attachment to this blog post includes importable GPOs, scripts for applying [...] --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-f… ∗∗∗ Unmasking Monero: stripping the currency’s privacy protection ∗∗∗ --------------------------------------------- The features that make blockchains trustworthy may leave them vulnerable to retrospective action. --------------------------------------------- https://nakedsecurity.sophos.com/2018/03/28/unmasking-monero-stripping-the-… ∗∗∗ TA18-086A: Brute Force Attacks Conducted by Cyber Actors ∗∗∗ --------------------------------------------- [...] According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad. On February 2018 [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-086A ∗∗∗ Legacy technologies as a threat to EU's telecommunications infrastructure ∗∗∗ --------------------------------------------- EU level assessment of the current sets of protocols used in interconnections in telecommunications (SS7, Diameter). --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/legacy-technologies-as-a-threat… ∗∗∗ Internet Ombudsmann und Watchlist Internet Jahresbericht 2017 ∗∗∗ --------------------------------------------- Der Internet Ombudsmann informiert auf der Watchlist Internet über Internet-Betrug, Fallen und Fakes. Die Watchlist Internet verfolgt das Ziel, Leser/innen dabei zu helfen, dass sie Verbrechensversuche erkennen und keine Opfer von Cybercrime werden. Im vergangenen Jahr 2017 verfügte die Watchlist Internet über 906 redaktionelle Beiträge und verzeichnete 1,45 Millionen Seitenaufrufe. --------------------------------------------- https://www.watchlist-internet.at/news/internet-ombudsmann-und-watchlist-in… ∗∗∗ Betrügerische Mahnungen von Prolex Inkasso ∗∗∗ --------------------------------------------- Konsument/innen erhalten im Auftrag von unseriösen Streaming-Plattformen eine Mahnung von Prolex Inkasso. Darin heißt es, dass Empfänger/innen ihre offenen Rechnungen nicht beglichen haben. Deshalb sollen sie 467,16 Euro an Prolex zahlen. Die Mahnung ist betrügerisch, eine Zahlungspflicht besteht nicht. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mahnungen-von-prolex-… ===================== = Vulnerabilities = ===================== ∗∗∗ Apples Festplattendienstprogramm "Disk Util.app" von macOS 10.13 High Sierra kann Passwort von verschlüsselten APFS-Dateisystemen offenlegen ∗∗∗ --------------------------------------------- Die Ausnutzung der Schwachstelle ermöglicht es einem lokalen Angreifer mit Administratorrechten und Zugriff auf das System-Log mit Besitz des externen Datenträgers das verschlüsselte APFS-Dateisystem zu entschlüsseln. Alle Nutzer des Festplattenprogramms sollten auf Ihren Systemen die neueste Version installieren, sobald diese zur Verfügung steht. Bis dahin sollten die Nutzer [...] --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/03/warn… ∗∗∗ Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 PLCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 ∗∗∗ Philips Alice 6 Vulnerabilities ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for improper authentication and missing data encryption vulnerabilities identified in the Philips Alice 6 System product. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (slf4j), Debian (firefox-esr, mupdf, net-snmp, and samba), Fedora (apache-commons-compress, calibre, chromium, glpi, kernel, libvncserver, libvorbis, mozjs52, ntp, slurm, sqlite, and wireshark), openSUSE (librelp), SUSE (librelp, LibVNCServer, and qemu), and Ubuntu (firefox and zsh). --------------------------------------------- https://lwn.net/Articles/750291/ ∗∗∗ Vuln: ImageMagick CVE-2018-8960 Heap Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/103523 ∗∗∗ Security Advisory - Improper Authorization Vulnerability on Huawei Switch Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180328-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014642 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects IBM DataPower Gateways (CVE-2017-15906) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014534 ∗∗∗ IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012162 ∗∗∗ RSA Authentication Agent for Web Multiple Flaws Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Potentially Sensitive Information ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040577 ∗∗∗ [R1] Tenable Appliance 4.7.0 Fixes One Vulnerability ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.03.2018
by Daily end-of-shift report 27 Mar '18

27 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-03-2018 18:00 − Dienstag 27-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Academics Discover New CPU Side-Channel Attack Named BranchScope ∗∗∗ --------------------------------------------- A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users CPUs. --------------------------------------------- https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-s… ∗∗∗ Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb ∗∗∗ --------------------------------------------- Coinkidink? Nah. Crooks are switching tactics There was a big drop in exploit kit development last year, and experts have equated this to the phasing out of Adobe Flash. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/03/27/exploit_kit… ∗∗∗ E-Mail-Verschlüsselung: Enigmail 2.0 ist da ∗∗∗ --------------------------------------------- Mit der neuen Enigmail-Version 2.0 für den Mail-Client Thunderbird kann man unter anderem neben Text in Mails nun auch die Betreffzeile verschlüsseln. --------------------------------------------- https://heise.de/-4005589 ∗∗∗ The Last Windows XP Security White Paper ∗∗∗ --------------------------------------------- Using the strategies and procedures we present in our paper could help prevent an attacker from taking control of your computer --------------------------------------------- https://www.welivesecurity.com/2018/03/27/last-windows-xp-security-white-pa… ===================== = Vulnerabilities = ===================== ∗∗∗ Mozilla Releases Security Updates for Firefox ∗∗∗ --------------------------------------------- Original release date: March 27, 2018 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 59.0.2 and Firefox ESR 52.7.3 and apply the necessary updates. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/27/Mozilla-Releases-S… ∗∗∗ 2018-02-06 (updated 2018-03-27): Vulnerability in MicroSCADA Pro SYS600 9.x - Improper Access Control ∗∗∗ --------------------------------------------- 3.2.2018 Original document, 16.3.2018 Fix for SYS600 9.3 systems is available. Clarified file system permissions for created Windows groups, see FAQ. --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1MRS257731&LanguageC… ∗∗∗ OpenSSL Security Advisory [27 Mar 2018] ∗∗∗ --------------------------------------------- Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) --------------------------------------------- https://openssl.org/news/secadv/20180327.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr, irssi, and librelp), Gentoo (busybox and plib), Mageia (exempi and jupyter-notebook), openSUSE (clamav, dhcp, nginx, python-Django, python3-Django, and thunderbird), Oracle (slf4j), Red Hat (slf4j), Scientific Linux (slf4j), Slackware (firefox), SUSE (librelp), and Ubuntu (screen-resolution-extra). --------------------------------------------- https://lwn.net/Articles/750207/ ∗∗∗ Bugtraq: Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541897 ∗∗∗ DFN-CERT-2018-0574: Librelp: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0574/ ∗∗∗ DFN-CERT-2018-0573: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0573/ ∗∗∗ DFN-CERT-2018-0575: Sophos UTM: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0575/ ∗∗∗ DFN-CERT-2018-0581: Apache Struts: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0581/ ∗∗∗ Security Notice - Statement on Command Injection Vulnerability in Huawei HG655m Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180327-01-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099782 ∗∗∗ IBM Security Bulletin: ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027315 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014717 ∗∗∗ IBM Security Bulletin: IBM B2B Advanced Communications is Affected by an XML External Entity Injection (XXE) Attack when Processing XML Data ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014656 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Security Privileged Identity Manager is affected by sensitive information in page comments vulnerability (CVE-2017-1705) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014988 ∗∗∗ NTP vulnerability CVE-2018-7184 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13540723 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.03.2018
by Daily end-of-shift report 26 Mar '18

26 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-03-2018 18:00 − Montag 26-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Microsoft unterbindet RDP-Anfragen von ungepatchten Clients ∗∗∗ --------------------------------------------- Eine kritische Sicherheitslücke in Microsofts Credential Security Support Provider versetzt Angreifer in die Lage, beliebigen Code auszuführen. Deswegen unterbindet das Unternehmen demnächst Verbindungsversuche ungepatchter Clients, Admins sollten also schnell handeln. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-microsoft-unterbindet-rdp-anfra… ∗∗∗ Threat Landscape for Industrial Automation Systems in H2 2017 ∗∗∗ --------------------------------------------- Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to incident response teams, enterprise information security staff and researchers in the area of industrial facility security. --------------------------------------------- http://securelist.com/threat-landscape-for-industrial-automation-systems-in… ∗∗∗ KVA Shadow: Mitigating Meltdown on Windows ∗∗∗ --------------------------------------------- On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post dives into the technical details of Kernel Virtual Address (KVA) Shadow which is the Windows [...] --------------------------------------------- https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-me… ∗∗∗ Adding Backdoors at the Chip Level ∗∗∗ --------------------------------------------- Interesting research into undetectably adding backdoors into computer chips during manufacture: "Stealthy dopant-level hardware Trojans: extended version," also available here:Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing [...] --------------------------------------------- https://www.schneier.com/blog/archives/2018/03/adding_backdoor.html ∗∗∗ Web Application Penetration Testing Cheat Sheet ∗∗∗ --------------------------------------------- This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level. --------------------------------------------- https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodo… ∗∗∗ Gefälschte A1-Mail fordert SIM-Karten-Aktualisierung ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte A1-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie ihre SIM-Karten-Details aktualisieren. Das soll auf einer gefälschten A1-Website geschehen. Kund/innen, die der Aufforderung nachkommen, übermitteln sensible Informationen an Kriminelle und werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-a1-mail-fordert-sim-kart… ∗∗∗ Achtung vor gefälschter Klarna-Rechnung! ∗∗∗ --------------------------------------------- Unter dem Betreff "Offene Rechnung von Klarna" versenden Kriminelle gefälschte Rechnungen. EmpfängerInnen werden in der E-Mail aufgefordert eine angehängte ZIP-Datei zu öffnen, um weiterführende Informationen zu offenen Beträgen zu erhalten. Die ZIP-Datei enthält jedoch Schadsoftware, Betroffene dürfen die Datei daher nicht öffnen und sollten die E-Mail löschen. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-gefaelschter-klarna-rech… ∗∗∗ Forgot About Default Accounts? No Worries, GoScanSSH Didn’t ∗∗∗ --------------------------------------------- This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba.Executive SummaryDuring a recent Incident Response (IR) engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named GoScanSSH, was written using the Go programming language, and exhibited several interesting characteristics. This is not the first malware family that Talos has observed that was written using Go. --------------------------------------------- http://blog.talosintelligence.com/2018/03/goscanssh-analysis.html ∗∗∗ One Year Later, Hackers Still Target Apache Struts Flaw ∗∗∗ --------------------------------------------- One year after researchers saw the first attempts to exploit a critical remote code execution flaw affecting the Apache Struts 2 framework, hackers continue to scan the Web for vulnerable servers. The vulnerability in question, tracked as CVE-2017-5638, affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10. The security hole was addressed on March 6, 2017 with the release of versions 2.3.32 and 2.5.10.1. The bug, caused due to improper handling of the Content-Type header, can be [...] --------------------------------------------- https://www.securityweek.com/one-year-later-hackers-still-target-apache-str… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bchunk, thunderbird, and xerces-c), Debian (freeplane, icu, libvirt, and net-snmp), Fedora (monitorix, php-simplesamlphp-saml2, php-simplesamlphp-saml2_1, php-simplesamlphp-saml2_3, puppet, and qt5-qtwebengine), openSUSE (curl, libmodplug, libvorbis, mailman, nginx, opera, python-paramiko, and samba, talloc, tevent), Red Hat (python-paramiko, rh-maven35-slf4j, rh-mysql56-mysql, rh-mysql57-mysql, rh-ruby22-ruby, rh-ruby23-ruby, and [...] --------------------------------------------- https://lwn.net/Articles/750150/ ∗∗∗ Bugtraq: Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541891 ∗∗∗ Norton App Lock Authentication Bypass ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ DFN-CERT-2018-0566: Nmap: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0566/ ∗∗∗ DFN-CERT-2018-0569: Moodle: Zwei Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0569/ ∗∗∗ DFN-CERT-2018-0571: Mozilla Thunderbird: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0571/ ∗∗∗ DFN-CERT-2018-0570: Apache Software Foundation HTTP-Server (httpd): Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Sitzungsdaten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0570/ ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Business Space affects IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2018-1384) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012604 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1767) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012396 ∗∗∗ IBM Security Bulletin: Potential information leakage in IBM Business Process Manager (CVE-2017-1756) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010796 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014831 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.03.2018
by Daily end-of-shift report 23 Mar '18

23 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-03-2018 18:00 − Freitag 23-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Wichtige Updates sichern GitLab ab ∗∗∗ --------------------------------------------- Wer Software-Projekte über GitLab verwaltet, sollte zügig die aktuellen Sicherheitspatches installieren. Sonst könnten Angreifer eventuell Schadcode ausführen. --------------------------------------------- https://www.heise.de/meldung/Wichtige-Updates-sichern-GitLab-ab-4002151.html ∗∗∗ Atlanta: Kryptotrojaner trifft Stadtverwaltung ∗∗∗ --------------------------------------------- Die US-Metropole Atlanta wurde von einem Kryptotrojaner getroffen, der Teile des Computernetzes der Stadtregierung lahmgelegt hat. Derzeit versuchen das FBI und das Heimatschutzministerium, das Problem zu beheben. --------------------------------------------- https://www.heise.de/meldung/Atlanta-Kryptotrojaner-trifft-Stadtverwaltung-… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC WinCC OA UI Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper access control vulnerability in the Siemens WinCC OA UI mobile app for Android and IOS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-081-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multiplatforms ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014820 ∗∗∗ IBM Security Bulletin: There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services (CVE-2018-1390) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014795 ∗∗∗ IBM Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014530 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.03.2018
by Daily end-of-shift report 22 Mar '18

22 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-03-2018 18:00 − Donnerstag 22-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 10 Steps to Detect Lateral Movement in a Data Breach ∗∗∗ --------------------------------------------- Many enterprises spend millions of dollars on solutions that promise to bolster their security. However, much less focus is placed on the ability to detect lateral movement during a breach. --------------------------------------------- http://resources.infosecinstitute.com /10-steps-detect-lateral-movement-data-breach/ ∗∗∗ Siri plaudert geheime Nachrichten von iPhone-Nutzern aus ∗∗∗ --------------------------------------------- Neu entdeckter Bug unterwandert zentrale Sicherheitssperren des Apple-Smartphones --------------------------------------------- http://derstandard.at/2000076603171 ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ModSecurity WAF 3.0 for Nginx - Denial of Service ∗∗∗ --------------------------------------------- During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set. In the system logs I found information about the Nginx worker processes being terminated due to memory corruption errors. --------------------------------------------- http://www.securityfocus.com/archive/1/541886 ∗∗∗ JSON API - Moderately critical - Access Bypass - SA-CONTRIB-2018-016 ∗∗∗ --------------------------------------------- This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when viewing related resources or relationships, thereby causing an access bypass vulnerability. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-016 ∗∗∗ DFN-CERT-2018-0557/">Oracle Solaris: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in ISC BIND, ISC DHCP und Wireshark für Oracle Solaris 11.3 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0557/ ∗∗∗ Drupal stellt Sicherheitsupdate für extrem kritische Lücke in Aussicht ∗∗∗ --------------------------------------------- Wer das CMS Drupal einsetzt, sollte sich den 28. März im Kalender markieren, um wichtige Sicherheitsupdates für verschiedene Versionen zu installieren. --------------------------------------------- https://heise.de/-4001063 ∗∗∗ Flaws in ManageEngine apps opens enterprise systems to compromise ∗∗∗ --------------------------------------------- Researchers have discovered multiple severe vulnerabilities in ManageEngine’s line of tools for internal IT support teams, which are used by over half of Fortune 500 companies. About the vulnerabilities The first flaw affects EventLog Analyzer 11.8 and Log360 5.3, and could be exploited to achieve remote code execution with the same privileges as the user that started the application, by uploading a web shell to be written to the web root. --------------------------------------------- https://www.helpnetsecurity.com/2018/03/22/manageengine-apps-flaws/ ∗∗∗ TMM WebSocket vulnerability CVE-2018-5504 ∗∗∗ --------------------------------------------- In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service (DoS) or possible remote code execution on the BIG-IP system. (CVE-2018-5504) This vulnerability allows unauthorized remote code execution and disruption of service through an unspecified crafted WebSocket packet. --------------------------------------------- https://support.f5.com/csp/article/K11718033 ∗∗∗ Multiple Wireshark vulnerabilities ∗∗∗ --------------------------------------------- A remote attacker can transmit crafted packets while a BIG-IP administrator account runs the tshark utility with the affected protocol parsers via Advanced Shell (bash). This causes the tshark utility to stop responding and may allow remote code execution from the BIG-IP administrator account. --------------------------------------------- https://support.f5.com/csp/article/K34035645 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-libvorbis), Debian (exempi and polarssl), Gentoo (collectd and webkit-gtk), openSUSE (postgresql96), SUSE (qemu), and Ubuntu (libvorbis). --------------------------------------------- https://lwn.net/Articles/749958/ ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability ( CVE-2018-1429). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014046 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014629 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099781 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011787 ∗∗∗ IBM Security Bulletin: Vulnerability in GNU C Library affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-15670) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099788 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a denial of service vulnerability in cURL (CVE-2017-1000257) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011740 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011746 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014628 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by multiple vulnerabilities in IBM Tivoli Integrated Portal (TIP) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014253 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.03.2018
by Daily end-of-shift report 21 Mar '18

21 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-03-2018 18:00 − Mittwoch 21-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IETF 101: TLS 1.3 ist jetzt wirklich fertig ∗∗∗ --------------------------------------------- Auf der IETF-Tagung in London ist TLS 1.3 beschlossen worden. In wenigen Wochen dürfte der Standard für Verschlüsselung im Web dann auch als RFC erscheinen. --------------------------------------------- https://www.golem.de/news/ietf-101-tls-1-3-ist-jetzt-wirklich-fertig-1803-1… ∗∗∗ Ryzenfall, Fallout & Co: AMD bestätigt Sicherheitslücken in Ryzen- und Epyc-Prozessoren ∗∗∗ --------------------------------------------- Der Chiphersteller AMD konnte die Sicherheitslücken in Epyc- und Ryzen-CPUs sowie Promontory-Chipsätzen nachvollziehen und kündigt Sicherheitspatches für die betroffenen Systeme an. --------------------------------------------- https://heise.de/-4000040 ∗∗∗ Nmap 7.70 released: Better service and OS detection, 9 new NSE scripts, and more! ∗∗∗ --------------------------------------------- Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. --------------------------------------------- https://www.helpnetsecurity.com/2018/03/21/nmap-7-70-released/ ∗∗∗ Keine 3D Secure Passwort-Aktualisierung notwendig ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte CardComplete-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie ihre persönlichen Daten aktualisieren. Das soll auf einer gefälschten Website geschehen und angeblich notwendig sein, damit Kund/innen weiterhin das 3D Secure-Verfahren nützen können. In Wahrheit übermitteln sie mit einer Aktualisierung ihre Kreditkartendaten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/keine-3d-secure-passwort-aktualisier… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0543/">GitLab: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Schwachstelle ermöglicht einem vermutlich nicht authentisierten Angreifer mit Netzwerkzugriff auf eine GitLab-Instanz die Durchführung eines Server-Side-Request-Forgery (SSRF)-Angriffs, mit Hilfe von manipulierten Web-Anfragen, und dadurch unter anderem das Ausspähen von Informationen, das Umgehen von Sicherheitsvorkehrungen sowie die Ausführung beliebigen Programmcodes. Eine weitere Schwachstelle betrifft nur die GitLab Community Edition (CE) und ermöglicht einem authentisierten Angreifer durch eine Auth0-Anmeldung die Anmeldung eines anderen Benutzers und dadurch möglicherweise dessen Benutzerrechte zu erlangen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0543/ ∗∗∗ DFN-CERT-2018-0547/">Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen nicht weiter spezifizierte Angriffe ∗∗∗ --------------------------------------------- Ein Angreifer kann aufgrund mehrerer Schwachstellen in Google Chrome und Chromium verschiedene, nicht weiter spezifizierte Angriffe ausführen. In der Vergangenheit konnten derartige Schwachstellen zumeist von einem entfernten und nicht authentisierten Angreifer ausgenutzt werden. Google stellt Chrome 65.0.3325.181 für Windows, macOS und Linux als Sicherheitsupdate zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0547/ ∗∗∗ DFN-CERT-2018-0551/">SpiderMonkey (mozjs): Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in SpiderMonkey ermöglichen einem entfernten und nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes. Eine Schwachstelle ermöglicht dem Angreifer einen Denial-of-Service (DoS)-Angriff, eine weitere das Umgehen von Sicherheitsvorkehrungen. Ein lokaler, nicht authentisierter Angreifer kann außerdem Informationen ausspähen. Mozilla stellt analog zur kürzlich veröffentlichten Version 52.7.2 von Firefox ESR eine aktuelle Version der JavaScript-Engine SpiderMonkey zur Verfügung, macht aber keine Angaben über die dadurch behobenen Schwachstellen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0551/ ∗∗∗ [openssl-announce] Forthcoming OpenSSL releases ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0h and 1.0.2o. These releases will be made available on 27th March 2018 between approximately 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities have been addressed: CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing CVE-2018-7541: grant table v2 -> v1 transition may crash Xen --------------------------------------------- https://support.citrix.com/article/CTX232655 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (plexus-utils), Fedora (calibre, cryptopp, curl, dolphin-emu, firefox, golang, jhead, kernel, libcdio, libgit2, libvorbis, ming, net-snmp, patch, samba, xen, and zsh), Red Hat (collectd and rh-mariadb101-mariadb and rh-mariadb101-galera), and Ubuntu (paramiko and tiff). --------------------------------------------- https://lwn.net/Articles/749871/ ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability on Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180214-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to the vulnerability known as Spectre (CVE-2017-5715) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099757 ∗∗∗ IBM Security Bulletin: One vulnerability in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2, v5.0.2, v5.0.2.1, v5.0.3, v5.0.4, v5.0.4.1 (CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014797 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099787 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099786 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099793 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014815 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2018
by Daily end-of-shift report 20 Mar '18

20 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-03-2018 18:00 − Dienstag 20-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Administrators Password Bad Practice, (Tue, Mar 20th) ∗∗∗ --------------------------------------------- Just a quick reminder about some bad practices while handling Windows Administrator credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/23465 ∗∗∗ This Android malware redirects calls you make to your bank to go to scammers instead ∗∗∗ --------------------------------------------- Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. Very sneaky. --------------------------------------------- https://www.grahamcluley.com/this-android-malware-redirects-calls-you-make-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ES2018-05 Kamailio heap overflow ∗∗∗ --------------------------------------------- A specially crafted REGISTER message with a malformed `branch` or `From tag` triggers an off-by-one heap overflow. Abuse of this vulnerability leads to denial of service in Kamailio. Further research may show that exploitation leads to remote code execution. --------------------------------------------- http://www.securityfocus.com/archive/1/541874 ∗∗∗ Bugtraq: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries ∗∗∗ --------------------------------------------- Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled. --------------------------------------------- http://www.securityfocus.com/archive/1/541875 ∗∗∗ DFN-CERT-2018-0526/">Apache Commons Compress: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten ZIP-Archivdatei einen Denial-of-Service-Angriff auf Apache Commons Compress und auf Software, die dessen ZIP-Paket verwendet, durchführen. Der Hersteller veröffentlicht zur Behebung der Schwachstelle die Version Commons Compress 1.16. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0526/ ∗∗∗ DFN-CERT-2018-0532/">SDL2, SDL2_image: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in verschiedenen Komponenten von SDL2_image ermöglicht einem entfernten, nicht authentisierten Angreifer mit Hilfe manipulierter Bilddateien, welche ein Benutzer anzeigen muss, die Ausführung beliebigen Programmcodes sowie die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0532/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), openSUSE (various KMPs), Oracle (firefox), Scientific Linux (firefox), SUSE (java-1_7_1-ibm), and Ubuntu (memcached). --------------------------------------------- https://lwn.net/Articles/749757/ ∗∗∗ [R1] Nessus 7.0.3 Fixes One Vulnerability ∗∗∗ --------------------------------------------- When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. --------------------------------------------- http://www.tenable.com/security/tns-2018-01 ∗∗∗ Geutebruck IP Cameras ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Geutebrück IP Cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 ∗∗∗ Siemens SIMATIC, SINUMERIK, and PROFINET IO ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC, SINUMERIK, and PROFINET IO products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-02 ∗∗∗ IBM Security Bulletin: Denial of Service attack affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-3768) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099791 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099790 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099766 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099759 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099758 ∗∗∗ IBM Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099779 ∗∗∗ IBM Security Bulletin: Vulnerabilities in expat affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099765 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Chassis Management Module (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099776 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099775 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2018
by Daily end-of-shift report 19 Mar '18

19 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-03-2018 18:00 − Montag 19-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Ab sofort: Cyber-Security-Hotline der WKO für Unternehmen ∗∗∗ --------------------------------------------- Cyberattacken können jedes Unternehmen treffen - im Falle des Falles ist rasche Hilfe wichtig. Dafür sorgt die Hotline der WKO unter 0800 888 133. --------------------------------------------- https://futurezone.at/b2b/ab-sofort-cyber-security-hotline-der-wko-fuer-unt… ∗∗∗ Großes Missbrauchspotenzial beim Bundestrojaner ∗∗∗ --------------------------------------------- Der Bundestrojaner ist laut Verfassungsjuristen rechtlich "kaum angreifbar". Missbrauch ist nach Meinung von IT-Experten kaum zu kontrollieren. --------------------------------------------- https://futurezone.at/netzpolitik/grosses-missbrauchspotenzial-beim-bundest… ∗∗∗ VB2017 paper: The life story of an IPT - Inept Persistent Threat actor ∗∗∗ --------------------------------------------- At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/03/vb2017-paper-life-story-ipt-… ∗∗∗ Pwn2Own: Touch Bar eines MacBook Pro via Safari gehackt ∗∗∗ --------------------------------------------- Über die Ausnutzung von insgesamt drei Fehlern gelang es einem Sicherheitsforscher, aus dem Browser heraus tief in macOS einzugreifen. Auch ein weiterer Safari-Hack verlief erfolgreich. --------------------------------------------- https://www.heise.de/meldung/Pwn2Own-Touch-Bar-eines-MacBook-Pro-via-Safari… ∗∗∗ Hacker-Wettbewerb Pwn2Own: Firefox, Edge und Safari fallen um wie die Fliegen ∗∗∗ --------------------------------------------- Dieses Jahr haben die Pwn2Own-Veranstalter ein Preisgeld von zwei Millionen US-Dollar ausgerufen. Trotz einiger Hack-Erfolge blieb ein Großteil der Prämie jedoch im Topf. --------------------------------------------- https://www.heise.de/meldung/Hacker-Wettbewerb-Pwn2Own-Firefox-Edge-und-Saf… ∗∗∗ Passwort-Tresor Webbrowser: Firefox pfuscht seit neun Jahren beim Master-Kennwort ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt erneut: In Firefox und Thunderbird gespeicherte Passwörter sind nicht effektiv vor Datendiebstahl geschützt. --------------------------------------------- https://www.heise.de/meldung/Passwort-Tresor-Webbrowser-Firefox-pfuscht-sei… ∗∗∗ Hackerangriff auf deutsches Regierungsnetz nur punktuell erfolgreich ∗∗∗ --------------------------------------------- Berlin will sich stärker gegen Cyberattacken schützen --------------------------------------------- http://derstandard.at/2000076371068 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4144 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4144 ∗∗∗ DSA-4143 firefox-esr - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4143 ∗∗∗ DSA-4145 gitlab - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4145 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.03.2018
by Daily end-of-shift report 16 Mar '18

16 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-03-2018 18:00 − Freitag 16-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ TROOPERS 18 Wrap-Up Day #2 ∗∗∗ --------------------------------------------- Hello Readers, here is my wrap-up of the second day. Usually, the second day is harder in the morning due to the social events but, at TROOPERS, they organize the hacker run started at 06:45 for the most motivated of us. Today, the topic of the 3rd track switched from [...] --------------------------------------------- https://blog.rootshell.be/2018/03/15/troopers-18-wrap-day-2/ ∗∗∗ Schwachstelle in Chrome RDP für macOS: Gast kann vollen Remote-Zugriff erhalten ∗∗∗ --------------------------------------------- Ein Fehler in Googles Fernwartungs-Tool Chrome Remote Desktop kann es Unbefugten ohne Kenntnis eines Passwortes ermöglichen, einen aktiven Nutzer-Account auf dem entfernten Mac zu übernehmen, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3996450 ∗∗∗ Sofacy Uses DealersChoice to Target European Government Agency ∗∗∗ --------------------------------------------- Back in October 2016, Unit 42 published an initial analysis on a Flash exploitation framework used by the Sofacy threat group called DealersChoice. The attack consisted of Microsoft Word delivery documents that contained Adobe Flash objects capable of loading additional malicious Flash objects embedded in the file or directly provided by a command and control server. Sofacy continued to use [...] --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-deal… ∗∗∗ Hintertüren in USB-Controllern auch in Intel-Systemen vermutet ∗∗∗ --------------------------------------------- Einige der kürzlich von CTS-Labs gemeldeten Sicherheitslücken von AMD-Chips betreffen auch PCIe-USB-3.0-Controller von ASMedia, die auf vielen Mainboards für Intel-Prozessoren sitzen. --------------------------------------------- https://heise.de/-3996868 ∗∗∗ Qrypter RAT Hits Hundreds of Organizations Worldwide ∗∗∗ --------------------------------------------- Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says. The malware, often mistaken for the Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform. --------------------------------------------- https://www.securityweek.com/qrypter-rat-hits-hundreds-organizations-worldw… ∗∗∗ Abusing Duo 2FA ∗∗∗ --------------------------------------------- On a recent client engagement, our customer asked us to look at their use of Duo Security multifactor authentication that protected Windows workstation logins. It was configured to send a push notification to users' phones whenever they logged in or unlocked, either physically at the console or over remote desktop. --------------------------------------------- https://www.pentestpartners.com/security-blog/abusing-duo-2fa/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0008 ∗∗∗ --------------------------------------------- Workstation and Fusion updates address a denial-of-service vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0008.html ∗∗∗ VMSA-2018-0007.2 ∗∗∗ --------------------------------------------- VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-03-15: Updated in conjunction with the release of Identity Manager (vIDM) 3.2 and vRealize Automation (vRA) 7.3.1 on 2018-03-15. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0007.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (clamav and firefox-esr), openSUSE (Chromium and kernel-firmware), Oracle (firefox), Red Hat (ceph), Scientific Linux (firefox), Slackware (curl), and SUSE (java-1_7_1-ibm and mariadb). --------------------------------------------- https://lwn.net/Articles/749513/ ∗∗∗ Bugtraq: Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541861 ∗∗∗ DFN-CERT-2018-0513: HP-UX CIFS Server (Samba), Apache Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0513/ ∗∗∗ DFN-CERT-2018-0507: Monitorix: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0507/ ∗∗∗ [remote] MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44290/?rss ∗∗∗ [remote] SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44292/?rss ∗∗∗ IBM Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014388 ∗∗∗ IBM Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013598 ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011981 ∗∗∗ IBM Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011984 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.03.2018
by Daily end-of-shift report 15 Mar '18

15 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-03-2018 18:00 − Donnerstag 15-03-2018 18:00 Handler: Nina Bieringer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PSA: Beware of Windows PowerShell Credential Request Prompts ∗∗∗ --------------------------------------------- A new PowerShell script was posted on Github recently that prompts a victim to enter their login credentials, checks if they are correct, and then sends the credentials to a remote server. This allows an attacker to distribute the script and harvest domain login credentials from their victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/psa-beware-of-windows-powers… ∗∗∗ Webmailer: Squirrelmail-Sicherheitslücke bleibt vorerst offen ∗∗∗ --------------------------------------------- Bei der Untersuchung einer Security-Appliance von Check Point haben Sicherheitsforscher eine Lücke im Webmail-Tool Squirrelmail gefunden, mit der sich unberechtigt Dateien des Servers auslesen lassen. Einen offiziellen Fix gibt es bislang nicht, Golem.de stellt aber einen vorläufigen Patch bereit. --------------------------------------------- https://www.golem.de/news/webmailer-squirrelmail-sicherheitsluecke-bleibt-v… ∗∗∗ VPN tests reveal privacy-leaking bugs ∗∗∗ --------------------------------------------- Hotspot Shield patched; Zenmate and VPN Shield havent ... yet? A virtual private network recommendation site decided to call in the white hats and test three products for bugs, and the news wasnt good. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/03/15/vpn_tests_r… ∗∗∗ TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗ --------------------------------------------- [...] This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-074A ∗∗∗ Rechnungen im Doc-Format sind Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden E-Mails, mit denen Sie Empfänger/innen dazu auffordern, eine Rechnung zu öffnen: „bitte Anhang beachten. Danke. Noch einen schönen Resttag“. Die Rechnung steht auf einer fremden Website zum Download bereit. Nutzer/innen, die die angebliche Zahlungsaufforderung öffnen, installieren Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/rechnungen-im-doc-format-sind-schads… ===================== = Vulnerabilities = ===================== ∗∗∗ Arbitrary Shortcode Execution & Local File Inclusion in WOOF (PluginUs.Net) ∗∗∗ --------------------------------------------- Multiple vulnerabilies have been identified in WooCommerce Products Filter version 1.1.9. An unauthenticated user can perform a local file inclusion and execute arbitrary wordpress shortcode. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/arbitrary-shortcode-executio… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (samba), CentOS (389-ds-base, kernel, libreoffice, mailman, and qemu-kvm), Debian (curl, libvirt, and mbedtls), Fedora (advancecomp, ceph, firefox, libldb, postgresql, python-django, and samba), Mageia (clamav, memcached, php, python-django, and zsh), openSUSE (adminer, firefox, java-1_7_0-openjdk, java-1_8_0-openjdk, and postgresql94), Oracle (kernel and libreoffice), Red Hat (erlang, firefox, flash-plugin, and java-1.7.1-ibm), Scientific Linux --------------------------------------------- https://lwn.net/Articles/749423/ ∗∗∗ IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012341 ∗∗∗ IBM Security Bulletin: IBM® Db2® performs unsafe deserialization in DB2 JDBC driver (CVE-2017-1677) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012896 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099764 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099763 ∗∗∗ IBM Security Bulletin: Vulnerability in HTTPD affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099762 ∗∗∗ IBM Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012948 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Campaign, IBM Contact Optimization ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014126 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013756 ∗∗∗ Linux kernel vulnerability CVE-2017-1000111 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44309215 ∗∗∗ Apache vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Apache Portable Runtime vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Linux kernel vulnerability CVE-2017-1000112 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K60250153 ∗∗∗ Linux kernel vulnerability CVE-2017-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61223103 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.03.2018
by Daily end-of-shift report 14 Mar '18

14 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-03-2018 18:00 − Mittwoch 14-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2018 ∗∗∗ --------------------------------------------- March 2018 Android Security Bulletin --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Websicherheit: Apple-Datei auf Webservern verrät Verzeichnisinhalte ∗∗∗ --------------------------------------------- Mittels Parser lassen sich aus .DS_Store-Dateien sensible Informationen auslesen. Das Projekt Internetwache.org hat sich die proprietäre Lösung von Apple genauer angeschaut - und Erstaunliches zutage gefördert. --------------------------------------------- https://www.golem.de/news/websicherheit-apple-datei-auf-webservern-verraet-… ∗∗∗ Spectre-Lücke: Intels Microcode-Updates für Linux und Windows ∗∗∗ --------------------------------------------- Endlich hat es Intel geschafft, die zum Stopfen der Spectre-V2-Lücke nötigen Updates für Core-i-Prozessoren seit 2011 (Sandy Bridge) zu veröffentlichen - vor allem für Linux-Distributionen. --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-L… ∗∗∗ Lets Encrypt stellt ab sofort Wildcard-Zertifikate aus ∗∗∗ --------------------------------------------- Die kostenlose Zertifizierungsstelle Lets Encrypt stellt ab sofort auch Zertifikate ohne explizit benannte Subdomains aus. Durch solche Wildcards können Admins mit weniger unterschiedlichen Zertifikaten HTTPS aktivieren. --------------------------------------------- https://www.heise.de/meldung/Let-s-Encrypt-stellt-ab-sofort-Wildcard-Zertif… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-05), Adobe Connect (APSB18-06) and Adobe Dreamweaver CC (APSB18-07). Adobe recommends users update their product .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1535 ∗∗∗ Microsoft - March 2018 Security Updates ∗∗∗ --------------------------------------------- The March security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and .. --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail… ∗∗∗ Mozilla Foundation Security Advisory 2018-06 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox 59 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ ∗∗∗ Mozilla Foundation Security Advisory 2018-07 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox ESR 52.7 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (calibre, dovecot, and postgresql), CentOS (dhcp and mailman), Fedora (freetype, kernel, leptonica, mariadb, mingw-leptonica, net-snmp, .. --------------------------------------------- https://lwn.net/Articles/749288/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2018
by Daily end-of-shift report 13 Mar '18

13 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-03-2018 18:00 − Dienstag 13-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Phishing bei Amazon Prime-Kunden ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Amazon Prime-Schreiben an Unternehmen. Darin behaupten sie, dass diese ihre Mitgliedschaft nicht bezahlen konnten. Aus diesem Grund sollen Verkäufer/innen auf einer Website ihre Zahlungsdaten aktualisieren. In Wahrheit müssen Empfänger/innen keine Reaktion zeigen und können die Nachricht löschen, denn es handelt sich um eine Phishingmail. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-bei-amazon-prime-kunden/ ===================== = Vulnerabilities = ===================== ∗∗∗ [20180301] - Core - SQLi vulnerability User Notes ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.5.0 through 3.8.5 Exploit type: SQLi Reported Date: 2018-March-08 Fixed Date: 2018-March-12 CVE Number: CVE-2018-8045 --------------------------------------------- https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnera… ∗∗∗ TYPO3 8.7.11 and 7.6.25 released ∗∗∗ --------------------------------------------- The TYPO3 Community announces the versions 8.7.11 LTS and 7.6.25 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes only. --------------------------------------------- https://typo3.org/news/article/typo3-8711-and-7625-released ∗∗∗ Achtung Admins: Netzwerküberwachung PRTG speichert Passwörter unverschlüsselt ∗∗∗ --------------------------------------------- Wer die Netzwerküberwachung PRTG von Paessler nutzt, muss jetzt handeln, ansonsten könnten Angreifer Passwörter auslesen. --------------------------------------------- https://heise.de/-3992126 ∗∗∗ Sicherheitsforscher beschreiben 12 Lücken in AMD-Prozessoren ∗∗∗ --------------------------------------------- Die Firma CTS-Labs meldet 12 Sicherheitslücken, die aktuelle AMD-Prozessoren wie Ryzen, Ryzen Pro und Epyc betreffen beziehungsweise deren integrierte AMD Secure Processors (PSP). --------------------------------------------- https://heise.de/-3993807 ∗∗∗ rt-sa-2017-012 ∗∗∗ --------------------------------------------- Shopware Cart Accessible by Third-Party Websites --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-012.txt ∗∗∗ SAP Security Patch Day - March 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/ ∗∗∗ Kritische Sicherheitslücke in Samba4 - Patches verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Samba4 - Patches verfügbar 13. März 2018 Beschreibung Wie das Samba-Projekt bekanntgegeben hat, gibt es 2 Sicherheitsprobleme in allen aktuellen Samba-Versionen, eine davon stufen wir als kritisch ein. CVE-Nummern: CVE-2018-1057 CVE-2018-1050 Auswirkungen Durch Ausnutzen von CVE-2018-1057 kann ein angemeldeter Benutzer auf einem Samba Domain Controller die Passwörter beliebiger Benutzerkonten ändern. Dies inkludiert Dienst-Accounts von --------------------------------------------- http://www.cert.at/warnings/all/20180313.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (samba), Fedora (tor), openSUSE (glibc, mysql-connector-java, and shadow), Oracle (dhcp), Red Hat (bind, chromium-browser, and dhcp), Scientific Linux (dhcp), and SUSE (java-1_7_0-openjdk, java-1_8_0-ibm, and java-1_8_0-openjdk). --------------------------------------------- https://lwn.net/Articles/749177/ ∗∗∗ BSRT-2018-001 Vulnerability in UEM Management Console impacts UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013951 ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2017-3145 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022495 ∗∗∗ IBM Security Bulletin: Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2018-1388) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014196 ∗∗∗ IBM Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022490 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily