- Daily - CERT.at

Tageszusammenfassung - 12.12.2017
by Daily end-of-shift report 12 Dec '17

12 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 11-12-2017 18:00 − Dienstag 12-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Security update available for Adobe Flash Player (APSB17-42) ∗∗∗ --------------------------------------------- A Security Bulletin (APSB17-42) has been published regarding a security update for Adobe Flash Player. This update addresses a regression that could lead to the unintended reset of the global settings preference file. Adobe .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1514 ∗∗∗ Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses ∗∗∗ --------------------------------------------- Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/12/11/detonating-a-bad-rabbit… ∗∗∗ December 2017 security update release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/12/12/december-2017-security-… ∗∗∗ New Ruski hacker clan exposed: Theyre called MoneyTaker, and theyre gonna take your money ∗∗∗ --------------------------------------------- Subtly named group has gone largely unnoticed until now Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker. --------------------------------------------- www.theregister.co.uk/2017/12/11/russian_bank_hackers_moneytaker/ ∗∗∗ Googles Project Zero reveals Apple jailbreak exploit ∗∗∗ --------------------------------------------- Holy Moley! iOS and MacOS were wholly holey Ian Beer of Googles Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability. --------------------------------------------- www.theregister.co.uk/2017/12/12/apple_jailbreak_exploit/ ∗∗∗ Hintergrund: Malware-Analyse - Do-It-Yourself ∗∗∗ --------------------------------------------- Bauen Sie Ihre eigene Schadsoftware-Analyse-Sandbox, um schnell das Verhalten von unbekannten Dateien zu überprüfen. Dieser Artikel zeigt, wie das mit der kostenlosen Open-Source-Sandbox Cuckoo funktioniert. --------------------------------------------- https://heise.de/-3910855 ∗∗∗ An analysis of 120 mobile app stores uncovers plethora of malicious apps ∗∗∗ --------------------------------------------- RiskIQ analyzed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, their Q3 mobile threat landscape report documents an increase in blacklisted apps over Q2, as well as the continued .. --------------------------------------------- https://www.helpnetsecurity.com/2017/12/12/mobile-app-stores-malicious-apps/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4063 pdns-recursor - security update ∗∗∗ --------------------------------------------- Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer. --------------------------------------------- https://www.debian.org/security/2017/dsa-4063 ∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Simple Mail Transfer Protocol (SMTP) header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling of a malformed SMTP header in .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DSA-4064 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4064 ∗∗∗ Qt for Android vulnerable to OS command injection ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN67389262/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2017
by Daily end-of-shift report 11 Dec '17

11 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-12-2017 18:00 − Montag 11-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Heres How to Enable Chrome "Strict Site Isolation" Experimental Security Mode ∗∗∗ --------------------------------------------- Google Chrome 63, which shipped yesterday evening, arrived with a new experimental feature called Site Isolation that according to Google engineers is an additional security layer on top of Chromes built-in sandboxing technology. --------------------------------------------- https://www.bleepingcomputer.com/news/google/heres-how-to-enable-chrome-str… ∗∗∗ Script Recovers Event Logs Doctored by NSA Hacking Tool ∗∗∗ --------------------------------------------- Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines. --------------------------------------------- https://www.bleepingcomputer.com/news/security/script-recovers-event-logs-d… ∗∗∗ Botconf 2017 Wrap-Up Day #3 ∗∗∗ --------------------------------------------- And this is already the end of Botconf. Time for my last wrap-up. The day started a little bit later to allow some people to recover from the social event. --------------------------------------------- https://blog.rootshell.be/2017/12/08/botconf-2017-wrap-day-3/ ∗∗∗ Security, Incident Response, Privacy and Data Protection ∗∗∗ --------------------------------------------- [...] to protect the personal data on their systems and networks, security and incident response teams must themselves process personal data. Fortunately regulators also provide guidance on balancing privacy protection and privacy invasion. The words “legitimate interest” are not just a phrase, but one of the most deeply analysed terms in data protection law. --------------------------------------------- https://www.first.org/blog/20171211_GDPR_for_CSIRTs ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2228/">ISC DHCPD: Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff ∗∗∗ --------------------------------------------- Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine Schwachstelle im DHCP Daemon (ISC DHCPD) mit Hilfe speziell präparierter OMAPI-Nachrichten ausnutzen, um die Zahl der verfügbaren Dateideskriptoren im zugehörigen Prozess zu erschöpfen und dadurch einen Denial-of-Service (DoS)-Zustand zu erzeugen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2228/ ∗∗∗ DFN-CERT-2017-2238/">Tor-Browser: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen im Tor Browser vor Version 7.5a9 bzw. 7.0.11 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung von Denial-of-Service (DoS)-Angriffen. Zwei Schwachstellen ermöglichen das Ausspähen von Informationen. Die Schwachstelle CVE-2017-7845 in der verwendeten Firefox ESR Version ermöglicht dem Angreifer das Ausführen beliebigen Programmcodes und eine weitere Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2238/ ∗∗∗ Sicherheit: Keylogger in HP-Notebooks gefunden ∗∗∗ --------------------------------------------- Schon wieder wurde in einem vorinstallierten Treiber von HP ein Keylogger gefunden. Zwar ist die Schnüffelfunktion standardmäßig deaktiviert, ein Forscher fand allerdings einen Weg, das zu ändern. --------------------------------------------- https://www.golem.de/news/sicherheit-keylogger-in-hp-notebooks-gefunden-171… ∗∗∗ DFN-CERT-2017-2237/">Node.js: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Node.js ermöglichen einem entfernten, nicht authentisierten Angreifer das Umgehen von Sicherheitsvorkehrungen und das Ausspähen von Informationen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2237/ ∗∗∗ DFN-CERT-2017-2236/">GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Eine Schwachstelle in GitLab ermöglicht einem entfernten, nicht authentisierten Angreifer das Ausspähen von Informationen über private Projekte. Mehrere weitere Schwachstellen ermöglichen einem entfernten, einfach authentisierten Angreifer einen Cross-Site-Scripting (XSS)-Angriff, das Ausspähen von Informationen und die Eskalation von Privilegien. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2236/ ∗∗∗ DFN-CERT-2017-2239/">Jenkins-Plugin: Eine Schwachstelle ermöglicht das Lesen beliebiger Dateien ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer mit der Berechtigung, abgesicherte (sandboxed) Groovy- und Pipeline-Skripte zu erstellen, kann eine Schwachstelle im Jenkins-Plugin Script Security ausnutzen, um Lesezugriff auf beliebige Dateien des Master-Dateisystems von Jenkins zu erhalten. Dadurch sind weitere Angriffe möglich. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2239/ ∗∗∗ Android flaw lets attack code slip into signed apps ∗∗∗ --------------------------------------------- The vulnerability, CVE-2017-13156, was addressed in patch level 1 of the December Android update, so those who get their patches directly from Google should be protected. Unfortunately, due to the nature of the Android ecosystem, many vendors and carriers are slow to release fixes. --------------------------------------------- https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip… ∗∗∗ FortiClient improper access control of users VPN credentials ∗∗∗ --------------------------------------------- FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations; regular users may therefore be able to see each others encrypted credentials. This is an issue, because the key used to encrypt the aforementioned credentials may be retrieved from the binary. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-214 ∗∗∗ Xiongmai Technology IP Cameras and DVRs ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Xiongmai Technology IP Cameras and DVRs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01 ∗∗∗ Rockwell Automation FactoryTalk Alarms and Events ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automations FactoryTalk Alarms and Events component. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02 ∗∗∗ PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a cross-site scripting vulnerability in PHOENIX CONTACT’s FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH industrial networking equipment. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03 ∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Multiple Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime Affect IBM Web Experience Factory ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011357 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026378 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010330 ∗∗∗ IBM Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2017-11185) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026377 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026250 ∗∗∗ IBM Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2016-9318) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026376 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/java_oct2017_advisory.asc ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008900 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1421) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005234 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2017
by Daily end-of-shift report 07 Dec '17

07 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-12-2017 18:00 − Donnerstag 07-12-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ "Process Doppelgänging" Attack Works on All Windows Versions ∗∗∗ --------------------------------------------- Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelgänging." [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/-process-doppelg-nging-attac… ∗∗∗ Firmware-Bug: Codeausführung in deaktivierter Intel-ME möglich ∗∗∗ --------------------------------------------- Sicherheitsforscher demonstrieren einen Angriff auf Intels ME zum Ausführen von beliebigem Code, gegen den weder das sogenannte Kill-Bit noch die von Google geplanten Sicherheitsmaßnahmen für seine Server helfen. Theoretisch lassen sich Geräte so auch aus der Ferne angreifen. --------------------------------------------- https://www.golem.de/news/firmware-bug-codeausfuehrung-in-deaktivierter-int… ∗∗∗ Apple Issues Security Updates for MacOS, iOS, TvOS, WatchOS, and Safari ∗∗∗ --------------------------------------------- Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was [...] --------------------------------------------- https://apple.slashdot.org/story/17/12/06/2137251/apple-issues-security-upd… ∗∗∗ VB2017 paper: Modern reconnaissance phase on APT – protection layer ∗∗∗ --------------------------------------------- During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/11/vb2017-paper-modern-reconnai… ∗∗∗ 37 Sicherheitslücken in Chrome geschlossen ∗∗∗ --------------------------------------------- Googles Webbrowser Chrome ist in der abgesicherten Version 63.0.3239.84 für Linux, macOS und Windows erschienen. Im Menüpunkt "Hilfe" kann man unter "Über Google Chrome" die installierte Ausgabe prüfen und das Update anstoßen. --------------------------------------------- https://heise.de/-3912131 ∗∗∗ Sysinternals Sysmon suspicious activity guide ∗∗∗ --------------------------------------------- Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating system level. Sysmon is running in the background all the time, and is writing events to the event log. You can find the Sysmon events under the Microsoft-Windows-Sysmon/Operational event log. This guide will help you to investigate and appropriately handle these events. --------------------------------------------- https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-s… ∗∗∗ Penetration Testing Apache Thrift Applications ∗∗∗ --------------------------------------------- ... Apache Thrift, which is used to easily build RPC clients and servers regardless of programming languages used on each side. The web interception tool of choice at MDSec is Burp Suite, so it follows suit that we wanted to continue using Burp during the assessment. Unfortunately, there are no Burp extensions out there (at least that we know of) for Thrift encoded data, so we decided to make our own. --------------------------------------------- https://www.mdsec.co.uk/2017/12/penetration-testing-apache-thrift-applicati… ∗∗∗ November 2017: The Month in Ransomware ∗∗∗ --------------------------------------------- November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ∗∗∗ StorageCrypt: Ransomware infiziert NAS-Geräte via SambaCry-Lücke ∗∗∗ --------------------------------------------- Viele Netzwerkspeicher (NAS) weisen noch immer die SMB-Lücke SambaCry auf. Ein aktueller Verschlüsselungstrojaner macht sich das zunutze. NAS-Besitzer sollten zügig patchen. --------------------------------------------- https://heise.de/-3912498 ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSL Security Advisory [07 Dec 2017] ∗∗∗ --------------------------------------------- Read/write after SSL object in error state (CVE-2017-3737) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) --------------------------------------------- https://www.openssl.org/news/secadv/20171207.txt ∗∗∗ DFN-CERT-2017-2213: Microsoft Malware Protection Engine: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2213/ ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009964 ∗∗∗ IBM Security Bulletin: Potential information leakage vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010627 ∗∗∗ [R1]Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2017-15 Next End-of-Day report on 2017-12-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2017
by Daily end-of-shift report 06 Dec '17

06 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-12-2017 18:00 − Mittwoch 06-12-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ PSA: Do not Trust Reverse DNS (and why does an address resolve to "localhost")., (Wed, Dec 6th) ∗∗∗ --------------------------------------------- Reverse DNS can be a valuable to find out more about an IP address. For example: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/23105 ∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Dresscode for apps in the Google Play Store: malicious Quad9 – does it offer a data protection-friendly alternative to Google [...] --------------------------------------------- https://securityblog.switch.ch/2017/12/06/a-new-issue-of-our-switch-securit… ∗∗∗ Daten von 31 Millionen Nutzern der App ai.type Keyboard geleakt ∗∗∗ --------------------------------------------- In dem riesigen Datenleak stehen unter anderen E-Mail-Adressen, Namen und IMEI- und Telefon-Nummern von Nutzern der App. Auch Kontakte aus Telefonbüchern sollen sich darin finden. --------------------------------------------- https://heise.de/-3910522 ∗∗∗ Sicherheitsupdates: Angreifer könnten TeamViewer-Sessions entern ∗∗∗ --------------------------------------------- Unter bestimmten Voraussetzungen sind TeamViewer-Sessions gefährdet. Sicherheitsupdates sind zum Teil schon verfügbar. --------------------------------------------- https://heise.de/-3911170 ∗∗∗ Recam Redux - DeConfusing ConfuserEx ∗∗∗ --------------------------------------------- This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign from our Advanced Malware Protection (AMP) telemetry. Initial infection is via a malicious Word document, the malware ultimately executes in memory an embedded payload from the Recam family. Recam is an information stealer. Although the malware has been around for the past few years, theres a [...] --------------------------------------------- http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confusere… ∗∗∗ ParseDroid vulnerabilities could affect all Android developers ∗∗∗ --------------------------------------------- Checkpoint researchers discovered several vulnerabilities in Android application developer tools that put any organisation that does Java/Android development at risk of an outsider gaining access to their system. --------------------------------------------- https://www.scmagazineuk.com/news/parsedroid-vulnerabilities-could-affect-a… ∗∗∗ MailSploit bugs let spoofed emails bypass DMARC, spam detectors ∗∗∗ --------------------------------------------- A collection of vulnerabilities dubbed Mailsploit, found by German security researcher Sabri Haddouche in 30 types of email client applications - from Apple Mail to Mozilla Thunderbird - lets hackers bypass anti-spoofing mechanisms. --------------------------------------------- https://www.scmagazineuk.com/news/mailsploit-bugs-let-spoofed-emails-bypass… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability ∗∗∗ --------------------------------------------- 4A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a TIME_WAIT state. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ [Xen-announce] Xen Security Advisory 238 (CVE-2017-15591) - DMOP map/unmap missing argument checks ∗∗∗ --------------------------------------------- Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. Only domains controlling HVM guests can exploit this vulnerability. (This includes domains providing hardware emulation services to HVM guests.) --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2017-12/msg00002.ht… ∗∗∗ Vuln: Multiple F-Secure Internet Gatekeeper Products Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102066 ∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Double Free Vulnerability in Flp Driver of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Multiple Security Vulnerabilities in the IKEv2 Protocol Implementation of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Input Validation Vulnerability in H323 Protocol of Huawei products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-… ∗∗∗ IBM Security Bulletin: IBM BigInsights is affected by a Text Analytics vulnerabilty (CVE-2017-1336 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010812 ∗∗∗ IBM Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010305 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009835 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008854 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008853 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008339 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openssh (CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008340 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Support Tools for Lotus WCM (CVE-2017-1536) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008031 ∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and Cloud Orchestrator Enterprise update of IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000361 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008757 ∗∗∗ IBM Security Bulletin: IBM MQ could allow an authenticated user to insert messages with malformed data into the channel which would cause it to restart. (CVE-2017-1433) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005525 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2017
by Daily end-of-shift report 05 Dec '17

05 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 04-12-2017 18:00 − Dienstag 05-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gefälschte Sicherheitswarnung auf Facebook ∗∗∗ --------------------------------------------- Mit dem gefälschten Facebook-Profil „Help Update Account“ teilen Kriminelle Beiträge von Kleinunternehmen und sprechen eine Sicherheitswarnung aus. Sie fordern die Eigentümer/innen der Konten auf, dass sie auf einer Website ihren Account bestätigen, um eine Blockierung zu verhindern. Wer dem nachkommt, übermittelt die Unternehmens-Zugangsdaten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/facebook-betrug/gefaelschte-sicherheitswa… ===================== = Vulnerabilities = ===================== ∗∗∗ Apache Software Foundation Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: December 04, 2017 The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Apache Security Bulletins S2-054 and S2-055 and upgrade to Struts 2.5.14.1. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/12/04/Apache-Software-Fo… ∗∗∗ DFN-CERT-2017-2198/">OTRS: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer mit Agenten-Benutzerkonto in OTRS kann eine Schwachstelle ausnutzen, um beliebige Kommandozeilenbefehle mit erweiterten Privilegien auf dem unterliegenden Betriebssystem zur Ausführung zu bringen. Ein Angreifer mit Kundenkonto kann eine weitere Schwachstelle ausnutzen, um interne Informationen über seinem Konto zugeordnete Kundentickets auszuspähen. Der Hersteller stellt OTRS 6.0.2, 5.0.25 und 4.0.27 als Sicherheitsupdates zur Behebung der Schwachstellen zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2198/ ∗∗∗ DFN-CERT-2017-2204/">Jenkins: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer mit Administratorrechten kann einen Cross-Site-Scripting (XSS)-Angriff gegen Benutzer von Jenkins durchführen. Der Hersteller plant kein Sicherheitsupdate zur Behebung der Schwachstelle, da Administratoren in Jenkins gemäß ihrer Rollendefinition bereits alle Rechte haben, um die durch die genannte Schwachstelle möglichen Angriffe durchzuführen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2204/ ∗∗∗ Android Security Bulletin - December 2017 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2017-12-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2017-12-01.html ∗∗∗ IBM Security Bulletin: A vulnerability in busybox affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2016-2147) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099729 ∗∗∗ IBM Security Bulletin: A tcp vulnerability in Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-14106) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099730 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2017 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010560 ∗∗∗ IBM Security Bulletin: Apache Commons Collection as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2015-6420) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011281 ∗∗∗ IBM Security Bulletin: IBM Case Manager may be vulnerable to Apache Commons FileUpload code execution ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010267 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager (FTM) for Multi-Platform (MP) is affected by a SQL Injection security vulnerability (CVE-2017-1606) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011179 ∗∗∗ IBM Security Bulletin: IBM Connections Engagement Center Security Refresh (CVE-2017-1613, CVE-2017-1683) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010690 ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2017-1498) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006286 ∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2017-1481) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010761 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a GNU C library (glibc) vulnerability (CVE-2017-8804) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009796 ∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005400 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2017
by Daily end-of-shift report 04 Dec '17

04 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-12-2017 18:00 − Montag 04-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Visualise Event Logs to Identify Compromised Accounts - LogonTracer ∗∗∗ --------------------------------------------- JPCERT/CC has developed and released a tool “LogonTracer” which supports such event log analysis. This entry introduces how it works and how to launch it. ... LogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. --------------------------------------------- http://blog.jpcert.or.jp/2017/11/visualise-event-logs-to-identify-compromis… ∗∗∗ Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’ ∗∗∗ --------------------------------------------- Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for “living off the land”—staying away from the disk and using common tools to run code directly in memory. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/12/04/windows-defender-atp-ma… ∗∗∗ Europäisches Parlament will Mediaplayer VLC sicherer machen ∗∗∗ --------------------------------------------- EU-Projekt FOSSA (Free Open Source Software Analysis) ist für das Bug-Bounty-Programm mitverantwortlich. --------------------------------------------- https://heise.de/-3907536 ∗∗∗ An IRISSCON 2017 roundup ∗∗∗ --------------------------------------------- This post contains links to many of the top-rated talks from the event, along with links to additional content. --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/11/an-irisscon-2018-round… ∗∗∗ Avalanche-Botnetz: BSI weitet Schutzmaßnahmen aus ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) weitet die Schutz- und Informationsmaßnahmen aus, die im Rahmen der Zerschlagung der weltweit größten Botnetzinfrastruktur Avalanche Ende 2016 initiiert wurden, und verlängert diese zudem. Das im Zuge der Avalanche-Abschaltung im Jahr 2016 vom BSI aufgesetzte Sinkholing-System wurde dabei um Domänen des Andromeda-Botnetzes erweitert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Avalanche_E… ===================== = Vulnerabilities = ===================== ∗∗∗ [openssl-announce] Forthcoming OpenSSL release ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2n. ... This is a security-fix release. The highest severity issue fixed in this release is MODERATE. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010801 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010702 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010735 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010736 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium (multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010421 ∗∗∗ IBM Security Bulletin: Open Source GNU glibc Vulnerabilities affects IBM Security Guardium (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008897 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4658) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010734 ∗∗∗ IBM Security Bulletin: Selection of Less-Secure Algorithm During Negotiation vulnerability affects IBM Security Guardium (CVE-2017-1271) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010435 ∗∗∗ Asterisk chan_skinny Driver Bug Lets Remote Users Consume Excessive Memory Resources ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039948 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.12.2017
by Daily end-of-shift report 01 Dec '17

01 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-11-2017 18:00 − Freitag 01-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Petr Sikuta ===================== = News = ===================== ∗∗∗ Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords ∗∗∗ --------------------------------------------- A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ether… ===================== = Vulnerabilities = ===================== ∗∗∗ Geovap Reliance SCADA ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a cross-site scripting vulnerability in Geovap's Reliance SCADA. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02 ∗∗∗ DFN-CERT-2017-2180 - Apache Software Foundation Struts: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2180/ ∗∗∗ DFN-CERT-2017-2181 - Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2181/ ∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Memory Double Free Vulnerability in GPU Driver of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Notice - Statement About the Vulnerabilities in Huawei SmartCare Products Disclosed by Bhaskar Borman ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171201-01-… ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by a Nginx vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011149 ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010618 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010689 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011143 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011146 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011145 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011148 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011150 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011151 ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by vulnerability issues caused by libxml2 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009408 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010019 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010227 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA is Missing HTTP Strict-Transport-Security Header ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006185 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA default login page has no defenses against clickjacking ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006184 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.11.2017
by Daily end-of-shift report 30 Nov '17

30 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-11-2017 18:00 − Donnerstag 30-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gefälschter Bluescreen: "Troubleshooter"-Malware zockt Windows-Nutzer ab ∗∗∗ --------------------------------------------- Derzeit ist eine Windows-Malware im Umlauf, die auf infizierten Rechnern einen Bluescreen simuliert und den Bildschirm sperrt. Sie beendet sich erst, wenn Opfer Geld für eine nicht existente Sicherheitssoftware überweisen. Außerdem fertigt sie einen Screenshot des Desktops – genauer: des Fensters im Vordergrund – an, um ihn an eine feste IP-Adresse zu verschicken. Das geht aus einem Blogeintrag eines Sicherheitsforschers von Malwarebytes hervor, der den von ihm entdeckten Schädling auf den Namen Troubleshooter getauft hat. --------------------------------------------- https://heise.de/-3905456 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file.Exploitation of this vulnerability could cause a buffer overflow condition on the targeted system, causing the Network Recording Player to crash, resulting in a denial of service (DoS) --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ libcurl Out-of-Bounds Memory Read Error in FTP Wildcard Function Lets Remote Users Redirect the Target Client to an Arbitrary Site ∗∗∗ --------------------------------------------- Version(s): 7.21.0 - 7.56.1 A remote server can return specially crafted data to trigger an out-of-bounds memory read error in the FTP wildcard matching function (CURLOPT_WILDCARDMATCH) and cause the target connected libcurl client to be redirected. libcurl applications that use HTTP or HTTPS URLs, allow libcurl redirects, and has FTP wildcards enabled are affected. --------------------------------------------- https://www.securitytracker.com/id/1039897 ∗∗∗ WordPress 4.9.1 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1 --------------------------------------------- https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance… ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-… ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170503-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009849 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010587 ∗∗∗ IBM Security bulletin: IBM Sterling File Gateway is vulnerable to cross-site scripting (CVE-2017-1632) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010549 ∗∗∗ IBM Security bulletin: Access control security vulnerability affects IBM Sterling File Gateway (CVE-2017-1550) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010758 ∗∗∗ IBM Security bulletin: Cross-site scripting. security vulnerability affects IBM Sterling File Gateway (CVE-2017-1549) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010759 ∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1548, CVE-2017-1497) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010738 ∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1487) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010552 ∗∗∗ IBM Security bulletin: Cross-site scripting security vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1482) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010762 ∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to SQL injection. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005835 ∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management affected by vulnerability due to sensitive information stored in URL parameters. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005836 ∗∗∗ SSA-350846 (Last Update 2017-11-30): Vulnerabilities in SWT3000 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-350846… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2017
by Daily end-of-shift report 29 Nov '17

29 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-11-2017 18:00 − Mittwoch 29-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Annual Incident Analysis Report for the Trust Service Providers ∗∗∗ --------------------------------------------- One year after the eIDAS Regulation entered into force, ENISA publishes the first comprehensive overview of the annual summary reporting by the Member States. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/annual-incident-analysis-report… ∗∗∗ Teure Angriffe auf ISDN-Anlagen ∗∗∗ --------------------------------------------- Neuartige Angriffe auf ISDN-Anlagen unterlaufen die Betrugserkennung der Telefongesellschaften durch die Nutzung von Call-by-Call-Vorwahlen und maximieren damit den Schaden. Gefährdet sind auch Besitzer älterer Anlagen ohne Internetanbindung. --------------------------------------------- https://www.heise.de/newsticker/meldung/Teure-Angriffe-auf-ISDN-Anlagen-390… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple Security Update 2017-001 ∗∗∗ --------------------------------------------- Available for: macOS High Sierra 10.13.1 Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password --------------------------------------------- https://support.apple.com/kb/HT208315 ∗∗∗ [webapps] Synology StorageManager 5.2 - Root Remote Command Execution ∗∗∗ --------------------------------------------- Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager. --------------------------------------------- https://www.exploit-db.com/exploits/43190/?rss ∗∗∗ RSA Authentication Agent SDK for C Error Handling Flaw May Let Remote Users Bypass Authentication on the Target System ∗∗∗ --------------------------------------------- In applications that do not properly handle return codes from the API/SDK, a remote user may be able to trigger an error handling flaw and bypass authentication on the target system. Systems with the API/SDK used in TCP asynchronous mode may be affected. The RSA Authentication Agent API/SDK for Java is not affected. --------------------------------------------- http://www.securitytracker.com/id/1039877 ∗∗∗ RSA Authentication Agent for Web for Apache Web Server Lets Remote Users Bypass Authentication on the Target System ∗∗∗ --------------------------------------------- A remote user can supply specially crafted data to trigger an input validation flaw and bypass authentication and gain access to resources ostensibly protected by the target agent. Agents configured to use the TCP protocol to communicate with the RSA Authentication Manager server are affected. The default configuration (UDP) is not affected. --------------------------------------------- http://www.securitytracker.com/id/1039876 ∗∗∗ Siemens SCALANCE W1750D, M800, and S615 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-332-01 ∗∗∗ Vuln: Multiple EMC RSA products CVE-2017-14378 Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101979 ∗∗∗ Vuln: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101977 ∗∗∗ Cisco Secure Access Control System Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Center URL Redirection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Event Center Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Network Recording Player Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco UCS Central Software ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Service Catalog SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Installation Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Image Signature Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Signature Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus Series Switches CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 8800 Series Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Malformed MIME Header Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco Data Center Network Manager Software ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Use After Free Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Two Vulnerabilities in H323 protocol of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - A CGI application vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Network Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Denial of Service Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009183 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security AppScan Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010003 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter systems (CVE-2016-7055) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099697 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2017
by Daily end-of-shift report 28 Nov '17

28 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 27-11-2017 18:00 − Dienstag 28-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Further abusing the badPwdCount attribute ∗∗∗ --------------------------------------------- ... what happens if you store your password on all sorts of devices (for authenticating with Exchange, Skype For Business, etc.) and you change your password? That would result in Exchange, Windows or any other service trying to authenticate with an invalid password. If everything works correctly, you should be locked out very soon because of this. However, this is not the case. --------------------------------------------- https://blog.fox-it.com/2017/11/28/further-abusing-the-badpwdcount-attribut… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Thunderbird als Einfallstor für Schadcode ∗∗∗ --------------------------------------------- Nutzen Angreifer als kritisch eingestufte Sicherheitslücken in Thunderbird aus, könnten sie aus der Ferne Schadcode auf Computern ausführen. Eine abgesicherte Version löst diese Probleme. --------------------------------------------- https://heise.de/-3903023 ∗∗∗ Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in a CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance.The vulnerability is due to unprotected calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ DFN-CERT-2017-2131/">Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Foxit Reader und Foxit PhantomPDF bis inklusive Version 8.3.2.25013 für Windows ermöglichen einem in den meisten Fällen entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung von Denial-of-Service (DoS)-Angriffen und das Ausspähen von Informationen. Voraussetzung für erfolgreiche Angriffe ist, dass es dem Angreifer gelingt, einen Benutzer dazu zu verleiten, eine schädlich manipulierte Datei zu öffnen. Zwei weitere Schwachstellen können vermutlich nur von einem lokalen Angreifer ausgenutzt werden, um Informationen auszuspähen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2131/ ∗∗∗ [Xen-announce] Xen Security Advisory 246 - x86: infinite loop due to missing PoD error checking ∗∗∗ --------------------------------------------- A malicious HVM guest can cause one pcpu to permanently hang. This normally cascades into the whole system freezing, resulting in a a host Denial of Service (DoS). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-246.html ∗∗∗ [Xen-announce] Xen Security Advisory 247 - Missing p2m error checking in PoD code ∗∗∗ --------------------------------------------- An unprivileged guest can retain a writable mapping of freed memory. Depending on how this page is used, it could result in either an information leak, or full privilege escalation. Alternatively, an unprivileged guest can cause Xen to hit a BUG(), causing a clean crash - ie, host-wide denial-of-service (DoS). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-247.html ∗∗∗ GNU C Library (glibc) vulnerability CVE-2017-15671 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30314331 ∗∗∗ GNU C Library (glibc) vulnerability CVE-2017-15670 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35129173 ∗∗∗ IBM Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099664 ∗∗∗ IBM Security Bulletin: Vulnerability in bash affects IBM Chassis Management Module (CVE-2016-9401) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099641 ∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099665 ∗∗∗ IBM Security Bulletin: Vulnerabilities in strongSwan affect IBM Chassis Management Module (CVE-2017-9022, CVE-2017-9023) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099642 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxslt affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099666 ∗∗∗ IBM Security Bulletin: Vulnerabilities in strongswan affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099668 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099644 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099667 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2016-9318) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099643 ∗∗∗ IBM Security Bulletin: Vulnerability in bind affects IBM Chassis Management Module (CVE-2017-3142) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099645 ∗∗∗ IBM Security Bulletin: Vulnerabilities in bind affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099669 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099671 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-5969) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099660 ∗∗∗ IBM Security Bulletin: Vulnerability in libgcrypt affects IBM Chassis Management Module (CVE-2017-7526) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099652 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM Flex System Networking Switch Products (CVE-2017-6214) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099693 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in expat (CVE-2012-6702 CVE-2016-5300) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099657 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libxml2 (CVE-2016-9318 CVE-2016-9597) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099655 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM RackSwitch Products (CVE-2017-6214) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099703 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099702 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libs ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099653 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099696 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Flex System Networking Switch Products (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099694 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099695 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in bind (CVE-2016-9131 CVE-2016-9147 CVE-2016-9444) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099654 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM RackSwitch Products (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099704 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099701 ∗∗∗ IBM Security Bulletin: Vulnerability in X.Org libICE affects IBM Chassis Management Module (CVE-2017-2626) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099661 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099698 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099700 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099699 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXrender (CVE-2016-7949 CVE-2016-7950) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099650 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXv ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099649 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libX11 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099648 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in bind (CVE-2017-3135) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099658 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in bash (CVE-2014-6277 CVE-2014-6278 CVE-2016-0634 CVE-2016-7543) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099656 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXfixes (CVE-2016-7944 CVE-2013-1983) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099651 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010856 ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010577 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-12163, CVE-2017-12151, CVE-2017-12150) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010703 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2017-12163) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010855 ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2017Q4 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010679 ∗∗∗ IBM Security Bulletin: IBM Connections Docs is Vulnerable to Denial of Service Issue in IBM WebSphere Application Server (CVE-2016-8919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005319 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2017
by Daily end-of-shift report 27 Nov '17

27 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-11-2017 18:00 − Montag 27-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Mobile Menace Monday: Chrome declares war on unwanted redirects ∗∗∗ --------------------------------------------- Google is initiating their plan to implement a few new changes in Chrome to defend against unwanted web redirects. A redirect happens when a different website from the URL that was entered opens in the browser. Sometimes redirects are intentional, as in when an organization/website is bought out by another entity and their traffic is redirected to the new owner. However, sometimes redirects are malicious and unwanted. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/11/chrome-declares-war-unwant… ===================== = Vulnerabilities = ===================== ∗∗∗ [Pdns-announce] PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 Available ∗∗∗ --------------------------------------------- We're happy to release PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 which contain a lot of backports from the 4.1.x branch. These releases also drop support for Botan 1.10 in favor of Botan 2.x. More importantly there are fixes for the following security advisories: - Authoritative Server - PowerDNS Security Advisory 2017-04[1]: Missing check on API operations (CVE-2017-15091) - Recursor - PowerDNS Security Advisory 2017-03[2]: Insufficient validation of DNSSEC signatures (CVE-2017-15090) - PowerDNS Security Advisory 2017-05[3]: Cross-Site Scripting in the web interface (CVE-2017-15092) - PowerDNS Security Advisory 2017-06[4]: Configuration file injection in the API (CVE-2017-15093) - PowerDNS Security Advisory 2017-07[5]: Memory leak in DNSSEC parsing (CVE-2017-15094) --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2017-November/001077.h… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Mailserver-Software Exim - Workaround verfügbar ∗∗∗ --------------------------------------------- Das Exim-Projekt hat am 25. 11. 2017 Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Details: Durch Ausnutzen eines Use-after-free Fehlers können Angreifer potentiell beliebigen Code auf betroffenen Mailservern ausführen. CVE-Nummern dazu: CVE-2017-16943, CVE-2017-16944 --------------------------------------------- http://www.cert.at/warnings/all/20171127.html ∗∗∗ Security Advisory - Improper Access Control Vulnerability in Some Huawei OceanStor products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171122-… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-… ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Samba vulnerability affects IBM SONAS (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010656 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-15906 in OpenSSH affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022349 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-14919 in Node.js affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022348 ∗∗∗ IBM Security Bulletin: Vulnerability in curl affects IBM Chassis Management Module (CVE-2017-7407) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099640 ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP affect IBM Chassis Management Module ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099639 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.11.2017
by Daily end-of-shift report 24 Nov '17

24 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-11-2017 18:00 − Freitag 24-11-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Treat infosec fails like plane crashes – but hopefully with less death and twisted metal ∗∗∗ --------------------------------------------- We never learn from incidents, says Europol security adviser The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/24/infosec_dis… ∗∗∗ VB2017 video: FinFisher: New techniques and infection vectors revealed ∗∗∗ --------------------------------------------- Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/11/vb2017-video-finfisher-new-t… ∗∗∗ 31 lückenhafte Banking-Apps: Forscher entlarven App-TAN-Verfahren abermals als unsicher ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen eine nicht ganz triviale Methode auf, über die Angreifer Online-Banking-Apps manipulieren könnten. Auch in Deutschland sind Banken betroffen. --------------------------------------------- https://heise.de/-3900945 ∗∗∗ Gefälschte BAWAG PSK-Sicherheits-App im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte BAWAG PSK-E-Mail. Darin fordern sie von Kund/innen, dass diese eine Sicherheits-App installieren. Sie ist Schadsoftware und ermöglicht es den Betrüger/innen, Zugriff auf das OnlineBanking-Konto ihrer Opfer zu erlangen. Kund/innen dürfen die angebliche Sicherheits-App nicht installieren. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-bawag-psk-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Lancom: Wichtiges LCOS-Update stopft Sicherheitslücke ∗∗∗ --------------------------------------------- Die aktuelle Version von Lancoms Betriebssoftware für Router, Access Points und Switches beseitigt eine Sicherheitslücke, die Angreifern bei bestimmten Firmware-Versionen Zugriff auf Verwaltungsfunktionen ermöglicht. --------------------------------------------- https://www.heise.de/newsticker/meldung/Lancom-Wichtiges-LCOS-Update-stopft… ∗∗∗ FortiOS: Updates schützen unter anderem vor Cross-Site-Scripting ∗∗∗ --------------------------------------------- Fortinet warnt vor einer Lücke in seinem Betriebssystem FortiOS für FortiGate-Produkte. Einige Updates stehen schon bereit; weitere folgen in Kürze. --------------------------------------------- https://heise.de/-3901201 ∗∗∗ DFN-CERT-2017-2115/">OTRS: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebiger Kommandozeilenbefehle ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2115/ ∗∗∗ DFN-CERT-2017-2119/">FortiGate: Eine Schwachstelle ermöglicht u.a. einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2119/ ∗∗∗ IBM Security Bulletin: OpenSSL command line utility in IBM Workload Scheduler can run with elevated priviliges (CVE-2017-1716) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010947 ∗∗∗ SSA-346262 (Last Update 2017-11-23): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2017
by Daily end-of-shift report 23 Nov '17

23 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-11-2017 18:00 − Donnerstag 23-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Amazon Key Bug Lets Rogue Deliverymen Re-Enter Homes Without Being Recorded ∗∗∗ --------------------------------------------- A month after Amazon launched Amazon Key, security experts have already identified a flaw in the devices mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded. --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-key-bug-lets-rogue-de… ∗∗∗ Firefox Nightly Build 58: Firefox warnt künftig vor Webseiten mit Datenlecks ∗∗∗ --------------------------------------------- Im Nightly Build 58 testet Mozillaeinige neue Funktionen: So sollen Nutzer bald personalisierte Artikelvorschläge von Pocket bekommen. Außerdem werden Nutzer womöglich bald vor Webseiten gewarnt, die im großen Stil Nutzerdaten verloren haben. --------------------------------------------- https://www.golem.de/news/firefox-nightly-build-58-firefox-warnt-kuenftig-v… ∗∗∗ systemd Vulnerability Leads to Denial of Service on Linux ∗∗∗ --------------------------------------------- Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a DNS server controlled by the attackers. The DNS server would then return a specially crafted .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerab… ∗∗∗ Advisory: Turla group malware ∗∗∗ --------------------------------------------- This report provides new intelligence derived from NCSC investigations into two tools used by the Turla group to target the UK, known as Neuron and Nautilus. --------------------------------------------- https://www.ncsc.gov.uk/alerts/turla-group-malware ∗∗∗ Erpressungstrojaner qkG manipuliert Word-Template zur weiteren Verbreitung ∗∗∗ --------------------------------------------- Sicherheitsforscher sind auf eine neue Ransomware gestoßen, die es vorrangig auf Word-Nutzer abgesehen hat. --------------------------------------------- https://heise.de/-3899132 ∗∗∗ Mac-Malware Proton gibt sich als "Symantec Malware Detector" aus ∗∗∗ --------------------------------------------- Getarnt als Malware-Erkennung wurde der Mac-Trojaner über ein vermeintliches Symantec-Blog vertrieben. Eine über soziale Netze verbreitete Falschmeldung soll Nutzer zur Installation bringen. --------------------------------------------- https://heise.de/-3900056 ∗∗∗ Schwerer Bug erlaubt, macOS via USB-Stick zu knacken ∗∗∗ --------------------------------------------- Apple hat Fehler bereits geschlossen – Reparaturwerkzeug als Angriffspunkt --------------------------------------------- http://derstandard.at/2000068349782 ===================== = Vulnerabilities = ===================== ∗∗∗ FortiWebManager 5.8.0 improperly handles admin login access ∗∗∗ --------------------------------------------- FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-248 ∗∗∗ TablePress <= 1.8 - Authenticated XML External Entity (XXE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8963 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in sudo. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099647 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099663 ∗∗∗ IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099674 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2017
by Daily end-of-shift report 22 Nov '17

22 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-11-2017 18:00 − Mittwoch 22-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verbraucherschutz: Sportuhr-Hersteller gehen unsportlich mit Daten um ∗∗∗ --------------------------------------------- Herzfrequenz und Schlafphasen: Apple, Garmin und andere Hersteller von Sportuhren und Fitnesstrackern speichern auf ihren Portalen sehr persönliche Nutzerdaten. Bei einem Praxistest sind nur zwei Hersteller korrekt mit dem Auskunftsrecht des Kunden umgegangen. --------------------------------------------- https://www.golem.de/news/verbraucherschutz-sportuhr-hersteller-gehen-unspo… ∗∗∗ Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability ∗∗∗ --------------------------------------------- Intel recently released a security advisory detailing several security flaws in its Management Engine (ME). The advisory provides critical ME, Trusted Execution Technology (TXT), and Server Platform Services (SPS) firmware .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-cve-2… ∗∗∗ Sicherheitslücke in HP-Druckern – Firmware-Updates stehen bereit ∗∗∗ --------------------------------------------- Unter Verwendung spezieller Malware können Angreifer aus der Ferne auf Drucker von HP zugreifen und dort unter anderem gerätespezifische Befehle ausführen. Der Hersteller hat Updates bereitgestellt und empfiehlt die umgehende Aktualisierung. --------------------------------------------- https://heise.de/-3897679 ∗∗∗ Deutsche Behörde: Staat muss digital zurückschlagen können ∗∗∗ --------------------------------------------- In der Schweiz erlaubte "Hackbacks" als Beispiel genannt --------------------------------------------- http://derstandard.at/2000068302436 ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-17-927: Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-927/ ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009782 ∗∗∗ RSA Authentication Manager Input Validation Flaw in Security Console Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039853 ∗∗∗ USN-3489-2: Berkeley DB vulnerability ∗∗∗ --------------------------------------------- http://www.ubuntu.com/usn/usn-3489-2/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2017
by Daily end-of-shift report 21 Nov '17

21 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 20-11-2017 18:00 − Dienstag 21-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSL Certificate Provider StartCom Shuts Down After Browser Ban ∗∗∗ --------------------------------------------- Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ssl-certificate-provider-sta… ∗∗∗ Factsheet Building a SOC: start small ∗∗∗ --------------------------------------------- An increasingly common way to achieve visibility and control of information security is to implement a Security Operations Centre (SOC). In order for a SOC to function successfully, it must be tied in with the business processes. This makes building a SOC .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/factsheets/factsheet-building-a-… ∗∗∗ The Art of Fuzzing – Slides and Demos ∗∗∗ --------------------------------------------- Over the last weeks I presented talks on the topic of fuzzing at conferences such as DefCamp, Heise Dev Sec, IT-SeCX and BSides Vienna. As promised, I make my slides and demos available to the public with this blog post . --------------------------------------------- https://www.sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-d… ∗∗∗ Kritische Sicherheitslücke: Traffic von F5 BIG-IP-Appliances lässt sich entschlüsseln ∗∗∗ --------------------------------------------- Firewalls, Load-Balancer und andere BIG-IP-Systeme sind anfällig für einen Angriff, bei dem dritte den verschlüsselten SSL-Traffic zwischen Client und Appliance abhören können. Admins, die solche Systeme im Einsatz haben .. --------------------------------------------- https://heise.de/-3895060 ∗∗∗ Intel stopft neue Sicherheitslücken der Management Engine (SA-00086) ∗∗∗ --------------------------------------------- Intels Security Advisory SA-00086 beschreibt mehrere Fehler in der Firmware der Management Engine (ME 11.0 bis 11.7), in Trusted Execution Engine 3.0 und in den Server Platform Services (SPS 4.0). --------------------------------------------- https://heise.de/-3895175 ∗∗∗ OSX.Proton spreading through fake Symantec blog ∗∗∗ --------------------------------------------- A new variant of the OSX.Proton malware is being promoted via a fake Symantec blog site. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/o… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren ∗∗∗ --------------------------------------------- Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren 21. November 2017 Beschreibung Wie Intel meldet (INTEL-SA-00086), gibt es aktuell mehrere Schwachstellen in Systemen mit .. --------------------------------------------- http://www.cert.at/warnings/all/20171121.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-07: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities .. --------------------------------------------- https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framewo… ∗∗∗ Samba: Use-after-free vulnerability ∗∗∗ --------------------------------------------- All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-14746.html ∗∗∗ Samba: Server heap memory information leak ∗∗∗ --------------------------------------------- All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-15275.html ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009696 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010685 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2017
by Daily end-of-shift report 20 Nov '17

20 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-11-2017 18:00 − Montag 20-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Defining and securing the Internet of Things: ENISA publishes a study on how to face cyber threats in critical information infrastructures ∗∗∗ --------------------------------------------- The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments. The ENISA report was developed in cooperation with the ENISA IoT Security Experts Group and additional key stakeholders. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/defining-and-securing-the-inter… ∗∗∗ New Open-Source IDS Tools ∗∗∗ --------------------------------------------- On November 16, 2017, [Dell] Secureworks released two open-source tools: Flowsynth and Dalton. These tools allow analysts to easily create and test network packet captures against IDS engines such as Suricata and Snort. --------------------------------------------- https://www.secureworks.com/blog/new-open-source-ids-tools ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2081/">Procmail: Eine Schwachstelle ermöglicht u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Eine Schwachstelle in 'procmail' ermöglicht einem entfernten, nicht authentisierten Angreifer die Durchführung eines Denial-of-Service (DoS)-Angriffes oder möglicherweise die Ausführung beliebigen Programmcodes. Voraussetzung ist, dass das Opfer eine schädlich präparierte Email-Nachricht des Angreifers öffnet. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2081/ ∗∗∗ DFN-CERT-2017-2085/">Moodle: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer kann eine Schwachstelle in Moodle ausnutzen, um Informationen über Kursteilnehmer auszuspähen oder zu erraten. Moodle stellt die Versionen 3.1.9, 3.2.6, 3.3.3 und 3.4 als Sicherheitsupdates zur Behebung der Schwachstelle zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2085/ ∗∗∗ Helping to Secure your PostgreSQL Database ∗∗∗ --------------------------------------------- But what about properly securing your PostgreSQL database? There are many ways you can go about securing a PostgreSQL database. Im going to highlight a few tips that I feel are important and essential to preventing unauthorized access into your data environment. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Helping-to-Secure-your-… ∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗ --------------------------------------------- On October 16, 2017, an article titled "Key Reinstallation Attacks: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was released, which mentioned multiple security vulnerabilities in protocols Wi-Fi Protected Access (WPA) and WPA2. The researcher had reported some of these vulnerabilities to Huawei before disclosing them. Huawei immediately launched investigation and carried out technical communication with the researcher. At present, the products that are affected by vulnerabilities include Android-based Huawei smart phone and Huawei smart home products (Huawei smart router, Honor smart router and Honor TV Box). --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-… ∗∗∗ SSA-689071 (Last Update 2017-11-17): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M800 and SCALANCE S615 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-689071… ∗∗∗ OpenSSH vulnerability CVE-2017-15906 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K89621551 ∗∗∗ Vuln: Varnish Cache CVE-2017-8807 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101886 ∗∗∗ Symantec Management Console Directory Traversal ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ FortiWeb Stored XSS vulnerability on webUI certificate view page ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-131 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008478 ∗∗∗ IBM Security Bulletin: IBM Tivoli Monitoring is affected by a vulnerability in its internal web server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010554 ∗∗∗ IBM Security Bulletin: An unspecified vulnerability in Oracle Java SE affects IBM Algo One Algo Risk Application (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009930 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Algo One – Core (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009138 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Modeler ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010687 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5664) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009583 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5648) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004763 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-12163) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010785 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010746 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010740 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010745 ∗∗∗ IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Storwize V7000 Unified (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010731 ∗∗∗ IBM Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22006357 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2017-15906) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.11.2017
by Daily end-of-shift report 17 Nov '17

17 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-11-2017 18:00 − Freitag 17-11-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Projekthoster: Github zeigt Sicherheitswarnungen für Projektabhängigkeiten ∗∗∗ --------------------------------------------- Vor wenigen Wochen hat der Projekthoster Github ein Werkzeug vorgestellt, das die Abhängigkeiten eines Projekts besser darstellen soll. Das Konzept wird nun um Sicherheitshinweise und Warnungen erweitert, was die Pflege deutlich erleichtern sollte. --------------------------------------------- https://www.golem.de/news/projekthoster-github-zeigt-sicherheitswarnungen-f… ∗∗∗ Here’s How To Get Solid Browser Security [Update 2017] ∗∗∗ --------------------------------------------- Of all the threats out there, browser security is often forgotten. This is tragic because browsers are a favorite target for malicious hackers. They’re the main way you interact with the Internet. You Google things, you visit blogs, buy online, pay your bills or browse Facebook. If a malicious hacker breaks in, he will find everything about [...] --------------------------------------------- https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/ ∗∗∗ Terdot banking trojan targets social media and email in addition to financial services ∗∗∗ --------------------------------------------- The Terdot banking trojan not only steals credit card information and login credentials for online financial services, but it also intercepts and modifies traffic on social media and email platforms, according to Bitdefender. --------------------------------------------- https://www.scmagazine.com/terdot-banking-trojan-targets-social-media-and-e… ∗∗∗ New White House Announcement on the Vulnerability Equities Process ∗∗∗ --------------------------------------------- The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet, but the best place to start is Cybersecurity Coordinator Rob Joyces blog post. --------------------------------------------- https://www.schneier.com/blog/archives/2017/11/new_white_house_1.html ∗∗∗ Oracle scrambles to sew up horrid security holes in PeopleSofts Tuxedo ∗∗∗ --------------------------------------------- Nothing like unauthd hijacking, Heartbleed-style bugs to patch ASAP Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/16/oracle_peop… ∗∗∗ US-CERT: Security Tip (ST17-001) Securing the Internet of Things ∗∗∗ --------------------------------------------- The Internet of Things is becoming an important part of everyday life. Being aware of the associated risks is a key part of keeping your information and devices secure. --------------------------------------------- https://www.us-cert.gov/ncas/tips/ST17-001 ∗∗∗ Over 530 cyber-activities during fifth edition of European Cyber Security Month ∗∗∗ --------------------------------------------- The 2017 European Cyber Security Month (ECSM) has ended. This was the fifth consecutive edition of the awareness campaign put together by the EU Cybersecurity Agency ENISA, the EU Commission’s DG CONNECT and their partners. ... During the month of October, some 530 activities such as conferences, workshops, seminars and online courses took place across Europe, --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/over-530-cyber-activities-durin… ∗∗∗ Supplementing Windows Audit, Alerting, and Remediation with PowerShell [PDF] ∗∗∗ --------------------------------------------- This paper outlines the use of PowerShell to supplement audit, alerting, and remediation platform for Windows environments. This answers the question of why use PowerShell for these purposes. Several examples of using PowerShell are included to start the thought process on why PowerShell should be the security multi-tool of first resort. Coverage includes how to implement these checks in a secure, automatable way. --------------------------------------------- https://www.sans.org/reading-room/whitepapers/assurance/supplementing-windo… ∗∗∗ Beware Catphishing attacks targeting the hearts of security pros ∗∗∗ --------------------------------------------- Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated. --------------------------------------------- https://www.scmagazineuk.com/beware-catphishing-attacks-targeting-the-heart… ∗∗∗ Zehn Sicherheitslücken in Wiki-Software MediaWiki ∗∗∗ --------------------------------------------- Neue MediaWiki-Versionen schützen darauf aufsetzende Wikis unter anderem effektiver vor Brute-Force-Attacken. --------------------------------------------- https://heise.de/-3892250 ===================== = Vulnerabilities = ===================== ∗∗∗ BIG-IP SSL vulnerability CVE-2017-6168 ∗∗∗ --------------------------------------------- A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. --------------------------------------------- https://support.f5.com/csp/article/K21905460 ∗∗∗ Moxa NPort 5110, 5130, and 5150 ∗∗∗ --------------------------------------------- This advisory contains mitigation details for injection, information exposure, and resource exhaustion vulnerabilities in Moxa's NPort 5110, 5130, and 5150. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01 ∗∗∗ Siemens SICAM ∗∗∗ --------------------------------------------- This advisory contains mitigation details for missing authentication for critical function, cross-site scripting, and code injection vulnerabilities in the Siemens SICAM products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-02 ∗∗∗ VMSA-2017-0019 ∗∗∗ --------------------------------------------- NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0019.html ∗∗∗ VMSA-2017-0018 ∗∗∗ --------------------------------------------- VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0018.html ∗∗∗ VU#817544: Windows 8.0 and later fail to properly randomize all applications if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/817544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541543 ∗∗∗ DFN-CERT-2017-2068: Jenkins Plugin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2068/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009204 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010329 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010744 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010742 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SONAS (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010747 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010321 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data. (CVE-2017-1484) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010103 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010671 ∗∗∗ IBM Security Bulletin: IBM DataQuant is affected by an Open Source Apache Poi vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010565 ∗∗∗ IBM Security Bulletin: Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-2619) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010689 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2017
by Daily end-of-shift report 16 Nov '17

16 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-11-2017 18:00 − Donnerstag 16-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Suspicious Domains Tracking Dashboard, (Thu, Nov 16th) ∗∗∗ --------------------------------------------- Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how can we detect potentially malicious DNS activity if domains are not (yet) present in a blacklist? The typical case is DGAs of Domain Generation Algorithm used by some malware families. --------------------------------------------- https://isc.sans.edu/diary/rss/23046 ∗∗∗ Microsoft DDE protocol based malware attacks ∗∗∗ --------------------------------------------- Introduction: Over the past few weeks, there have been several reports about the Microsoft Dynamic Data Exchange (DDE) vulnerability. To no ones surprise, hackers have been quick to exploit this vulnerability to spread malware through rigged Microsoft Word documents. In this same timeframe, the Zscaler ThreatLabZ team has seen a number of these malicious documents using the DDE vulnerability to download and execute malware. Most of the payloads we saw were Remote Access Trojans (RATs) [...] --------------------------------------------- https://www.zscaler.com/blogs/research/microsoft-dde-protocol-based-malware… ∗∗∗ Quad9: Datenschutzfreundliche Alternative zum Google-DNS ∗∗∗ --------------------------------------------- Wer Google nicht wesentliche Teile seines Surfverhaltens anvertrauen möchte, kann ab sofort auf einen alternativen DNS-Dienst ausweichen: 9.9.9.9 statt 8.8.8.8. Doch auch dort gibt es Besonderheiten. --------------------------------------------- https://www.heise.de/newsticker/meldung/Quad9-Datenschutzfreundliche-Altern… ∗∗∗ Ciscos Voice Operating System ist empfänglich für Angreifer ∗∗∗ --------------------------------------------- Angreifer könnten die Kontrolle über Cisco-Geräte mit Voice Operating System an sich reißen. Sicherheitsupdates schließen diese und weitere Lücken in anderen Produkten. --------------------------------------------- https://heise.de/-3891402 ∗∗∗ Sharp rise in fileless attacks evading endpoint security ∗∗∗ --------------------------------------------- A new Ponemon Institute survey of 665 IT and security leaders finds that over-reliance on traditional endpoint security is leaving organizations exposed to significant risk. 54 percent of respondents said their company experienced a successful attack. Of those respondents, 77 percent were victim to fileless attack or exploit. "This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations." said Dr. Larry Ponemon [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/11/16/fileless-attacks-evading-endpoin… ===================== = Vulnerabilities = ===================== ∗∗∗ Update: Kritische Lücke in Microsoft Office ermöglicht Remote Code Execution ∗∗∗ --------------------------------------------- Researcher haben eine schwerwiegende Sicherheitslücke in Microsoft Office entdeckt. Beschreibung Wenn ein Benutzer eine speziell präparierte Datei im Microsoft Excel-Format oder Microsoft Word-Format öffnet, kann in Folge ein Angreifer beliebigen Code, mit den Rechten des angemeldeten Benutzers, auf dem System ausführen. Die Schwachstelle basiert auf der Verwendung von [...] --------------------------------------------- http://www.cert.at/warnings/all/20171011.html ∗∗∗ Security Patch Compliance does not take effect on an activated Android device ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Bugtraq: CA20171114-01: Security Notice for CA Identity Governance ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541530 ∗∗∗ Yoast SEO <= 5.7.1 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8960 ∗∗∗ DFN-CERT-2017-2056: FreeBSD: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2056/ ∗∗∗ DFN-CERT-2017-2046: MongoDB: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2046/ ∗∗∗ DFN-CERT-2017-2066: Webkit2GTK: Mehrere Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2066/ ∗∗∗ Security Advisory - SQL Injection Vulnerabilities in Huawei UMA Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-… ∗∗∗ IBM Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010512 ∗∗∗ IBM Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005401 ∗∗∗ Broken access control & LINQ injection in Progress Sitefinity ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/broken-access-control-linq-i… ∗∗∗ Shibboleth Service Provider Error in Dynamic MetadataProvider Plugin Lets Remote Users Bypass Security Restrictions on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039808 ∗∗∗ MediaWiki Multiple Flaws Let Remote Users Modify Data, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Passwords ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039812 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2017
by Daily end-of-shift report 15 Nov '17

15 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-11-2017 18:00 − Mittwoch 15-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsrisiko: Oneplus-Smartphones kommen mit eingebautem Root-Zugang ∗∗∗ --------------------------------------------- Oneplus verkauft offenbar seit Jahren seine Smartphones mit einem vorinstallierten Entwicklertool von Qualcomm, das Zugriff auf zahlreiche Systemressourcen erlaubt. Per ADB ist ein Root-Zugriff auf das jeweilige Gerät möglich. Der Hersteller will die Anwendung herauspatchen. --------------------------------------------- https://www.golem.de/news/sicherheitsrisiko-oneplus-smartphones-kommen-mit-… ∗∗∗ Privater Schlüssel: DXC veröffentlicht AWS-Key und muss 64.000 US-Dollar zahlen ∗∗∗ --------------------------------------------- Private Schlüssel in freier Wildbahn sind ein verbreitetes Problem. Zuletzt traf es das Sicherheitsunternehmen DXC, das den AWS-Schlüssel versehentlich bei Github hochlud - und dann die Rechnung dafür bekam. --------------------------------------------- https://www.golem.de/news/privater-schluessel-dxc-veroeffentlicht-aws-key-u… ∗∗∗ These Campaigns Explain Why AV Detection for New Malware Remains Low ∗∗∗ --------------------------------------------- This year we saw massive spam campaigns like NonPetya or Locky fly below the radar of antivirus software and went undetected during the first hours or even days. Some of them actually went undetected even for months. Second-generation malware usually has the ability to evade detection and bypass antivirus programs users have installed on their computers to [...] --------------------------------------------- https://heimdalsecurity.com/blog/campaigns-av-detection-new-malware-low/ ∗∗∗ Confusion reigns over crypto vuln in Spanish electronic ID smartcards ∗∗∗ --------------------------------------------- Certs revoked, but where are the updates? The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/15/spanish_id_… ∗∗∗ TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318A ∗∗∗ TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 | Last revised: November 15, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318B ∗∗∗ Secure Engineering Guidelines ∗∗∗ --------------------------------------------- Some best practices for building and trusting software. --------------------------------------------- https://medium.com/@HockeyInJune/secure-engineering-guidelines-3b8845ac3265 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available in Foxit MobilePDF for iOS 6.1 ∗∗∗ --------------------------------------------- Foxit has released Foxit MobilePDF for iOS 6.1, which addresses potential security and stability issues. --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php ∗∗∗ Microsoft Security Updates ∗∗∗ --------------------------------------------- MS17-023 Security Update for Adobe Flash Player MS17-022 Security Update for Microsoft XML Core Services MS17-021 Security Update for Windows DirectShow MS17-020 Security Update for Windows DVD Maker MS17-019 Security Update for Active Directory Federation Services MS17-018 Security Update for Windows Kernel-Mode Drivers MS17-017 Security Update for Windows Kernel MS17-016 Security Update for Windows IIS MS17-015 Security Update for Microsoft Exchange Server MS17-014 Security Update for [...] --------------------------------------------- https://technet.microsoft.com/en-us/security/bulletins ∗∗∗ QNX-2017-001 Multiple vulnerabilities impact BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01 ∗∗∗ ABB TropOS ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-02 ∗∗∗ Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01 ∗∗∗ Cisco Security Advisories and Alerts ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ DFN-CERT-2017-2041: Oracle Fusion Middleware, Oracle Tuxedo: Mehrere Schwachstellen ermöglichen u.a. eine vollständige Komprommittierung ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2041/ ∗∗∗ Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in MTK Platform ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Java vulnerability CVE-2017-10176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05911127 ∗∗∗ Linux kernel vulnerability CVE-2017-11176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K56450659 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2017
by Daily end-of-shift report 14 Nov '17

14 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 13-11-2017 18:00 − Dienstag 14-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Breaking security controls using subdomain hijacking ∗∗∗ --------------------------------------------- Users obtain a domain name to establish a unique identity on the Internet. Domain names are not only used to serve names and addresses of computers and services but also to store security controls, such as SPF or CAA records. --------------------------------------------- https://securityblog.switch.ch/2017/11/14/subdomain-hijacking/ ∗∗∗ Investigating Command and Control Infrastructure (Emotet) ∗∗∗ --------------------------------------------- Although the majority of botnets still use a basic client-server model, with most relying on HTTP servers to receive commands, many prominent threats now use more advanced infrastructure to evade endpoint blacklisting and be resilient to take-down. In this article I will go through and explain my process of identifying Command and Control (C2) servers and understanding their topology, using Emotet as an example. --------------------------------------------- https://www.malwaretech.com/2017/11/investigating-command-and-control-infra… ∗∗∗ XZZX Cryptomix Ransomware Variant Released ∗∗∗ --------------------------------------------- A new CryptoMix Ransomware variant has been discovered that appends the .XZZX extension to encrypted files. This article will discuss the changes found in this new variant. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-va… ===================== = Vulnerabilities = ===================== ∗∗∗ SQL Injection in bbPress ∗∗∗ --------------------------------------------- During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug --------------------------------------------- https://blog.sucuri.net/2017/11/sql-injection-bbpress.html ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Flash Player (APSB17-33), Photoshop CC (APSB17-34), Connect (APSB17-35), Acrobat and Reader (APSB17-36), DNG Converter (APSB17-37), InDesign CC (APSB17-38), Digital Editions (APSB17-39), Shockwave Player (APSB17-40) and Adobe Experience Manager (APSB17-41). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1510 ∗∗∗ #AVGater: Systemübernahme via Quarantäne-Ordner ∗∗∗ --------------------------------------------- Eine neue Angriffstechnik nutzt die Wiederherstellungs-Funktion der Anti-Viren-Quarantäne, um Systeme via Malware zu kapern. Bislang reagierten sechs Software-Hersteller mit Updates. --------------------------------------------- https://heise.de/-3889107 ∗∗∗ Authentication bypass, cross-site scripting & code execution in Siemens SICAM RTU SM-2556 ∗∗∗ --------------------------------------------- The Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00) are affected by an authentication bypass vulnerability as the authentication checks are only performed client-side (JavaScript). Furthermore, the device is affected by cross site scripting vulnerabilities and outdated webserver software which allows code execution. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/authentication-bypass-cross-… ∗∗∗ Vulnerability in windows antivirus products (IK-SA-2017-0002) ∗∗∗ --------------------------------------------- A privilege escalation and arbitrary write vulnerability was found in all our windows antivirus products. [...] Successful exploitation of this issue would allow an attacker to overwrite any memory region (including kernel) in the client machine with elevated privileges. --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-w… ∗∗∗ SAP Security Patch Day - November 2017 ∗∗∗ --------------------------------------------- On 14th of November 2017, SAP Security Patch Day saw the release of 13 Security Notes. Additionally, there were 9 updates to previously released security notes. --------------------------------------------- https://blogs.sap.com/2017/11/14/sap-security-patch-day-november-2017/ ∗∗∗ DFN-CERT-2017-2025/">OTRS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2025/ ∗∗∗ DFN-CERT-2017-2024/">Symantec Endpoint Encryption: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2024/ ∗∗∗ IBM Security Bulletin: Vulnerability may affect IBM® SDK for Node.js™ (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009851 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by vulnerabilities in the IBM® SDK, Java Technology Edition Quarterly Critical Patch Updates (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010282 ∗∗∗ IBM Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009145 ∗∗∗ Cacti Input Validation Flaw in Page Refresh Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039774 ∗∗∗ jQuery vulnerability CVE-2016-7103 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95208524 ∗∗∗ Java vulnerability CVE-2017-10135 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23489380 ∗∗∗ Java vulnerability CVE-2017-10198 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04734043 ∗∗∗ Java SE and JRockit vulnerability CVE-2017-10243 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54747614 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2017
by Daily end-of-shift report 13 Nov '17

13 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-11-2017 18:00 − Montag 13-11-2017 18:00 Handler: Stephan Richter Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Detecting reflective DLL loading with Windows Defender ATP ∗∗∗ --------------------------------------------- Todays attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In recent blogs we described how attackers use basic... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/11/13/detecting-reflective-dl… ∗∗∗ Keep An Eye on your Root Certificates, (Sat, Nov 11th) ∗∗∗ --------------------------------------------- A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers which silently installs a root certificate[1]. The risks associated with this kind of behaviour are multiple, the most important remains performing MitM attacks. New root certificates are not always the result of an attack or infection by a malware. Corporate end-points might also get new root certificates. --------------------------------------------- https://isc.sans.edu/diary/rss/23030 ∗∗∗ Sicherheitsupdate: VMware AirWatch Launcher for Android als Sprungbrett für Angreifer ∗∗∗ --------------------------------------------- VMware schließt mehrere Sicherheitslücken in AirWatch Launcher und AirWatch Console for Android. Davon gilt keine als kritisch. --------------------------------------------- https://heise.de/-3888725 ∗∗∗ Hintergrund: Cardiac Scan: Herzbewegung als biometrisches Authentifizierungsmerkmal ∗∗∗ --------------------------------------------- Zu den gängigen biometrischen Identifikationsmerkmalen wie Fingerabdrücken, Iris-Scans oder Gesichtserkennung könnte sich bald auch das menschliche Herz gesellen. Denn keines bewegt sich wie das andere. --------------------------------------------- https://heise.de/-3842874 ∗∗∗ Ordinypt: Vermeintlicher Erpressungstrojaner-Ausbruch in Deutschland gibt Rätsel auf ∗∗∗ --------------------------------------------- Die vor kurzem aufgetauchte Ransomware Ordinypt löscht Dateien, statt sie zu verschlüsseln und hat es mit Fake-PDF-Dateien auf deutsche Personalabteilungen abgesehen. Allerdings gibt es bisher kaum Anzeichen auf Infektionen in freier Wildbahn. --------------------------------------------- https://heise.de/-3889143 ∗∗∗ Keine Bank Austria-Kundendaten aktualisieren ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bank Austria-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie eine Website aufrufen und auf dieser ihre persönlichen Kund/innendaten aktualisieren. Wer der Aufforderung nachkommt, übermittelt OnlineBanking-Zugangsdaten an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-bank-austria-kundendaten-a… ∗∗∗ Fighting persistent malware with a UEFI scanner, or ‘What’s it all about UEFI?” ∗∗∗ --------------------------------------------- The biggest news in malware so far this year has been WannaCryptor a.k.a. WannaCry, and one reason that particular ransomware spread so fast was because it used a "top secret" exploit developed by the NSA, an agency known to have dabbled in UEFI compromise. --------------------------------------------- https://www.welivesecurity.com/2017/11/10/uefi-scanner-fighting-persistent-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras ∗∗∗ --------------------------------------------- These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryThe Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identified several vulnerabilities present in these devices, and worked with Foscam to develop fixes for them, which we published the details for in a blog post here. --------------------------------------------- http://blog.talosintelligence.com/2017/11/foscam-multiple-vulns.html ∗∗∗ DSA-4031 ruby2.3 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4031 ∗∗∗ DSA-4032 imagemagick - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4032 ∗∗∗ Vuln: ManageEngine ServiceDesk CVE-2017-11511 Arbitrary File Download Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101788 ∗∗∗ WP Support Plus Responsive Ticket System <= 8.0.7 - Remote Code Execution (RCE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8949 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.11.2017
by Daily end-of-shift report 10 Nov '17

10 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-11-2017 18:00 − Freitag 10-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ "Eavesdropper" Vulnerability Exposes Millions of Private Conversations ∗∗∗ --------------------------------------------- Security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service. --------------------------------------------- https://www.bleepingcomputer.com/news/security/-eavesdropper-vulnerability-… ∗∗∗ Google Ranks Phishing Above Keyloggers & Password Reuse as Bigger Threat to Users ∗∗∗ --------------------------------------------- Research carried out by Google engineers and academics from the University of California, Berkeley and the International Computer Science Institute has revealed that phishing attacks pose a more significant threat to users losing access to their Google accounts when compared to keyloggers or password reuse. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-ranks-phishing-above-… ∗∗∗ First Android Malware Detected Using New "Toast Overlay" Attack ∗∗∗ --------------------------------------------- A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-android-malware-detect… ∗∗∗ Ordinypt: Erpressungstrojaner bedroht deutsche Firmen ∗∗∗ --------------------------------------------- Allem Anschein nach geht in Deutschland ein neuer Trojaner um, der auf Personalabteilungen zielt und Lösegeld erpresst. Der in Delphi verfasste Trojaner lässt Opfern allerdings keine Chance, ihre Daten wiederzubekommen. --------------------------------------------- https://heise.de/-3887249 ∗∗∗ Achtung: Abzocker-Version des Windows Movie Maker ist Nummer Eins bei Google ∗∗∗ --------------------------------------------- Eine gefälschte Version des nicht mehr von Microsoft angebotenen Windows Movie Maker verführt Opfer zum Download und bittet sie dann zur Kasse. Die Betrüger-Webseite hat es sogar ganz vorne in die Ergebnisse vieler Suchmaschinen geschafft. --------------------------------------------- https://heise.de/-3887323 ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-36) ∗∗∗ --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, November 14, 2017. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1508 ∗∗∗ AutomationDirect CLICK, C-More, C-More Micro, GS Drives, and SL-Soft SOLO ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-01 ∗∗∗ Schneider Electric InduSoft Web Studio and InTouch Machine Edition ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-02 ∗∗∗ iOS 11.1.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208255 ∗∗∗ DFN-CERT-2017-1998/">PostgreSQL: Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1998/ ∗∗∗ DFN-CERT-2017-1995/">GitLab: Mehrere Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1995/ ∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by a Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010229 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar Network Security Manager component of IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007568 ∗∗∗ SSA-901333 (Last Update 2017-11-09): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-901333… ∗∗∗ VMSA-2017-0017 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0017.html ∗∗∗ VMSA-2017-0016 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0016.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2017
by Daily end-of-shift report 09 Nov '17

09 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-11-2017 18:00 − Donnerstag 09-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Evil pixels: researcher demos data-theft over screen-share protocols ∗∗∗ --------------------------------------------- Users see white noise, attackers see whatever they just stole from you Its the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/09/evil_pixels… ∗∗∗ Tausende Cisco-Switches offen im Internet – Angriffe laufen bereits ∗∗∗ --------------------------------------------- Über 200.000 Cisco Switches sind übers Internet erreichbar und lassen sich umkonfigurieren oder komplett übernehmen; mehrere tausend davon allein in Deutschland. Die Systeme werden bereits angegriffen, doch der Hersteller sieht keine Schwachstelle. --------------------------------------------- https://heise.de/-3882810 ∗∗∗ Hacker dringt weiter in Intels Management Engine vor ∗∗∗ --------------------------------------------- Maxim Goryachy von der Beratungsfirma Positive Technologies konnte eine Programmierschnittstelle zu Intels Managemet Engine öffnen, während Google-Experten die Firmware-Alternative NERF entwickeln. --------------------------------------------- https://heise.de/-3884928 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4022 libreoffice - security update ∗∗∗ --------------------------------------------- Marcin Noga discovered two vulnerabilities in LibreOffice, which couldresult in the execution of arbitrary code if a malformed PPT or DOCdocument is opened. --------------------------------------------- https://www.debian.org/security/2017/dsa-4022 ∗∗∗ BlackBerry powered by Android Security Bulletin – November 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ VU#739007: IEEE P1735 implementations may have weak cryptographic protections ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/739007 ∗∗∗ 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0 ∗∗∗ --------------------------------------------- https://technet.microsoft.com/en-us/library/security/4053440 ∗∗∗ Vuln: Multiple Asterisk Products CDR Remote Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101760 ∗∗∗ DFN-CERT-2017-1987: Jenkins: Zwei Schwachstellen ermöglichen u.a. Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1987/ ∗∗∗ DFN-CERT-2017-1991: Roundcube Webmail: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1991/ ∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant GUI affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-1710) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010788 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in libtasn1 (CVE-2015-2806, CVE-2015-3622) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010224 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007609 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000357 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10115, CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009304 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010191 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2017
by Daily end-of-shift report 08 Nov '17

08 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-11-2017 18:00 − Mittwoch 08-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSH Server "Time to Live"? Less than a cup of coffee!, (Wed, Nov 8th) ∗∗∗ --------------------------------------------- After the stories I posted last week on SSH, I had some folks ask me about putting an SSH server on the public internet - apparently lots of lots of folks still think that's a safe thing to do. --------------------------------------------- https://isc.sans.edu/diary/rss/23020 ∗∗∗ BSI veröffentlicht Bericht zur Lage der IT-Sicherheit in Deutschland 2017 ∗∗∗ --------------------------------------------- Der Lagebericht der nationalen Cyber-Sicherheitsbehörde beschreibt und analysiert die aktuelle IT-Sicherheitslage, die Ursachen von Cyber-Angriffen sowie die verwendeten Angriffsmittel und -methoden. Daraus abgeleitet zeigt das BSI Lösungsansätze zur Verbesserung der IT-Sicherheit in Deutschland auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Bericht_zur… ∗∗∗ Amazon Updates AWS Dashboard to Warn Admins When Theyre Exposing S3 Buckets ∗∗∗ --------------------------------------------- Following a long string of data leaks caused by misconfigured S3 servers, Amazon has decided to add a visible warning to the AWS backend dashboard panel that will let server admins know if one of their buckets (storage environments) is publicly accessible and exposing potentially sensitive data on the Internet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-updates-aws-dashboard… ∗∗∗ Windows 10: Microsoft stellt Sicherheitsrichtlinien für Windows-PCs auf ∗∗∗ --------------------------------------------- Ein aktueller Prozessor, UEFI 2.4 und am besten ein TPM-Chip: Neue Sicherheitsrichtlinien machen Systeme mit Fall Creators Update laut Microsoft erst sicher. Die 8-GByte-RAM-Regel kann jedoch etwa das eigene Surface Pro teils nicht einhalten. (Windows 10, Microsoft) --------------------------------------------- https://www.golem.de/news/windows-10-microsoft-stellt-sicherheitsrichtlinie… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory - Denial of Service Vulnerability on Huawei Smartphones ∗∗∗ --------------------------------------------- There is a denial of service vulnerability on Huawei Smartphones. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. (Vulnerability ID: HWPSIRT-2017-09085) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15345. Huawei has released software updates to fix this vulnerability. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei FusionSphere OpenStack ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Three Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Command Injection Vulnerability in OpsMonitor ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact affected by IBM® SDK Java™ Technology Edition Quarterly CPU – Jul 2017 – Includes Oracle Jul 2017 CPU vulnerabilities in IBM WebSphere Application Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010162 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Guardium Data Redaction (multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008888 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010223 ∗∗∗ Kernel vulnerabilities CVE-2017-12192 and CVE-2017-15274 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33567812 ∗∗∗ Java vulnerability CVE-2017-10118 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42185012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2017
by Daily end-of-shift report 07 Nov '17

07 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 06-11-2017 18:00 − Dienstag 07-11-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Security: Malware mit legitimen Zertifikaten weit verbreitet ∗∗∗ --------------------------------------------- Aktuelle Forschungen werfen erneut ein schlechtes Licht auf den Umgang mit Zertifikaten. Fast 200 Malware-Proben sind mit legitimen digitalen Unterschriften ausgestattet gewesen. Damit kann die Schadsoftware Prüfungen durch Sicherheitssoftware bestehen. (Security, Virus) --------------------------------------------- https://www.golem.de/news/security-malware-mit-legitimen-zertifikaten-weit-… ∗∗∗ NCSC publishes factsheet Post-quantum cryptography ∗∗∗ --------------------------------------------- The emergence of quantum computers can have major implications for organizations that process sensitive information. Using a future quantum computer, one can decrypt data that is encrypted with popular cryptographic algorithms. The consequences are, however, even more serious. Encrypted data may already be intercepted, awaiting the possibility to decrypt the data with a future quantum computer. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-po… ∗∗∗ The Apple iOS 11 Privacy and Security Settings You Should Check ∗∗∗ --------------------------------------------- Heads up, iPhone owners. iOS 11 comes with a batch of security features that merit your attention. --------------------------------------------- https://www.wired.com/story/ios-11-privacy-security-settings ∗∗∗ Warnung vor gefälschter Bank Austria-Sicherheits-App ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht fordern Kriminelle Empfänger/innen dazu auf, dass sie eine Sicherheits-App installieren. Die Installation der Anwendung sei erforderlich, damit Kund/innen weiterhin das OnlineBanking ihrer Bank nützen können. In Wahrheit ist die Sicherheits-App Schadsoftware. Sie hilft den Betrüger/innen dabei, das Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/warnung-vor-gefaelschter-bank-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Oh Brother: Hackers can crash your unpatched printers – researchers ∗∗∗ --------------------------------------------- DoSsing for fun and profit not just a nuisance, they warn Security researchers have said theyve uncovered a new way for hackers to crash Brother printers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/07/brother_pri… ∗∗∗ DFN-CERT-2017-1975/">Chrome OS: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung betroffener Systeme ∗∗∗ --------------------------------------------- Betroffene Software: Chrome OS < 62.0.3202.74 Betroffene Plattformen: Chrome OS Lösung: Patch; Chrome Stable Channel Update for Chrome OS, 27.10.2017 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1975/ ∗∗∗ DFN-CERT-2017-1972/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Betroffene Software * Google Android Operating System < 5.0.2 2017-11-06 * Google Android Operating System < 5.1.1 2017-11-06 * Google Android Operating System < 6.0 2017-11-06 * Google Android Operating System < 6.0.1 2017-11-06 * Google Android Operating System < 7.0 2017-11-06 * Google Android Operating System < 7.1.1 2017-11-06 * Google Android Operating System < 7.1.2 2017-11-06 * Google Android Operating System < 8.0 2017-11-06 * LG Mobile Android < SMR-NOV-2017 * Samsung Mobile Android < SMR-NOV-2017 Betroffene Plattformen * Google Nexus * Google Pixel * Google Android Operating System * LG Mobile Android * Samsung Mobile Android --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1972/ ∗∗∗ Vulnerabilities in multiple third party TYPO3 CMS extensions ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: * "File manager" (ameos_filemanager) * "T3Blog Extbase" (t3extblog) * "Recommend page " (pb_recommend_page) * "Formhandler" (formhandler) * "restler" (restler) * "CAB FAL search" (falsearch) * "Multishop" (multishop) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2017/000413.html ∗∗∗ [20171103] - Core - Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/ZBmazG0EZeU/715-20171103-c… ∗∗∗ [20171102] - Core - 2-factor-authentication bypass ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/KWysQZRrTWQ/713-20171102-c… ∗∗∗ [20171101] - Core - LDAP Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_Ud0fZdMIyg/714-20171101-c… ∗∗∗ DFN-CERT-2017-1973/">Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen u.a. die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1973/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008552 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2017 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010650 ∗∗∗ IBM Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007610 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004827 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010154 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008814 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily