- Daily - CERT.at

Tageszusammenfassung - 29.12.2017
by Daily end-of-shift report 29 Dec '17

29 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-12-2017 18:00 − Freitag 29-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Twenty-plus years on, SMTP callbacks are still pointless and need to die ∗∗∗ --------------------------------------------- A rarely used legacy misfeature of the main Internet email protocol creeps back from irrelevance as a minor annoyance. You should ask your mail and antispam provider about their approach to SMTP callbacks. Be wary of any assertion that is not backed by evidence.Even if you are an IT professional and run an email system, you could be forgiven for not being immediately aware that there is such a thing as SMTP callbacks, also referred to as callback verification. As you will see from the Wikipedia [...] --------------------------------------------- http://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.h… ∗∗∗ Magento Sites Hacked via Helpdesk Widget ∗∗∗ --------------------------------------------- Hackers are actively targeting Magento sites running a popular helpdesk extension, Dutch security researcher Willem de Groot has discovered. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-sites-hacked-via-hel… ∗∗∗ Hacker zeigen Lücken bei Tor-Funksteuerung auf ∗∗∗ --------------------------------------------- Wiener Sicherheitsforscher der Firma Trustworks zeigten am Chaos Communication Congress, wie sie eine Funkfernsteuerung des deutschen Herstellers Hörmann geknackt haben. --------------------------------------------- https://futurezone.at/digital-life/hacker-zeigen-luecken-bei-tor-funksteuer… ∗∗∗ Code Used in Zero Day Huawei Router Attack Made Public ∗∗∗ --------------------------------------------- Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public. --------------------------------------------- http://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-publi… ∗∗∗ Reverse Javascript Injection Redirects to Support Scam on WordPress ∗∗∗ --------------------------------------------- Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note. The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with 'riskware' and will be disabled unless they call what is an obviously bogus support hotline. Google and several other web security vendors are currently blacklisting the domain; fortunately, most [...] --------------------------------------------- https://blog.sucuri.net/2017/12/reverse-javascript-injection-redirects-to-s… ∗∗∗ 34C3: Auch 4G-Mobilfunk ist einfach abzuhören und zu überwachen ∗∗∗ --------------------------------------------- GSM war sehr einfach zu knacken, 3G stand über das SS7-Protokoll offen wie ein Scheunentor. Bei 4G sollte mit dem neuen Roaming- und Abrechnungsprotokoll Diameter alles besser werden, doch viele Angriffsflächen sind geblieben. --------------------------------------------- https://heise.de/-3928496 ∗∗∗ The State of Security in Industrial Control Systems ∗∗∗ --------------------------------------------- The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect [...] --------------------------------------------- https://www.tripwire.com/state-of-security/ics-security/state-security-indu… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4074 imagemagick - security update ∗∗∗ --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitising mayresult in denial of service, memory disclosure or the execution ofarbitrary code if malformed image files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-4074 Next End-of-Day report: 2018-01-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.12.2017
by Daily end-of-shift report 28 Dec '17

28 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-12-2017 18:00 − Donnerstag 28-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames ∗∗∗ --------------------------------------------- Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. --------------------------------------------- https://www.bleepingcomputer.com/news/security/web-trackers-exploit-flaw-in… ∗∗∗ Xiaomi: Mit einem Stück Alufolie autonome Staubsauger rooten ∗∗∗ --------------------------------------------- Obwohl Xiaomi in puncto Security viel richtig macht, lassen sich Staubsauger der Firma rooten - mit einem Stück Alufolie. Das ermöglicht dann den Zugriff auf zahlreiche Sensoren und die Nutzung eines eigenen Cloudinterfaces. --------------------------------------------- https://www.golem.de/news/xiaomi-mit-einem-stueck-alufolie-autonome-staubsa… ∗∗∗ Computer Forensics: Forensic Techniques, Part 2 ∗∗∗ --------------------------------------------- Introduction This is a continuation of our "Forensic Techniques" series, in which we discuss some of the most common yet powerful computer forensic techniques for beginners. In Part 1, we took a look at live forensics, file carving, data/password recovery, known file filtering, and email header analysis. Part 2 will feature slightly more advanced techniques, [...] --------------------------------------------- http://resources.infosecinstitute.com/computer-forensics-forensic-technique… ∗∗∗ The "Extended Random" Feature in the BSAFE Crypto Library ∗∗∗ --------------------------------------------- Matthew Green wrote a fascinating blog post about the NSAs efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSAs backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. --------------------------------------------- https://www.schneier.com/blog/archives/2017/12/the_extended_ra.html ∗∗∗ Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More ∗∗∗ --------------------------------------------- Attackers can use sound waves to interfere with a hard drives normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can… ∗∗∗ 34C3: "Nomorp" hebelt Schutzschild zahlreicher Banking-Apps aus ∗∗∗ --------------------------------------------- Der Sicherheitsforscher Vincent Haupert hat das Rätsel gelüftet, wie er zusammen mit einem Kollegen schwere Lücken bei App-basierten TAN-Verfahren ausnutzen und etwa Überweisungen manipulieren konnte. --------------------------------------------- https://heise.de/-3928363 ∗∗∗ Keine Identitätsbestätigung bei Amazon erforderlich ∗∗∗ --------------------------------------------- In einem gefälschten Amazon-Schreiben ist davon die Rede, dass Kund/innen ihre Identität bei dem Händler bestätigen müssen. Tun sie das nicht, sperrt er angeblich ihr Nutzerkonto. Empfänger/innen können die Nachricht ignorieren, denn sie stammt von Kriminellen. Diese wollen mit dem erfundenen Vorwand fremde Zugangsdaten stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-identitaetsbestaetigung-be… ∗∗∗ Three Plugins Backdoored in Supply Chain Attack ∗∗∗ --------------------------------------------- In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of [...] --------------------------------------------- https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/ ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2323: Digium Asterisk, Digium Certified Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2323/ ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability on Some Huawei FireWall Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Huawei USG product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in wget affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026217 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics Server (CVE-2017-10356, CVE-2017-10388) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011663 ∗∗∗ IBM Security Bulletin: A vulnerability in libnl3 affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026208 ∗∗∗ IBM Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026222 ∗∗∗ IBM Security Bulletin: A vulnerability in httpd affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025957 ∗∗∗ IBM Security Bulletin: Vulnerabilities in dnsmasq affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025956 ∗∗∗ IBM Security Bulletin: A vulnerability in emacs affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025961 ∗∗∗ IBM Security Bulletin: A vulnerability in ausgeas affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025962 ∗∗∗ IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026031 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026032 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2017
by Daily end-of-shift report 27 Dec '17

27 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-12-2017 18:00 − Mittwoch 27-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Vulnerability Affects Hundreds of Thousands of IoT Devices ∗∗∗ --------------------------------------------- Heres something to be cheery on Christmas Day - a vulnerability affecting a web server thats been embedded in hundreds of thousands of IoT devices. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/vulnerability-affects-hundre… ∗∗∗ Huawei Router Vulnerability Used to Spread Mirai Variant ∗∗∗ --------------------------------------------- Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori. --------------------------------------------- http://threatpost.com/huawei-router-vulnerability-used-to-spread-mirai-vari… ∗∗∗ Recent Russian Routing Leak was Largely Preventable ∗∗∗ --------------------------------------------- Last week, the IP address space belonging to several high-profile companies, including Google, Facebook and Apple, was briefly announced out of Russia, as was first reported by BGPmon. Following the incident, Job Snijders of NTT wrote in a post entitled, “What to do about BGP hijacks”. He stated that, given the inherent security weaknesses in [...] --------------------------------------------- https://dyn.com/blog/recent-russian-routing-leak-was-largely-preventable/ ∗∗∗ Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet ∗∗∗ --------------------------------------------- Researchers found that network configuration errors have left thousands of high-end speakers open to epic audio pranking. --------------------------------------------- https://www.wired.com/story/hackers-can-rickroll-sonos-bose-speakers-over-i… ∗∗∗ Botnetze können das Stromnetz sabotieren ∗∗∗ --------------------------------------------- Ein Botnetz könnte den Stromverbrauch vernetzter Geräte rascher beeinflussen, als Stromnetze darauf reagieren können. Damit könnte die Stromversorgung ganzer Länder sabotiert werden. --------------------------------------------- https://heise.de/-3927886 ∗∗∗ Inkasso-Sicherheitsleck offenbart Daten von über 33.000 Schuldnern ∗∗∗ --------------------------------------------- Der schweizerische Zweig der Eos-Inkassogruppe hat große Mengen sensibler Daten von Schuldnern in unbefugte Hände fallen lassen. Namen, Adressen, die Höhe von Schuldensbeträgen und sogar Krankenakten waren durch das Datenleck zugänglich. --------------------------------------------- https://heise.de/-3928173 ∗∗∗ 34C3: Riesige Sicherheitslücken bei Stromtankstellen ∗∗∗ --------------------------------------------- An Ladesäulen auf fremde Rechnung Strom fürs E-Auto abzuzapfen ist laut dem Sicherheitsforscher Mathias Dalheimer kein Problem. Die Abrechnungsnummer für Nutzerkarten könne einfach kopiert werden, die Kommunikationsinfrastruktur sei kaum geschützt. --------------------------------------------- https://heise.de/-3928264 ===================== = Vulnerabilities = ===================== ∗∗∗ Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure ∗∗∗ --------------------------------------------- Input passed thru the file GET parameter in forceSave.php script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php ∗∗∗ PMASA-2017-9 ∗∗∗ --------------------------------------------- XSRF/CSRF vulnerability in phpMyAdminAffected VersionsVersions 4.7.x (prior to 4.7.7) are affected. --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2017-9/ ∗∗∗ SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities ∗∗∗ --------------------------------------------- Trend Micro has released some Critical Patches (CP) and an updated build for Trend Micro Smart Protection Server (Standalone) to resolve multiple vulnerabilities in the product. --------------------------------------------- https://success.trendmicro.com/solution/1118992 ∗∗∗ 2017-12-22: Cyber Security Notification - TRITON/TRISIS malware ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A7931&Lang… ∗∗∗ 2017-12-08: Vulnerability in Ellipse8 - Ellipse Authentication to LDAP/AD ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A7341&… ∗∗∗ Security Advisory - Activation Lock Bypass Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-… ∗∗∗ Security Advisory - Several Vulnerabilities in H323 Protocol of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010779 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010778 ∗∗∗ IBM Security Bulletin: A vulnerability in Eclipse Jetty affects the IBM InfoSphere Information Server installers ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009537 ∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010776 ∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010775 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011689 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011302 ∗∗∗ Linux kernel vulnerability CVE-2017-16648 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K73337338 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.12.2017
by Daily end-of-shift report 22 Dec '17

22 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-12-2017 18:00 − Freitag 22-12-2017 18:00 Handler: Nina Bieringer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Myloc/Webtropia: Offene VNC-Ports ermöglichten Angriffe auf Server ∗∗∗ --------------------------------------------- Golem.de hat den Serverhoster Webtropia über eine kritische Schwachstelle informiert: Über eine Lücke in den Ports der Kontrollserver hätten Angreifer ohne Passwort die Kontrolle übernehmen können - zumindest bei einigen Systemen. --------------------------------------------- https://www.golem.de/news/myloc-webtropia-offene-vnc-ports-ermoeglichten-an… ∗∗∗ Conference review: Botconf 2017 ∗∗∗ --------------------------------------------- Virus Bulletin researchers report back from a very interesting fifth edition of Botconf, the botnet fighting conference. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/12/conference-review-botconf-20… ∗∗∗ Opera: Version 50 soll vor Krypto-Mining im Browser schützen ∗∗∗ --------------------------------------------- Auf immer mehr Webseiten lauern Skripte, die unbemerkt CPUs anzapfen, um Kryptowährungen zu schürfen. Die neue Opera-Version enthält mit "NoCoin" einen eingebauten Schutzmechanismus gegen diese Masche. --------------------------------------------- https://heise.de/-3926990 ∗∗∗ Thunderbird: Version 52.5.2 fixt Mailsploit und weitere Schwachstellen ∗∗∗ --------------------------------------------- Mozilla reagiert auf unlängst von Forschern entdeckte Sicherheitsprobleme und bessert seinen Mail-Client nach. Nutzer sollten zeitnah auf die aktuelle Version umsteigen. --------------------------------------------- https://heise.de/-3927213 ===================== = Vulnerabilities = ===================== ∗∗∗ Moxa NPort W2150A and W2250A ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a credentials management vulnerability in Moxas NPort W2150A and W2250A serial network interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01 ∗∗∗ Schneider Electric Pelco VideoXpert Enterprise ∗∗∗ --------------------------------------------- This advisory contains mitigation details for path traversal and improper access control vulnerabilities in Schneider Electric’s Pelco VideoXpert Enterprise. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02 ∗∗∗ The installer of Music Center for PC may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN60695371/ ∗∗∗ The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN95423049/ ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Print Spooler Service ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-… ∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1698) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011519 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been fixed in products bundled with IBM Security Directory Suite 8.0.1 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011971 ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010523 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Cognos Planning. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011963 ∗∗∗ Citrix XenServer Lets Local Administrative Users on a Guest System Cause Denial of Service Conditions on the Host System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040031 ∗∗∗ SSA-323211 (Last Update 2017-12-22): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211… Next End-of-Day report: 2017-12-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2017
by Daily end-of-shift report 21 Dec '17

21 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-12-2017 18:00 − Donnerstag 21-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Infosec controls relaxed a little after latest Wassenaar meeting ∗∗∗ --------------------------------------------- A welcome dash of perspective Without much fanfare, negotiators crafting the Wassenaar Agreement earlier this month moved to make things easier for infosec white-hats. --------------------------------------------- www.theregister.co.uk/2017/12/21/infosec_controls_relaxed_a_little_after_la… ∗∗∗ Einfache Mail-Verschlüsselung: PGP-Helfer Autocrypt in Version 1.0 vorgestellt ∗∗∗ --------------------------------------------- Eine benutzerfreundliche E-Mail-Verschlüsselung versprechen die Macher der Autocrypt-Spezifikation, die heute in Version 1.0 freigegeben wurde. --------------------------------------------- https://heise.de/-3924855 ∗∗∗ Massive Cryptomining Campaign Targeting WordPress Sites ∗∗∗ --------------------------------------------- On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpr… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory for Buffer Overflow Vulnerabilities in QTS ∗∗∗ --------------------------------------------- Multiple buffer overflow vulnerabilities were recently found in QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier. If exploited, these vulnerabilities may allow remote attackers to run arbitrary code on NAS devices. --------------------------------------------- https://www.qnap.com/en/security-advisory/nas-201712-15 ∗∗∗ TMM vulnerability CVE-2017-6138 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6138. Security Advisory. Security Advisory Description. Malicious requests made to virtual servers .. --------------------------------------------- https://support.f5.com/csp/article/K34514540 ∗∗∗ TMM vulnerability CVE-2017-6132 ∗∗∗ --------------------------------------------- TMM vulnerability CVE-2017-6132. Security Advisory. Security Advisory Description. Undisclosed sequence of packets sent .. --------------------------------------------- https://support.f5.com/csp/article/K12044607 ∗∗∗ Linux kernel vulnerability CVE-2017-6135 ∗∗∗ --------------------------------------------- Linux kernel vulnerability CVE-2017-6135. Security Advisory. Security Advisory Description. A slow memory leak as a result .. --------------------------------------------- https://support.f5.com/csp/article/K43322910 ∗∗∗ me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2017-097 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009491 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011039 ∗∗∗ TMM vulnerability CVE-2017-6134 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37404773 ∗∗∗ SQL injection vulnerability CVE-2017-0304 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K39428424 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2017
by Daily end-of-shift report 20 Dec '17

20 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-12-2017 18:00 − Mittwoch 20-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verschlüsselung: Audit findet schwerwiegende Sicherheitslücken in Enigmail ∗∗∗ --------------------------------------------- Mozillas Secure Open Source Fund und der Berliner E-Mail-Anbieter Posteo haben einen Security-Audit für Thunderbird und die Erweiterung Enigmail in Auftrag gegeben. Dabei sind einige kritische und schwerwiegende Lücken gefunden worden. --------------------------------------------- https://www.golem.de/news/verschluesselung-audit-findet-schwerwiegende-sich… ∗∗∗ Avast veröffentlicht Maschinencode-Decompiler als Open Source ∗∗∗ --------------------------------------------- Der Virenschutz-Hersteller Avast hat ein Werkzeug entwickelt, mit dem sich ausführbarer Maschinencode in lesbaren Quelltext zurückübersetzen lassen soll. Damit lässt sich das Verhalten von Programmen analysieren, ohne sie auszuführen. --------------------------------------------- https://heise.de/-3923397 ∗∗∗ Backdoor in Captcha Plugin Affects 300K WordPress Sites ∗∗∗ --------------------------------------------- The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/ ===================== = Vulnerabilities = ===================== ∗∗∗ Ecava IntegraXor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for SQL injection vulnerabilities in Ecava’s IntegraXor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 ∗∗∗ Siemens LOGO! Soft Comfort ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a download of code without integrity check vulnerability in Siemens LOGO! Soft Comfort software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04 ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a heap-based buffer overflow vulnerability in WECON’s LeviStudio HMI. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-353-05 ∗∗∗ Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol) ∗∗∗ --------------------------------------------- It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting. --------------------------------------------- https://typo3.org/news/article/multiple-vulnerabilities-in-extension-jobcon… ∗∗∗ Captcha 4.3.6–4.4.4 - Backdoored ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8980 ∗∗∗ DFN-CERT-2017-2302/">TYPO3 Extensions: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2302/ ∗∗∗ DFN-CERT-2017-2305/">VMware ESXi, Workstation, Fusion, vCenter Server Appliance: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2305/ ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by libxml2 vulnerabilty (CVE-2017-16932 CVE-2017-16931) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011831 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3735 CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011851 ∗∗∗ BIG-IP APM Portal Access vulnerability CVE-2017-0301 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54358225 ∗∗∗ TMM vulnerability CVE-2017-6140 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55102452 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2017
by Daily end-of-shift report 19 Dec '17

19 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 18-12-2017 18:00 − Dienstag 19-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Dual EC: Wie Cisco, Avast und die NSA TLS 1.3 behindern ∗∗∗ --------------------------------------------- Auch der jüngste Entwurf des TLS-1.3-Protokolls führt zu Verbindungsabbrüchen. Google nennt jetzt einige Schuldige, darunter ein Gerät von Cisco, ein Virenscanner - und eine Spur zur NSA-Hintertüre Dual EC in der RSA-BSAFE-Bibliothek. --------------------------------------------- https://www.golem.de/news/dual-ec-wie-cisco-avast-und-die-nsa-tls-1-3-behin… ∗∗∗ aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript ∗∗∗ --------------------------------------------- Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-win… ∗∗∗ Multifunktionstrojaner Loapi kann Android-Smartphones physisch beschädigen ∗∗∗ --------------------------------------------- Loapi ist die eierlegende Wollmilchsau unter den Android-Trojanern und geht so hart zu Werk, dass Smartphones aufplatzen können. --------------------------------------------- https://heise.de/-3921651 ∗∗∗ The Market for Stolen Account Credentials ∗∗∗ --------------------------------------------- Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Todays post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online .. --------------------------------------------- https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentia… ∗∗∗ Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC ∗∗∗ --------------------------------------------- A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive .. --------------------------------------------- https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framewo… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2017
by Daily end-of-shift report 18 Dec '17

18 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-12-2017 18:00 − Montag 18-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Windows 10: Kritische Lücke in vorinstalliertem Passwortmanager ∗∗∗ --------------------------------------------- Keeper-Nutzer sollten unbedingt die gepatchte Version installieren. Der aktuell in Windows 10 vorinstallierte Passwortmanager Keeper hatte bis Version 11.3 einen Fehler, der es bösartigen Webseiten ermöglichte, über Clickjacking beliebige Passwörter auszulesen. --------------------------------------------- https://www.golem.de/news/windows-10-kritische-luecke-in-vorinstalliertem-p… ∗∗∗ BGP-Hijacking: IP-Verkehr der Großen Vier nach Russland umgeleitet ∗∗∗ --------------------------------------------- Weil etliche Netzbetreiber immer noch ein Routing-Protokoll ohne Sicherheitsvorkehrungen nutzen, gelang es wieder einmal Angreifern, IP-Verkehr von Google, Facebook, Apple und Microsoft umzuleiten. Das Zwischenziel: Russland. --------------------------------------------- https://heise.de/-3919524 ∗∗∗ Kritische und bislang ungepatchte Lücken in Forensoftware vBulletin ∗∗∗ --------------------------------------------- In der aktuellen Version von vBulletin klaffen zwei Schwachstellen – davon ist mindestens eine als kritisch einzustufen. Angreifer könnten Schadcode ausführen. --------------------------------------------- https://heise.de/-3920375 ∗∗∗ Gesichtserkennung von Windows 10 mit Papierausdruck reingelegt ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Windows Hello erfolgreich ausgetrickst und sich an damit gesicherten Computern angemeldet. Das funktioniert aber nur mit bestimmten Hard- und Softwarekonstellationen. --------------------------------------------- https://heise.de/-3920864 ∗∗∗ Hacker zeigte Probleme bei Ladekarten für Stromtankstellen auf ∗∗∗ --------------------------------------------- "Ich brauche nur diese Nummer, um auf fremde Kosten Strom zu laden" --------------------------------------------- http://derstandard.at/2000070592621 ∗∗∗ Über 10.000 Seiten schürfen mit PC-Leistung der Nutzer nach Kryptogeld ∗∗∗ --------------------------------------------- Sicherheitsexperten registrieren rasanten Anstieg seit Bitcoin-Hype --------------------------------------------- http://derstandard.at/2000070618982 ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry Powered by Android Security Bulletin – December 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-… ∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1423) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011400 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010601 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008673 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.12.2017
by Daily end-of-shift report 15 Dec '17

15 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-12-2017 18:00 − Freitag 15-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Considers Adding Python as an Official Scripting Language to Excel ∗∗∗ --------------------------------------------- Microsoft is considering adding Python as one of the official Excel scripting languages, according to .. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-… ∗∗∗ Vigilante Removes Malware from Netgear Site After Company Fails to Do So for 2 Years ∗∗∗ --------------------------------------------- An anonymous vigilante has taken matters into his own hands and removed malware from a Netgear site after the .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vigilante-removes-malware-fr… ∗∗∗ The spy under your christmas tree ∗∗∗ --------------------------------------------- In the past few years, makers of internet-enabled toys have made the headlines multiple times, but not in a good way. Privacy and data protection clearly is not the highest priority in this sector. In Germany, the sale of some of those toys has already been banned after they were classified as concealed surveillance .. --------------------------------------------- https://www.gdatasoftware.com/blog/2017/12/30277-the-spy-under-your-christm… ∗∗∗ Joanna Rutkowska: Qubes OS soll "einfach wie Ubuntu" werden ∗∗∗ --------------------------------------------- Die Gründerin von Qubes OS, Joanna Rutkowska, erklärt die grundlegenden Ideen und Konzepte des auf Sicherheit fokussierten Projektes. Außerdem verrät die Entwicklerin im Gespräch mit Golem.de weiter .. --------------------------------------------- https://www.golem.de/news/joanna-rutkowska-qubes-os-soll-einfach-wie-ubuntu… ∗∗∗ Determining your risk ∗∗∗ --------------------------------------------- Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2998921 ∗∗∗ Javascript Injection Creates Rogue WordPress Admin User ∗∗∗ --------------------------------------------- Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement .. --------------------------------------------- https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpres… ∗∗∗ Root-Lücke in Firewalls von Palo Alto Networks ∗∗∗ --------------------------------------------- Kombinieren Angreifer drei Sicherheitslücken, könnten sie Firewalls von Palo Alto Networks kompromittieren, warnt ein Sicherheitsforscher. --------------------------------------------- https://heise.de/-3918909 ===================== = Vulnerabilities = ===================== ∗∗∗ Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake ∗∗∗ --------------------------------------------- A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could .. --------------------------------------------- https://support.citrix.com/article/CTX230612 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2017
by Daily end-of-shift report 14 Dec '17

14 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-12-2017 18:00 − Donnerstag 14-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ The Intel ME vulnerabilities are a big deal for some people, harmless for most ∗∗∗ --------------------------------------------- (Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and its not absolutely the worst case scenario but its still .. --------------------------------------------- https://mjg59.dreamwidth.org/49788.html ∗∗∗ Sneaky *.BAT File Leads to Spoofed Banking Page ∗∗∗ --------------------------------------------- If you thought using BAT files was old hat, think again. While monitoring our Secure Email Gateway Cloud service, we came across several suspect spam emails targeting Brazilian users. The figure .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Sneaky--BAT-File-Leads-to-Sp… ∗∗∗ Attack on Fox-IT shows how a DNS hijack can break multiple layers of security ∗∗∗ --------------------------------------------- Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/12/attack-fox-it-shows-how-dns-… ∗∗∗ Triton Malware Targets Industrial Safety Systems In the Middle East ∗∗∗ --------------------------------------------- A rare and dangerous new form of malware targets the industrial safety control systems that protect human life. --------------------------------------------- https://www.wired.com/story/triton-malware-targets-industrial-safety-system… ∗∗∗ Dezember-Patchday bei SAP ∗∗∗ --------------------------------------------- Es stehen Sicherheitsupdates für verschiedene SAP-Produkte bereit. Zwei Lücken sind mit dem Bedrohungsgrad "hoch" eingestuft. --------------------------------------------- https://heise.de/-3918036 ∗∗∗ Mirai: Wie Minecraft-Betrug das ganze Internet in die Knie zwang ∗∗∗ --------------------------------------------- Drei US-amerikanische Studenten gestehen Urheberschaft – Wollten eigentlich nur mit Angriffen gegen Spieleserver Geld machen --------------------------------------------- http://derstandard.at/2000070340698 ∗∗∗ 34C3: Das Programm für den Hacker-Kongress steht ∗∗∗ --------------------------------------------- Keynote von Science-Fiction-Autor Charles Stross – Findet heuer erstmals in Leipzig statt --------------------------------------------- http://derstandard.at/2000070364235 ∗∗∗ New MacOS malware steals bank log-in details and intellectual property ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/new-macos-malware-steals-bank-log-in-deta… ===================== = Vulnerabilities = ===================== -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2017
by Daily end-of-shift report 13 Dec '17

13 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-12-2017 18:00 − Mittwoch 13-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Argy-bargy Argies barge into Starbucks Wi-Fi with alt-coin discharges ∗∗∗ --------------------------------------------- Venti vanilla skinny latte with sprinkles of JavaScript and a side of Monero mining, please Starbucks has joined the long growing list of organizations that have inadvertently and silently mined alt-coins on customers computers for mystery miscreants.… --------------------------------------------- www.theregister.co.uk/2017/12/12/starbucks_wifi_crypto_mining/ ∗∗∗ Apple Security Flaws Give Some Researchers Concern About Deeper Issues ∗∗∗ --------------------------------------------- Apples had some prominent security lapses lately. But is it just a rough patch, or something deeper? --------------------------------------------- https://www.wired.com/story/apples-security-macos-high-sierra-ios-11 ∗∗∗ ROBOT-Attacke: TLS-Angriff von 1998 funktioniert immer noch ∗∗∗ --------------------------------------------- Sicherheitsforscher haben eine neue Variante der Bleichenbacher-Attacke zum Entschlüsseln von Internettraffic vorgestellt. Davon sind unter anderem Facebook und PayPal betroffen. --------------------------------------------- https://heise.de/-3916994 ∗∗∗ KRACK- und Broadpwn-Schwachstelle: Apple flickt AirPort-WLAN-Basisstationen erst jetzt ∗∗∗ --------------------------------------------- Ein Firmware-Update soll Apples WLAN-Basisstationen vor gravierenden Schwachstellen schützen – es deckt AirPort Express, AirPort Extreme und Time Capsule ab. --------------------------------------------- https://heise.de/-3916951 ===================== = Vulnerabilities = ===================== ∗∗∗ Gain Windows privileges with FortiClient vpn before logon and untrusted certificate ∗∗∗ --------------------------------------------- When the "VPN before logon" feature of FortiClient Windows is enabled (disabled by default), and when the server certificate is not valid, it is possible for an attacker without a user account on the targeted Windows workstation to obtain SYSTEM level privileges, via .. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-070 ∗∗∗ VPN credentials disclosure in Fortinet FortiClient ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-i… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2017
by Daily end-of-shift report 12 Dec '17

12 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 11-12-2017 18:00 − Dienstag 12-12-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Security update available for Adobe Flash Player (APSB17-42) ∗∗∗ --------------------------------------------- A Security Bulletin (APSB17-42) has been published regarding a security update for Adobe Flash Player. This update addresses a regression that could lead to the unintended reset of the global settings preference file. Adobe .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1514 ∗∗∗ Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses ∗∗∗ --------------------------------------------- Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/12/11/detonating-a-bad-rabbit… ∗∗∗ December 2017 security update release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/12/12/december-2017-security-… ∗∗∗ New Ruski hacker clan exposed: Theyre called MoneyTaker, and theyre gonna take your money ∗∗∗ --------------------------------------------- Subtly named group has gone largely unnoticed until now Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker. --------------------------------------------- www.theregister.co.uk/2017/12/11/russian_bank_hackers_moneytaker/ ∗∗∗ Googles Project Zero reveals Apple jailbreak exploit ∗∗∗ --------------------------------------------- Holy Moley! iOS and MacOS were wholly holey Ian Beer of Googles Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability. --------------------------------------------- www.theregister.co.uk/2017/12/12/apple_jailbreak_exploit/ ∗∗∗ Hintergrund: Malware-Analyse - Do-It-Yourself ∗∗∗ --------------------------------------------- Bauen Sie Ihre eigene Schadsoftware-Analyse-Sandbox, um schnell das Verhalten von unbekannten Dateien zu überprüfen. Dieser Artikel zeigt, wie das mit der kostenlosen Open-Source-Sandbox Cuckoo funktioniert. --------------------------------------------- https://heise.de/-3910855 ∗∗∗ An analysis of 120 mobile app stores uncovers plethora of malicious apps ∗∗∗ --------------------------------------------- RiskIQ analyzed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, their Q3 mobile threat landscape report documents an increase in blacklisted apps over Q2, as well as the continued .. --------------------------------------------- https://www.helpnetsecurity.com/2017/12/12/mobile-app-stores-malicious-apps/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4063 pdns-recursor - security update ∗∗∗ --------------------------------------------- Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer. --------------------------------------------- https://www.debian.org/security/2017/dsa-4063 ∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Simple Mail Transfer Protocol (SMTP) header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling of a malformed SMTP header in .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DSA-4064 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4064 ∗∗∗ Qt for Android vulnerable to OS command injection ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN67389262/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2017
by Daily end-of-shift report 11 Dec '17

11 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-12-2017 18:00 − Montag 11-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Heres How to Enable Chrome "Strict Site Isolation" Experimental Security Mode ∗∗∗ --------------------------------------------- Google Chrome 63, which shipped yesterday evening, arrived with a new experimental feature called Site Isolation that according to Google engineers is an additional security layer on top of Chromes built-in sandboxing technology. --------------------------------------------- https://www.bleepingcomputer.com/news/google/heres-how-to-enable-chrome-str… ∗∗∗ Script Recovers Event Logs Doctored by NSA Hacking Tool ∗∗∗ --------------------------------------------- Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines. --------------------------------------------- https://www.bleepingcomputer.com/news/security/script-recovers-event-logs-d… ∗∗∗ Botconf 2017 Wrap-Up Day #3 ∗∗∗ --------------------------------------------- And this is already the end of Botconf. Time for my last wrap-up. The day started a little bit later to allow some people to recover from the social event. --------------------------------------------- https://blog.rootshell.be/2017/12/08/botconf-2017-wrap-day-3/ ∗∗∗ Security, Incident Response, Privacy and Data Protection ∗∗∗ --------------------------------------------- [...] to protect the personal data on their systems and networks, security and incident response teams must themselves process personal data. Fortunately regulators also provide guidance on balancing privacy protection and privacy invasion. The words “legitimate interest” are not just a phrase, but one of the most deeply analysed terms in data protection law. --------------------------------------------- https://www.first.org/blog/20171211_GDPR_for_CSIRTs ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2228/">ISC DHCPD: Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff ∗∗∗ --------------------------------------------- Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine Schwachstelle im DHCP Daemon (ISC DHCPD) mit Hilfe speziell präparierter OMAPI-Nachrichten ausnutzen, um die Zahl der verfügbaren Dateideskriptoren im zugehörigen Prozess zu erschöpfen und dadurch einen Denial-of-Service (DoS)-Zustand zu erzeugen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2228/ ∗∗∗ DFN-CERT-2017-2238/">Tor-Browser: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen im Tor Browser vor Version 7.5a9 bzw. 7.0.11 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung von Denial-of-Service (DoS)-Angriffen. Zwei Schwachstellen ermöglichen das Ausspähen von Informationen. Die Schwachstelle CVE-2017-7845 in der verwendeten Firefox ESR Version ermöglicht dem Angreifer das Ausführen beliebigen Programmcodes und eine weitere Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2238/ ∗∗∗ Sicherheit: Keylogger in HP-Notebooks gefunden ∗∗∗ --------------------------------------------- Schon wieder wurde in einem vorinstallierten Treiber von HP ein Keylogger gefunden. Zwar ist die Schnüffelfunktion standardmäßig deaktiviert, ein Forscher fand allerdings einen Weg, das zu ändern. --------------------------------------------- https://www.golem.de/news/sicherheit-keylogger-in-hp-notebooks-gefunden-171… ∗∗∗ DFN-CERT-2017-2237/">Node.js: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Node.js ermöglichen einem entfernten, nicht authentisierten Angreifer das Umgehen von Sicherheitsvorkehrungen und das Ausspähen von Informationen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2237/ ∗∗∗ DFN-CERT-2017-2236/">GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Eine Schwachstelle in GitLab ermöglicht einem entfernten, nicht authentisierten Angreifer das Ausspähen von Informationen über private Projekte. Mehrere weitere Schwachstellen ermöglichen einem entfernten, einfach authentisierten Angreifer einen Cross-Site-Scripting (XSS)-Angriff, das Ausspähen von Informationen und die Eskalation von Privilegien. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2236/ ∗∗∗ DFN-CERT-2017-2239/">Jenkins-Plugin: Eine Schwachstelle ermöglicht das Lesen beliebiger Dateien ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer mit der Berechtigung, abgesicherte (sandboxed) Groovy- und Pipeline-Skripte zu erstellen, kann eine Schwachstelle im Jenkins-Plugin Script Security ausnutzen, um Lesezugriff auf beliebige Dateien des Master-Dateisystems von Jenkins zu erhalten. Dadurch sind weitere Angriffe möglich. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2239/ ∗∗∗ Android flaw lets attack code slip into signed apps ∗∗∗ --------------------------------------------- The vulnerability, CVE-2017-13156, was addressed in patch level 1 of the December Android update, so those who get their patches directly from Google should be protected. Unfortunately, due to the nature of the Android ecosystem, many vendors and carriers are slow to release fixes. --------------------------------------------- https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip… ∗∗∗ FortiClient improper access control of users VPN credentials ∗∗∗ --------------------------------------------- FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations; regular users may therefore be able to see each others encrypted credentials. This is an issue, because the key used to encrypt the aforementioned credentials may be retrieved from the binary. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-214 ∗∗∗ Xiongmai Technology IP Cameras and DVRs ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Xiongmai Technology IP Cameras and DVRs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01 ∗∗∗ Rockwell Automation FactoryTalk Alarms and Events ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automations FactoryTalk Alarms and Events component. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02 ∗∗∗ PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a cross-site scripting vulnerability in PHOENIX CONTACT’s FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH industrial networking equipment. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03 ∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Multiple Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime Affect IBM Web Experience Factory ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011357 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026378 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010330 ∗∗∗ IBM Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2017-11185) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026377 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026250 ∗∗∗ IBM Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2016-9318) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026376 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/java_oct2017_advisory.asc ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008900 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1421) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005234 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2017
by Daily end-of-shift report 07 Dec '17

07 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-12-2017 18:00 − Donnerstag 07-12-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ "Process Doppelgänging" Attack Works on All Windows Versions ∗∗∗ --------------------------------------------- Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelgänging." [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/-process-doppelg-nging-attac… ∗∗∗ Firmware-Bug: Codeausführung in deaktivierter Intel-ME möglich ∗∗∗ --------------------------------------------- Sicherheitsforscher demonstrieren einen Angriff auf Intels ME zum Ausführen von beliebigem Code, gegen den weder das sogenannte Kill-Bit noch die von Google geplanten Sicherheitsmaßnahmen für seine Server helfen. Theoretisch lassen sich Geräte so auch aus der Ferne angreifen. --------------------------------------------- https://www.golem.de/news/firmware-bug-codeausfuehrung-in-deaktivierter-int… ∗∗∗ Apple Issues Security Updates for MacOS, iOS, TvOS, WatchOS, and Safari ∗∗∗ --------------------------------------------- Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was [...] --------------------------------------------- https://apple.slashdot.org/story/17/12/06/2137251/apple-issues-security-upd… ∗∗∗ VB2017 paper: Modern reconnaissance phase on APT – protection layer ∗∗∗ --------------------------------------------- During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/11/vb2017-paper-modern-reconnai… ∗∗∗ 37 Sicherheitslücken in Chrome geschlossen ∗∗∗ --------------------------------------------- Googles Webbrowser Chrome ist in der abgesicherten Version 63.0.3239.84 für Linux, macOS und Windows erschienen. Im Menüpunkt "Hilfe" kann man unter "Über Google Chrome" die installierte Ausgabe prüfen und das Update anstoßen. --------------------------------------------- https://heise.de/-3912131 ∗∗∗ Sysinternals Sysmon suspicious activity guide ∗∗∗ --------------------------------------------- Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating system level. Sysmon is running in the background all the time, and is writing events to the event log. You can find the Sysmon events under the Microsoft-Windows-Sysmon/Operational event log. This guide will help you to investigate and appropriately handle these events. --------------------------------------------- https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-s… ∗∗∗ Penetration Testing Apache Thrift Applications ∗∗∗ --------------------------------------------- ... Apache Thrift, which is used to easily build RPC clients and servers regardless of programming languages used on each side. The web interception tool of choice at MDSec is Burp Suite, so it follows suit that we wanted to continue using Burp during the assessment. Unfortunately, there are no Burp extensions out there (at least that we know of) for Thrift encoded data, so we decided to make our own. --------------------------------------------- https://www.mdsec.co.uk/2017/12/penetration-testing-apache-thrift-applicati… ∗∗∗ November 2017: The Month in Ransomware ∗∗∗ --------------------------------------------- November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ∗∗∗ StorageCrypt: Ransomware infiziert NAS-Geräte via SambaCry-Lücke ∗∗∗ --------------------------------------------- Viele Netzwerkspeicher (NAS) weisen noch immer die SMB-Lücke SambaCry auf. Ein aktueller Verschlüsselungstrojaner macht sich das zunutze. NAS-Besitzer sollten zügig patchen. --------------------------------------------- https://heise.de/-3912498 ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSL Security Advisory [07 Dec 2017] ∗∗∗ --------------------------------------------- Read/write after SSL object in error state (CVE-2017-3737) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) --------------------------------------------- https://www.openssl.org/news/secadv/20171207.txt ∗∗∗ DFN-CERT-2017-2213: Microsoft Malware Protection Engine: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2213/ ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009964 ∗∗∗ IBM Security Bulletin: Potential information leakage vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010627 ∗∗∗ [R1]Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2017-15 Next End-of-Day report on 2017-12-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2017
by Daily end-of-shift report 06 Dec '17

06 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-12-2017 18:00 − Mittwoch 06-12-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ PSA: Do not Trust Reverse DNS (and why does an address resolve to "localhost")., (Wed, Dec 6th) ∗∗∗ --------------------------------------------- Reverse DNS can be a valuable to find out more about an IP address. For example: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/23105 ∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Dresscode for apps in the Google Play Store: malicious Quad9 – does it offer a data protection-friendly alternative to Google [...] --------------------------------------------- https://securityblog.switch.ch/2017/12/06/a-new-issue-of-our-switch-securit… ∗∗∗ Daten von 31 Millionen Nutzern der App ai.type Keyboard geleakt ∗∗∗ --------------------------------------------- In dem riesigen Datenleak stehen unter anderen E-Mail-Adressen, Namen und IMEI- und Telefon-Nummern von Nutzern der App. Auch Kontakte aus Telefonbüchern sollen sich darin finden. --------------------------------------------- https://heise.de/-3910522 ∗∗∗ Sicherheitsupdates: Angreifer könnten TeamViewer-Sessions entern ∗∗∗ --------------------------------------------- Unter bestimmten Voraussetzungen sind TeamViewer-Sessions gefährdet. Sicherheitsupdates sind zum Teil schon verfügbar. --------------------------------------------- https://heise.de/-3911170 ∗∗∗ Recam Redux - DeConfusing ConfuserEx ∗∗∗ --------------------------------------------- This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign from our Advanced Malware Protection (AMP) telemetry. Initial infection is via a malicious Word document, the malware ultimately executes in memory an embedded payload from the Recam family. Recam is an information stealer. Although the malware has been around for the past few years, theres a [...] --------------------------------------------- http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confusere… ∗∗∗ ParseDroid vulnerabilities could affect all Android developers ∗∗∗ --------------------------------------------- Checkpoint researchers discovered several vulnerabilities in Android application developer tools that put any organisation that does Java/Android development at risk of an outsider gaining access to their system. --------------------------------------------- https://www.scmagazineuk.com/news/parsedroid-vulnerabilities-could-affect-a… ∗∗∗ MailSploit bugs let spoofed emails bypass DMARC, spam detectors ∗∗∗ --------------------------------------------- A collection of vulnerabilities dubbed Mailsploit, found by German security researcher Sabri Haddouche in 30 types of email client applications - from Apple Mail to Mozilla Thunderbird - lets hackers bypass anti-spoofing mechanisms. --------------------------------------------- https://www.scmagazineuk.com/news/mailsploit-bugs-let-spoofed-emails-bypass… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability ∗∗∗ --------------------------------------------- 4A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a TIME_WAIT state. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ [Xen-announce] Xen Security Advisory 238 (CVE-2017-15591) - DMOP map/unmap missing argument checks ∗∗∗ --------------------------------------------- Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. Only domains controlling HVM guests can exploit this vulnerability. (This includes domains providing hardware emulation services to HVM guests.) --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2017-12/msg00002.ht… ∗∗∗ Vuln: Multiple F-Secure Internet Gatekeeper Products Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102066 ∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Double Free Vulnerability in Flp Driver of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Multiple Security Vulnerabilities in the IKEv2 Protocol Implementation of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Advisory - Input Validation Vulnerability in H323 Protocol of Huawei products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-… ∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-… ∗∗∗ IBM Security Bulletin: IBM BigInsights is affected by a Text Analytics vulnerabilty (CVE-2017-1336 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010812 ∗∗∗ IBM Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010305 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009835 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008854 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008853 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008339 ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openssh (CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008340 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Support Tools for Lotus WCM (CVE-2017-1536) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008031 ∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and Cloud Orchestrator Enterprise update of IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000361 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008757 ∗∗∗ IBM Security Bulletin: IBM MQ could allow an authenticated user to insert messages with malformed data into the channel which would cause it to restart. (CVE-2017-1433) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005525 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2017
by Daily end-of-shift report 05 Dec '17

05 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Montag 04-12-2017 18:00 − Dienstag 05-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gefälschte Sicherheitswarnung auf Facebook ∗∗∗ --------------------------------------------- Mit dem gefälschten Facebook-Profil „Help Update Account“ teilen Kriminelle Beiträge von Kleinunternehmen und sprechen eine Sicherheitswarnung aus. Sie fordern die Eigentümer/innen der Konten auf, dass sie auf einer Website ihren Account bestätigen, um eine Blockierung zu verhindern. Wer dem nachkommt, übermittelt die Unternehmens-Zugangsdaten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/facebook-betrug/gefaelschte-sicherheitswa… ===================== = Vulnerabilities = ===================== ∗∗∗ Apache Software Foundation Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: December 04, 2017 The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Apache Security Bulletins S2-054 and S2-055 and upgrade to Struts 2.5.14.1. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/12/04/Apache-Software-Fo… ∗∗∗ DFN-CERT-2017-2198/">OTRS: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer mit Agenten-Benutzerkonto in OTRS kann eine Schwachstelle ausnutzen, um beliebige Kommandozeilenbefehle mit erweiterten Privilegien auf dem unterliegenden Betriebssystem zur Ausführung zu bringen. Ein Angreifer mit Kundenkonto kann eine weitere Schwachstelle ausnutzen, um interne Informationen über seinem Konto zugeordnete Kundentickets auszuspähen. Der Hersteller stellt OTRS 6.0.2, 5.0.25 und 4.0.27 als Sicherheitsupdates zur Behebung der Schwachstellen zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2198/ ∗∗∗ DFN-CERT-2017-2204/">Jenkins: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer mit Administratorrechten kann einen Cross-Site-Scripting (XSS)-Angriff gegen Benutzer von Jenkins durchführen. Der Hersteller plant kein Sicherheitsupdate zur Behebung der Schwachstelle, da Administratoren in Jenkins gemäß ihrer Rollendefinition bereits alle Rechte haben, um die durch die genannte Schwachstelle möglichen Angriffe durchzuführen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2204/ ∗∗∗ Android Security Bulletin - December 2017 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2017-12-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2017-12-01.html ∗∗∗ IBM Security Bulletin: A vulnerability in busybox affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2016-2147) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099729 ∗∗∗ IBM Security Bulletin: A tcp vulnerability in Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-14106) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099730 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2017 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010560 ∗∗∗ IBM Security Bulletin: Apache Commons Collection as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2015-6420) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011281 ∗∗∗ IBM Security Bulletin: IBM Case Manager may be vulnerable to Apache Commons FileUpload code execution ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010267 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager (FTM) for Multi-Platform (MP) is affected by a SQL Injection security vulnerability (CVE-2017-1606) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011179 ∗∗∗ IBM Security Bulletin: IBM Connections Engagement Center Security Refresh (CVE-2017-1613, CVE-2017-1683) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010690 ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2017-1498) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006286 ∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2017-1481) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010761 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a GNU C library (glibc) vulnerability (CVE-2017-8804) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009796 ∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005400 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2017
by Daily end-of-shift report 04 Dec '17

04 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-12-2017 18:00 − Montag 04-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Visualise Event Logs to Identify Compromised Accounts - LogonTracer ∗∗∗ --------------------------------------------- JPCERT/CC has developed and released a tool “LogonTracer” which supports such event log analysis. This entry introduces how it works and how to launch it. ... LogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. --------------------------------------------- http://blog.jpcert.or.jp/2017/11/visualise-event-logs-to-identify-compromis… ∗∗∗ Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’ ∗∗∗ --------------------------------------------- Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for “living off the land”—staying away from the disk and using common tools to run code directly in memory. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/12/04/windows-defender-atp-ma… ∗∗∗ Europäisches Parlament will Mediaplayer VLC sicherer machen ∗∗∗ --------------------------------------------- EU-Projekt FOSSA (Free Open Source Software Analysis) ist für das Bug-Bounty-Programm mitverantwortlich. --------------------------------------------- https://heise.de/-3907536 ∗∗∗ An IRISSCON 2017 roundup ∗∗∗ --------------------------------------------- This post contains links to many of the top-rated talks from the event, along with links to additional content. --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/11/an-irisscon-2018-round… ∗∗∗ Avalanche-Botnetz: BSI weitet Schutzmaßnahmen aus ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) weitet die Schutz- und Informationsmaßnahmen aus, die im Rahmen der Zerschlagung der weltweit größten Botnetzinfrastruktur Avalanche Ende 2016 initiiert wurden, und verlängert diese zudem. Das im Zuge der Avalanche-Abschaltung im Jahr 2016 vom BSI aufgesetzte Sinkholing-System wurde dabei um Domänen des Andromeda-Botnetzes erweitert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Avalanche_E… ===================== = Vulnerabilities = ===================== ∗∗∗ [openssl-announce] Forthcoming OpenSSL release ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2n. ... This is a security-fix release. The highest severity issue fixed in this release is MODERATE. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010801 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010702 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010735 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010736 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium (multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010421 ∗∗∗ IBM Security Bulletin: Open Source GNU glibc Vulnerabilities affects IBM Security Guardium (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008897 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4658) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010734 ∗∗∗ IBM Security Bulletin: Selection of Less-Secure Algorithm During Negotiation vulnerability affects IBM Security Guardium (CVE-2017-1271) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010435 ∗∗∗ Asterisk chan_skinny Driver Bug Lets Remote Users Consume Excessive Memory Resources ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039948 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.12.2017
by Daily end-of-shift report 01 Dec '17

01 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-11-2017 18:00 − Freitag 01-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Petr Sikuta ===================== = News = ===================== ∗∗∗ Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords ∗∗∗ --------------------------------------------- A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ether… ===================== = Vulnerabilities = ===================== ∗∗∗ Geovap Reliance SCADA ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a cross-site scripting vulnerability in Geovap's Reliance SCADA. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02 ∗∗∗ DFN-CERT-2017-2180 - Apache Software Foundation Struts: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2180/ ∗∗∗ DFN-CERT-2017-2181 - Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2181/ ∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Memory Double Free Vulnerability in GPU Driver of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Notice - Statement About the Vulnerabilities in Huawei SmartCare Products Disclosed by Bhaskar Borman ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171201-01-… ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by a Nginx vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011149 ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010618 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010689 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011143 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011146 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011145 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011148 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011150 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011151 ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by vulnerability issues caused by libxml2 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009408 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010019 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010227 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA is Missing HTTP Strict-Transport-Security Header ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006185 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA default login page has no defenses against clickjacking ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006184 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.11.2017
by Daily end-of-shift report 30 Nov '17

30 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-11-2017 18:00 − Donnerstag 30-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gefälschter Bluescreen: "Troubleshooter"-Malware zockt Windows-Nutzer ab ∗∗∗ --------------------------------------------- Derzeit ist eine Windows-Malware im Umlauf, die auf infizierten Rechnern einen Bluescreen simuliert und den Bildschirm sperrt. Sie beendet sich erst, wenn Opfer Geld für eine nicht existente Sicherheitssoftware überweisen. Außerdem fertigt sie einen Screenshot des Desktops – genauer: des Fensters im Vordergrund – an, um ihn an eine feste IP-Adresse zu verschicken. Das geht aus einem Blogeintrag eines Sicherheitsforschers von Malwarebytes hervor, der den von ihm entdeckten Schädling auf den Namen Troubleshooter getauft hat. --------------------------------------------- https://heise.de/-3905456 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file.Exploitation of this vulnerability could cause a buffer overflow condition on the targeted system, causing the Network Recording Player to crash, resulting in a denial of service (DoS) --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ libcurl Out-of-Bounds Memory Read Error in FTP Wildcard Function Lets Remote Users Redirect the Target Client to an Arbitrary Site ∗∗∗ --------------------------------------------- Version(s): 7.21.0 - 7.56.1 A remote server can return specially crafted data to trigger an out-of-bounds memory read error in the FTP wildcard matching function (CURLOPT_WILDCARDMATCH) and cause the target connected libcurl client to be redirected. libcurl applications that use HTTP or HTTPS URLs, allow libcurl redirects, and has FTP wildcards enabled are affected. --------------------------------------------- https://www.securitytracker.com/id/1039897 ∗∗∗ WordPress 4.9.1 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1 --------------------------------------------- https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance… ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-… ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170503-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009849 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010587 ∗∗∗ IBM Security bulletin: IBM Sterling File Gateway is vulnerable to cross-site scripting (CVE-2017-1632) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010549 ∗∗∗ IBM Security bulletin: Access control security vulnerability affects IBM Sterling File Gateway (CVE-2017-1550) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010758 ∗∗∗ IBM Security bulletin: Cross-site scripting. security vulnerability affects IBM Sterling File Gateway (CVE-2017-1549) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010759 ∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1548, CVE-2017-1497) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010738 ∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1487) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010552 ∗∗∗ IBM Security bulletin: Cross-site scripting security vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1482) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010762 ∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to SQL injection. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005835 ∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management affected by vulnerability due to sensitive information stored in URL parameters. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005836 ∗∗∗ SSA-350846 (Last Update 2017-11-30): Vulnerabilities in SWT3000 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-350846… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2017
by Daily end-of-shift report 29 Nov '17

29 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-11-2017 18:00 − Mittwoch 29-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Annual Incident Analysis Report for the Trust Service Providers ∗∗∗ --------------------------------------------- One year after the eIDAS Regulation entered into force, ENISA publishes the first comprehensive overview of the annual summary reporting by the Member States. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/annual-incident-analysis-report… ∗∗∗ Teure Angriffe auf ISDN-Anlagen ∗∗∗ --------------------------------------------- Neuartige Angriffe auf ISDN-Anlagen unterlaufen die Betrugserkennung der Telefongesellschaften durch die Nutzung von Call-by-Call-Vorwahlen und maximieren damit den Schaden. Gefährdet sind auch Besitzer älterer Anlagen ohne Internetanbindung. --------------------------------------------- https://www.heise.de/newsticker/meldung/Teure-Angriffe-auf-ISDN-Anlagen-390… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple Security Update 2017-001 ∗∗∗ --------------------------------------------- Available for: macOS High Sierra 10.13.1 Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password --------------------------------------------- https://support.apple.com/kb/HT208315 ∗∗∗ [webapps] Synology StorageManager 5.2 - Root Remote Command Execution ∗∗∗ --------------------------------------------- Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager. --------------------------------------------- https://www.exploit-db.com/exploits/43190/?rss ∗∗∗ RSA Authentication Agent SDK for C Error Handling Flaw May Let Remote Users Bypass Authentication on the Target System ∗∗∗ --------------------------------------------- In applications that do not properly handle return codes from the API/SDK, a remote user may be able to trigger an error handling flaw and bypass authentication on the target system. Systems with the API/SDK used in TCP asynchronous mode may be affected. The RSA Authentication Agent API/SDK for Java is not affected. --------------------------------------------- http://www.securitytracker.com/id/1039877 ∗∗∗ RSA Authentication Agent for Web for Apache Web Server Lets Remote Users Bypass Authentication on the Target System ∗∗∗ --------------------------------------------- A remote user can supply specially crafted data to trigger an input validation flaw and bypass authentication and gain access to resources ostensibly protected by the target agent. Agents configured to use the TCP protocol to communicate with the RSA Authentication Manager server are affected. The default configuration (UDP) is not affected. --------------------------------------------- http://www.securitytracker.com/id/1039876 ∗∗∗ Siemens SCALANCE W1750D, M800, and S615 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-332-01 ∗∗∗ Vuln: Multiple EMC RSA products CVE-2017-14378 Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101979 ∗∗∗ Vuln: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101977 ∗∗∗ Cisco Secure Access Control System Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Center URL Redirection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Event Center Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Network Recording Player Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco UCS Central Software ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Service Catalog SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Installation Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Image Signature Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Signature Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus Series Switches CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 8800 Series Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Malformed MIME Header Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco Data Center Network Manager Software ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Use After Free Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Two Vulnerabilities in H323 protocol of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - A CGI application vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Network Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Denial of Service Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009183 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security AppScan Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010003 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter systems (CVE-2016-7055) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099697 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2017
by Daily end-of-shift report 28 Nov '17

28 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 27-11-2017 18:00 − Dienstag 28-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Further abusing the badPwdCount attribute ∗∗∗ --------------------------------------------- ... what happens if you store your password on all sorts of devices (for authenticating with Exchange, Skype For Business, etc.) and you change your password? That would result in Exchange, Windows or any other service trying to authenticate with an invalid password. If everything works correctly, you should be locked out very soon because of this. However, this is not the case. --------------------------------------------- https://blog.fox-it.com/2017/11/28/further-abusing-the-badpwdcount-attribut… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Thunderbird als Einfallstor für Schadcode ∗∗∗ --------------------------------------------- Nutzen Angreifer als kritisch eingestufte Sicherheitslücken in Thunderbird aus, könnten sie aus der Ferne Schadcode auf Computern ausführen. Eine abgesicherte Version löst diese Probleme. --------------------------------------------- https://heise.de/-3903023 ∗∗∗ Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in a CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance.The vulnerability is due to unprotected calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ DFN-CERT-2017-2131/">Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Foxit Reader und Foxit PhantomPDF bis inklusive Version 8.3.2.25013 für Windows ermöglichen einem in den meisten Fällen entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung von Denial-of-Service (DoS)-Angriffen und das Ausspähen von Informationen. Voraussetzung für erfolgreiche Angriffe ist, dass es dem Angreifer gelingt, einen Benutzer dazu zu verleiten, eine schädlich manipulierte Datei zu öffnen. Zwei weitere Schwachstellen können vermutlich nur von einem lokalen Angreifer ausgenutzt werden, um Informationen auszuspähen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2131/ ∗∗∗ [Xen-announce] Xen Security Advisory 246 - x86: infinite loop due to missing PoD error checking ∗∗∗ --------------------------------------------- A malicious HVM guest can cause one pcpu to permanently hang. This normally cascades into the whole system freezing, resulting in a a host Denial of Service (DoS). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-246.html ∗∗∗ [Xen-announce] Xen Security Advisory 247 - Missing p2m error checking in PoD code ∗∗∗ --------------------------------------------- An unprivileged guest can retain a writable mapping of freed memory. Depending on how this page is used, it could result in either an information leak, or full privilege escalation. Alternatively, an unprivileged guest can cause Xen to hit a BUG(), causing a clean crash - ie, host-wide denial-of-service (DoS). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-247.html ∗∗∗ GNU C Library (glibc) vulnerability CVE-2017-15671 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30314331 ∗∗∗ GNU C Library (glibc) vulnerability CVE-2017-15670 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35129173 ∗∗∗ IBM Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099664 ∗∗∗ IBM Security Bulletin: Vulnerability in bash affects IBM Chassis Management Module (CVE-2016-9401) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099641 ∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099665 ∗∗∗ IBM Security Bulletin: Vulnerabilities in strongSwan affect IBM Chassis Management Module (CVE-2017-9022, CVE-2017-9023) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099642 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxslt affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099666 ∗∗∗ IBM Security Bulletin: Vulnerabilities in strongswan affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099668 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099644 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099667 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2016-9318) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099643 ∗∗∗ IBM Security Bulletin: Vulnerability in bind affects IBM Chassis Management Module (CVE-2017-3142) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099645 ∗∗∗ IBM Security Bulletin: Vulnerabilities in bind affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099669 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099671 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-5969) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099660 ∗∗∗ IBM Security Bulletin: Vulnerability in libgcrypt affects IBM Chassis Management Module (CVE-2017-7526) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099652 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM Flex System Networking Switch Products (CVE-2017-6214) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099693 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in expat (CVE-2012-6702 CVE-2016-5300) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099657 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libxml2 (CVE-2016-9318 CVE-2016-9597) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099655 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM RackSwitch Products (CVE-2017-6214) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099703 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099702 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libs ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099653 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099696 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Flex System Networking Switch Products (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099694 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099695 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in bind (CVE-2016-9131 CVE-2016-9147 CVE-2016-9444) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099654 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM RackSwitch Products (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099704 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099701 ∗∗∗ IBM Security Bulletin: Vulnerability in X.Org libICE affects IBM Chassis Management Module (CVE-2017-2626) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099661 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099698 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099700 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099699 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXrender (CVE-2016-7949 CVE-2016-7950) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099650 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXv ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099649 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libX11 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099648 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in bind (CVE-2017-3135) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099658 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in bash (CVE-2014-6277 CVE-2014-6278 CVE-2016-0634 CVE-2016-7543) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099656 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXfixes (CVE-2016-7944 CVE-2013-1983) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099651 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010856 ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010577 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-12163, CVE-2017-12151, CVE-2017-12150) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010703 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2017-12163) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010855 ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2017Q4 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010679 ∗∗∗ IBM Security Bulletin: IBM Connections Docs is Vulnerable to Denial of Service Issue in IBM WebSphere Application Server (CVE-2016-8919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005319 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2017
by Daily end-of-shift report 27 Nov '17

27 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-11-2017 18:00 − Montag 27-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Mobile Menace Monday: Chrome declares war on unwanted redirects ∗∗∗ --------------------------------------------- Google is initiating their plan to implement a few new changes in Chrome to defend against unwanted web redirects. A redirect happens when a different website from the URL that was entered opens in the browser. Sometimes redirects are intentional, as in when an organization/website is bought out by another entity and their traffic is redirected to the new owner. However, sometimes redirects are malicious and unwanted. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/11/chrome-declares-war-unwant… ===================== = Vulnerabilities = ===================== ∗∗∗ [Pdns-announce] PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 Available ∗∗∗ --------------------------------------------- We're happy to release PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 which contain a lot of backports from the 4.1.x branch. These releases also drop support for Botan 1.10 in favor of Botan 2.x. More importantly there are fixes for the following security advisories: - Authoritative Server - PowerDNS Security Advisory 2017-04[1]: Missing check on API operations (CVE-2017-15091) - Recursor - PowerDNS Security Advisory 2017-03[2]: Insufficient validation of DNSSEC signatures (CVE-2017-15090) - PowerDNS Security Advisory 2017-05[3]: Cross-Site Scripting in the web interface (CVE-2017-15092) - PowerDNS Security Advisory 2017-06[4]: Configuration file injection in the API (CVE-2017-15093) - PowerDNS Security Advisory 2017-07[5]: Memory leak in DNSSEC parsing (CVE-2017-15094) --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2017-November/001077.h… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Mailserver-Software Exim - Workaround verfügbar ∗∗∗ --------------------------------------------- Das Exim-Projekt hat am 25. 11. 2017 Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Details: Durch Ausnutzen eines Use-after-free Fehlers können Angreifer potentiell beliebigen Code auf betroffenen Mailservern ausführen. CVE-Nummern dazu: CVE-2017-16943, CVE-2017-16944 --------------------------------------------- http://www.cert.at/warnings/all/20171127.html ∗∗∗ Security Advisory - Improper Access Control Vulnerability in Some Huawei OceanStor products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171122-… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-… ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Samba vulnerability affects IBM SONAS (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010656 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-15906 in OpenSSH affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022349 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-14919 in Node.js affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022348 ∗∗∗ IBM Security Bulletin: Vulnerability in curl affects IBM Chassis Management Module (CVE-2017-7407) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099640 ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP affect IBM Chassis Management Module ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099639 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.11.2017
by Daily end-of-shift report 24 Nov '17

24 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-11-2017 18:00 − Freitag 24-11-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Treat infosec fails like plane crashes – but hopefully with less death and twisted metal ∗∗∗ --------------------------------------------- We never learn from incidents, says Europol security adviser The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/24/infosec_dis… ∗∗∗ VB2017 video: FinFisher: New techniques and infection vectors revealed ∗∗∗ --------------------------------------------- Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/11/vb2017-video-finfisher-new-t… ∗∗∗ 31 lückenhafte Banking-Apps: Forscher entlarven App-TAN-Verfahren abermals als unsicher ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen eine nicht ganz triviale Methode auf, über die Angreifer Online-Banking-Apps manipulieren könnten. Auch in Deutschland sind Banken betroffen. --------------------------------------------- https://heise.de/-3900945 ∗∗∗ Gefälschte BAWAG PSK-Sicherheits-App im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte BAWAG PSK-E-Mail. Darin fordern sie von Kund/innen, dass diese eine Sicherheits-App installieren. Sie ist Schadsoftware und ermöglicht es den Betrüger/innen, Zugriff auf das OnlineBanking-Konto ihrer Opfer zu erlangen. Kund/innen dürfen die angebliche Sicherheits-App nicht installieren. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-bawag-psk-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Lancom: Wichtiges LCOS-Update stopft Sicherheitslücke ∗∗∗ --------------------------------------------- Die aktuelle Version von Lancoms Betriebssoftware für Router, Access Points und Switches beseitigt eine Sicherheitslücke, die Angreifern bei bestimmten Firmware-Versionen Zugriff auf Verwaltungsfunktionen ermöglicht. --------------------------------------------- https://www.heise.de/newsticker/meldung/Lancom-Wichtiges-LCOS-Update-stopft… ∗∗∗ FortiOS: Updates schützen unter anderem vor Cross-Site-Scripting ∗∗∗ --------------------------------------------- Fortinet warnt vor einer Lücke in seinem Betriebssystem FortiOS für FortiGate-Produkte. Einige Updates stehen schon bereit; weitere folgen in Kürze. --------------------------------------------- https://heise.de/-3901201 ∗∗∗ DFN-CERT-2017-2115/">OTRS: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebiger Kommandozeilenbefehle ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2115/ ∗∗∗ DFN-CERT-2017-2119/">FortiGate: Eine Schwachstelle ermöglicht u.a. einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2119/ ∗∗∗ IBM Security Bulletin: OpenSSL command line utility in IBM Workload Scheduler can run with elevated priviliges (CVE-2017-1716) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010947 ∗∗∗ SSA-346262 (Last Update 2017-11-23): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2017
by Daily end-of-shift report 23 Nov '17

23 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-11-2017 18:00 − Donnerstag 23-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Amazon Key Bug Lets Rogue Deliverymen Re-Enter Homes Without Being Recorded ∗∗∗ --------------------------------------------- A month after Amazon launched Amazon Key, security experts have already identified a flaw in the devices mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded. --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-key-bug-lets-rogue-de… ∗∗∗ Firefox Nightly Build 58: Firefox warnt künftig vor Webseiten mit Datenlecks ∗∗∗ --------------------------------------------- Im Nightly Build 58 testet Mozillaeinige neue Funktionen: So sollen Nutzer bald personalisierte Artikelvorschläge von Pocket bekommen. Außerdem werden Nutzer womöglich bald vor Webseiten gewarnt, die im großen Stil Nutzerdaten verloren haben. --------------------------------------------- https://www.golem.de/news/firefox-nightly-build-58-firefox-warnt-kuenftig-v… ∗∗∗ systemd Vulnerability Leads to Denial of Service on Linux ∗∗∗ --------------------------------------------- Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a DNS server controlled by the attackers. The DNS server would then return a specially crafted .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerab… ∗∗∗ Advisory: Turla group malware ∗∗∗ --------------------------------------------- This report provides new intelligence derived from NCSC investigations into two tools used by the Turla group to target the UK, known as Neuron and Nautilus. --------------------------------------------- https://www.ncsc.gov.uk/alerts/turla-group-malware ∗∗∗ Erpressungstrojaner qkG manipuliert Word-Template zur weiteren Verbreitung ∗∗∗ --------------------------------------------- Sicherheitsforscher sind auf eine neue Ransomware gestoßen, die es vorrangig auf Word-Nutzer abgesehen hat. --------------------------------------------- https://heise.de/-3899132 ∗∗∗ Mac-Malware Proton gibt sich als "Symantec Malware Detector" aus ∗∗∗ --------------------------------------------- Getarnt als Malware-Erkennung wurde der Mac-Trojaner über ein vermeintliches Symantec-Blog vertrieben. Eine über soziale Netze verbreitete Falschmeldung soll Nutzer zur Installation bringen. --------------------------------------------- https://heise.de/-3900056 ∗∗∗ Schwerer Bug erlaubt, macOS via USB-Stick zu knacken ∗∗∗ --------------------------------------------- Apple hat Fehler bereits geschlossen – Reparaturwerkzeug als Angriffspunkt --------------------------------------------- http://derstandard.at/2000068349782 ===================== = Vulnerabilities = ===================== ∗∗∗ FortiWebManager 5.8.0 improperly handles admin login access ∗∗∗ --------------------------------------------- FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-248 ∗∗∗ TablePress <= 1.8 - Authenticated XML External Entity (XXE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8963 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in sudo. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099647 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099663 ∗∗∗ IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099674 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2017
by Daily end-of-shift report 22 Nov '17

22 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-11-2017 18:00 − Mittwoch 22-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verbraucherschutz: Sportuhr-Hersteller gehen unsportlich mit Daten um ∗∗∗ --------------------------------------------- Herzfrequenz und Schlafphasen: Apple, Garmin und andere Hersteller von Sportuhren und Fitnesstrackern speichern auf ihren Portalen sehr persönliche Nutzerdaten. Bei einem Praxistest sind nur zwei Hersteller korrekt mit dem Auskunftsrecht des Kunden umgegangen. --------------------------------------------- https://www.golem.de/news/verbraucherschutz-sportuhr-hersteller-gehen-unspo… ∗∗∗ Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability ∗∗∗ --------------------------------------------- Intel recently released a security advisory detailing several security flaws in its Management Engine (ME). The advisory provides critical ME, Trusted Execution Technology (TXT), and Server Platform Services (SPS) firmware .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-cve-2… ∗∗∗ Sicherheitslücke in HP-Druckern – Firmware-Updates stehen bereit ∗∗∗ --------------------------------------------- Unter Verwendung spezieller Malware können Angreifer aus der Ferne auf Drucker von HP zugreifen und dort unter anderem gerätespezifische Befehle ausführen. Der Hersteller hat Updates bereitgestellt und empfiehlt die umgehende Aktualisierung. --------------------------------------------- https://heise.de/-3897679 ∗∗∗ Deutsche Behörde: Staat muss digital zurückschlagen können ∗∗∗ --------------------------------------------- In der Schweiz erlaubte "Hackbacks" als Beispiel genannt --------------------------------------------- http://derstandard.at/2000068302436 ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-17-927: Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-927/ ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009782 ∗∗∗ RSA Authentication Manager Input Validation Flaw in Security Console Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039853 ∗∗∗ USN-3489-2: Berkeley DB vulnerability ∗∗∗ --------------------------------------------- http://www.ubuntu.com/usn/usn-3489-2/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily