- Daily - CERT.at

Tageszusammenfassung - 11.01.2019
by Daily end-of-shift report 11 Jan '19

11 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-01-2019 18:00 − Freitag 11-01-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenleak - mal ganz ohne Hype ∗∗∗ --------------------------------------------- Datenleak - mal ganz ohne Hype11. Jänner 2019Man hätte sich in den letzten Tagen enorm anstrengen müssen, um der Berichterstattung zu dem vor knapp einer Woche in Deutschland bekannt gewordenen Datenleak zu entgehen.Um es trotzdem nochmal kurz zusammenzufassen: Unbekannte Täter veröffentlichten im Laufe des Dezembers Dokumente und persönliche Informationen hunderter deutscher Politiker und anderer Personen des öffentlichen Lebens in Form eines bizarren --------------------------------------------- http://www.cert.at/services/blog/20190111135415-2348.html ∗∗∗ Vivy & Co.: Gesundheitsapps kranken an der Sicherheit ∗∗∗ --------------------------------------------- Mit Sicherheitsversprechen geizen die Hersteller von Gesundheitsapps wahrlich nicht. Doch wie ist es wirklich darum bestellt? (Medizin, Gesundheitskarte) --------------------------------------------- https://www.golem.de/news/vivy-co-gesundheitsapps-kranken-an-der-sicherheit… ∗∗∗ Using Wireshark – Display Filter Expressions ∗∗∗ --------------------------------------------- As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review packet captures (pcaps) of network traffic generated by malware samples. To better accomplish this work, I use a customized Wireshark column display as described my previous blog about using Wireshark. Today’s post provides more tips for analysts toThe post Using Wireshark – Display Filter Expressions appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressi… ∗∗∗ Windows 10 Experts Guide: Everything you need to know about BitLocker ∗∗∗ --------------------------------------------- Encrypting every bit of data on a Windows 10 PC is a crucial security precaution. Every edition of Windows 10 includes strong encryption options, with business editions having the best set of management tools. Heres a hands-on guide. --------------------------------------------- https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson DeltaV ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass vulnerability in Emersons DeltaV distributed control system workstation products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 ∗∗∗ Omron CX-One CX-Protocol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a type confusion vulnerability in Omrons CX-Protocol within the CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02 ∗∗∗ Pilz PNOZmulti Configurator ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a clear-text storage of sensitive information vulnerability in the Pilz PNOZmulti Configurator, a safety circuit configuration tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03 ∗∗∗ Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 ∗∗∗ --------------------------------------------- This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is now being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in the Tridium Niagara Enterprise Security, the Niagara AX, and the Niagara 4 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 ∗∗∗ USN-3855-1: systemd vulnerabilities ∗∗∗ --------------------------------------------- systemd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarySeveral security issues were fixed in systemd.Software Descriptionsystemd - system and service managerDetailsIt was discovered that systemd-journald allocated variable-length buffersfor certain message fields on the stack. A local attacker couldpotentially exploit this to cause a denial of service, or executearbitrary code. --------------------------------------------- https://usn.ubuntu.com/3855-1/ ∗∗∗ Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar 11. Jänner 2019 Beschreibung Der Netzwerkausrüster Juniper hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Juniper Space OS, Junos OS und ATP Software veröffentlicht. Zwei der Schwachstellen in Juniper ATP werden mit dem höchstmöglichen CVSS3 Score von 10 als kritisch eingestuft: CVE-2019-0020, CVE-2019-0022 [...] --------------------------------------------- http://www.cert.at/warnings/all/20190111.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (systemd and wireshark-cli), Debian (libsndfile and tmpreaper), Fedora (beep, electrum, gnutls, haproxy, krb5, mupdf, php-horde-Horde-Image, python-django, and wget), Mageia (libarchive and terminology), openSUSE (libraw, polkit, and singularity), SUSE (haproxy, java-1_8_0-openjdk, LibVNCServer, and webkit2gtk3), and Ubuntu (exiv2, gnupg2, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/776518/ ∗∗∗ ZDI-19-013: (0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-013/ ∗∗∗ Format String Vulnerability in SSH username ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-018 ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by an IBM WebSphere Application Server vulnerability(CVE-2017-1788) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2019
by Daily end-of-shift report 10 Jan '19

10 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-01-2019 18:00 − Donnerstag 10-01-2019 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ WordPress-Related Vulnerabilities Tripled in 2018 ∗∗∗ --------------------------------------------- WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-related-vulnerabil… ∗∗∗ Global DNS Hijacking Campaign: DNS Record Manipulation at Scale ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-ca… ∗∗∗ North Korea APT(?) and recent Ryuk Ransomware attacks ∗∗∗ --------------------------------------------- Our Threat Intelligence team has been tracking the Emotet botnet throughout 2018. In our previous post we reported a large scale Emotet campaign focused on e-mail content exfiltration.Today, we review the evidence gathered from our Telltale Threat Intelligence Service, which suggests the involvement of Emotet as the delivery mechanism for the latest wave of Ryuk ransomware attacks being dubbed as North Korean state-sponsored cyber-attacks.The evidence from the dataset completes the missing --------------------------------------------- https://blog.kryptoslogic.com/malware/2019/01/10/dprk-emotet.html ∗∗∗ E-Mail von mir selbst-erklärt ∗∗∗ --------------------------------------------- Sie erhalten vermeintlich von sich selbst eine E-Mail und fragen sich, wie das möglich ist? Die Antwort darauf ist, dass Kriminelle eine E-Mail so verändern können, dass die Absender/innen- mit der Empfänger/innen-Adresse ident ist. Das bedeutet jedoch nicht, dass Unbekannte Zugriff auf Ihr Konto haben und über dieses betrügerische Nachrichten an Sie versenden. --------------------------------------------- https://www.watchlist-internet.at/news/erklaerung-fuer-e-mail-von-mir-selbs… ∗∗∗ Gehälter durch Datenklau bei Wohnungssuche gestohlen! ∗∗∗ --------------------------------------------- Konsument/innen, die auf Mietwohnungssuche sind, stoßen mitunter auf gefälschte Wohnungsinserate. Bei Interesse an einer Immobilie senden sie, wie üblich, ihre Gehaltsabrechnungen der letzten Monate an die angeblichen Vermieter/innen. Kriminelle nutzen die Daten, um die Arbeitgeber/innen der Wohnungssuchenden über einen Kontowechsel zu informieren und Gehälter abzuzweigen! --------------------------------------------- https://www.watchlist-internet.at/news/gehaelter-durch-datenklau-bei-wohnun… ===================== = Vulnerabilities = ===================== ∗∗∗ Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001 ∗∗∗ --------------------------------------------- Description: This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unused function. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-001 ∗∗∗ Sicherheitslücken mit Höchstwertung in Juniper ATP ∗∗∗ --------------------------------------------- Angreifer könnten mit vergleichsweise wenig Aufwand die volle Kontrolle über das Schutzprodukt Advanced Threat Prevention (ATP) übernehmen. Darüber hinaus sind verschiedene Versionen des Betriebssystems Junos OS und die Management-Plattform für Netzwerke Junos Space angreifbar. Zwei Lücken (CVE-2019-0022, CVE-2019-0025) sind mit dem höchstmöglichen CVSS 3 Score 10 von 10 eingestuft. --------------------------------------------- http://heise.de/-4271009 ∗∗∗ Multiple Vulnerabilities in Cisco VOIP Phones, e.g. models 88XX ∗∗∗ --------------------------------------------- SEC Consult was able to identify a JavaScript like code injection in the Cisco VoIP Phone 8800 Series via the built-in T9 keyboard. Moreover, multiple outdated libraries and hard coded credentials got identified by conducting a static firmware analysis using the IoT Inspector platform. Patches are already available by Cisco. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerabilities-in-cisco-voi… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libcaca), Fedora (beep and libgxps), Mageia (krb5, live, ffmpeg, mplayer, and vlc, and mbedtls), SUSE (helm-mirror, java-1_7_0-openjdk, and systemd), and Ubuntu (nss and python-django). --------------------------------------------- https://lwn.net/Articles/776397/ ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2019
by Daily end-of-shift report 09 Jan '19

09 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-01-2019 18:00 − Mittwoch 09-01-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Face Unlock: 42 von 110 Handys lassen sich mit Portrait-Fotos austricksen ∗∗∗ --------------------------------------------- Im Test einer NGO ließen sich alle Handys von Nokia und Sony mit Portrait-Fotos entsperren. Die Bilanz anderer Hersteller ist mit einer Ausnahme durchwachsen. --------------------------------------------- http://heise.de/-4269897 ∗∗∗ Gefälschte card complete Sicherheits-App enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen finden gefälschte card complete Nachrichten in ihrem Posteingang. Darin behaupten die kriminellen Versender/innen, dass eine Sicherheits-App am Mobiltelefon installiert werden muss, damit die Kreditkarte weiterhin genutzt werden kann. Die App darf nicht heruntergeladen werden, denn sie enthält Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-card-complete-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a use after free vulnerability in Schneider Electrics Zelio Soft 2 programming platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-01 ∗∗∗ Schneider Electric IIoT Monitor ∗∗∗ --------------------------------------------- This advisory includes mitigations for path traversal, unrestricted upload of file with dangerous type, and XXE vulnerabilities in the Schneider Electric IIoT Monitor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-02 ∗∗∗ Intel Patches High-Severity Privilege-Escalation Bugs ∗∗∗ --------------------------------------------- Overall, the chip giant patched five vulnerabilities across an array of its products. --------------------------------------------- https://threatpost.com/intel-patches-privilege-escalation-bugs/140665/ ∗∗∗ Patchday: Fast nur "wichtige" Sicherheitsupdates für Windows & Co. ∗∗∗ --------------------------------------------- Microsoft kümmert sich um Software-Schwachstellen in unter anderem Windows. Nutzer sollten eine baldige Installation der Updates sicherstellen. --------------------------------------------- http://heise.de/-4269105 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (elfutils, polkit, and tar), Debian (python-django and ruby-loofah), and Mageia (ansible, avidemux, coreutils, discount, nettle, openafs, opensc, and qtbase5). --------------------------------------------- https://lwn.net/Articles/776310/ ∗∗∗ Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Password Recovery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Porduct ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ Security Advisory - Use After Free Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by an httpclient package in WAS internally Vulnerability(CVE-2012-5783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2019
by Daily end-of-shift report 08 Jan '19

08 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 07-01-2019 18:00 − Dienstag 08-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Digging Up the Past: Windows Registry Forensics Revisited ∗∗∗ --------------------------------------------- Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. This can be useful to discover malicious activity and to determine what data may have been stolen from a network. Many different types of data are present in the registry that can provide evidence of program execution, application settings, malware persistence, and other valuable artifacts. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-win… ∗∗∗ Software auf vielen Routern nutzt etablierte Sicherheitsmechanismen nicht ∗∗∗ --------------------------------------------- Sicherheitsforscher von Cyber-ITL haben sich die Software auf 28 Router mit ARM- und MIPS-Architektur für den Heimgebrauch angeschaut und herausgefunden, dass viele Modelle ihr Sicherheitspotenzial nicht ausschöpfen: Viele Firmware-Versionen setzen in der Linux-Basis eigentlich vorhandene Sicherheitsmechanismen wie Address Space Layout Randomization (ASLR) und Data Execution Prevention (DEP) nicht ein. --------------------------------------------- http://heise.de/-4268046 ∗∗∗ Bitcoin-Erpressung mit Masturbationsvideo ∗∗∗ --------------------------------------------- Internet-User/innen finden E-Mails mit dem Betreff „Hohe Gefahr. Konto wurde angegriffen.“ in ihrem Posteingang. Die Versandadresse entspricht fälschlicherweise der Empfangsadresse. Eine angebliche Hacker/in droht damit, ein Selbstbefriedigungs-Video der Empfänger/in zu veröffentlichen. Der geforderte Bitcoin-Betrag darf nicht bezahlt werden, denn das Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressung-mit-masturbations… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB19-01), Adobe Connect (APSB19-05) and Adobe Digital Editions (APSB19-04). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1685 ∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen. Als Folge kann der Angreifer die Kontrolle über das Gerät übernehmen, Daten ausspionieren, das Gerät zum Absturz bringen oder unbrauchbar machen. Zur erfolgreichen Ausnutzung der Schwachstellen genügt es, eine manipulierte App zu öffnen oder einen Link anzutippen, der zu einer bösartigen Software führt. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/01/warn… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libav), Fedora (krb5), Red Hat (source-to-image), and SUSE (gpg2, libgit2, and libsoup). --------------------------------------------- https://lwn.net/Articles/776215/ ∗∗∗ SAP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen SAP Produkten ausnutzen, um dadurch die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendung zu gefährden. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0012 ∗∗∗ VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/317277 ∗∗∗ Vulnerability in Java Deserialization Affecting Cisco Products ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ SIP User Directory Information Disclosure ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5741 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-180635 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf ∗∗∗ SSA-293562 (Last Update: 2019-01-08): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf ∗∗∗ SSA-306710 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf ∗∗∗ SSA-559174 (Last Update: 2019-01-08): Multiple Vulnerabilities in CP1604 and CP1616 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf ∗∗∗ SSA-579309 (Last Update: 2019-01-08): Denial-of-Service in SICAM A8000 Series ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf ∗∗∗ SSA-325546 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module of SWT3000 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ GnuTLS vulnerability CVE-2018-16868 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18955141 ∗∗∗ Nettle vulnerability CVE-2018-16869 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45616155 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.01.2019
by Daily end-of-shift report 07 Jan '19

07 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-01-2019 18:00 − Montag 07-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Betrügerische Mails versprechen Millionen ∗∗∗ --------------------------------------------- Immer wieder erhalten Internetnutzer/innen E-Mails, die schnelles Geld in Form von Erbschaften, Spenden und Geschenken in Millionenhöhe versprechen. Im konkreten Fall hat der Absender angeblich 533 Millionen US-Dollar gewonnen und möchte zwei Millionen davon an die Empfänger/in spenden. Damit die Konsument/innen das Geld erhalten, sollen sie Vorauszahlungen leisten. Wer dies tut, verliert Geld und persönliche Daten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mails-versprechen-mil… ∗∗∗ Warnung vor monaco-modding.com ∗∗∗ --------------------------------------------- Der Anbieter monaco-modding.com bezeichnet sich als Deutschland schnellsten Moddingservice. Er bietet Kund/innen Unlock Alls für GTA 5, Skins für Fortnite, Eingabekeys für Black Ops 4 oder Red Dead Redemption 2 sowie günstige Netflix- und Spotify-Accounts an. Von einer Bestellung auf monaco-modding.com ist dringend abzuraten, denn der Anbieter liefert keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-monaco-moddingcom/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Mit Skype Android-PIN umgehen ∗∗∗ --------------------------------------------- Mit einem einfachen Skype-Anruf lassen sich trotz PIN-Sperre Fotos, Kontakte und mehr auf einem Android-Smartphone einsehen. Ein Update wurde veröffentlicht, steht aber noch nicht für alle Geräte zur Verfügung. (Android, Skype) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mit-skype-android-pin-umgehen-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (keepalived), Debian (python-django), Fedora (tcpreplay), Mageia (apache-commons-compress, aubio, dcraw, freerdp, imagemagick, ldb, talloc, samba, libao, libextractor, libgxps, libpgf, openjpeg2, pdns, pdns-recursor, php-phpmailer, plexus-archiver, units, wget, and xmlrpc), Oracle (keepalived and kernel), and SUSE (polkit and xen). --------------------------------------------- https://lwn.net/Articles/776162/ ∗∗∗ IBM Security Bulletin: API Connect is affected by a vulnerability in the role-based access control (CVE-2018-1932) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2018-1918) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.01.2019
by Daily end-of-shift report 04 Jan '19

04 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-01-2019 18:00 − Freitag 04-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Open redirects - the vulnerability class no one but attackers cares about ∗∗∗ --------------------------------------------- Open redirects is an underrated bug class that is often considered a non-vulnerability. In certain cases it could lead to Windows credential stealing, javascript execution and in the best case it can only be used in phishing attacks, malicious redirecting and damaging the brand off the vulnerable company. --------------------------------------------- https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-cla… ∗∗∗ OWASP Top 10 Security Risks – Part IV ∗∗∗ --------------------------------------------- To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-iv.html ∗∗∗ Phishing template uses fake fonts to decode content and evade detection ∗∗∗ --------------------------------------------- Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fa… ∗∗∗ Sicherheitsupdates: Zwei kritische Lücken in Adobe Acrobat und Reader ∗∗∗ --------------------------------------------- Adobe patcht seine PDF-Anwendungen außer der Reihe. Über ein Schlupfloch könnten Angreifer Schadcode ausführen. --------------------------------------------- http://heise.de/-4265230 ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in Schneider Electrics Pro-face GP-Pro EX, an HMI screen editor and logic programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01 ∗∗∗ Yokogawa Vnet/IP Open Communication Driver ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a resource management error vulnerability in Yokogawas Vnet/IP open communication driver. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02 ∗∗∗ Hetronic Nova-M ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass by capture-relay vulnerability in Hetronics Nova-M remote control transmitters and receivers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (wget), Oracle (kernel), Red Hat (keepalived), Scientific Linux (keepalived), and SUSE (GraphicsMagick and mailman). --------------------------------------------- https://lwn.net/Articles/776019/ ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0007 ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0006 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1677) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by weak cryptographic algorithms (CVE-2018-1665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a man in the middle vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a XML External Entity Injection (XXE) vulnerability (CVE-2018-1669) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2019
by Daily end-of-shift report 03 Jan '19

03 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-01-2019 18:00 − Donnerstag 03-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ NRSMiner updates to newer version ∗∗∗ --------------------------------------------- More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, [...] --------------------------------------------- https://labsblog.f-secure.com/2019/01/03/nrsminer-updates-to-newer-version/ ∗∗∗ Malicious Script Leaking Data via FTP ∗∗∗ --------------------------------------------- The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on standard Windows tools. --------------------------------------------- https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/244… ∗∗∗ Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing several vulnerabilities in MacPaws CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them. In all of these bugs, an attacker with local access to the victim machine could modify the file system as root. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-CleanMyM… ∗∗∗ CastHack: Zehntausende Chromecast-Adapter spielten plötzlich Youtube-Video ab ∗∗∗ --------------------------------------------- Gutmütige Hacker zeigen, dass Googles Chromecast oft über das Internet erreichbar ist. Das ist ein generelles Problem und durchaus gefährlich. --------------------------------------------- http://heise.de/-4263887 ∗∗∗ Unterkunft nicht auf bookingsallgala.com buchen! ∗∗∗ --------------------------------------------- Auf bookinsallgala.com finden Sie Unterkünfte und Hotels rund um die Welt. Eine Buchung sollten Sie hier aber auf keinen Fall abschließen, denn die Seite wird von Kriminellen betrieben! Während Geld von Ihrer Kreditkarte abgebucht wird, erreicht Ihre Reservierung nie das Hotel und Sie erhalten die bezahlte Leistung nicht. --------------------------------------------- https://www.watchlist-internet.at/news/unterkunft-nicht-auf-bookingsallgala… ∗∗∗ Betrugsgefahren beim Privateinkauf ∗∗∗ --------------------------------------------- Personen, die über Kleinanzeigen-Plattformen Produkte kaufen, können an Kriminelle geraten. Sie verlangen eine Bezahlung der Ware im Voraus oder einen Identitätsnachweis zu ihrer Sicherheit. Ihre Ware liefern sie jedoch nicht, weshalb Opfer ihr Geld und ihre Identität an Kriminelle verlieren. Die Watchlist Internet zeigt Ihnen bekannte Betrugsformen beim Privateinkauf, damit Sie sicher auf Kleinanzeigen-Plattformen einkaufen können. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsgefahren-beim-privateinkauf/ ∗∗∗ Gefälschte Billa-Gewinn-SMS im Umlauf! ∗∗∗ --------------------------------------------- Erneut haben Betrüger/innen eine gefälschte Gewinn-SMS von Billa in Umlauf gebracht. Personen, die der Nachricht Glauben schenken, dem Link in der SMS folgen und die Umfrage beantworten, sollen zwei Euro per Kreditkarte zahlen, um ein iPhone XS mit 256 GB geschenkt zu bekommen. Wer das macht, tappt in eine Abo-Falle und erhält kein iPhone XS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-billa-gewinn-sms-im-umla… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-02) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-02). The updates referenced in the bulletin address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1682 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jasper, libdatetime-timezone-perl, qtbase-opensource-src, thunderbird, and tzdata), Red Hat (rh-perl524-perl), and SUSE (libraw, polkit, and xen). --------------------------------------------- https://lwn.net/Articles/775937/ ∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0005 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2018-1888. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-access-for-wind… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-affects… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2019
by Daily end-of-shift report 02 Jan '19

02 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-12-2018 18:00 − Mittwoch 02-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data ∗∗∗ --------------------------------------------- A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-allows-… ∗∗∗ How to Decrypt the FilesLocker Ransomware with FilesLockerDecrypter ∗∗∗ --------------------------------------------- On December 29th, an unknown user released the master RSA decryption key for FilesLocker v1 and v2. This allowed Michael Gillespie to release a decryptor for files encrypted by the FilesLocker Ransomware that have the .[fileslocker(a)pm.me] extension appended to file names. --------------------------------------------- https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-fi… ∗∗∗ EU finanziert Bug Bounty für Open-Source-Software wie VLC ∗∗∗ --------------------------------------------- Wer Fehler in Open-Source-Software entdeckt, kann sich ab Jänner von der EU dafür belohnen lassen. --------------------------------------------- https://futurezone.at/netzpolitik/eu-finanziert-bug-bounty-fuer-open-source… ∗∗∗ Sicherheitslücke: DoS-Angriff auf Bluetooth-Chips von Broadcom ∗∗∗ --------------------------------------------- Bluetooth auf einem fremden Smartphone ausknipsen und einen Bluetooth-Lautsprecher zum Schweigen bringen? Mit einer Sicherheitslücke in Bluetooth-Chips von Broadcom ist das möglich. (Bluetooth, CCC) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-dos-angriff-auf-bluetooth-chips… ∗∗∗ Phishing & Co: Immer skeptisch bleiben – sicher unterwegs im vernetzten Büro ∗∗∗ --------------------------------------------- Firmen geraten zunehmend ins Visier von Angreifern. Die IT-Systeme stellen dabei gar nicht die größte Schwachstelle dar. Es sind die Mitarbeiter. --------------------------------------------- http://heise.de/-4260197 ∗∗∗ Vorsicht bei Veröffentlichung und Kauf beim AV Akademikerverlag ∗∗∗ --------------------------------------------- Universitätsabsolvent/innen, die kurz nach Abschluss ihres Studiums überlegen, ihre Bachelor-, Master- oder Doktorarbeiten zu publizieren, ist von einer Veröffentlichung beim AV Akademikerverlag abzuraten. Während die Publikation kostenlos ist, tritt man seine Veröffentlichungsrechte an der Arbeit an einen Verlag ab, der einen zweifelhaften Ruf hat. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-veroeffentlichung-und-k… ∗∗∗ cyber-giant.com ist ein Fake-Shop ∗∗∗ --------------------------------------------- Der Fake-Shop cyber-giant.com bietet günstige Elektroartikel an. Konsument/innen, die bei dem Händler einkaufen, verlieren ihr Geld und ihre Identität an Kriminelle, denn er ist betrügerisch und liefert keine Waren. Das zeigt eine Internetrecherche, ein Preisvergleich und die ausschließliche Möglichkeit, die Ware nur im Voraus zu bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/cyber-giantcom-ist-ein-fake-shop/ ∗∗∗ DNS-Blacklists und Neujahrsvorsätze ∗∗∗ --------------------------------------------- Die altehrwürdige DNS-Blacklist njabl.org hat 2013 den Betrieb eingestellt. Vor kurzem dürfte nun die Domain den Besitzer gewechselt haben, und wer diese DNSBL noch immer benutzt, bekommt nun auf alle Anfragen ein positives Ergebnis. Mit dem Effekt, dass etliche Mailserver alle eingehende Mail ablehnen. --------------------------------------------- http://www.cert.at/services/blog/20190102135412-2339.html ∗∗∗ Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security ∗∗∗ --------------------------------------------- The "white hat" hacker, who claimed to be part of a group calling itself the "Anonymous Calgary Mindhive", said it hadn’t been hard for him to hijack control of a man's Nest security camera. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/spooked-by-a-speaking-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ [CVE-2018-17191] Apache NetBeans 9.0 Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE) ∗∗∗ --------------------------------------------- To be vulnerable to the issue, the system running NetBeans needs to be configured to use Proxy Auto-Configuration (PAC), NetBeans must be configured to use the system proxy settings and the attacker needs to be able to modify the PAC script. --------------------------------------------- https://seclists.org/oss-sec/2018/q4/275 ∗∗∗ Fehler in Software-Suite gefährdet NAS-Geräte von Synology ∗∗∗ --------------------------------------------- Kritische Sicherheitslücken betreffen Software von Synology und machen Netzwerkspeicher des Herstellers angreifbar. Updates sind verfügbar. --------------------------------------------- http://heise.de/-4261032 ∗∗∗ Synology-SA-19:01 Photo Station ∗∗∗ --------------------------------------------- These vulnerabilities allow remote attackers to execute arbitrary SQL commands and remote authenticated users to upload arbitrary files via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_01 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go, go-pie, and webkit2gtk), Debian (c3p0, debian-security-support, libextractor, and tar), Fedora (electron-cash, leptonica, LibRaw, mingw-leptonica, mingw-openjpeg2, mingw-poppler, nettle, openjpeg2, php-pear, sqlite, and vcftools), Gentoo (GKSu and rust), Mageia (keepalived and libtiff), openSUSE (containerd, docker, go, go, GraphicsMagick, libraw, mozilla-nspr and mozilla-nss, netatalk, polkit, wireshark, and xen), and SUSE (containerd, [...] --------------------------------------------- https://lwn.net/Articles/775790/ ∗∗∗ Security updates for the new year ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (graphicsmagick, poppler, python, and python-lxml) and openSUSE (GraphicsMagick). --------------------------------------------- https://lwn.net/Articles/775824/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (thunderbird), Fedora (terminology), openSUSE (GraphicsMagick), and Red Hat (rh-perl526-perl). --------------------------------------------- https://lwn.net/Articles/775852/ ∗∗∗ Vuln: ZTE ZMAX Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106361 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24353255 ∗∗∗ Binutils vulnerability CVE-2018-17985 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35710418 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.12.2018
by Daily end-of-shift report 28 Dec '18

28 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-12-2018 18:00 − Freitag 28-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ BUNDESGESETZBLATT FÜR DIE REPUBLIK ÖSTERREICH ∗∗∗ --------------------------------------------- 111. Bundesgesetz, mit dem das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz – NISG) erlassen und das Telekommunikationsgesetz 2003 geändert wird --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2018_I_111/BGBLA_2018_I_… ∗∗∗ 35C3: Hacker zeigt Schwachstellen in IoT-Netzwerk Sigfox auf ∗∗∗ --------------------------------------------- Die Datenkommunikation über das Sigfox-Funknetz, das auf das Internet der Dinge ausgerichtet ist, lässt sich momentan bei vielen Geräten recht einfach abhören. --------------------------------------------- http://heise.de/-4259662 ∗∗∗ Warnung vor elektro-hilfe.at ∗∗∗ --------------------------------------------- Bei elektro-hilfe.at handelt es sich um einen 24h-Elektriker-Notdienst, der verspricht, Pannen und Schäden die durch Wasserrohrbrüche, verstopfte Leitungen u.Ä. verursacht wurden, zu beheben. Verlockend klingen vor allem auch die günstigen Preise, mit denen auf der Website geworben wird. Der Anbieter ist nicht vertrauenswürdig, denn vor Ort werden überhöhte Preise verrechnet. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-elektro-hilfeat/ ∗∗∗ Hijacking Online Accounts Via Hacked Voicemail Systems ∗∗∗ --------------------------------------------- Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services. --------------------------------------------- https://threatpost.com/hijacking-online-accounts-via-hacked-voicemail-syste… ∗∗∗ Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage ∗∗∗ --------------------------------------------- The home surveillance cams have hard-coded credentials. --------------------------------------------- https://threatpost.com/guardzilla-cameras-flaw/140415/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript, graphicsmagick, libarchive, libsndfile, libvncserver, ruby-sanitize, and wireshark), Fedora (mosquitto and tinc), Mageia (monit, sqlite3, and thunderbird), and SUSE (openssl). --------------------------------------------- https://lwn.net/Articles/775635/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libphp-phpmailer), Fedora (mosquitto and tinc), and Mageia (ruby-i18n and tcpdump). --------------------------------------------- https://lwn.net/Articles/775670/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-apache-to… ∗∗∗ BIG-IP APM portal access may potentially leak host name information for back-end servers ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K31333705 ∗∗∗ BIG-IP APM webtop vulnerability CVE-2018-15334 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74114570 ∗∗∗ BIG-IP ARM BGP vulnerability CVE-2018-17539 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K17264695 ∗∗∗ The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95010813 ∗∗∗ BIG-IP vulnerability CVE-2018-15333 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53620021 ∗∗∗ BIG-IP APM OAuth failure response message vulnerability CVE-2018-15335 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27617652 Next End-of-Day report: 2019-01-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.12.2018
by Daily end-of-shift report 27 Dec '18

27 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-12-2018 18:00 − Donnerstag 27-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-02) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB19-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, January 03, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1680 ∗∗∗ 5 Steps to Mitigate Endpoint Security Incidents ∗∗∗ --------------------------------------------- Endpoint security may be the best investment you have ever made. According to a Ponemon survey – The 2017 State of Endpoint Security Risk – the average cost to an organization of attacks that managed to breach endpoint security was $5 million. In this article, we will look at what you need to know about [...] --------------------------------------------- https://resources.infosecinstitute.com/5-steps-to-mitigate-endpoint-securit… ∗∗∗ Warnung vor Auresoil Sensi & Secure ∗∗∗ --------------------------------------------- Auf einem erfundenen österreichischen Medizinportal behaupten Unbekannte, dass es mit Auresoil Sensi & Secure möglich sei, „das Hörvermögen zu 100% wiederherzustellen“. Das Produkt können Interessent/innen um 57 Euro auf bestmarkethub.com/43/auresoil-med/gps erwerben. Davon raten wir ab, denn die medizinische Wirkung von Auresoil Sensi & Secure ist unklar und kann schädlich sein. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-auresoil-sensi-secure/ ∗∗∗ Nicht bei der Knurf GmbH & Co. KG bewerben ∗∗∗ --------------------------------------------- Die betrügerische Knurf GmbH & Co. KG sucht über knurf.net Proband/innen, die Produkte oder Dienstleitungen testen sollen. Die Aufgabe von Interessent/innen besteht letzen Endes darin, dass sie ein Online-Konto eröffnen und ihre Zugangsdaten an das erfundene Unternehmen senden. Damit ist es den Kriminellen möglich, Verbrechen und Geldwäscherei unter dem Namen ihrer Opfer zu begehen. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bei-der-knurf-gmbh-co-kg-bewer… ===================== = Vulnerabilities = ===================== ∗∗∗ spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials ∗∗∗ --------------------------------------------- An authenticated user can visit the page spaces.htm, for example, http://victime_ip/spaces.htm, and obtain clear text password of user admin [...] --------------------------------------------- https://seclists.org/fulldisclosure/2018/Dec/45 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (ghostscript, libarchive, openjpeg2, and sqlite3), Fedora (krb5, mariadb, mariadb-connector-c, mingw-openjpeg2, openjpeg2, phpMyAdmin, python-lxml, spatialite-tools, sqlite, and squid), Mageia (kernel), openSUSE (bluez, git, go1.10, libnettle, libqt5-qtbase, ovmf, pdns, perl, tcpdump, tiff, tryton, and yast2-rmt), Slackware (netatalk), and SUSE (buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, [...] --------------------------------------------- https://lwn.net/Articles/775549/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libextractor and nagios3) and Fedora (adplug, mingw-podofo, and podofo). --------------------------------------------- https://lwn.net/Articles/775584/ ∗∗∗ Synology-SA-18:63 DS File ∗∗∗ --------------------------------------------- A vulnerability allows local users to obtain sensitive information via a susceptible version of Android DS File. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_63 ∗∗∗ Synology-SA-18:64 DSM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_64 ∗∗∗ Synology-SA-18:65 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_65 ∗∗∗ Vuln: McAfee Application and Change Control Multiple Security Bypass Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106282 ∗∗∗ Vuln: Kibana CVE-2018-17246 Local File Include Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106285 ∗∗∗ diverse Router: Schwachstelle ermöglicht Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1200 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ja… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-12882) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-classific… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.12.2018
by Daily end-of-shift report 21 Dec '18

21 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-12-2018 18:00 − Freitag 21-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers ∗∗∗ --------------------------------------------- Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmati… ∗∗∗ Warnung vor Phishing-Mails mit Adresse help(a)orf.at ∗∗∗ --------------------------------------------- Seit einigen Stunden sind Phishing-Mails in Umlauf, die als Reply-Adresse help(a)orf.at eingetragen haben. ORF.at weist ausdrücklich darauf hin, dass von der Konsumentenredaktion des ORF-Radio keinerlei Mails ausgeschickt werden und warnt davor, solche Mails zu öffnen. --------------------------------------------- https://orf.at/stories/3105176 ∗∗∗ Betrügerische WhatsApp-Nachrichten beim Privatverkauf ∗∗∗ --------------------------------------------- Privatverkäufer/innen erhalten von einer Nummer mit der Vorwahl „+1“ eine WhatsApp-Nachricht. Darin erkundigen sich Kriminelle nach dem Produktpreis und schlagen die Kaufabwicklung mit der EMS Shipping Company vor. Sie bestätigt einen überhöhten Zahlungseingang. Verkäufer/innen sollen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie beides. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-… ===================== = Vulnerabilities = ===================== ∗∗∗ Horner Automation Cscape ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in Horner Automation’s Cscape, a Control System Application programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01 ∗∗∗ Schneider Electric EcoStruxure ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an open redirect vulnerability in Schneider Electric’s EcoStruxure, an IoT-enabled architecture and platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-354-02 ∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗ --------------------------------------------- Project: JSON:APIDate: 2018-December-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities.The module doesnt sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-081 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libapache-mod-jk, libav, and netatalk), Fedora (kernel-headers, kernel-tools, and phpMyAdmin), Gentoo (go), Mageia (netty, jctools, php, and phpmyadmin), openSUSE (keepalived), Scientific Linux (ntp), SUSE (enigmail, libqt5-qtbase, mariadb, netatalk, and yast2-rmt), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-aws-hwe, [...] --------------------------------------------- https://lwn.net/Articles/775420/ ∗∗∗ Synology-SA-18:62 Netatalk ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM) and Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_62 ∗∗∗ Vuln: Ghostscript CVE-2018-19134 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106278 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-cpu-hardware-utiliz… ∗∗∗ December 20, 2018 TNS-2018-17 [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-17 ∗∗∗ TMM vulnerability CVE-2018-15330 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23328310 ∗∗∗ BIG-IP AAM DCDB vulnerability CVE-2018-15331 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54843525 ∗∗∗ TMUI vulnerability CVE-2018-15329 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61620494 Next End-of-Day report: 2018-12-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.12.2018
by Daily end-of-shift report 20 Dec '18

20 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-12-2018 18:00 − Donnerstag 20-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ On VBScript ∗∗∗ --------------------------------------------- Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default. Yet this did not deter attackers .. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html ∗∗∗ Rise of the Webminers ∗∗∗ --------------------------------------------- About a year ago webminers began to appear on more and more website. It was popularized by CoinHive and a couple of high-profile scandals revolving around ThePirateBay and Showtime and, in .. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rise-of-the… ∗∗∗ WPA3 WLAN Encryption: All Good Things Come In 3s! ∗∗∗ --------------------------------------------- The current protocol WPA2 (WiFi Protected Access) from 2004 is getting on in years. In early 2018, the WiFi Alliance (WFA) announced an update at the Consumer Electronics Show in Las Vegas. WPA3 is the designated successor, which should eliminate weak points as well as the comfort and the security would clearly increase. In the last .. --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/wpa3-wlan-encrypti… ∗∗∗ Kritische Sicherheitslücke in Internet Explorer - Patches verfügbar ∗∗∗ --------------------------------------------- Microsoft hat ausserhalb des monatlichen Patch-Zyklus Updates für den Internet Explorer veröffentlicht, mit denen eine kritische Sicherheitslücke geschlossen wird. Diese Schwachstelle soll bereits aktiv .. --------------------------------------------- http://www.cert.at/warnings/all/20181219.html ∗∗∗ sgifashop.com ist unseriös ∗∗∗ --------------------------------------------- Der Online-Shop sgifashop.com ist mit seinem Sortiment sehr breit aufgestellt, so ist auch bestimmt für Sie das gewünschte Produkt dabei. Der Alleskönner ist jedoch betrügerisch und liefert .. --------------------------------------------- https://www.watchlist-internet.at/news/sgifashopcom-ist-unserioes/ ∗∗∗ Researcher publishes PoC for new Windows zero-day ∗∗∗ --------------------------------------------- This is the third Windows zero-day the researcher dumps online in the last five months. --------------------------------------------- https://www.zdnet.com/article/researcher-publishes-poc-for-new-windows-zero… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4355 openssl1.0 - security update ∗∗∗ --------------------------------------------- Several local side channel attacks and a denial of service via largeDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. --------------------------------------------- https://www.debian.org/security/2018/dsa-4355 ∗∗∗ Vuln: Jenkins Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106176 ∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-081 ∗∗∗ E-Sign - Moderately critical - Cross site scripting - SA-CONTRIB-2018-080 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-080 ∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1849) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ D-LINK Router: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1191 ∗∗∗ FreeBSD OS: Schwachstelle ermöglicht Codeausführung ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1192 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.12.2018
by Daily end-of-shift report 19 Dec '18

19 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-12-2018 18:00 − Mittwoch 19-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gefälschte Energie AG-Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden ein gefälschtes Energie AG-Schreiben. Darin behaupten sie, dass Kund/innen ihre aktuelle Rechnung herunterladen und ausdrucken können. Dazu sollen sie eine unbekannte Website aufrufen und eine ZIP-Datei öffnen. Diese verbirgt Schadsoftware. Konsument/innen, die die vermeintliche Rechnung öffnen, installieren diese auf ihrem Computer. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-energie-ag-rechnung-verb… ∗∗∗ Searching statically-linked vulnerable library functions in executable code ∗∗∗ --------------------------------------------- Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-… ∗∗∗ Das letzte Silvester für PHP 5.6 ∗∗∗ --------------------------------------------- PHP 5.6 steht kurz vor dem Ende seiner Lebenszeit. Mit 31.12.2018 endet der Security-Support für die letzte Version der PHP 5 Familie, ab dann wird nur noch PHP 7 weiterentwickelt. Das bedeutet, dass ab dem Jahreswechsel neu entdeckte Sicherheitslücken in PHP 5.6 Upstream nicht mehr gepatcht werden. Die uns zur Verfügung stehenden Daten von Shodan zeigen, dass derzeit die Mehrheit der Server in Österreich noch PHP 5 im [...] --------------------------------------------- http://www.cert.at/services/blog/20181219120223-2326.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript), Fedora (ansible and wireshark), openSUSE (go1.11, pdns, and pdns-recursor), Oracle (firefox), Red Hat (java-1.8.0-ibm), Scientific Linux (firefox), and SUSE (crash, libqt5-qtbase, perl, and qemu). --------------------------------------------- https://lwn.net/Articles/775230/ ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability identified in Advantechs WebAccess/SCADA software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 Products ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper access control vulnerability identified in the 3S-Smart Software Solutions CODESYS Control V3 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03 ∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Products ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities identified in the 3S-Smart Software Solutions GmbH CODESYS V3 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 ∗∗∗ BSRT-2018-005 Vulnerabilities in Management Console Impact Affected Versions of BlackBerry UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN99810718/ ∗∗∗ Vuln: Symfony Local File Include and Open Redirection Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106249 ∗∗∗ Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Notice - Statement on Information Leak Vulnerability in Huawei HG Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20181219-01-… ∗∗∗ IBM Security Bulletin: Privilege Escalation in Notes System Diagnostic Service of both IBM Notes and Domino (CVE-2018-1771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical privilege escalation vulnerability in Kubernetes (CVE-2018-1002105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 – Admin Users Can Elevate Own Permissions (CVE-2018-1973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-ad… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by authentication bypass vulnerability in LoopBack (CVE-2018-1778) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from Network Time Protocol (NTP) (CVE-2018-12327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a Denial of Service vulnerability (CVE-2018-1677) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a CSRF vulnerability (CVE-2018-1661) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.12.2018
by Daily end-of-shift report 18 Dec '18

18 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 17-12-2018 18:00 − Dienstag 18-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hidden Code in Memes Instruct Malware via Twitter ∗∗∗ --------------------------------------------- Analysts discover malicious code embedded in tweeted images. --------------------------------------------- https://threatpost.com/hidden-code-in-memes-instruct-malware-via-twitter/14… ∗∗∗ Sneaky phishing campaign beats two-factor authentication ∗∗∗ --------------------------------------------- Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn’t mean every method for doing this is equally secure. --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/18/sneaky-phishing-campaign-beats-… ∗∗∗ Your trust, our signature ∗∗∗ --------------------------------------------- Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario [...] --------------------------------------------- https://blog.fox-it.com/2018/12/18/your-trust-our-signature/ ∗∗∗ Clever SEO Spam Injection ∗∗∗ --------------------------------------------- It's very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I'll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. --------------------------------------------- https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html ∗∗∗ Erpressungstrojaner Everbe, Hidden Tear und InsaneCrypt kostenlos entschlüsseln ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat für verschiedene Verschlüsselungstrojaner Gratis-Entschlüsselungstools veröffentlicht. --------------------------------------------- http://heise.de/-4254364 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate, 14.12.18 ∗∗∗ --------------------------------------------- [...] haben wir eine potenzielle Sicherheitsschwachstelle in unserer iCal-Feed-Funktion festgestellt, in dem durch vom Benutzer manuelles Manipulieren von Teilen der Feed-URL es theoretisch möglich gewesen wäre, zufällig auf die iCal-Feeds anderer TimeTac-Benutzer zugreifen zu können. [...] Dieses Problem wurde unmittelbar nach Bekanntwerden durch ein Sicherheitsupdate behoben und bei allen theoretisch betroffenen TimeTac-Kundenkonten ausgerollt. --------------------------------------------- https://support.timetac.com/de/changelog-de/sicherheitsupdate-14-12-18/ ∗∗∗ Razer Cortex Debugger Remote Command Execution ∗∗∗ --------------------------------------------- Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on... --------------------------------------------- https://cxsecurity.com/issue/WLB-2018120170 ∗∗∗ VMSA-2018-0031 ∗∗∗ --------------------------------------------- vRealize Operations updates address a local privilege escalation vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0031.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libapache-mod-jk and sleuthkit), Fedora (kernel, kernel-headers, mbedtls, php, php-symfony, php-symfony3, php-symfony4, and wireshark), openSUSE (pdns, pdns-recursor, and salt), Oracle (firefox and ghostscript), Red Hat (ansible, firefox, ghostscript, and kernel), Scientific Linux (firefox and ghostscript), and SUSE (ovmf). --------------------------------------------- https://lwn.net/Articles/775172/ ∗∗∗ Synology-SA-18:61 Magellan ∗∗∗ --------------------------------------------- Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_61 ∗∗∗ libexif: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1182 ∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1180 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cu… ∗∗∗ IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-kr… ∗∗∗ IBM Security Bulletin: A vulnerability in git affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-gi… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… ∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gn… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ IBM Security Bulletin: A vulnerability in wpa_supplicant affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-wp… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.12.2018
by Daily end-of-shift report 17 Dec '18

17 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-12-2018 18:00 − Montag 17-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shamoon Disk Wiper Returns with Second Sample Uncovered this Month ∗∗∗ --------------------------------------------- Shamoons comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/shamoon-disk-wiper-returns-w… ∗∗∗ Datenbank: Fehler in SQLite ermöglichte Codeausführung ∗∗∗ --------------------------------------------- Anwendungen, die SQLite einsetzen und von außen SQL-Zugriff darauf bieten, sind offenbar von einem Fehler betroffen, der eine beliebige Codeausführung ermöglicht. Dazu gehören unter anderem Browser auf Chromium-Basis, für die inzwischen Updates bereitstehen. (Security, Browser) --------------------------------------------- https://www.golem.de/news/datenbank-fehler-in-sqlite-ermoeglichte-codeausfu… ∗∗∗ Worst passwords list is out, but this time we’re not scolding users ∗∗∗ --------------------------------------------- This is on you, makers of sites and services that allow users to create passwords like "password." You can do better! --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but… ∗∗∗ The GPS 2019 Week Rollover - What You Need to Know ∗∗∗ --------------------------------------------- The Global Positioning System provides accurate timing information to many of our critical systems - power grid, communications, financial markets, emergency services, and industrial control to name a few. [...] The next time the counter will reach week 1023 and rollover to zero is on April 6, 2019. --------------------------------------------- https://spectracom.com/resources/blog/lisa-perdue/2018/gps-2019-week-rollov… ∗∗∗ Intels NUCs: Viele Mini-PCs mit fehlerhaftem BIOS-Schutz ∗∗∗ --------------------------------------------- Bei einigen Mini-PCs aus Intels NUC-Reihe lässt sich das BIOS mit manipuliertem Code überschreiben, etwa um eine Backdoor einzupflanzen. --------------------------------------------- http://heise.de/-4251738 ∗∗∗ Betrügerische Androhung von Pfändungsterminen ∗∗∗ --------------------------------------------- Konsument/innen erhalten von erfundenen Inkassobüros und Rechtsanwält/innen letzte Zahlungsaufforderungen in Höhe von 479,16 Euro. Darin heißt es, dass es zu einer Pfändung ihrer Wertgegenstände komme, wenn sie den geforderten Geldbetrag nicht bezahlen. Empfänger/innen können das Schreiben ignorieren und müssen keine Überweisung tätigen. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-androhung-von-pfaendu… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php5, poppler, and samba), Fedora (firefox, mbedtls, nbdkit, pdns-recursor, php, php-symfony, php-symfony3, and php-symfony4), Gentoo (CouchDB, scala, and spamassassin), Mageia (firefox, libwpd, nss, and thunderbird), openSUSE (Chromium, cups, ghostscript, kernel, openvswitch, phpMyAdmin, qemu, and tcpdump), Red Hat (RHGS WA), and SUSE (ansible, openldap2, openvswitch, qemu, and tcpdump). --------------------------------------------- https://lwn.net/Articles/775102/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gs… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-nt… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability. (CVE-2018-1667) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential redirection to external site when using the the IBM Event Streams API (CVE-2018-1833) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-redirection… ∗∗∗ NodeJS vulnerability CVE-2018-12120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37111863 ∗∗∗ OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43741620 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2018
by Daily end-of-shift report 14 Dec '18

14 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-12-2018 18:00 − Freitag 14-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ The economics of vulnerability disclosure ∗∗∗ --------------------------------------------- A new ENISA report aims to provide a glimpse into the costs, incentives, and impact related to discovering and disclosing vulnerabilities in information security. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-economics-of-vulnerability-… ∗∗∗ How to protect yourself as the threat of scam apps grows ∗∗∗ --------------------------------------------- As the threat of bogus apps continues, what can we do to protect ourselves against these fraudulent practices? --------------------------------------------- https://www.welivesecurity.com/2018/12/14/protect-yourself-threat-scam-apps… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Logitech Keystroke Injection Flaw Went Unaddressed for Months ∗∗∗ --------------------------------------------- The flaw allows a remote attacker to gain full access over a machine. --------------------------------------------- https://threatpost.com/logitech-keystroke-injection-flaw/139928/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript, git, java-1.7.0-openjdk, java-11-openjdk, kernel, NetworkManager, python-paramiko, ruby, sos-collector, thunderbird, and xorg-x11-server), Debian (gcc-4.9), and SUSE (amanda, ntfs-3g_ntfsprogs, and tiff). --------------------------------------------- https://lwn.net/Articles/774940/ ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE identifiers: CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0009.html ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1175 ∗∗∗ Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01 ∗∗∗ Schneider Electric GUIcon Eurotherm ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-01 ∗∗∗ Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-02 ∗∗∗ Geutebrück GmbH E2 Series IP Cameras ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03 ∗∗∗ GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04 ∗∗∗ Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN87535892/ ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – Cross-site scripting (CVE-2018-18997) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005753… ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – No Access Control (CVE-2018-18995) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005751… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-st… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerability in user login vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-1656; CVE-2018-2973; CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a public disclosed vulnerability from Apache ZooKeeper ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2018
by Daily end-of-shift report 13 Dec '18

13 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-12-2018 18:00 − Donnerstag 13-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Captchas are dead...ish. ∗∗∗ --------------------------------------------- According to a recently published research paper, some types of Captchas are now obsolete. The reason: machines have learned to solve those Captchas. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/12/31374-captchas-are-dead-ish ∗∗∗ OWASP Top 10 Security Risks – Part III ∗∗∗ --------------------------------------------- Today, we are going to explore items 5 and 6: broken access control and security misconfigurations. --------------------------------------------- https://blog.sucuri.net/2018/12/owasp-top-10-security-risks-part-iii.html ∗∗∗ Wichtiges Sicherheitsupdate: WordPress 5.0.1 ist da ∗∗∗ --------------------------------------------- Aufgrund von mehreren Sicherheitslücken könnten Angreifer mit WordPress erstellte Websites attackieren. Eine fehlerbereinigte Version steht bereit. --------------------------------------------- http://heise.de/-4249500 ∗∗∗ Scanning for Flaws, Scoring for Security ∗∗∗ --------------------------------------------- Is it fair to judge an organizations information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. --------------------------------------------- https://krebsonsecurity.com/2018/12/scanning-for-flaws-scoring-for-security/ ∗∗∗ Vorsicht bei gamestar4.com ∗∗∗ --------------------------------------------- Der Online-Shop gamestar4.com, mit angeblichem Sitz in Wien, ist betrügerisch. Auf gamestar4.com finden Sie neben Haushaltszubehör und Elektrogeräten, billige Spielkonsolen, die als Wochendeals beworben werden. Bestellen Sie bei gamestar4.com, verlieren Sie Ihr Geld, übermitteln Betrüger/innen sensible Daten und erhalten keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-gamestar4com/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (singularity), openSUSE (compat-openssl098, cups, firefox, mozilla-nss, and xen), and SUSE (cups, exiv2, ghostscript, and git). --------------------------------------------- https://lwn.net/Articles/774845/ ∗∗∗ Linux kernel vulnerability CVE-2018-5390 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95343321 ∗∗∗ IBM Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-contains-a-de… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1848) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Potential MITM attack in Apache CXF used by IBM Event Streams (CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-mitm-attack… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by multiple vulnerabilities in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by a vulnerability in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2018
by Daily end-of-shift report 12 Dec '18

12 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-12-2018 18:00 − Mittwoch 12-12-2018 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Logitech Options: Logitech-Software ermöglicht bösartige Codeausführung ∗∗∗ --------------------------------------------- In einer Software zur Konfiguration von Logitech-Tastaturen und Mäusen klafft ein riesiges Sicherheitsloch. Nutzer von Logitech Options sollten es vorerst deinstallieren: Bisher gibt es keinen Fix. (Logitech, Eingabegerät) --------------------------------------------- https://www.golem.de/news/logitech-options-logitech-software-ermoeglicht-bo… ∗∗∗ Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project ZeroWhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC project. I fuzzed this implementation to see if it had similar results to WebRTC and FaceTime.Fuzzing Set-upPJSIP is open source, so it was easy to identify the PJSIP code in the Android WhatsApp binary [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ A bug in Microsoft’s login system made it easy to hijack anyone’s Office account ∗∗∗ --------------------------------------------- A string of bugs when chained together created the perfect attack to gain access to someones Microsoft account - simply by tricking a user into clicking a link. --------------------------------------------- https://techcrunch.com/2018/12/11/microsoft-login-bug-hijack-office-account… ∗∗∗ Patchday: Attacken auf Windows-Kernel-Lücke ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehrere Schwachstellen gelten als kritisch. --------------------------------------------- http://heise.de/-4248309 ∗∗∗ Sicherheitsupdates: Angreifer könnten IP-Kameras von Bosch übernehmen ∗∗∗ --------------------------------------------- Einige IP-Kamera-Modelle von Bosch sind über eine als kritisch eingestufte Sicherheitslücke attackierbar. Updates schaffen Abhilfe. --------------------------------------------- http://heise.de/-4248751 ∗∗∗ Bitcoin Profit ist Betrug ∗∗∗ --------------------------------------------- Auf einer gefälschten orf.at-Website bewerben Kriminelle die Trading-Plattform Bitcoin Profit. In dem irreführenden Beitrag behaupten sie, dass es damit sehr einfach sei, sehr hohe Gewinne zu erzielen. Über die Werbung gelangen Leser/innen auf btcprofitnow.pro. Melden sie sich auf der Website für Bitcoin Profit an und überweisen sie ihr Geld an Kriminelle, verlieren sie es und ihre Daten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-profit-ist-betrug/ ∗∗∗ Schadsoftware in gefälschter DHL-Sendungsbenachrichtigung ∗∗∗ --------------------------------------------- Zur Weihnachtszeit ist es leicht möglich, dass Sie Versandbenachrichtigungen in Ihrem E-Mail-Posteingang erwarten. Dennoch überrascht Sie dort womöglich eine gefälschte DHL-Nachricht. Die Mail gibt vor, Sie über eine anstehende Lieferung zu informieren, die gar nicht existiert. Wenn Sie auf den Link in der Nachricht klicken, wird versucht eine Datei herunterzuladen. Vorsicht! Diese vermeintliche Word-Datei enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-in-gefaelschter-dhl-se… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, lib32-openssl, lib32-openssl-1.0, openssl, openssl-1.0, texlive-bin, and wireshark-cli), Fedora (perl), openSUSE (pdns), Oracle (kernel), Red Hat (kernel), Slackware (mozilla), SUSE (kernel, postgresql10, qemu, and xen), and Ubuntu (firefox, freerdp, freerdp2, pixman, and poppler). --------------------------------------------- https://lwn.net/Articles/774731/ ∗∗∗ Security Advisory - Cache Timing Vulnerability in OpenSSL RSA Key Generation ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181212-… ∗∗∗ IBM Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, CVE-2018-5407) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Vulnerability in Xorg affects AIX (CVE-2018-14665) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-xorg… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in Oracle Solaris affects AIX (CVE-2017-3623) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-orac… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2018
by Daily end-of-shift report 11 Dec '18

11 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 10-12-2018 18:00 − Dienstag 11-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MySQL-Frontend: Lücke in PhpMyAdmin erlaubt Datendiebstahl ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im MySQL-Frontend PhpMyAdmin erlaubt es, lokale Dateien auszulesen. Dafür benötigt man jedoch einen bereits existierenden Login. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/mysql-frontend-luecke-in-phpmyadmin-erlaubt-daten… ∗∗∗ Warnung vor schlossauf.at ∗∗∗ --------------------------------------------- Die Website schlossauf.at wirbt mit einem seriösen und preiswerter Schlüsseldienst, der in 20min vor Ort bei Kund/innen ist. Konsument/innen, die den Dienst nutzen, nehmen in Wahrheit Kontakt mit der deutschen Gesellschaft MK Notservice GmbH auf. Sie vermittelt Schlosser/innen. Die Dienste vor Ort sind laut Kund/innenmeinungen mit langen Wartezeiten verbunden und sehr teuer. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-schlossaufat/ ∗∗∗ Augen auf beim digitale Vignetten-Kauf! ∗∗∗ --------------------------------------------- Die digitale Vignette können Sie an unterschiedlichsten Stellen erstehen. Neben der ASFINAG, dem ÖAMTC oder dem ARBÖ vertreiben nämlich auch andere unbekanntere Anbieter die digitale Vignette. Achtung: Hier werden zum Teil zusätzliche Kosten verrechnet, die Sie leicht vermeiden können, indem Sie einen kurzen Vergleich anstellen. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-digitale-vignetten-ka… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB18-41). The updates referenced in the bulletin address critical and important vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1674 ∗∗∗ Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018-071 ∗∗∗ --------------------------------------------- Project: Decoupled RouterVersion: 8.x-1.18.x-1.0Date: 2018-October-31Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label.The module doesnt sufficiently check access before displaying entity labels. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-071 ∗∗∗ TYPO3 9.5.2, 8.7.21 and 7.6.32 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: * TYPO3 9.5.2 LTS * TYPO3 8.7.21 LTS * TYPO3 7.6.32 LTS All versions are security releases and contain important security fixes. --------------------------------------------- https://typo3.org/article/typo3-952-8721-and-7632-security-releases-publish… ∗∗∗ SAP Security Patch Day – December 2018 ∗∗∗ --------------------------------------------- On 11th of December 2018, SAP Security Patch Day saw the release of 9 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php7.0), Fedora (keepalived, kernel, kernel-headers, kernel-tools, mingw-uriparser, and uriparser), openSUSE (pdns-recursor), Oracle (kernel), SUSE (compat-openssl098, glibc, java-1_8_0-ibm, kernel, opensc, python, python-base, python-cryptography, python-pyOpenSSL, samba, and soundtouch), and Ubuntu (cups). --------------------------------------------- https://lwn.net/Articles/774590/ ∗∗∗ SSA-982399: Missing Authentication in TIM 1531 IRC Modules ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-982399.txt ∗∗∗ SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ SSA-674165: Vulnerability in McAfee MACC product for SINAMICS PERFECT HARMONY GH180 drives ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-674165.txt ∗∗∗ SSA-170881: Vulnerabilities in SINUMERIK Controllers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-170881.txt ∗∗∗ IBM Security Bulletin: Open Source Python-paramiko vulnerability affects IBM Netezza Host Management. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-python-pa… ∗∗∗ IBM Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… ∗∗∗ IBM Security Bulletin: Vulnerability in BIND affects Power Hardware Management Console (CVE-2018-5740) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a glibc vulnerability (CVE-2017-15670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-access-m… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0732, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-manager-wit… ∗∗∗ glibc vulnerability CVE-2017-16997 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43546166 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.12.2018
by Daily end-of-shift report 10 Dec '18

10 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-12-2018 18:00 − Montag 10-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gefälschte T-Mobile-Nachricht fordert Auskunft ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte T-Mobile-Nachricht. Darin behaupten sie, dass Kund/innen im Zusammenhang mit der Nutzung von Diensten persönliche Daten bekannt geben und ihre Telefonnummer bestätigen müssen. Das soll auf einer gefälschten T-Mobile-Website geschehen. Konsument/innen, die die von Ihnen verlangten Informationen bekannt geben, werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-t-mobile-nachricht-forde… ∗∗∗ Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans ∗∗∗ --------------------------------------------- Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sextortion-emails-now-leadin… ∗∗∗ How can businesses get the most out of pentesting? ∗∗∗ --------------------------------------------- More than 4.5 billion data records were compromised in the first half of this year. If you still feel like your enterprise is secure after reading that statistic, you’re one of the few. Hackers utilizing high-profile exploits to victimize organizations is becoming an almost daily occurrence, with 18,000 to 19,000 new vulnerabilities estimated to show up in 2018. Here’s the thing though – we can still address the situation and make the current threat landscape [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/12/10/get-the-most-out-of-pentesting/ ∗∗∗ Mac malware combines EmPyre backdoor and XMRig miner ∗∗∗ --------------------------------------------- New Mac malware is using the EmPyre backdoor and the XMRig cryptominer to drain processor power—and possibly worse. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/12/mac-malware-combines-… ∗∗∗ Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix ∗∗∗ --------------------------------------------- Bug dealt with in Chrome and Edge, but still a problem for Firefox users. --------------------------------------------- https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml). --------------------------------------------- https://lwn.net/Articles/774489/ ∗∗∗ WPForms <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9164 ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-s, 1801-t and 1801-u ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a stored cross-site scripting vulnerability (CVE-2018-1900) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains an open redirect vulnerability (CVE-2018-1654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for libcURL (CVE-2018-14618) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from OpenSSL (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2018
by Daily end-of-shift report 07 Dec '18

07 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-12-2018 18:00 − Freitag 07-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Using Fuzzing to Mine for Zero-Days ∗∗∗ --------------------------------------------- Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in todays security landscape. --------------------------------------------- https://threatpost.com/using-fuzzing-to-mine-for-zero-days/139683/ ∗∗∗ Is it Time to Uninstall Flash? (If you havent already) ∗∗∗ --------------------------------------------- If you havent uninstalled Flash yet, maybe today should be that day. The update posted yesterday has a remote code exec proof-of-concept already here: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+have… ∗∗∗ Array string obfuscation ∗∗∗ --------------------------------------------- We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method has been increasingly utilized: [...] --------------------------------------------- http://labs.sucuri.net/?note=2018-12-06 ===================== = Vulnerabilities = ===================== ∗∗∗ Philips HealthSuite Health Android App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an inadequate encryption strength vulnerability in Philips HealthSuite Health Android App. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01 ∗∗∗ GE Proficy GDS ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper restriction of XML external entity reference vulnerability in GEs Proficy GDS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01 ∗∗∗ Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules ∗∗∗ --------------------------------------------- This advisory contains mitigations for a missing authentication vulnerability in the Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02 ∗∗∗ watchOS 5.1.2 ∗∗∗ --------------------------------------------- This document describes the security content of watchOS 5.1.2. --------------------------------------------- https://support.apple.com/en-us/HT209343 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack). --------------------------------------------- https://lwn.net/Articles/774270/ ∗∗∗ Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN89767228/ ∗∗∗ IBM Security Bulletin: Potential information disclosure in WebSphere Application Server (CVE-2018-1957) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-information… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple openssl vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-social-program-ma… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2018
by Daily end-of-shift report 06 Dec '18

06 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-12-2018 18:00 − Donnerstag 06-12-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 2: Fun with FaceTime ∗∗∗ --------------------------------------------- FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the .. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Data Exfiltration in Penetration Tests ∗∗∗ --------------------------------------------- In many penetration tests, therell be a point where you need to exfiltrate some data. Sometimes this is a situation of "OK, we got the crown jewels, lets get the data off premise". Or sometimes in .. --------------------------------------------- https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24… ∗∗∗ Campaign evolution: Hancitor changes its Word macros ∗∗∗ --------------------------------------------- Todays diary reviews trends in recent malicious spam (malspam) pushing Hancitor. --------------------------------------------- https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+changes+its+W… ∗∗∗ MikroTik: Hunderttausende Router schürfen heimlich Kryptogeld ∗∗∗ --------------------------------------------- Eine im August bekannt gewordenen Schwachstelle in den Geräten wird momentan öfter angegriffen denn je. --------------------------------------------- http://heise.de/-4243857 ∗∗∗ Linux: Besserer Spectre-V2-Schutz jetzt im Kernel, kaum Geschwindigkeitsverlust ∗∗∗ --------------------------------------------- Nach einem abgelehnten Patch haben die Linux-Entwickler den Schutz gegen die CPU-Lücke Spectre V2 in den Kerneln 4.14.86 und 4.19.7 verbessert. --------------------------------------------- http://heise.de/-4244052 ∗∗∗ Betrügerischer Sicherheitsalarm im Postfach ∗∗∗ --------------------------------------------- Konsument/innen finden in ihrem E-Mailpostfach eine Nachricht mit dem Betreff „Sicherheitsalarm. Hacker kennen das Passwort vom (E-Mailadresse)“. In dem Schreiben behaupten Kriminelle .. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3205&tx… ∗∗∗ konsolensultan.de ist ein Fake-Shop ∗∗∗ --------------------------------------------- Bestellen Sie nicht bei konsolensultan.de, es handelt sich um einen unseriösen Anbieter. Die gewünschten Spielkonsolen und Controller werden Sie nie erreichen. Sie verlieren Ihr Geld. --------------------------------------------- https://www.watchlist-internet.at/news/konsolensultande-ist-ein-fake-shop/ ∗∗∗ A botnet of over 20,000 WordPress sites is attacking other WordPress sites ∗∗∗ --------------------------------------------- Botnet is still up and running but law enforcement has been notified. --------------------------------------------- https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-41) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, December 11, 2018. We will continue to provide updates on the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1669 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin). --------------------------------------------- https://lwn.net/Articles/774089/ ∗∗∗ MISP 2.4.99 released (aka API/UI fixes and critical security vulnerability fixed) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.Thanks to Francois-Xavier Stellamans from NCI Agency Cyber Security who reported a critical vulnerability in the STIX 1 import code. The vulnerability allows a malicious authenticated user to inject commands via .. --------------------------------------------- https://www.misp-project.org/2018/12/06/MISP.2.4.99.released.html ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Mul… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-5407 and CVE-2018-0734 in OpenSSL affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1896) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-could-… ∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a downgrade vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2018
by Daily end-of-shift report 05 Dec '18

05 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-12-2018 18:00 − Mittwoch 05-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 1: The Wild World of WebRTC ∗∗∗ --------------------------------------------- Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. While a lot of research has been done into the cryptographic and privacy properties of video conferencing, there is limited information available about the attack surface of these platforms [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Notfallpatch: Exploit-Code für kritische Flash-Lücke im Umlauf ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für Adobes Flash Player. Nutzer sollten es dringend installieren. --------------------------------------------- http://heise.de/-4242328 ∗∗∗ SplitSpectre: Neue Methode macht Prozessor-Angriffe einfacher ∗∗∗ --------------------------------------------- Eine neue Abwandlung des Spectre-V1-Angriffs macht solche Attacken auf CPUs realistischer. Sie lässt sich über die JavaScript-Engine eines Browsers ausführen. --------------------------------------------- http://heise.de/-4241478 ∗∗∗ Achtung Dynamit-Phishing: Gefährliche Trojaner-Welle legt ganze Firmen lahm ∗∗∗ --------------------------------------------- BSI, CERT-Bund und Cybercrime-Spezialisten der LKAs sehen eine akute Welle von Infektionen mit Emotet, die Millionenschäden anrichtet. --------------------------------------------- http://heise.de/-4241424 ∗∗∗ The Dark Side of the ForSSHe ∗∗∗ --------------------------------------------- ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, "The Dark Side of the ForSSHe", they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats --------------------------------------------- https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/ ∗∗∗ Achtung: Gefälschte PayPal-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Konsument/innen wird per E-Mail eine angebliche Rechnung von PayPal zugesandt - für ein Produkt, das nie bestellt wurde. Um die Rechnung zu stornieren, soll man einem Link folgen und dort seine persönlichen Daten und Zahlungsinformationen bekannt geben. Wer der Aufforderung nachkommt, wird Opfer eines Datendiebstahls und ermöglicht Kriminellen Zahlungen im eigenen Namen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-gefaelschte-paypal-rechnunge… ∗∗∗ It looked like a Citrix ShareFile phishing attack, but wasn’t ∗∗∗ --------------------------------------------- Guest contributor Bob Covello isn’t happy about a password reset email that Citrix has been sending its customers.If you’re a company contacting your customers via email, please make sure it doesn’t look phishy. --------------------------------------------- https://www.grahamcluley.com/citrix-sharefile-not-phishing-email/ ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-One ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and use after free vulnerabilities in Omrons CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01 ∗∗∗ SpiderControl SCADA WebServer ∗∗∗ --------------------------------------------- This advisory includes mitigations for a reflected cross-site scripting vulnerability in SpiderControls SCADA WebServer software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 ∗∗∗ Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018 ∗∗∗ --------------------------------------------- Version 1.15: Final --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Inadequate cryptography implementation in Kerio Control VPN protocol ∗∗∗ --------------------------------------------- A vulnerability in the Kerio Control VPN protocol allowed an attacker to modify data transferred through the VPN. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/inadequate-cryptography-impl… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby). --------------------------------------------- https://lwn.net/Articles/773964/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1935) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Financial Transaction Manager for Check Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-17/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-im… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a XSS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2018
by Daily end-of-shift report 04 Dec '18

04 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 03-12-2018 18:00 − Dienstag 04-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KoffeyMaker: notebook vs. ATM ∗∗∗ --------------------------------------------- Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack. --------------------------------------------- https://securelist.com/koffeymaker-notebook-vs-atm/89161/ ∗∗∗ SamSam Ransomware ∗∗∗ --------------------------------------------- Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide.NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information. This product is provided subject to this --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/03/SamSam-Ransomware ∗∗∗ App-Store-Betrug mit Touch-ID-Geräten ∗∗∗ --------------------------------------------- Verschiedene Entwickler versuchen, Nutzer zum Kauf teurer In-App-Angebote zu bringen – mittels "Fingerabdruckklau". Apple reagiert. --------------------------------------------- http://heise.de/-4239342 ∗∗∗ Kubernetes: Kritisches Update für Container-Verwaltung ∗∗∗ --------------------------------------------- In Kubernetes steckt eine gefährliche Sicherheitslücke, über die unangemeldete Angreifer Code mit Admin-Rechten im Cluster ausführen können. --------------------------------------------- http://heise.de/-4240804 ∗∗∗ Gebietskörperschaften erhalten gefälschte Geschäftskorrespondenz ∗∗∗ --------------------------------------------- Betrüger/innen schreiben Gebietskörperschaften an und geben sich als Geschäftspartner/innen des Bundes, der Länder oder der Gemeinden aus. Sie erfinden einen Grund, der es angeblich notwendig macht, dass sie die Vertragskopie für ein Rechtsgeschäft erhalten. In diese fügen sie neue Bankdaten ein und fordern die Geldüberweisung auf ein neues Konto. Beamt/innen und Vertragsbedienstete, die die Transaktion durchführen, überweisen Geld an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gebietskoerperschaften-erhalten-gefa… ∗∗∗ In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct ∗∗∗ --------------------------------------------- Since we began reporting on online card skimming, we have noted consistent evolutions in modus operandi of the various Magecart groups, and even the Magecart phenomenon itself. The web-skimming ecosystem has exploded, spawning multiple groups that want a piece of the action, many of which we reported on in our recent report “Inside Magecart.” […]The post In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct appeared first on RiskIQ. --------------------------------------------- https://www.riskiq.com/blog/labs/magecart-vision-direct/ ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-12-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2018-12-01.html ∗∗∗ Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is [...] --------------------------------------------- https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injectio… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/773826/ ∗∗∗ Cisco Energy Management Suite Default PostgreSQL Password Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ TMM vulnerability CVE-2018-5535 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19634255 ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM WebSphere Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-15/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Transparent Cloud Tiering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-14/ ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: QRadar Advisor with Watson ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-13/ ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Apache PDFBox as used in IBM QRadar Incident Forensics is vulnerable to Publicly disclosed vulnerability. (CVE-2018-8036) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-as-used… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.12.2018
by Stephan Richter 03 Dec '18

03 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗ --------------------------------------------- Industrial Control Systems (ICS) are expected to be installed and left isolated for a long time. Technical changes and the necessity of reducing operating costs led to this equipment being left in operation longer than expected, exposing it to a broad range of cyber-threats. Malware designed to compromise [...] --------------------------------------------- https://resources.infosecinstitute.com/who-is-targeting-industrial-faciliti… ∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗ --------------------------------------------- I’m writing this quick wrap-up in Vienna, Austria where I attended my first DeepSec conference. This event was already on my schedule for a while but I never had a chance to come. This year, I submitted a training and I was accepted! Good opportunity to visit the beautiful city [...] --------------------------------------------- https://blog.rootshell.be/2018/11/30/deepsec-2018-wrap-up/ ∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS Implementations ∗∗∗ --------------------------------------------- In this whitepaper*, nine different implementations of TLS were tested against cache attacks and seven were found to be vulnerable: [...] --------------------------------------------- https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-c… ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗ --------------------------------------------- In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes (PP) for a few different reasons. This blog seeks to remedy this omission and provide details of how I was able to also hijack a full PP-WindowsTCB process without requiring administrator privileges. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-… ∗∗∗ What the Marriott Breach Says About Security ∗∗∗ --------------------------------------------- We dont yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. --------------------------------------------- https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-sec… ∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗ --------------------------------------------- Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben, denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird nie verschickt! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-iphone-gewinn-sms-von-bi… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope ∗∗∗ --------------------------------------------- A digital oscilloscope by Siglent Technologies is affected by multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication. The vendor was unresponsive and did not provide a patch. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws). --------------------------------------------- https://lwn.net/Articles/773437/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/773650/ ∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106059 ∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in [...] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vu… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1138

1 0

Tageszusammenfassung - 03.12.2018
by Daily end-of-shift report 03 Dec '18

03 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗ --------------------------------------------- Industrial Control Systems (ICS) are expected to be installed and left isolated for a long time. Technical changes and the necessity of reducing operating costs led to this equipment being left in operation longer than expected, exposing it to a broad range of cyber-threats. Malware designed to compromise [...] --------------------------------------------- https://resources.infosecinstitute.com/who-is-targeting-industrial-faciliti… ∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗ --------------------------------------------- I’m writing this quick wrap-up in Vienna, Austria where I attended my first DeepSec conference. This event was already on my schedule for a while but I never had a chance to come. This year, I submitted a training and I was accepted! Good opportunity to visit the beautiful city [...] --------------------------------------------- https://blog.rootshell.be/2018/11/30/deepsec-2018-wrap-up/ ∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS Implementations ∗∗∗ --------------------------------------------- In this whitepaper*, nine different implementations of TLS were tested against cache attacks and seven were found to be vulnerable: [...] --------------------------------------------- https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-c… ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗ --------------------------------------------- In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes (PP) for a few different reasons. This blog seeks to remedy this omission and provide details of how I was able to also hijack a full PP-WindowsTCB process without requiring administrator privileges. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-… ∗∗∗ What the Marriott Breach Says About Security ∗∗∗ --------------------------------------------- We dont yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. --------------------------------------------- https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-sec… ∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗ --------------------------------------------- Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben, denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird nie verschickt! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-iphone-gewinn-sms-von-bi… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope ∗∗∗ --------------------------------------------- A digital oscilloscope by Siglent Technologies is affected by multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication. The vendor was unresponsive and did not provide a patch. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws). --------------------------------------------- https://lwn.net/Articles/773437/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/773650/ ∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106059 ∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in [...] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vu… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1138 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.11.2018
by Daily end-of-shift report 30 Nov '18

30 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-11-2018 18:00 − Freitag 30-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Here are another 45,000 reasons to patch Windows systems against old NSA exploits ∗∗∗ --------------------------------------------- Its 2018 and UPnP is still opening up networks - this time to leaked SMB cyber-weapons Earlier this year, Akamai warned that vulnerabilities in Universal PlugNPlay (UPnP) had been exploited by scumbags to hijack 65,000 home routers. In follow-up research released this week, it revealed little has changed.… --------------------------------------------- https://www.theregister.co.uk/2018/11/30/akamai_routerwreckers_active/ ∗∗∗ Good practices for identifying and assessing cybersecurity interdependencies ∗∗∗ --------------------------------------------- A glance at the interdependency landscape reveals several emerging interdependencies between operators of essential services (OES) and digital service providers (DSP), at both system and service level. Due to these interdependencies, there is an increasing number of cybersecurity incidents that either propagated across organisations (often across borders), or had a cascading effect at the level of essential services. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/good-practices-for-identifying-… ∗∗∗ Gezielte Angriffe gegen Firmen mit Trojaner in AutoCAD-Dateien ∗∗∗ --------------------------------------------- Echte CAD-Pläne mit beigefügten Skripten kopieren unbemerkt Firmengeheimnisse, warnen Sicherheitsforscher. --------------------------------------------- http://heise.de/-4236488 ∗∗∗ Hackers in Hot Water. Pwning smart hot tubs, yes really ∗∗∗ --------------------------------------------- We were given a tip by the awesome Ceri Coburn that something was amiss with the Balboa Water App, a mobile app used for controlling >30,000 hot tubs. You can remotely control your tub, so you can heat it up for when you’re ready, saving […] --------------------------------------------- https://www.pentestpartners.com/security-blog/hackers-in-hot-water-pwning-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Zoom Flaw Lets Hackers Hijack Conference Meetings ∗∗∗ --------------------------------------------- Hackers can spoof messages, hijack screen controls and kick others out of meetings. --------------------------------------------- https://threatpost.com/critical-zoom-flaw-lets-hackers-hijack-conference-me… ∗∗∗ GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075 ∗∗∗ --------------------------------------------- Project: GatherContent Date: 2018-November-28 Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All Vulnerability: Access bypass Description: This module enables you to import and export data from the GatherContent service.The module didnt properly protect its administrative paths. Solution: Install the latest version:If you use the gathercontent module for Drupal 7.x, upgrade to gathercontent 7.x-3.5Also see the GatherContent project page. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-075 ∗∗∗ DSA-4347 perl - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4347 ∗∗∗ INVT Electric VT-Designer ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01 ∗∗∗ IBM Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K49711130 ∗∗∗ USN-3833-1: Linux kernel (AWS) vulnerabilities ∗∗∗ --------------------------------------------- https://usn.ubuntu.com/3833-1/ ∗∗∗ USN-3832-1: Linux kernel (AWS) vulnerabilities ∗∗∗ --------------------------------------------- https://usn.ubuntu.com/3832-1/ ∗∗∗ HPESBHF03906 rev.1 - HPE Intelligent Management Center (IMC), Remote Buffer Overflow, Code Execution, Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2018
by Daily end-of-shift report 29 Nov '18

29 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-11-2018 18:00 − Donnerstag 29-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsvorfall: Dell setzt Kennwörter von Kunden zurück ∗∗∗ --------------------------------------------- Unbekannte hatten Zugriff auf Dell.com und waren auf der Suche nach Kundendaten. --------------------------------------------- http://heise.de/-4235101 ∗∗∗ PayPal-Käuferschutz-Falle bei Kleinanzeigenkauf ∗∗∗ --------------------------------------------- PayPal genießt hohes Vertrauen bei seinen Nutzer/innen aufgrund des angebotenen Käuferschutzes. Dennoch ist hier Vorsicht geboten, denn nicht immer kommt der Käuferschutz zum Tragen. Nutzen Sie beim Einkauf über Willhaben, Ebay, Geizhals und Co nicht die Funktion "Geld an Freunde oder Familie senden" bei PayPal. Der Käuferschutz gilt nicht und Ihr Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/paypal-kaeuferschutz-falle-bei-klein… ∗∗∗ Achtung bei Anrufen von Microsoft ∗∗∗ --------------------------------------------- Aktuell häufen sich wieder betrügerische Anrufe von angeblichen Microsoft-Mitarbeiter/innen, die Sie auf Probleme mit Ihrem Computer aufmerksam machen. Im Zuge eine Fernwartung übernehmen Kriminelle Ihren Computer und fangen sensible Daten ab. Es handelt sich um eine Betrugsmasche. Legen Sie gleich auf! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-bei-anrufen-von-microsoft/ ∗∗∗ Fake-Shop-Alarm bei modchips24.com ∗∗∗ --------------------------------------------- Modchips24.com bietet neben R4-Karten für diverse Konsolen, wie die Nintendo 3DS oder die Nintendo Switch, auch Playstations, Xboxen und unterschiedlichstes Zubehör an. Sie sollten hier auf keinen Fall bestellen, denn uns erreichen zahlreiche Meldungen über ausbleibende Lieferungen. Bezahlen müssen Sie per Vorkasse, Ihr Geld wäre also verloren. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-alarm-bei-modchips24com/ ∗∗∗ Not A Security Boundary: Breaking Forest Trusts ∗∗∗ --------------------------------------------- For years Microsoft has stated that the forest was the security boundary in Active Directory. For example, Microsoft's "What Are Domains and Forests?" document (last updated in 2014) has a "Forests as Security Boundaries" section which states (emphasis added): --------------------------------------------- https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bootstrap - Moderately critical - Cross site scripting - SA-CONTRIB-2018-074 ∗∗∗ --------------------------------------------- Project: BootstrapVersion: 7.x-3.228.x-3.14Date: 2018-November-28Security risk: Moderately critical 11∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross site scriptingDescription: This base theme bridges the gap between Drupal and the Bootstrap Framework.The theme doesnt sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-074 ∗∗∗ Norton and SEP Multiple Issues ∗∗∗ --------------------------------------------- Symantec has released updates to address issues that were discovered in the Norton, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE) and Symantec Endpoint Protection Cloud (SEP Cloud) products. --------------------------------------------- https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Gentoo (openssl and rpm), Mageia (icecast and yaml-cpp), Oracle (kernel and sos-collector), Red Hat (rh-ruby23-ruby, rh-ruby24-ruby, and rh-ruby25-ruby), Slackware (samba), SUSE (tomcat6), and Ubuntu (ghostscript). --------------------------------------------- https://lwn.net/Articles/773296/ ∗∗∗ 2018-11-26: Vulnerability in CP400 Panel Builder TextEditor 2.0 - Improper Input Validation Vulnerability ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3BSE091042&Language… ∗∗∗ jQuery vulnerability CVE-2012-6708 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62532311 ∗∗∗ SNMPv2 vulnerability CVE-1999-0517 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04463175 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2018
by Daily end-of-shift report 28 Nov '18

28 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-11-2018 18:00 − Mittwoch 28-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Nature of Mass Exploitation Campaigns ∗∗∗ --------------------------------------------- Examples of how attackers carry out mass exploitation campaigns and how to defend against them. --------------------------------------------- https://threatpost.com/the-nature-of-mass-exploitation-campaigns/139428/ ∗∗∗ TA18-331A: 3ve – Major Online Ad Fraud Operation ∗∗∗ --------------------------------------------- This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-331A ∗∗∗ Windows 10 1809: Update gegen Spectre-NG-Lücken ∗∗∗ --------------------------------------------- Mit dem Update KB4465065 liefert Microsoft Microcode-Updates für einige Intel-Prozessortypen zum Schutz gegen L1TF sowie Spectre V3a und V4. --------------------------------------------- http://heise.de/-4234362 ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA Vijeo Citect and Citect SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element vulnerability in Schneider Electrics Software Update utility affecting AVEVAs Vijeo Citect and Citect SCADA products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-331-01 ∗∗∗ Cisco Prime License Manager SQL Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework code of Cisco Prime License Manager(PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ FreeBSD: Multiple vulnerabilities in NFS server code ∗∗∗ --------------------------------------------- Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. --------------------------------------------- https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns-recursor and samba), Debian (ghostscript), Fedora (community-mysql, flatpak, gettext, git, php-PHPMailer, php-phpmailer6, and wireshark), Oracle (kernel and NetworkManager), Scientific Linux (ghostscript, kernel, NetworkManager, and sos-collector), SUSE (dpdk, java-1_7_1-ibm, kernel, python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, [...] --------------------------------------------- https://lwn.net/Articles/773179/ ∗∗∗ Synology-SA-18:60 Samba AD DC ∗∗∗ --------------------------------------------- CVE-2018-16841 and CVE-2018-16851 allow remote authenticated users to conduct denial-of-service attacks via a susceptible version of Synology Active Directory Server.None of Synology products are affected by CVE-2018-14629, CVE-2018-16852, CVE-2018-16853, and CVE-2018-16857 as these vulnerabilities only affect Samba 4.9.0 and later. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_60 ∗∗∗ Microsoft Windows: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1128 ∗∗∗ Security Advisory - Out-of-bounds Write Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181128-… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM SONAS (CVE-2016-0705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-s… ∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-s… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723). CVE-2018-1723, gpfs, spectrum scale Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-luw-on-aix-an… ∗∗∗ IBM Security Bulletin: This Power System firmware update is being released to address DHCP issue number CVE-2018-5732 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-fir… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2018
by Daily end-of-shift report 27 Nov '18

27 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-11-2018 18:00 − Dienstag 27-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor ∗∗∗ --------------------------------------------- BLADABINDI, also known as njRAT/Njw0rm, is a remote access tool (RAT) with a myriad of backdoor capabilities - from keylogging to carrying out distributed denial of service (DDoS) — and has been rehashed and reused in various cyberespionage campaigns since it first emerged. Indeed, BLADABINDI's customizability and seeming availability in the underground make it a prevalent threat. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled… ∗∗∗ NPM-Paket EventStream mit Bitcoin-Miner infiziert ∗∗∗ --------------------------------------------- In die Code-Bibliothek EventStream hat sich Schadcode eingeschlichen, der das Bitcoin Wallet Copay für Angreifer öffnet. --------------------------------------------- http://heise.de/-4233171 ∗∗∗ Lux-Codex nicht bestellen! ∗∗∗ --------------------------------------------- Auf lux-codex.com und wideally.com wird Ihnen der Lux-Codex - eine LED-Lampe in ausgefallenem Design - angeboten. Sie sollten hier nicht bestellen, denn Konsument/innen berichten uns von ausbleibender Lieferung trotz erfolgter Bezahlung! --------------------------------------------- https://www.watchlist-internet.at/news/lux-codex-nicht-bestellen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the current firmware version V2.6.0 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP. These GNU/Linux vulnerabilities have been externally identified and will be fixed with the next firmware version. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnuplot and samba), Fedora (flatpak, kernel-headers, kernel-tools, mariadb-connector-c, php-PHPMailer, php-phpmailer6, and xml-security-c), Gentoo (binutils, libav, mupdf, spice-gtk, strongswan, and tablib), Mageia (libpng(12), mariadb, and openssl), Oracle (ghostscript), Red Hat (.NET Core, ghostscript, java-1.7.1-ibm, kernel, kernel-alt, kernel-rt, NetworkManager, rh-nginx112-nginx, rh-nginx114-nginx, and sos-collector), Scientific Linux [...] --------------------------------------------- https://lwn.net/Articles/773100/ ∗∗∗ Vuln: Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106019 ∗∗∗ Vuln: TIBCO Statistica Server CVE-2018-18807 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106021 ∗∗∗ ZDI-18-1362: (ODay) Juuko DATA Packet Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1362/ ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-3139 and CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-ident… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux – July 2018 Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross site scripting (CVE-2018-1584) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1123 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.11.2018
by Daily end-of-shift report 26 Nov '18

26 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-11-2018 18:00 − Montag 26-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ His phone went dark, then $1m was sucked out in SIM-swap crypto-heist ∗∗∗ --------------------------------------------- A 21-year-old allegedly SIM-swapped Silicon Valley execs' phones to steal cryptocurrency, including one mans $1m tuition fund for his kids. --------------------------------------------- https://nakedsecurity.sophos.com/2018/11/26/his-phone-went-dark-then-1m-was… ∗∗∗ Unseriöse Handwerker aus dem Internet ∗∗∗ --------------------------------------------- Konsument/innen, die in der Nacht Probleme mit ihren Heizkörpern, ihrem Schloss oder ihrer Elektronik haben, können über das Internet unseriöse Installateur/innen, Schlosser/innen oder Elektriker/innen finden. Sie werben auf Websites mit günstigen Angeboten. Vor Ort verlangen die Unternehmen jedoch ein Vielfaches des vereinbarten Preises. Nachträgliche Beanstandungen sind nicht möglich, weil sie Kund/innen erfundene Daten nennen. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-handwerker-aus-dem-intern… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnuplot5, icecast2, liblivemedia, otrs2, phpbb3, roundcube, squid3, and xml-security-c), Fedora (kio-extras, tmux, and xen), Gentoo (asterisk, chromium, exiv2, ghostscript-gpl, and thunderbird), openSUSE (libwpd, openssl, openssl-1_1, postgresql10, and SDL2_image), Red Hat (chromium-browser, rh-mysql57-mysql, rh-nginx110-nginx, and rh-nginx18-nginx), SUSE (exiv2, libgcrypt, rpm, and tiff), and Ubuntu (firefox and qemu). --------------------------------------------- https://lwn.net/Articles/772954/ ∗∗∗ ZDI-18-1361: (0Day) INVT Electric VT-Designer PM3 File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1361/ ∗∗∗ ZDI-18-1360: (0Day) INVT Electric VT-Designer File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1360/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2016-0705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by spoofing attack vulnerability in WAS Logout Form ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by java deserialization vulnerability resulting in execution of untrusted data via the application server’s SOAP port ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Snapshot for VMware (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ git: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1120 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2018
by Daily end-of-shift report 23 Nov '18

23 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-11-2018 18:00 − Freitag 23-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Aurora / Zorro Ransomware Actively Being Distributed ∗∗∗ --------------------------------------------- A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past. --------------------------------------------- https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-acti… ∗∗∗ Old Printer Vulnerabilities Die Hard ∗∗∗ --------------------------------------------- New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. --------------------------------------------- https://threatpost.com/old-printer-vulnerabilities-die-hard/139318/ ∗∗∗ Sicherheitsupdate: VMware Fusion und Workstation anfällig für Schadcode ∗∗∗ --------------------------------------------- Aktualisierte Versionen von Fusion und Workstation schließen eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4231452 ∗∗∗ l+f: Hacker ärgern Hacker ∗∗∗ --------------------------------------------- Online-Kreditkarten-Skimmer fechten Revierkämpfe aus. --------------------------------------------- http://heise.de/-4231527 ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java SDK (April 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2018-2783) ∗∗∗ --------------------------------------------- A vulnerability is identified in IBM® SDK Java Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence V5.0.4 and V5.0.5 respectively. This issue was disclosed as part of the IBM Java SDK updates in April 2018.CVE(s): CVE-2018-2783Affected product(s) and affected version(s):IBM Application Delivery Intelligence V5.0.4IBM Application Delivery Intelligence V5.0.5Refer to the following reference URLs for remediation and additional vulnerability [...] --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ VMSA-2018-0030 ∗∗∗ --------------------------------------------- VMware Workstation and Fusion updates address an integer overflow issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0030.html ∗∗∗ Security updates for (US) Thanksgiving Day ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ceph, openssl, and pixman), Fedora (kernel-headers, kernel-tools, libconfuse, python-urllib3, and xen), Mageia (gettext and roundcubemail), openSUSE (GraphicsMagick and libwpd), Oracle (thunderbird), Slackware (openssl), and Ubuntu (libapache2-mod-perl2). --------------------------------------------- https://lwn.net/Articles/772811/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (flashplugin, lib32-libtiff, and webkit2gtk), Debian (libphp-phpmailer and openjdk-7), Mageia (flash-player-plugin, Ghostscript, and poppler), openSUSE (chromium and virtualbox), and SUSE (java-1_8_0-ibm, libwpd, openssl, openssl-1_1, realtime-kernel, salt, and SDL_image). --------------------------------------------- https://lwn.net/Articles/772851/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2018
by Daily end-of-shift report 22 Nov '18

22 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-11-2018 18:00 − Donnerstag 22-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ New mining Trojan for Linux removes anti-viruses ∗∗∗ --------------------------------------------- November 20, 2018 One of today’s most common ways of obtaining illegal earnings is to mine cryptocurrency covertly, using the resources of a computer without the owner’s consent. Doctor Web recently discovered a .. --------------------------------------------- https://news.drweb.com/show/?i=12942&lng=en&c=9 ∗∗∗ ECCploit: Rowhammer-Angriff funktioniert auch mit ECC ∗∗∗ --------------------------------------------- Ein Forscherteam konnte zeigen, dass Angriffe mit Bitflips im Arbeitsspeicher auch dann möglich sind, wenn man Speichermodule mit Fehlerkorrektur verwendet. --------------------------------------------- https://www.golem.de/news/eccploit-rowhammer-angriff-funktioniert-auch-mit-… ∗∗∗ Malware scum want to build a Linux botnet using Mirai ∗∗∗ --------------------------------------------- Hadoop YARN is the attack vector, so lock it away Diligent hackers .. --------------------------------------------- www.theregister.co.uk/2018/11/22/mirai_for_linux_on_x86/ ∗∗∗ Markenfälschungen auf rmc-bad-grosspertholz.at ∗∗∗ --------------------------------------------- Bei rmc-bad-grosspertholz.at finden Sie Markenkleidung, Schuhe und Accessoires zu sagenhaften Preisen. Erwarten Sie sich jedoch nicht viel von Ihrer Bestellung, Sie werden – falls überhaupt – minderwertige Waren .. --------------------------------------------- https://www.watchlist-internet.at/news/markenfaelschungen-auf-rmc-bad-gross… ∗∗∗ Achtung: Betrug über den Amazon Marketplace ∗∗∗ --------------------------------------------- Kriminelle übernehmen Amazon-Händlerkonten und bieten günstige Waren an. Ihre Bestellung wird zunächst angenommen, dann aber grundlos storniert. Kontaktieren Sie die Anbieter per E-Mail, erhalten Sie .. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-betrug-ueber-den-amazon-mark… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1656) ∗∗∗ --------------------------------------------- There is a vulnerability in IBM® Runtime Environment Java Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat, Open SSL, and Apache HTTPD affects Rational Build Forge ∗∗∗ --------------------------------------------- Apache Tomcat, Open SSL, and Apache Tomcat have multiple security vulnerabilities that could allow a remote attacker to exploit the Rational Build Forge application. Respective security vulnerabilities are discussed in .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732 ∗∗∗ --------------------------------------------- Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732CVE(s): CVE-2018-0732Affected product(s) and affected version(s):WebSphere .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗ --------------------------------------------- Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 8.0.5.5 & 8.0.5.15 and IBM® Runtime Environment Java Versions 7.0.10.15 & 7.0.10.25 used by IBM Integration .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0737 ∗∗∗ --------------------------------------------- WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) has addressed the following vulnerability: CVE-2018-0737 CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVE(s): CVE-2018-0737Affected .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ Download WP-DBManager <= 2.79.1 - Arbitrary File Delete ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9151 ∗∗∗ Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-… ∗∗∗ Moodle Login Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042154 ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0008.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2018
by Daily end-of-shift report 21 Nov '18

21 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-11-2018 18:00 − Mittwoch 21-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Governikus: Personalausweis-Webanwendungen lassen sich austricksen ∗∗∗ --------------------------------------------- Mit einem relativ simplen Trick lässt sich die Authentifizierung von Webanwendungen mit dem elektronischen Personalausweis austricksen. Der Hersteller Governikus behauptet, dass dies in realen Anwendungen nicht funktioniert, kann aber nicht erklären, warum. (E-Personalausweis, Java) --------------------------------------------- https://www.golem.de/news/governikus-personalausweis-webanwendungen-lassen-… ∗∗∗ Werbe-Malware für macOS ∗∗∗ --------------------------------------------- Ein unter "SearchAwesome" und "SearchPageInjector" bekannter Datenschädling macht jetzt auf Macs die Runde. Er manipuliert Reklame und kann CPU-Zeit klauen. --------------------------------------------- http://heise.de/-4227303 ∗∗∗ Dell und VMware teilen sich Sicherheitslücken und servieren Patches ∗∗∗ --------------------------------------------- In Dell EMC Avamar Virtual Edition und VMware vSphere Data Protection klafft eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4228698 ∗∗∗ XSS Injection Campaign Exploits WordPress AMP Plugin ∗∗∗ --------------------------------------------- News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site. --------------------------------------------- https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-word… ∗∗∗ Warnung vor gefälschter PayLife-Sicherheits-App ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte PayLife-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie sich eine vermeintliche Sicherheits-App auf ihrem Smartphone installieren. Sie ist angeblich für die weitere Nutzung von PayLife-Kreditkarten notwendig. In Wahrheit ist die gefälschte PayLife-Sicherheits-App Schadsoftware, die wichtige Daten von Kund/innen stiehlt. Dadurch können Kriminelle Geld ihrer Opfer stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gefaelschter-paylife-sic… ===================== = Vulnerabilities = ===================== ∗∗∗ Teledyne DALSA Sherlock ∗∗∗ --------------------------------------------- This advisory includes mitigations for a stack-based buffer overflow vulnerability in Teledyne DALSAs Sherlock machine vision software interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-324-01 ∗∗∗ Schneider Electric Modicon M221 ∗∗∗ --------------------------------------------- This advisory includes mitigations for an insufficient verification of data authenticity vulnerability in the Schneider Electric Modicon M221 product. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-324-02 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libtiff), CentOS (java-1.7.0-openjdk, spice-server, and thunderbird), Debian (jasper, liblivemedia, ruby-i18n, and ruby-rack), Fedora (curl, elfutils, firefox, kde-connect, kio-extras, libarchive, poppler, and webkit2gtk3), openSUSE (chromium, GraphicsMagick, kernel, libmatroska, mkvtoolnix, SDL2_image, and squid), Oracle (qemu), and Red Hat (flash-plugin and kernel). --------------------------------------------- https://lwn.net/Articles/772718/ ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-… ∗∗∗ IBM Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2018-16840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-community-edition… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-xml-externa… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-1061, CVE-2018-1060) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker , IBM Integration Bus and IBM App Connect ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by a JDBC XA switch load files Vulnerability(CVE-2017-1418) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… ∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2018
by Daily end-of-shift report 20 Nov '18

20 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-11-2018 18:00 − Dienstag 20-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Datendiebstahl durch FinanzOnline-Phishing-Mails ∗∗∗ --------------------------------------------- Kriminelle versenden im Namen des Bundesministeriums für Finanzen (BMF) betrügerische Phishing-Mails. Darin werden Sie dazu aufgefordert, Ihre Daten zu aktualisieren, um eine Steuerrückzahlung zu ermöglichen. Folgen Sie den Anweisungen nicht, denn Sie könnten erheblichen finanziellen Schaden erleiden! Es handelt sich um einen Versuch, Ihre persönlichen Daten und Kontoinformationen zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-durch-finanzonline-ph… ∗∗∗ Internet Domain Services Austria-Mahnung nicht bezahlen ∗∗∗ --------------------------------------------- Unternehmen erhalten von Internet Domain Services Austria (IDSA) einen Payment Reminder. Darin heißt es, dass es unbeglichene Rechnungen gebe und der Betrag in Höhe von 237 Euro innerhalb von 5 Tagen bezahlt werden müsse. Empfänger/innen müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund. --------------------------------------------- https://www.watchlist-internet.at/news/internet-domain-services-austria-mah… ∗∗∗ TP-Link-Router TL-R600VPN vielfältig angreifbar ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für einen VPN-Router von TP-Link. --------------------------------------------- http://heise.de/-4225979 ∗∗∗ Notfall-Patch: Adobe sichert Flash außer der Reihe ab ∗∗∗ --------------------------------------------- Eigentlich veröffentlicht Adobe nur ein Mal im Monat Sicherheitsupdates für seine Produkte. Für eine gefährliche Flash-Lücke macht der Hersteller eine Ausnahme. --------------------------------------------- http://heise.de/-4227033 ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0029 ∗∗∗ --------------------------------------------- vSphere Data Protection (VDP) updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0029.html ∗∗∗ Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software. --------------------------------------------- https://blog.talosintelligence.com/2018/11/Atlantis-Word-Processor-RCE-vuln… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (mariadb-10.1, openjpeg2, systemd, and uriparser), Mageia (389-ds-base, apache, and soundtouch), SUSE (libwpd, py26-compat-salt, salt, and SMS3.1), and Ubuntu (systemd). --------------------------------------------- https://lwn.net/Articles/772621/ ∗∗∗ x86: DoS from attempting to use INVPCID with a non-canonical addresses ∗∗∗ --------------------------------------------- A buggy or malicious PV guest can crash the host. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-279.html ∗∗∗ Fix for XSA-240 conflicts with shadow paging ∗∗∗ --------------------------------------------- A malicious or buggy x86 PV guest may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-280.html ∗∗∗ Insufficient TLB flushing / improper large page mappings with AMD IOMMUs ∗∗∗ --------------------------------------------- A malicious or buggy guest may be able to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access (information leak). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-275.html ∗∗∗ Resource accounting issues in x86 IOREQ server handling ∗∗∗ --------------------------------------------- A compromised DM stubdomain may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-276.html ∗∗∗ x86: incorrect error handling for guest p2m page removals ∗∗∗ --------------------------------------------- A malicious or buggy guest may cause a deadlock, resulting in a DoS (Denial of Service) affecting the entire host. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-277.html ∗∗∗ Ricoh myPrint Hardcoded Credentials / Information Disclosure ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2018110154 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private Cloud Foundry (CVE-2018-14645) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2018-1843) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2017-7526) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private Cloud Foundry (CVE-2018-3646, CVE-2018-3615, CVE-2018-3620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (July 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2016-0705, CVE 2017-3732, CVE 2017-3736, and CVE-2018-2973) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+ ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for Microsoft Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.11.2018
by Daily end-of-shift report 19 Nov '18

19 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-11-2018 18:00 − Montag 19-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Schwere Sicherheitslücken in GPS-Kinderuhren ∗∗∗ --------------------------------------------- Eigentlich sollten GPS-Uhren die Sicherheit der Kinder erhöhen. Nun werden sie selbst zum Risiko. --------------------------------------------- https://futurezone.at/digital-life/schwere-sicherheitsluecken-in-gps-kinder… ===================== = Vulnerabilities = ===================== ∗∗∗ Synaccess netBooter NP-0801DU 7.4 CSRF Add Admin Exploit ∗∗∗ --------------------------------------------- The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5501.php ∗∗∗ Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass ∗∗∗ --------------------------------------------- netBooter suffers from an authentication bypass vulnerability due to missing control check when calling webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create admin user account and bypass authentication giving her the power to turn off a power supply to a resource. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (grafana and patch), Debian (chromium-browser), Fedora (cabextract, curl, elfutils, firefox, flatpak, glusterfs, kernel, kernel-headers, kernel-tools, kio-extras, libmspack, mariadb, mupdf, poppler, suricata, and wireshark), Mageia (hylafax+, jhead, libmspack/cabextract, nginx, sdl2/mingw-SDL2, and squid), openSUSE (amanda, apache-pdfbox, chromium, ImageMagick, LibreOffice and dependency libraries, libxkbcommon, openssh, systemd, and [...] --------------------------------------------- https://lwn.net/Articles/772522/ ∗∗∗ Serial number disclosure in the FortiOS PPTP server hostname protocol field ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-101 ∗∗∗ Cross-site scripting (XSS) vulnerability via DHCP Hostname parameter ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-121 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK Affects IBM Algo Credit Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability via large JSON payloads (CVE-2018-1779) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1683, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2018
by Daily end-of-shift report 16 Nov '18

16 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-11-2018 18:00 − Freitag 16-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Serverüberwachungssoftware Nagios XI: Mehrere Schlupflöcher für Angreifer ∗∗∗ --------------------------------------------- Nagios XI ist angreifbar und gefährdet IT-Infrastrukturen. Eine abgesicherte Version ist verfügbar. --------------------------------------------- http://heise.de/-4222806 ∗∗∗ Warnung vor Gelenkcreme Artrovex ∗∗∗ --------------------------------------------- Kriminelle geben sich als Bundesministerium für Arbeit, Soziales, Gesundheit und Konsumentenschutz aus und behaupten, dass die österreichische Regierung bei Gelenkschmerzen die Creme Artrovex empfiehlt. Das ist erfunden. Konsument/innen dürfen Artrovex nicht bestellen, denn die Creme hat keine medizinische Wirkung. Ebenso übermitteln Käufer/innen damit persönliche Daten an Unbekannte. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gelenkcreme-artrovex/ ∗∗∗ tRat Emerges as New Pet for APT Group TA505 ∗∗∗ --------------------------------------------- The modular malware seems to be in a testing phase, but TA505s interest made researchers take note. --------------------------------------------- https://threatpost.com/trat-emerges-as-new-pet-for-apt-group-ta505/139136/ ∗∗∗ Lock-Screen Bypass Bug Quietly Patched in Handsets ∗∗∗ --------------------------------------------- The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds. --------------------------------------------- https://threatpost.com/lock-screen-bypass-bug-quietly-patched-in-handsets/1… ∗∗∗ Hacking Connected Home Alarm Systems – The Expensive [part 2] ∗∗∗ --------------------------------------------- TL;DR: We were wondering whether price affects the security of IoT appliances. So we verified the security of two differently priced connected home alarm systems. Both IoT alarms are marketed as an easy solution to protect your home. Unfortunately we find this not to be the case as we identified multiple critical vulnerabilities in both systems. --------------------------------------------- https://blog.nviso.be/2018/11/15/hacking-connected-home-alarm-systems-the-e… ∗∗∗ 0-Day in ELBA5's Network Installation: Overtaking your company's bank account ∗∗∗ --------------------------------------------- This blog post is about a previously unknown critical vulnerability in the Austrian electronic banking application ELBA5. The issue discussed here could be abused to gain full control over any ELBA5 database server as well as the underlying operating system. It has a confirmed CVSSv3 score of 10.0. --------------------------------------------- https://bogner.sh/2018/11/0-day-in-elba5s-network-installation-overtaking-y… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (lldpad, pdns, and php), Mageia (flash-player-plugin, gdal, mutt, patch, php-pear-CAS, postgresql9.4|6, ruby-rack, and teeworlds), SUSE (kernel-rt, postgresql10, and squid), and Ubuntu (openjdk-7). --------------------------------------------- https://lwn.net/Articles/772259/ ∗∗∗ Multiple critical vulnerabilities in Miss Marple Enterprise Edition ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-1841) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for Email, IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime Version 8 SR4FP10 affect IBM Notes and Domino ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-10892) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2018
by Daily end-of-shift report 15 Nov '18

15 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-11-2018 18:00 − Donnerstag 15-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now ∗∗∗ --------------------------------------------- A security researcher has discovered a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for --------------------------------------------- https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html ∗∗∗ Patchday: Schwerwiegende Sicherheitslücke in SAP HANA Streaming Analytics ∗∗∗ --------------------------------------------- SAP hat Updates veröffentlicht, die unter anderem eine kritische Schwachstelle im Software-Portfolio des Herstellers schließen. --------------------------------------------- http://heise.de/-4221574 ∗∗∗ Achtung: Rechnungs-Trojaner vom Kollegen ∗∗∗ --------------------------------------------- Mit einem miesen Trick versuchen Kriminelle, unvorsichtige Anwender mit Online-Banking-Trojanern zu infizieren. --------------------------------------------- http://heise.de/-4221813 ∗∗∗ Sicherheitsupdate: Skype kann an Emojis ersticken ∗∗∗ --------------------------------------------- Zu viele Emojis in Chat-Nachrichten können Skype for Business und Lync 2013 zum Erliegen bringen. --------------------------------------------- http://heise.de/-4221978 ∗∗∗ Kauf bei potenzmittel-apotheke.eu schädigt Brieftasche und Gesundheit ∗∗∗ --------------------------------------------- Bei potenzmittel-apotheke.eu finden Kund/innen rezeptfreie Potenzmittel und ersparen sich die unangenehme Erfahrung, dieses Medikament auf herkömmlichen Weg, nämlich über Rezept, zu erwerben. potenzmittel-apotheke.eu ist jedoch eine illegale Versandapotheke, Sie verlieren Ihr Geld und spielen Betrüger/innen persönliche Daten in die Hände! --------------------------------------------- https://www.watchlist-internet.at/news/kauf-bei-potenzmittel-apothekeeu-sch… ∗∗∗ Gefälschte Gemeinde-Rechnungen verbreiten Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Gemeinde-Rechnungen mit der Adress-Endung gv.at. Darin behaupten sie, dass Unternehmen eine offene Rechnung haben und der Verwaltung noch Geld schulden. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-gemeinde-rechnungen-verb… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (kde-connect, mingw-SDL2_image, SDL2_image, and subscription-manager), Red Hat (flash-plugin), SUSE (openssh-openssl1, systemd, and thunderbird), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-azure, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, [...] --------------------------------------------- https://lwn.net/Articles/772103/ ∗∗∗ Digium Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2347/ ∗∗∗ IBM Security Bulletin: Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-directory-t… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (CVE-2018-0732, CVE-2018-12115, CVE-2018-7166, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-1639) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2018
by Daily end-of-shift report 14 Nov '18

14 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-11-2018 18:00 − Mittwoch 14-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers Change WordPress Siteurl to Pastebin ∗∗∗ --------------------------------------------- Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn't work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend [...] --------------------------------------------- https://blog.sucuri.net/2018/11/hackers-change-wordpress-siteurl-to-pastebi… ∗∗∗ Want to hack an ATM for free cash? Its as easy as Windows XP ∗∗∗ --------------------------------------------- Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash. --------------------------------------------- https://www.theregister.co.uk/2018/11/14/atm_security_lousy/ ∗∗∗ November 2018 Microsoft Patch Tuesday ∗∗∗ --------------------------------------------- This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. [...] The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. [...] Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild. --------------------------------------------- https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/243… ∗∗∗ Patchday bei Adobe: Nicht kritisch, aber wichtig ∗∗∗ --------------------------------------------- Sicherheitsupdates von Adobe schließen Lücken in Acrobat, Flash, Photoshop CC und Reader. Keine Schwachstelle gilt als "kritisch". --------------------------------------------- http://heise.de/-4220586 ∗∗∗ Generalschlüssel für Fingerabdruckscanner: Master-Prints entsperren Smartphones ∗∗∗ --------------------------------------------- Mit KI-Methoden erstellten Forscher Fingerabdrücke, die als eine Art Generalschlüssel für Fingerabdruckscanner fungieren und damit etwa Smartphones entsperren. --------------------------------------------- http://heise.de/-4220782 ∗∗∗ Prozessor-Sicherheit: Sieben neue Varianten von Spectre-Lücken ∗∗∗ --------------------------------------------- Die Spectre-Sicherheitslücken in Prozessoren lassen sich angeblich noch anders nutzen, als bisher bekannt; Intel gibt allerdings Entwarnung. --------------------------------------------- http://heise.de/-4220854 ∗∗∗ Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies ∗∗∗ --------------------------------------------- You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really dont like? Logging on to Report URI and being greeted with something like this: [...] --------------------------------------------- https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2018-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- This advisory covers a problem with a data migration discovered in the OTRS framework. --------------------------------------------- https://community.otrs.com/security-advisory-2018-10-security-update-for-ot… ∗∗∗ VMSA-2018-0028 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight updates address an authorization bypass vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0028.html ∗∗∗ November 2018 Office Update Release ∗∗∗ --------------------------------------------- The November 2018 Public Update releases for Office are now available! This month, there are 29 security updates and 16 non-security updates. All of the security and non-security updates are listed in KB article 4469617. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/11/13… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), Debian (ceph and spamassassin), Fedora (feh, flatpak, and xen), Red Hat (kernel, kernel-rt, openstack-cinder, python-cryptography, and Red Hat Single Sign-On 7.2.5), and Ubuntu (python2.7, python3.4, python3.5). --------------------------------------------- https://lwn.net/Articles/771881/ ∗∗∗ Security Advisory - Information Leakage Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytic… ∗∗∗ Denial of Service Vulnerability in Microsoft Skype for Business / Lync ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerability-in-skype-for-b… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2018
by Daily end-of-shift report 13 Nov '18

13 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-11-2018 18:00 − Dienstag 13-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Trojaner: Der Banking-Trojaner Trickbot hat neue Tricks gelernt ∗∗∗ --------------------------------------------- Vor zwei Jahren hatte es Trickbot nur auf Bankdaten abgesehen. Nun ist eine neue Variante des Trojaners im Umlauf, die auch Passwörter aus anderen Anwendungen abgreifen kann. (Malware, Spam) --------------------------------------------- https://www.golem.de/news/trojaner-der-banking-trojaner-trickbot-hat-neue-t… ∗∗∗ Blockverschlüsselung: Verschlüsselungsmodus OCB2 gebrochen ∗∗∗ --------------------------------------------- Im Verschlüsselungsmodus OCB2 wurden in kurzer Abfolge zahlreiche Sicherheitsprobleme gefunden. Breite Verwendung findet dieser Modus nicht, obwohl er Teil eines ISO-Standards ist. (Verschlüsselung, Applikationen) --------------------------------------------- https://www.golem.de/news/blockverschluesselung-verschluesselungsmodus-ocb2… ∗∗∗ Should You Send Your Pen Test Report to the MSRC? ∗∗∗ --------------------------------------------- Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/11/12/should-you-send-your-pe… ∗∗∗ Why Google Internet Traffic Rerouted Through China and Russia ∗∗∗ --------------------------------------------- For two hours Monday, Google internet traffic rerouted through China, Russia, and elsewhere. Heres why. --------------------------------------------- https://www.wired.com/story/google-internet-traffic-china-russia-rerouted ∗∗∗ TLS-Aufschlüsselung: Malware und Angriffe in verschlüsselten Datenströmen erkennen ∗∗∗ --------------------------------------------- Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten. --------------------------------------------- http://heise.de/-4219047 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1648 ∗∗∗ SAP Security Patch Day - November 2018 ∗∗∗ --------------------------------------------- On 13th of November 2018, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd). --------------------------------------------- https://lwn.net/Articles/771697/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ RSA BSAFE Micro Edition Suite Lets Remote Users Cause the Target Service to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042057 ∗∗∗ SSA-113131 (Last Update: 2018-11-13): Denial-of-Service Vulnerabilities in S7-400 CPUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt ∗∗∗ SSA-233109 (Last Update: 2018-11-13): Web Vulnerabilities in SIMATIC Panels ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-233109.txt ∗∗∗ SSA-242982 (Last Update: 2018-11-13): Cross-Site Scripting Vulnerability in SCALANCE S ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-242982.txt ∗∗∗ SSA-584286 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-584286.txt ∗∗∗ SSA-621493 (Last Update: 2018-11-13): Password Storage Vulnerability in SIMATIC STEP7 (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-621493.txt ∗∗∗ SSA-886615 (Last Update: 2018-11-13): Vulnerability in SIMATIC IT Production Suite ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-886615.txt ∗∗∗ SSA-944083 (Last Update: 2018-11-13): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-944083.txt ∗∗∗ SSA-168644 (Last Update: 2018-11-13): Spectre and Meltdown Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt ∗∗∗ SSA-179516 (Last Update: 2018-11-13): OpenSSL Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt ∗∗∗ SSA-254686 (Last Update: 2018-11-13): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt ∗∗∗ SSA-268644 (Last Update: 2018-11-13): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt ∗∗∗ SSA-293562 (Last Update: 2018-11-13): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-293562.txt ∗∗∗ SSA-346262 (Last Update: 2018-11-13): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt ∗∗∗ SSA-348629 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-348629.txt ∗∗∗ SSA-901333 (Last Update: 2018-11-13): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt ∗∗∗ SSA-159860 (Last Update: 2018-11-13): Access Control Vulnerability in IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-159860.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.11.2018
by Daily end-of-shift report 12 Nov '18

12 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-11-2018 18:00 − Montag 12-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Linux CryptoMiners Are Now Using Rootkits to Stay Hidden ∗∗∗ --------------------------------------------- To make it harder to spot a cryptominer process that is utilizing all of the CPU, a new variant has been discovered for Linux that attempts to hide its presence by utilizing a rootkit. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-cryptominers-are-now-u… ∗∗∗ DSGVO: Sicherheitslücke in Wordpress-Addon ermöglicht Admin-Rechte ∗∗∗ --------------------------------------------- Durch eine fehlende Identitätsabfrage in einem DSGVO-Plugin für Wordpress können sich Angreifer Administratorkonten für Webseiten anlegen und dann beliebige Schadsoftware verteilen. Die Lücke wird bereits ausgenutzt. (Wordpress, PHP) --------------------------------------------- https://www.golem.de/news/dsgvo-sicherheitsluecke-in-wordpress-addon-ermoeg… ∗∗∗ Virtualisierung: Update behebt Schwachstelle in VMware Player und Workstation ∗∗∗ --------------------------------------------- Eine Sicherheitslücke betrifft die beliebten Virtualisierungsprogramme VMware Player und Workstation. Angreifer können darüber Code auf dem Hostsystem ausführen, was die Lücken recht kritisch macht. Das von VMware verteilte Update sollte schnell installiert werden. (VMware, Virtualisierung) --------------------------------------------- https://www.golem.de/news/virtualisierung-update-behebt-schwachstelle-in-vm… ∗∗∗ Trojaner: Achtung bei angeblichen Rechnungen ∗∗∗ --------------------------------------------- Vetrauenswürdiger Absender, glaubhafter Text in gutem Deutsch – und trotzdem handelt es sich bei der angehängten Rechnung um einen Trojaner. --------------------------------------------- http://heise.de/-4219043 ∗∗∗ Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems ∗∗∗ --------------------------------------------- Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to risking human lives. --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/triton-malware-spearheads-l… ∗∗∗ Betrugsversuch beim Privatverkauf ∗∗∗ --------------------------------------------- Kriminelle senden Privatverkäufer/innen über WhatsApp Kaufangebote. Sie geben vor, dass sie im Ausland sind und schlagen die Vertragsabwicklung über eine Spedition vor. Dazu versenden sie gefälschte Überweisungsbelege. Verkäufer/innen sollen sowohl die Ware als auch zu viel transferierte Geldbeträge ins Ausland überweisen. Sie verlieren beides und erhalten nicht den Kaufpreis. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsversuch-beim-privatverkauf/ ∗∗∗ Schadsoftware-Mails von Paymorrow Gbr und Volkswagen VTI GmbH! ∗∗∗ --------------------------------------------- Unternehmen aufgepasst: Betrüger/innen versenden Mails mit angeblichen Rechnungen im .zip-Dateiformat. Die enthaltenen ausführbaren Files dürfen auf keinen Fall geöffnet werden, denn sie infizieren Ihr Gerät oder das Firmennetzwerk mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-mails-von-paymorrow-gb… ∗∗∗ How my personal Bug Bounty Program turned into a Free Security Audit for the Serendipity Blog ∗∗∗ --------------------------------------------- HackerOne is currently one of the most popular bug bounty program platforms. While the usual providers of bug bounty programs are companies, w while ago I noted that some people were running bug bounty programs on Hacker One for their private projects without payouts. It made me curious, so I decided to start one with some of my private web pages in scope. --------------------------------------------- https://blog.hboeck.de:443/archives/896-How-my-personal-Bug-Bounty-Program-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, systemd, and thunderbird), Debian (ansible, ghostscript, qemu, thunderbird, and xen), Fedora (community-mysql, gettext, links, mysql-connector-java, xen, and zchunk), Gentoo (icecast, libde265, okular, pango, and PHProjekt), Mageia (ansible, audiofile, iniparser, libtiff, mercurial, opencc, and python-dulwich), openSUSE (accountsservice, apache2, [...] --------------------------------------------- https://lwn.net/Articles/771574/ ∗∗∗ IBM Security Bulletin: IBM MQ can allow an attacker to execute a privilege escalation attack on a local machine. (CVE-2018-1792) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-allow-an-a… ∗∗∗ IBM Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2018-11771) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performan… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ BIG-IP iControl and tmsh vulnerability CVE-2018-15325 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77313277 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2018
by Daily end-of-shift report 09 Nov '18

09 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-11-2018 18:00 − Freitag 09-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Root-Zertifikat: Sennheiser-Software hebelt HTTPS-Sicherheit aus ∗∗∗ --------------------------------------------- Eine Software für Headsets des Herstellers Sennheiser installiert ein Root-Zertifikat und sorgt damit dafür, dass HTTPS-Verbindungen nicht mehr sicher sind. In neueren Versionen ist die Lücke etwas weniger schlimm, einen Fix gibt es bisher nicht. (TLS, Sound-Hardware) --------------------------------------------- https://www.golem.de/news/root-zertifikat-sennheiser-software-hebelt-https-… ∗∗∗ Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets ∗∗∗ --------------------------------------------- Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. More than 75% of [...] --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-mal… ∗∗∗ AR18-312A: JexBoss – JBoss Verify and EXploitation Tool ∗∗∗ --------------------------------------------- JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as "red teams") and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server [...] --------------------------------------------- https://www.us-cert.gov/ncas/analysis-reports/AR18-312A ∗∗∗ Passive DNS for the Bad ∗∗∗ --------------------------------------------- Passive DNS is not a new technique but, for the last months, there was more and more noise around it. Passive DNS is a technique used to record all resolution requests performed by DNS resolvers (bigger they are, bigger they will collect) and then allow to search for historical data. --------------------------------------------- https://blog.rootshell.be/2018/11/09/passive-dns-for-the-bad/ ∗∗∗ UAC Bypass by Mocking Trusted Directories ∗∗∗ --------------------------------------------- During research for some new User Account Control (UAC) bypass techniques, I discovered what I believe to be a new bypass method (at the time of this writing). It is worth mentioning that Microsoft doesnt consider UAC a security boundary, however we still reported the bug to Microsoft and want to share its details here. --------------------------------------------- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directori… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips iSite and IntelliSpace PACS ∗∗∗ --------------------------------------------- This medical device advisory includes mitigations for a weak password Requirements vulnerability in the Philips iSite and IntelliSpace PACS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01 ∗∗∗ PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released ∗∗∗ --------------------------------------------- There is a whole new set of PostgreSQL releases out there, the main purpose of which is to include an important security fix. "Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs `pg_upgrade` on the database or during a pg_dump dump/restore cycle. This attack requires [...] --------------------------------------------- https://lwn.net/Articles/771145/ ∗∗∗ VMSA-2018-0027 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0027.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nginx), Fedora (icu, java-1.8.0-openjdk-aarch32, libgit2, php-pear-CAS, roundcubemail, and ruby), Gentoo (firefox, libX11, openssl, and python), openSUSE (thunderbird), Oracle (java-11-openjdk, kernel, and spice-server), Red Hat (java-1.8.0-ibm and thunderbird), Scientific Linux (spice-server), SUSE (curl, libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1, libxkbcommon, openssh, and [...] --------------------------------------------- https://lwn.net/Articles/771324/ ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-40) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1654 ∗∗∗ Roche Diagnostics Point of Care Handheld Medical Devices (Update A) ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Security Updates for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-09-security-update-for-ot… https://community.otrs.com/security-advisory-2018-08-security-update-for-ot… https://community.otrs.com/security-advisory-2018-07-security-update-for-ot… ∗∗∗ Field Notice: FN - 70319 - ASA and FXOS Software - Change in Root Certificate Might Affect Smart Licensing and Smart Call Home Functionality - Software Upgrade Recommended ∗∗∗ --------------------------------------------- https://www.cisco.com/c/en/us/support/docs/field-notices/703/fn70319.html ∗∗∗ IBM Security Bulletin: Denial of Service vulnerability affects IBM Spectrum Protect Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1786) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerability in FreeBSD affects AIX (CVE-2018-6922) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-free… ∗∗∗ IBM Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology Affect IBM Connections ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Bulletin: A Zip Slip vulnerability is exposed in Case Manager (CVE-2018-1884) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-a-z… ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Contact Optimization (CVE-2016-8610) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2018
by Daily end-of-shift report 08 Nov '18

08 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-11-2018 18:00 − Donnerstag 08-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Beginner’s Guide to Open Source Intrusion Detection (IDS) Tools ∗∗∗ --------------------------------------------- Originally written by Joe Schreiber Re-written and edited by Trevor Giffen (Editorial Contractor) Re-re edited and expanded by Rich Langston Whether you need to monitor hosts or the networks connecting them to identify the .. --------------------------------------------- https://feeds.feedblitz.com/~/579108152/0/alienvault-blogs~Beginner%e2%80%9… ∗∗∗ DJI Patches Forum Bug That Allowed Drone Account Takeovers ∗∗∗ --------------------------------------------- Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers. --------------------------------------------- https://threatpost.com/dji-patches-forum-bug-that-allowed-drone-account-tak… ∗∗∗ Sicherheitsupdates: Cisco entfernt Backdoor aus Business Switches ∗∗∗ --------------------------------------------- Es gibt wichtige Patches zu Absicherung von Hard- und Software von Cisco. --------------------------------------------- http://heise.de/-4216400 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (python-paramiko and thunderbird), Debian (firefox-esr, libdatetime-timezone-perl, and mariadb-10.0), Fedora (curl, NetworkManager, and xorg-x11-server), openSUSE (kernel), Oracle (java-1.7.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/771129/ ∗∗∗ Synology-SA-18:58 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_58 ∗∗∗ Synology-SA-18:59 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_59 ∗∗∗ BlackBerry powered by Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Action or Update Any Option ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9144 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1872) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5740 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is susceptible to multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-node-js-as-used-in-ib… ∗∗∗ IBM Security Bulletin: An XML External Entity (XXE) processing vulnerability is exposed in Case Manager administration client (CVE-2018-1844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-xml-external-entit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2018
by Daily end-of-shift report 07 Nov '18

07 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-11-2018 18:00 − Mittwoch 07-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Oracle: Verärgerter Forscher veröffentlicht Exploit für Virtualbox ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Zero-Day-Lücke für Virtualbox veröffentlicht, die einen Ausbruch aus dem Gastsystem auf das Host-System ermöglicht. Der Forscher sei frustriert darüber, .. --------------------------------------------- https://www.golem.de/news/oracle-veraergerter-forscher-veroeffentlicht-expl… ∗∗∗ BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers ∗∗∗ --------------------------------------------- This article was co-authored by Hui Wang and RootKiter.Since September 2018, 360Netlab Scanmon has detected multiple scan spikes on TCP port 5431, each time the system logged more than 100k scan .. --------------------------------------------- http://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers… ∗∗∗ ADV180028 | Guidance for configuring BitLocker to enforce software encryption ∗∗∗ --------------------------------------------- Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain .. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028 ∗∗∗ WordPress Design Flaw Leads to WooCommerce RCE ∗∗∗ --------------------------------------------- A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million .. --------------------------------------------- https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-r… ∗∗∗ Vorsicht! Neue betrügerische Bewerbungsmail mit Erpressungstrojaner im Umlauf ∗∗∗ --------------------------------------------- Derzeit kursiert eine gefakte Bewerbung von "Peter Reif" im Internet. Nach dem Öffnen des Dateianhangs verschlüsselt ein Schädling Daten und fordert Lösegeld. --------------------------------------------- http://heise.de/-4214191 ∗∗∗ Attackers breached Statcounter to steal cryptocurrency from gate.io users ∗∗∗ --------------------------------------------- Web analytics company Statcounter and cryptocurrency exchange gate.io have been compromised in another supply-chain attack, which resulted in an unknown number of gate.io customers getting their money stolen,.. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/07/statcounter-gate-io-compromised/ ∗∗∗ Keine FLIXGLADE und FLIX FORGE LTD- Rechnungen bezahlen! ∗∗∗ --------------------------------------------- Auf der Suche nach kostenlosen Filmen im Internet stoßen Konsument/innen auf flixman.de und inflix.de. Es handelt sich um kriminelle Plattformen, die ihren Opfern keine Leistung erbringen, .. --------------------------------------------- https://www.watchlist-internet.at/news/keine-flixglade-und-flix-forge-ltd-r… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) inspectionengine of Cisco Adaptive Security Appliance (ASA) Software and CiscoFirepower Threat Defense (FTD) Software could allow an unauthenticated, .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin:Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system and The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java does not protect against CVE-2018-1656 and CVE-2018-12539 ∗∗∗ --------------------------------------------- The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletineclipse-openj9-could-a… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Cassandra affects IBM Operations Analytics Predictive Insights (CVE-2018-8016) ∗∗∗ --------------------------------------------- Apache Cassandra is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Apache Cassandra within IBM Operations .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Python within IBM Operations Analytics .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-py… ∗∗∗ Roche Point of Care Handheld Medical Devices ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01 ∗∗∗ Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unity Express Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Xen Security Advisory 282 - guest use of HLE constructs may lock up host ∗∗∗ --------------------------------------------- https://xenbits.xen.org/xsa/advisory-282.html ∗∗∗ Red Hat JBoss EAP RichFaces Access Control Bug Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042037 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.11.2018
by Daily end-of-shift report 06 Nov '18

06 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-11-2018 18:00 − Dienstag 06-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ SSD: Forscher umgehen Passwörter bei verschlüsselten Festplatten ∗∗∗ --------------------------------------------- Bei manchen SSDs mit Hardwareverschlüsselung konnten Forscher die Firmware so manipulieren, dass sie beliebige Passwörter akzeptierte. Das war nicht das einzige Problem, das sie fanden. (Solid State Drive, Speichermedien) --------------------------------------------- https://www.golem.de/news/ssd-forscher-umgehen-passwoerter-bei-verschluesse… ∗∗∗ Malicious Powershell Script Dissection, (Tue, Nov 6th) ∗∗∗ --------------------------------------------- Here is another example of malicious Powershell script found while hunting. Such scripts remain a common attack vector and many of them can be easily detected just by looking for some specific strings. Here is an example of YARA rule [...] --------------------------------------------- https://isc.sans.edu/diary/rss/24282 ∗∗∗ Struts 2.3 Vulnerable to Two Year old File Upload Flaw ∗∗∗ --------------------------------------------- Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2 version of commons-fileupload. In November of 2016, a deserialization vulnerability was disclosed and patched in commons-fileupload [2]. The vulnerability can lead to arbitrary remote code execution. --------------------------------------------- https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File… ∗∗∗ GPU side channel attacks can enable spying on web activity, password stealing ∗∗∗ --------------------------------------------- Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications. --------------------------------------------- https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/ ∗∗∗ Gefälschte Zahlungsanweisung an die Buchhaltung ∗∗∗ --------------------------------------------- Kriminelle geben sich als Geschäftsführung eines Unternehmens aus und versenden eine E-Mail an die Buchhaltung. Darin fordern sie die Mitarbeiter/innen dazu auf, dass sie einen hohen Geldbetrag ins Ausland überweisen. Angestellte, die die Zahlungsanweisung nicht als betrügerisch erkennen, transferieren die geforderte Summe an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-zahlungsanweisung-an-die… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - November 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-11-05 or later address all of these issues. [...] The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-11-01.html ∗∗∗ libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018 ∗∗∗ --------------------------------------------- Cisco has investigated its product line and has determined that no products or services are known to be affected by this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5). --------------------------------------------- https://lwn.net/Articles/770856/ ∗∗∗ IBM Security Bulletin: IBM API Connect is vulnerable to CSV Injection (CVE-2018-1774) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-vu… ∗∗∗ IBM Security Bulletin: IBM MQ can cause a Denial of Service attack to connecting MQTT clients (CVE-2018-1684) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-cause-a-de… ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-expe… ∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Server Side Input Validation Vulnerability Affects IBM Campaign (CVE-2016-9749) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-server-side-input-v… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.11.2018
by Daily end-of-shift report 05 Nov '18

05 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-11-2018 18:00 − Montag 05-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Microsoft Edge Browser Zero-Day RCE Exploit in the Works ∗∗∗ --------------------------------------------- Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-z… ∗∗∗ Neue Schwachstelle in Intel-CPUs: Hyper-Threading anfällig für Datenleck ∗∗∗ --------------------------------------------- Forscher demonstrieren einen neuen CPU-Bug bei aktuellen Intel-Prozessoren, über den sich Daten aus einem benachbarten Thread auslesen lassen. --------------------------------------------- http://heise.de/-4210282 ∗∗∗ Streaming-Server Icecast: Angreifer könnten Online-Radiosender ausknipsen ∗∗∗ --------------------------------------------- In der aktuellen Version von Icecast haben die Entwickler eine Sicherheitslücke geschlossen. --------------------------------------------- http://heise.de/-4210875 ∗∗∗ Heres Why [Insert Thing Here] Is Not a Password Killer ∗∗∗ --------------------------------------------- These days, I get a lot of messages from people on security related things. Often its related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. But on a fairly regular basis, [...] --------------------------------------------- https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-kill… ∗∗∗ Finger weg vom Fake-Shop gaming-ez.com! ∗∗∗ --------------------------------------------- Kaufen Sie nicht auf gaming-ez.com ein. Die Playstation 4 Pro-, Xbox One- oder Nintendo Switch- Angebote sind zwar verlockend, werden aber nie geliefert. Überwiesenes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/finger-weg-vom-fake-shop-gaming-ezco… ∗∗∗ Datendiebstahl mit gefälschtem AirAsia-Ticket ∗∗∗ --------------------------------------------- Konsument/innen erhalten ein gefälschtes AirAsia-Ticket für einen Flug von Hong Kong nach Kuala Lumpur. Sie können es stornieren, indem sie die Website eines Payment Center aufrufen. Dieses fragt PayPal-Zugangsdaten sowie Kreditkarten- und Bankinformationen ab. Ebenfalls ist eine persönliche Identifizierung vorgesehen. Kund/innen, die die gewünschten Informationen bekannt geben, werden Opfer eines Daten- und Identitätsdiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschtem-aira… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):IBM Cloud Application Performance Management, Base Private IBM Cloud Application Performance Management, Advanced Private IBM Cloud Application Performance Management --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability found by vFinder (CVE-2018-14883 and CVE-2018-14851) ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Affected Product NameAffected VersionsIBM Lotus Protector for Mail Security2.8.3.0IBM Lotus Protector for Mail Security2.8.1.0 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Zookeeper could affect IBM Performance Management products (CVE-2018-8012) ∗∗∗ --------------------------------------------- Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ap… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- Affected product(s) and affected version(s):Rational Publishing Engine 2.1.0 Rational Publishing Engine 2.1.1 Rational Publishing Engine 2.1.2 Rational Publishing Engine 6.0.5 Rational Publishing Engine 6.0.6 --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- Security vulnerabilities affect multiple products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM). --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, icecast2, mupdf, and ruby2.3), Fedora (lldpad, NetworkManager, python-django, roundcubemail, thunderbird, webkit2gtk3, xen, and xorg-x11-server), Mageia (axis, cimg, gmic, dnsmasq, gitolite, gnutls, java-1.8.0-openjdk, lighttpd, mbedtls, mediawiki, perl-Dancer2, python-cryptography, and virtualbox), Red Hat (openvswitch, Red Hat Virtualization, and thunderbird), SUSE (curl, ffmpeg, and soundtouch), and Ubuntu (network-manager and systemd). --------------------------------------------- https://lwn.net/Articles/770744/ ∗∗∗ ZDI-18-1336: (0Day) Juuko JK-800 Replay Attack Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1336/ ∗∗∗ Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181105-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2018
by Daily end-of-shift report 02 Nov '18

02 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 31-10-2018 18:00 − Freitag 02-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Utilities, Energy Sector Attacked Mainly Via IT, Not ICS ∗∗∗ --------------------------------------------- Stealing administrative credentials to carry out months-long spy campaigns is a top threat. --------------------------------------------- https://threatpost.com/utilities-energy-sector-attacked-mainly-via-it-not-i… ∗∗∗ Intel CPUs impacted by new PortSmash side-channel vulnerability ∗∗∗ --------------------------------------------- Intel processors are impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPUs internal processes. --------------------------------------------- https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-cha… ∗∗∗ Zero-Day-Lücke in Cisco Adaptive Security Appliance und Firepower Threat Defense ∗∗∗ --------------------------------------------- Unbekannte Angreifer attackieren derzeit Firewalls und Sicherheitslösungen von Cisco. Für die Sicherheitslücke gibt es noch keinen Patch. --------------------------------------------- http://heise.de/-4208546 ∗∗∗ Bleedingbit: Sicherheitslücken in Bluetooth LE gefährden Access Points ∗∗∗ --------------------------------------------- Sicherheitsforscher skizzieren eine ihrer Einschätzung nach kritische Schwachstelle in einigen Bluetooth-Low-Energy-Chips. Es gibt bereits erste Updates. --------------------------------------------- http://heise.de/-4209343 ∗∗∗ Gefälschte iTunes Store-Rechnung im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte iTunes Store-Rechnung. Darin behaupten sie, dass Empfänger/innen einen Einkauf getätigt haben. Diesen können sie angeblich unter Bekanntgabe persönlicher Daten und ihrer Kreditkarteninformationen stornieren. Konsument/innen, die den erfundenen Einkauf rückgängig machen wollen, übermitteln Verbrecher/innen sensible Angaben und werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-itunes-store-rechnung-im… ∗∗∗ Coinhive & MikroTik ∗∗∗ --------------------------------------------- Wir haben in den uns zur Verfügung stehenden Shodan Daten nach Systemen gesucht, die von der Krypto-Mining Kampagne gegen MikroTik Geräte betroffen sind. Dabei sind wir auf ca 330 IP-Adressen aus Österreich gestoßen und haben die entsprechenden Abuse-Kontakte informiert. --------------------------------------------- https://www.cert.at/services/blog/20181102151919-2302.html ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA’s InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01 ∗∗∗ Schneider Electric Software Update (SESU) ∗∗∗ --------------------------------------------- This advisory includes mitigations for a DLL hijacking vulnerability in the Schneider Electric Software Update (SESU). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-02 ∗∗∗ Circontrol CirCarLife ∗∗∗ --------------------------------------------- This advisory includes mitigations for authentication bypass using an alternate path or channel and insufficiently protected credentials vulnerabilities in Circontrol’s CirCarLife, an electric vehicle charging station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03 ∗∗∗ Fr. Sauter AG CASE Suite ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper restriction of XML External Entity Reference vulnerability in Fr. Sauter AGs CASE Suite software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-305-04 ∗∗∗ Anviz AIM CrossChex Standard 4.3 Excel Macro Injection ∗∗∗ --------------------------------------------- CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php ∗∗∗ GitLab Critical Security Release: 11.4.4, 11.3.9, 11.2.8 ∗∗∗ --------------------------------------------- These versions contain a number of important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. --------------------------------------------- https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (phpldapadmin, poppler, and tzdata), Fedora (firefox, java-11-openjdk, libarchive, sos-collector, and teeworlds), Scientific Linux (java-1.7.0-openjdk, python-paramiko, and thunderbird), Slackware (curl), and SUSE (kernel, MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, and wireshark). --------------------------------------------- https://lwn.net/Articles/770367/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel and linux-lts), Debian (chromium-browser and mono), Oracle (firefox), and Ubuntu (curl). --------------------------------------------- https://lwn.net/Articles/770473/ ∗∗∗ Session Limit - Critical - Insecure Session Management - SA-CONTRIB-2018-072 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-072 ∗∗∗ Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018- 071 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-071 ∗∗∗ Paragraphs - Moderately critical - Access Bypass - SA-CONTRIB-2018-073 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-073 ∗∗∗ NextCloud Server: Mehrere Schwachstellen ermöglichen u. a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2238/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181101-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.10.2018
by Daily end-of-shift report 31 Oct '18

31 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-10-2018 18:00 − Mittwoch 31-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter Next End-of-Day report: 2018-11-02 ===================== = News = ===================== ∗∗∗ Square, PayPal POS Hardware Open to Multiple Attack Vectors ∗∗∗ --------------------------------------------- Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft. --------------------------------------------- https://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-v… ∗∗∗ Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims ∗∗∗ --------------------------------------------- Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that [...] --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/fallout-exploit-kit-release… ∗∗∗ Using PHP 5 Becomes Dangerous in 2 Months ∗∗∗ --------------------------------------------- WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. --------------------------------------------- https://www.wordfence.com/blog/2018/10/php5-dangerous/ ∗∗∗ 5 Types of Malware Currently Affecting macOS ∗∗∗ --------------------------------------------- Mac malware, or macOS malware, exists contrary to the popular belief that Apple’s operating system is immune to online threats. Cybersecurity researchers have been closely observing the threat landscape only to conclude that malware infections targeting Mac devices have increased in 2018. --------------------------------------------- https://www.tripwire.com/state-of-security/security-awareness/5-types-of-ma… ∗∗∗ Wenn Sie in eine Abo-Falle getappt sind… ∗∗∗ --------------------------------------------- Auf der Suche nach kostenlosen Angeboten und gratis Dienstleistungen werden Sie im Internet schnell fündig. Doch Vorsicht: Hier ist nicht alles Gold, was glänzt! Oft handelt es sich nämlich um Abo-Fallen, bei denen Ihnen unbegründet Rechnungen zugeschickt werden und man Ihnen mit Inkassobüro oder Rechtsanwaltsschreiben droht. Die Lösung? Auf gar keinen Fall bezahlen! --------------------------------------------- https://www.watchlist-internet.at/news/wenn-sie-in-eine-abo-falle-getappt-s… ∗∗∗ Warnung vor sierrasport-berlin.de ∗∗∗ --------------------------------------------- Der Online-Shop sierrasport-berlin.de vertreibt Markenfälschungen. Das können Konsument/innen daran erkennen, dass sämtliche Produkte stark rabattiert und lagernd sind. Kaufen sie bei sierrasport-berlin.de ein, müssen sie mit hohen Zusatzkosten, rechtlichen Konsequenzen und einem Identitätsdiebstahl rechnen. Von einem Einkauf bei sierrasport-berlin.de wird dringend abgeraten! --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sierrasport-berlinde/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability ∗∗∗ --------------------------------------------- Integrated Data Protection Appliance (iDPA) contains undocumented accounts with limited access which may potentially be used by a malicious user to compromise the affected system. --------------------------------------------- https://seclists.org/fulldisclosure/2018/Oct/53 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (gitlab), Debian (gnutls28), Fedora (audiofile, coreutils, firefox, hesiod, kernel, kernel-headers, kernel-tools, libssh, lighttpd, mosquitto, opencc, patch, php-horde-nag, sos-collector, strongswan, and thunderbird), Gentoo (libxkbcommon, mutt-1.10, postgresql, systemd, xen, and xorg-server), Mageia (curl, libtiff, samba, spamassassin, and unzip), Oracle (java-1.7.0-openjdk and python-paramiko), Red Hat (git, glusterfs, java-1.7.0-openjdk, [...] --------------------------------------------- https://lwn.net/Articles/770203/ ∗∗∗ VMSA-2015-0008.2 ∗∗∗ --------------------------------------------- VMware product updates address information disclosure issue. Updated advisory to add vCloud Director fixes for 9.0.0.x and 9.1.0.x versions that now address CVE-2015-3269. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0008.html ∗∗∗ HPESBHF03894 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) Firmware Updates, Local Bypass of Security Restrictions ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ ElegantThemes (divi, extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9140 ∗∗∗ Apple security updates ∗∗∗ --------------------------------------------- https://support.apple.com/en-us/HT201222 ∗∗∗ Security Advisory - SegmentSmack Vulnerability in Linux Kernel ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-… ∗∗∗ Security Advisory - Improper Authorization Vulnerability in Huawei Watches ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-… ∗∗∗ IBM Security Bulletin: IBM Robotic Process Automation could disclose sensitive information in a web request (CVE-2018-1878) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735977 ∗∗∗ IBM Security Bulletin: Passwords are unencrypted locally in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1877) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735973 ∗∗∗ IBM Security Bulletin: Passwords printed to log files in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1876) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735967 ∗∗∗ IBM Security Bulletin: ViewONE is vulnerable to XXE attack when opening PDF documents ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10733815 ∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737147 ∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737125 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by vulnerabilities in python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10736105 ∗∗∗ IBM Security Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1552) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016247 ∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15314 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04524282 ∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15313 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21042153 ∗∗∗ TMM vulnerability CVE-2018-15320 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K72442354 ∗∗∗ BIG-IP tmsh vulnerability CVE-2018-15321 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01067037 ∗∗∗ MQTT vulnerability CVE-2018-15323 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K26583415 ∗∗∗ BIG-IP Configuration utility vulnerability CVE-2018-15327 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20222812 ∗∗∗ tmsh utility vulnerability CVE-2018-15322 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28003839 ∗∗∗ BIG-IP APM portal access vulnerability CVE-2018-15324 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52206731 ∗∗∗ TMM vulnerability CVE-2018-15319 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64208870 ∗∗∗ BIG-IP iControl & tmsh vulnerability CVE-2018-15325 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K77313277 ∗∗∗ BIG-IP APM CRL vulnerability CVE-2018-15326 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34652116 ∗∗∗ TMM vulnerability CVE-2018-15318 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16248201 ∗∗∗ TMM vulnerability CVE-2018-15317 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43625118 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.10.2018
by Daily end-of-shift report 30 Oct '18

30 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Montag 29-10-2018 18:00 − Dienstag 30-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ CommonRansom Ransomware Demands RDP Access to Decrypt Files ∗∗∗ --------------------------------------------- A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victims files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/commonransom-ransomware-dema… ∗∗∗ Krankenkassen: Vivy-App gibt Daten preis ∗∗∗ --------------------------------------------- Sicherheitsforscher haben einige gravierende Lücken in der Krankenkassen-App Vivy gefunden. Unter anderem konnte auf Dokumente, die man mit dem Arzt teilte, unberechtigt zugegriffen werden. (Medizin, Verschlüsselung) --------------------------------------------- https://www.golem.de/news/krankenkassen-vivy-app-gibt-daten-preis-1810-1373… ∗∗∗ Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures ∗∗∗ --------------------------------------------- by Stephen Hilt, Numaan Huq, Vladimir Kropotov, Robert McArdle, Cedric Pernet, and Roel Reyes Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5LDw-xUlnAw/ ∗∗∗ Sicherheitsupdates: Multifunktionsgeräte von Lexmark anfällig für "böse" Faxe ∗∗∗ --------------------------------------------- Sicherheitspatches für Drucker-Fax-Kopier-Kombinationen von Lexmark schließen zwei Lücken. Eine davon gilt als kritisch. --------------------------------------------- http://heise.de/-4206719 ∗∗∗ Systemd: DHCPv6-Pakete können Linux-Rechner kapern ∗∗∗ --------------------------------------------- Eine Systemd-Komponente in vielen modernen Linux-Systemen kann missbraucht werden, um den Rechner übers Netz zu kapern. --------------------------------------------- http://heise.de/-4206800 ∗∗∗ Erpresserische E-Mails drohen mit Masturbationsvideo ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Nachrichten. Darin behaupten sie, dass sie das Passwort der Empfänger/innen kennen, angeblich Zugriff auf ihren Computer haben und deshalb über Masturbationsvideos verfügen. Die Adressat/innen sollen Bitcoins bezahlen, damit es zu keiner Veröffentlichung der Aufnahmen kommt. Konsument/innen können das Schreiben ignorieren, denn es ist erfunden. Eine Reaktion ist nicht erforderlich. --------------------------------------------- https://www.watchlist-internet.at/news/erpresserische-e-mails-drohen-mit-ma… ===================== = Vulnerabilities = ===================== ∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:4 ∗∗∗ --------------------------------------------- Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors. --------------------------------------------- http://www.squid-cache.org/Advisories/SQUID-2018_4.txt ∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:5 ∗∗∗ --------------------------------------------- Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack. --------------------------------------------- http://www.squid-cache.org/Advisories/SQUID-2018_5.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (xorg-x11-server), Debian (xen), Red Hat (389-ds-base, binutils, curl and nss-pem, fuse, glibc, glusterfs, GNOME, gnutls, jasper, java-1.7.0-openjdk, kernel, kernel-alt, kernel-rt, krb5, libcdio, libkdcraw, libmspack, libreoffice, libvirt, openssl, ovmf, python, python-paramiko, qemu-kvm, qemu-kvm-ma, samba, setup, sssd, wget, wpa_supplicant, X.org X11, xerces-c, zsh, and zziplib), and SUSE (ardana-monasca, ardana-spark, kafka, kafka-kit, [...] --------------------------------------------- https://lwn.net/Articles/770031/ ∗∗∗ Sandbox Bypass in Script Security and Pipeline Groovy Plugins ∗∗∗ --------------------------------------------- https://jenkins.io/security/advisory/2018-10-29/ ∗∗∗ GitLab Security Release: 11.4.3, 11.3.8, and 11.2.7 ∗∗∗ --------------------------------------------- https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-… ∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735105 ∗∗∗ IBM Security Bulletin: Vulnerability in the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732968 ∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2018-10858) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732876 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10737813 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10735169 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733845 ∗∗∗ reposync vulnerability CVE-2018-10897 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23200408 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.10.2018
by Daily end-of-shift report 29 Oct '18

29 Oct '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-10-2018 18:00 − Montag 29-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows 10 Bug Allowed UWP Apps Full Access to File System ∗∗∗ --------------------------------------------- A bug in Windows 10 allowed UWP apps (Universal Windows Platform) to have access to the entire file system in Windows without permission from the user. This could have allowed a malicious app to access any data stored on the computer without the knowledge or consent of the user. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-a… ∗∗∗ Linux und BSD: Sicherheitslücke in X.org ermöglicht Root-Rechte ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im Displayserver X.org erlaubt unter bestimmten Umständen das Überschreiben von Dateien und das Ausweiten der Benutzerrechte. Der passende Exploit passt in einen Tweet. (Sicherheitslücke, OpenBSD) --------------------------------------------- https://www.golem.de/news/linux-und-bsd-sicherheitsluecke-in-x-org-ermoegli… ∗∗∗ Sicherheitslücke: Steuerung von Bau-Kran lässt sich übernehmen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke in der kabellosen Kransteuerung Telecrane F25 ermöglicht es, Signale mitzuschneiden und mit diesen anschließend den Kran fernzusteuern. Ein Sicherheitsupdate steht bereit. (Sicherheitslücke, Mobil) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-steuerung-von-bau-kran-laesst-s… ∗∗∗ OWASP Top 10 Security Risks – Part II ∗∗∗ --------------------------------------------- It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2018/10/owasp-top-10-security-risks-part-ii.html ∗∗∗ The D in Systemd stands for Dammmmit! A nasty DHCPv6 packet can pwn a vulnerable Linux box ∗∗∗ --------------------------------------------- Hole opens up remote-code execution to miscreants – or a crash, if youre lucky A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/10/26/systemd_dhc… ∗∗∗ Google schreibt Android-Herstellern zwei Jahre Sicherheitspatches vor ∗∗∗ --------------------------------------------- In einem Vertrag schreibt Google Herstellern von Android-Smartphones regelmäßige Sicherheitsupdates vor. Diese Verpflichtung gilt bereits seit dem Sommer. --------------------------------------------- http://heise.de/-4203113 ∗∗∗ Ransomware and the enterprise: A new white paper ∗∗∗ --------------------------------------------- Ransomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce risk The post Ransomware and the enterprise: A new white paper appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2018/10/29/ransomware-enterprise-new-white-p… ===================== = Vulnerabilities = ===================== ∗∗∗ GEOVAP Reliance 4 SCADA/HMI ∗∗∗ --------------------------------------------- This advisory includes mitigations for a cross-site scripting vulnerability in GEOVAPs Reliance 4 SCADA/HMI system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, and improper access control vulnerabilities in Advantechs WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 ∗∗∗ Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox), CentOS (firefox), Debian (389-ds-base, openjdk-8, thunderbird, and xorg-server), Fedora (firefox), openSUSE (GraphicsMagick, jhead, mysql-community-server, ntp, postgresql96, python-cryptography, rust, tomcat, webkit2gtk3, and zziplib), Scientific Linux (firefox), and SUSE (clamav, firefox, ImageMagick, libgit2, net-snmp, smt, wpa_supplicant, and xorg-x11-server). --------------------------------------------- https://lwn.net/Articles/769613/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (xorg-server), Debian (graphicsmagick, libmspack, paramiko, ruby2.1, teeworlds, and tiff), Fedora (lldpad), Mageia (bitcoin, blueman, busybox, dhcp, exempi, firefox, kernel, kernel-linus, kernel-tmb, lilypond, ruby, and x11-server), openSUSE (audiofile, clamav, hostapd, ImageMagick, lcms2, libgit2, mercurial, net-snmp, and wpa_supplicant), SUSE (audiofile, binutils, kdelibs3, lcms2, mysql, openssh, and xen), and Ubuntu (mysql-5.5 and xorg-server, [...] --------------------------------------------- https://lwn.net/Articles/769891/ ∗∗∗ WebKitGTK+ 2.22.3 released! ∗∗∗ --------------------------------------------- This is a bug fix release in the stable 2.22 series. What’s new in the WebKitGTK+ 2.22.3 release? [...] Fix a memory leak during media playback when using playbin3. Fix portions of Web views not being rendered after resizing. Fix Resource Timing reporting for elements. Fix the build with the remote Web Inspector [...] --------------------------------------------- https://webkitgtk.org/2018/10/29/webkitgtk2.22.3-released.html ∗∗∗ OpenSSL: Eine Schwachstelle ermöglicht das Ausspähen des privaten Schlüssels ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-2188/ ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801r ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737409 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737301 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in CacheMonitor for WebSphere Application Server (CVE-2018-1767) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729547 ∗∗∗ Microsoft Skype for Business Audio File Processing Flaw Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041956 ∗∗∗ Apache Tomcat vulnerability CVE-2018-11784 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64921482 ∗∗∗ Mozilla NSS vulnerability CVE-2018-12384 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41738501 ∗∗∗ HPESBMU03895 rev.1 - HPE Real Time Management System (RTMS), Multiple Remote Security Issues ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03869 rev.1 - HPE Windows Firmware Installer for certain HPE Gen9,Gen8, G7, and G6 Servers, Local Disclosure of Privileged Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily