- Daily - CERT.at

Tageszusammenfassung - 21.03.2018
by Daily end-of-shift report 21 Mar '18

21 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-03-2018 18:00 − Mittwoch 21-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IETF 101: TLS 1.3 ist jetzt wirklich fertig ∗∗∗ --------------------------------------------- Auf der IETF-Tagung in London ist TLS 1.3 beschlossen worden. In wenigen Wochen dürfte der Standard für Verschlüsselung im Web dann auch als RFC erscheinen. --------------------------------------------- https://www.golem.de/news/ietf-101-tls-1-3-ist-jetzt-wirklich-fertig-1803-1… ∗∗∗ Ryzenfall, Fallout & Co: AMD bestätigt Sicherheitslücken in Ryzen- und Epyc-Prozessoren ∗∗∗ --------------------------------------------- Der Chiphersteller AMD konnte die Sicherheitslücken in Epyc- und Ryzen-CPUs sowie Promontory-Chipsätzen nachvollziehen und kündigt Sicherheitspatches für die betroffenen Systeme an. --------------------------------------------- https://heise.de/-4000040 ∗∗∗ Nmap 7.70 released: Better service and OS detection, 9 new NSE scripts, and more! ∗∗∗ --------------------------------------------- Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. --------------------------------------------- https://www.helpnetsecurity.com/2018/03/21/nmap-7-70-released/ ∗∗∗ Keine 3D Secure Passwort-Aktualisierung notwendig ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte CardComplete-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie ihre persönlichen Daten aktualisieren. Das soll auf einer gefälschten Website geschehen und angeblich notwendig sein, damit Kund/innen weiterhin das 3D Secure-Verfahren nützen können. In Wahrheit übermitteln sie mit einer Aktualisierung ihre Kreditkartendaten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/keine-3d-secure-passwort-aktualisier… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0543/">GitLab: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Schwachstelle ermöglicht einem vermutlich nicht authentisierten Angreifer mit Netzwerkzugriff auf eine GitLab-Instanz die Durchführung eines Server-Side-Request-Forgery (SSRF)-Angriffs, mit Hilfe von manipulierten Web-Anfragen, und dadurch unter anderem das Ausspähen von Informationen, das Umgehen von Sicherheitsvorkehrungen sowie die Ausführung beliebigen Programmcodes. Eine weitere Schwachstelle betrifft nur die GitLab Community Edition (CE) und ermöglicht einem authentisierten Angreifer durch eine Auth0-Anmeldung die Anmeldung eines anderen Benutzers und dadurch möglicherweise dessen Benutzerrechte zu erlangen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0543/ ∗∗∗ DFN-CERT-2018-0547/">Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen nicht weiter spezifizierte Angriffe ∗∗∗ --------------------------------------------- Ein Angreifer kann aufgrund mehrerer Schwachstellen in Google Chrome und Chromium verschiedene, nicht weiter spezifizierte Angriffe ausführen. In der Vergangenheit konnten derartige Schwachstellen zumeist von einem entfernten und nicht authentisierten Angreifer ausgenutzt werden. Google stellt Chrome 65.0.3325.181 für Windows, macOS und Linux als Sicherheitsupdate zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0547/ ∗∗∗ DFN-CERT-2018-0551/">SpiderMonkey (mozjs): Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in SpiderMonkey ermöglichen einem entfernten und nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes. Eine Schwachstelle ermöglicht dem Angreifer einen Denial-of-Service (DoS)-Angriff, eine weitere das Umgehen von Sicherheitsvorkehrungen. Ein lokaler, nicht authentisierter Angreifer kann außerdem Informationen ausspähen. Mozilla stellt analog zur kürzlich veröffentlichten Version 52.7.2 von Firefox ESR eine aktuelle Version der JavaScript-Engine SpiderMonkey zur Verfügung, macht aber keine Angaben über die dadurch behobenen Schwachstellen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0551/ ∗∗∗ [openssl-announce] Forthcoming OpenSSL releases ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0h and 1.0.2o. These releases will be made available on 27th March 2018 between approximately 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities have been addressed: CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing CVE-2018-7541: grant table v2 -> v1 transition may crash Xen --------------------------------------------- https://support.citrix.com/article/CTX232655 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (plexus-utils), Fedora (calibre, cryptopp, curl, dolphin-emu, firefox, golang, jhead, kernel, libcdio, libgit2, libvorbis, ming, net-snmp, patch, samba, xen, and zsh), Red Hat (collectd and rh-mariadb101-mariadb and rh-mariadb101-galera), and Ubuntu (paramiko and tiff). --------------------------------------------- https://lwn.net/Articles/749871/ ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Weak Algorithm Vulnerability on Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-… ∗∗∗ Security Advisory - Out-Of-Bounds Write Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180214-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180106-… ∗∗∗ IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to the vulnerability known as Spectre (CVE-2017-5715) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099757 ∗∗∗ IBM Security Bulletin: One vulnerability in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2, v5.0.2, v5.0.2.1, v5.0.3, v5.0.4, v5.0.4.1 (CVE-2017-10356) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014797 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099787 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099786 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2017-3735) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099793 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014815 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2018
by Daily end-of-shift report 20 Mar '18

20 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-03-2018 18:00 − Dienstag 20-03-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Administrators Password Bad Practice, (Tue, Mar 20th) ∗∗∗ --------------------------------------------- Just a quick reminder about some bad practices while handling Windows Administrator credentials. --------------------------------------------- https://isc.sans.edu/diary/rss/23465 ∗∗∗ This Android malware redirects calls you make to your bank to go to scammers instead ∗∗∗ --------------------------------------------- Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. Very sneaky. --------------------------------------------- https://www.grahamcluley.com/this-android-malware-redirects-calls-you-make-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: ES2018-05 Kamailio heap overflow ∗∗∗ --------------------------------------------- A specially crafted REGISTER message with a malformed `branch` or `From tag` triggers an off-by-one heap overflow. Abuse of this vulnerability leads to denial of service in Kamailio. Further research may show that exploitation leads to remote code execution. --------------------------------------------- http://www.securityfocus.com/archive/1/541874 ∗∗∗ Bugtraq: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries ∗∗∗ --------------------------------------------- Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled. --------------------------------------------- http://www.securityfocus.com/archive/1/541875 ∗∗∗ DFN-CERT-2018-0526/">Apache Commons Compress: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten ZIP-Archivdatei einen Denial-of-Service-Angriff auf Apache Commons Compress und auf Software, die dessen ZIP-Paket verwendet, durchführen. Der Hersteller veröffentlicht zur Behebung der Schwachstelle die Version Commons Compress 1.16. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0526/ ∗∗∗ DFN-CERT-2018-0532/">SDL2, SDL2_image: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in verschiedenen Komponenten von SDL2_image ermöglicht einem entfernten, nicht authentisierten Angreifer mit Hilfe manipulierter Bilddateien, welche ein Benutzer anzeigen muss, die Ausführung beliebigen Programmcodes sowie die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0532/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), openSUSE (various KMPs), Oracle (firefox), Scientific Linux (firefox), SUSE (java-1_7_1-ibm), and Ubuntu (memcached). --------------------------------------------- https://lwn.net/Articles/749757/ ∗∗∗ [R1] Nessus 7.0.3 Fixes One Vulnerability ∗∗∗ --------------------------------------------- When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. --------------------------------------------- http://www.tenable.com/security/tns-2018-01 ∗∗∗ Geutebruck IP Cameras ∗∗∗ --------------------------------------------- This advisory includes mitigations for several vulnerabilities in the Geutebrück IP Cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 ∗∗∗ Siemens SIMATIC, SINUMERIK, and PROFINET IO ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC, SINUMERIK, and PROFINET IO products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-079-02 ∗∗∗ IBM Security Bulletin: Denial of Service attack affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-3768) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099791 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099790 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099766 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099759 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099758 ∗∗∗ IBM Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099779 ∗∗∗ IBM Security Bulletin: Vulnerabilities in expat affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099765 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Chassis Management Module (CVE-2017-1000100) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099776 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099775 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2018
by Daily end-of-shift report 19 Mar '18

19 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-03-2018 18:00 − Montag 19-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Ab sofort: Cyber-Security-Hotline der WKO für Unternehmen ∗∗∗ --------------------------------------------- Cyberattacken können jedes Unternehmen treffen - im Falle des Falles ist rasche Hilfe wichtig. Dafür sorgt die Hotline der WKO unter 0800 888 133. --------------------------------------------- https://futurezone.at/b2b/ab-sofort-cyber-security-hotline-der-wko-fuer-unt… ∗∗∗ Großes Missbrauchspotenzial beim Bundestrojaner ∗∗∗ --------------------------------------------- Der Bundestrojaner ist laut Verfassungsjuristen rechtlich "kaum angreifbar". Missbrauch ist nach Meinung von IT-Experten kaum zu kontrollieren. --------------------------------------------- https://futurezone.at/netzpolitik/grosses-missbrauchspotenzial-beim-bundest… ∗∗∗ VB2017 paper: The life story of an IPT - Inept Persistent Threat actor ∗∗∗ --------------------------------------------- At VB2017 in Madrid, Polish security researcher and journalist Adam Haertlé presented a paper about a very inept persistent threat. Today, we publish both the paper and the recording .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/03/vb2017-paper-life-story-ipt-… ∗∗∗ Pwn2Own: Touch Bar eines MacBook Pro via Safari gehackt ∗∗∗ --------------------------------------------- Über die Ausnutzung von insgesamt drei Fehlern gelang es einem Sicherheitsforscher, aus dem Browser heraus tief in macOS einzugreifen. Auch ein weiterer Safari-Hack verlief erfolgreich. --------------------------------------------- https://www.heise.de/meldung/Pwn2Own-Touch-Bar-eines-MacBook-Pro-via-Safari… ∗∗∗ Hacker-Wettbewerb Pwn2Own: Firefox, Edge und Safari fallen um wie die Fliegen ∗∗∗ --------------------------------------------- Dieses Jahr haben die Pwn2Own-Veranstalter ein Preisgeld von zwei Millionen US-Dollar ausgerufen. Trotz einiger Hack-Erfolge blieb ein Großteil der Prämie jedoch im Topf. --------------------------------------------- https://www.heise.de/meldung/Hacker-Wettbewerb-Pwn2Own-Firefox-Edge-und-Saf… ∗∗∗ Passwort-Tresor Webbrowser: Firefox pfuscht seit neun Jahren beim Master-Kennwort ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt erneut: In Firefox und Thunderbird gespeicherte Passwörter sind nicht effektiv vor Datendiebstahl geschützt. --------------------------------------------- https://www.heise.de/meldung/Passwort-Tresor-Webbrowser-Firefox-pfuscht-sei… ∗∗∗ Hackerangriff auf deutsches Regierungsnetz nur punktuell erfolgreich ∗∗∗ --------------------------------------------- Berlin will sich stärker gegen Cyberattacken schützen --------------------------------------------- http://derstandard.at/2000076371068 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4144 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4144 ∗∗∗ DSA-4143 firefox-esr - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4143 ∗∗∗ DSA-4145 gitlab - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4145 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.03.2018
by Daily end-of-shift report 16 Mar '18

16 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-03-2018 18:00 − Freitag 16-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ TROOPERS 18 Wrap-Up Day #2 ∗∗∗ --------------------------------------------- Hello Readers, here is my wrap-up of the second day. Usually, the second day is harder in the morning due to the social events but, at TROOPERS, they organize the hacker run started at 06:45 for the most motivated of us. Today, the topic of the 3rd track switched from [...] --------------------------------------------- https://blog.rootshell.be/2018/03/15/troopers-18-wrap-day-2/ ∗∗∗ Schwachstelle in Chrome RDP für macOS: Gast kann vollen Remote-Zugriff erhalten ∗∗∗ --------------------------------------------- Ein Fehler in Googles Fernwartungs-Tool Chrome Remote Desktop kann es Unbefugten ohne Kenntnis eines Passwortes ermöglichen, einen aktiven Nutzer-Account auf dem entfernten Mac zu übernehmen, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3996450 ∗∗∗ Sofacy Uses DealersChoice to Target European Government Agency ∗∗∗ --------------------------------------------- Back in October 2016, Unit 42 published an initial analysis on a Flash exploitation framework used by the Sofacy threat group called DealersChoice. The attack consisted of Microsoft Word delivery documents that contained Adobe Flash objects capable of loading additional malicious Flash objects embedded in the file or directly provided by a command and control server. Sofacy continued to use [...] --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-deal… ∗∗∗ Hintertüren in USB-Controllern auch in Intel-Systemen vermutet ∗∗∗ --------------------------------------------- Einige der kürzlich von CTS-Labs gemeldeten Sicherheitslücken von AMD-Chips betreffen auch PCIe-USB-3.0-Controller von ASMedia, die auf vielen Mainboards für Intel-Prozessoren sitzen. --------------------------------------------- https://heise.de/-3996868 ∗∗∗ Qrypter RAT Hits Hundreds of Organizations Worldwide ∗∗∗ --------------------------------------------- Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says. The malware, often mistaken for the Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform. --------------------------------------------- https://www.securityweek.com/qrypter-rat-hits-hundreds-organizations-worldw… ∗∗∗ Abusing Duo 2FA ∗∗∗ --------------------------------------------- On a recent client engagement, our customer asked us to look at their use of Duo Security multifactor authentication that protected Windows workstation logins. It was configured to send a push notification to users' phones whenever they logged in or unlocked, either physically at the console or over remote desktop. --------------------------------------------- https://www.pentestpartners.com/security-blog/abusing-duo-2fa/ ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0008 ∗∗∗ --------------------------------------------- Workstation and Fusion updates address a denial-of-service vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0008.html ∗∗∗ VMSA-2018-0007.2 ∗∗∗ --------------------------------------------- VMware Virtual Appliance updates address side-channel analysis due to speculative execution 2018-03-15: Updated in conjunction with the release of Identity Manager (vIDM) 3.2 and vRealize Automation (vRA) 7.3.1 on 2018-03-15. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0007.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (clamav and firefox-esr), openSUSE (Chromium and kernel-firmware), Oracle (firefox), Red Hat (ceph), Scientific Linux (firefox), Slackware (curl), and SUSE (java-1_7_1-ibm and mariadb). --------------------------------------------- https://lwn.net/Articles/749513/ ∗∗∗ Bugtraq: Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541861 ∗∗∗ DFN-CERT-2018-0513: HP-UX CIFS Server (Samba), Apache Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0513/ ∗∗∗ DFN-CERT-2018-0507: Monitorix: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0507/ ∗∗∗ [remote] MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44290/?rss ∗∗∗ [remote] SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/44292/?rss ∗∗∗ IBM Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014388 ∗∗∗ IBM Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2017-12613) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013598 ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011981 ∗∗∗ IBM Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22011984 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.03.2018
by Daily end-of-shift report 15 Mar '18

15 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-03-2018 18:00 − Donnerstag 15-03-2018 18:00 Handler: Nina Bieringer Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PSA: Beware of Windows PowerShell Credential Request Prompts ∗∗∗ --------------------------------------------- A new PowerShell script was posted on Github recently that prompts a victim to enter their login credentials, checks if they are correct, and then sends the credentials to a remote server. This allows an attacker to distribute the script and harvest domain login credentials from their victims. --------------------------------------------- https://www.bleepingcomputer.com/news/security/psa-beware-of-windows-powers… ∗∗∗ Webmailer: Squirrelmail-Sicherheitslücke bleibt vorerst offen ∗∗∗ --------------------------------------------- Bei der Untersuchung einer Security-Appliance von Check Point haben Sicherheitsforscher eine Lücke im Webmail-Tool Squirrelmail gefunden, mit der sich unberechtigt Dateien des Servers auslesen lassen. Einen offiziellen Fix gibt es bislang nicht, Golem.de stellt aber einen vorläufigen Patch bereit. --------------------------------------------- https://www.golem.de/news/webmailer-squirrelmail-sicherheitsluecke-bleibt-v… ∗∗∗ VPN tests reveal privacy-leaking bugs ∗∗∗ --------------------------------------------- Hotspot Shield patched; Zenmate and VPN Shield havent ... yet? A virtual private network recommendation site decided to call in the white hats and test three products for bugs, and the news wasnt good. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/03/15/vpn_tests_r… ∗∗∗ TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗ --------------------------------------------- [...] This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-074A ∗∗∗ Rechnungen im Doc-Format sind Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden E-Mails, mit denen Sie Empfänger/innen dazu auffordern, eine Rechnung zu öffnen: „bitte Anhang beachten. Danke. Noch einen schönen Resttag“. Die Rechnung steht auf einer fremden Website zum Download bereit. Nutzer/innen, die die angebliche Zahlungsaufforderung öffnen, installieren Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/rechnungen-im-doc-format-sind-schads… ===================== = Vulnerabilities = ===================== ∗∗∗ Arbitrary Shortcode Execution & Local File Inclusion in WOOF (PluginUs.Net) ∗∗∗ --------------------------------------------- Multiple vulnerabilies have been identified in WooCommerce Products Filter version 1.1.9. An unauthenticated user can perform a local file inclusion and execute arbitrary wordpress shortcode. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/arbitrary-shortcode-executio… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (samba), CentOS (389-ds-base, kernel, libreoffice, mailman, and qemu-kvm), Debian (curl, libvirt, and mbedtls), Fedora (advancecomp, ceph, firefox, libldb, postgresql, python-django, and samba), Mageia (clamav, memcached, php, python-django, and zsh), openSUSE (adminer, firefox, java-1_7_0-openjdk, java-1_8_0-openjdk, and postgresql94), Oracle (kernel and libreoffice), Red Hat (erlang, firefox, flash-plugin, and java-1.7.1-ibm), Scientific Linux --------------------------------------------- https://lwn.net/Articles/749423/ ∗∗∗ IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012341 ∗∗∗ IBM Security Bulletin: IBM® Db2® performs unsafe deserialization in DB2 JDBC driver (CVE-2017-1677) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012896 ∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099764 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099763 ∗∗∗ IBM Security Bulletin: Vulnerability in HTTPD affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099762 ∗∗∗ IBM Security Bulletin: Under specific circumstances IBM® Db2® installation creates users with a weak password hashing algorithm (CVE-2017-1571). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012948 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Campaign, IBM Contact Optimization ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014126 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the GSKit library (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013756 ∗∗∗ Linux kernel vulnerability CVE-2017-1000111 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44309215 ∗∗∗ Apache vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Apache Portable Runtime vulnerability CVE-2017-12613 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52319810 ∗∗∗ Linux kernel vulnerability CVE-2017-1000112 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K60250153 ∗∗∗ Linux kernel vulnerability CVE-2017-9074 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K61223103 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.03.2018
by Daily end-of-shift report 14 Mar '18

14 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-03-2018 18:00 − Mittwoch 14-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2018 ∗∗∗ --------------------------------------------- March 2018 Android Security Bulletin --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Websicherheit: Apple-Datei auf Webservern verrät Verzeichnisinhalte ∗∗∗ --------------------------------------------- Mittels Parser lassen sich aus .DS_Store-Dateien sensible Informationen auslesen. Das Projekt Internetwache.org hat sich die proprietäre Lösung von Apple genauer angeschaut - und Erstaunliches zutage gefördert. --------------------------------------------- https://www.golem.de/news/websicherheit-apple-datei-auf-webservern-verraet-… ∗∗∗ Spectre-Lücke: Intels Microcode-Updates für Linux und Windows ∗∗∗ --------------------------------------------- Endlich hat es Intel geschafft, die zum Stopfen der Spectre-V2-Lücke nötigen Updates für Core-i-Prozessoren seit 2011 (Sandy Bridge) zu veröffentlichen - vor allem für Linux-Distributionen. --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-L… ∗∗∗ Lets Encrypt stellt ab sofort Wildcard-Zertifikate aus ∗∗∗ --------------------------------------------- Die kostenlose Zertifizierungsstelle Lets Encrypt stellt ab sofort auch Zertifikate ohne explizit benannte Subdomains aus. Durch solche Wildcards können Admins mit weniger unterschiedlichen Zertifikaten HTTPS aktivieren. --------------------------------------------- https://www.heise.de/meldung/Let-s-Encrypt-stellt-ab-sofort-Wildcard-Zertif… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-05), Adobe Connect (APSB18-06) and Adobe Dreamweaver CC (APSB18-07). Adobe recommends users update their product .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1535 ∗∗∗ Microsoft - March 2018 Security Updates ∗∗∗ --------------------------------------------- The March security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and .. --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail… ∗∗∗ Mozilla Foundation Security Advisory 2018-06 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox 59 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ ∗∗∗ Mozilla Foundation Security Advisory 2018-07 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox ESR 52.7 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (calibre, dovecot, and postgresql), CentOS (dhcp and mailman), Fedora (freetype, kernel, leptonica, mariadb, mingw-leptonica, net-snmp, .. --------------------------------------------- https://lwn.net/Articles/749288/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2018
by Daily end-of-shift report 13 Mar '18

13 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-03-2018 18:00 − Dienstag 13-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Phishing bei Amazon Prime-Kunden ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Amazon Prime-Schreiben an Unternehmen. Darin behaupten sie, dass diese ihre Mitgliedschaft nicht bezahlen konnten. Aus diesem Grund sollen Verkäufer/innen auf einer Website ihre Zahlungsdaten aktualisieren. In Wahrheit müssen Empfänger/innen keine Reaktion zeigen und können die Nachricht löschen, denn es handelt sich um eine Phishingmail. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-bei-amazon-prime-kunden/ ===================== = Vulnerabilities = ===================== ∗∗∗ [20180301] - Core - SQLi vulnerability User Notes ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.5.0 through 3.8.5 Exploit type: SQLi Reported Date: 2018-March-08 Fixed Date: 2018-March-12 CVE Number: CVE-2018-8045 --------------------------------------------- https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnera… ∗∗∗ TYPO3 8.7.11 and 7.6.25 released ∗∗∗ --------------------------------------------- The TYPO3 Community announces the versions 8.7.11 LTS and 7.6.25 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes only. --------------------------------------------- https://typo3.org/news/article/typo3-8711-and-7625-released ∗∗∗ Achtung Admins: Netzwerküberwachung PRTG speichert Passwörter unverschlüsselt ∗∗∗ --------------------------------------------- Wer die Netzwerküberwachung PRTG von Paessler nutzt, muss jetzt handeln, ansonsten könnten Angreifer Passwörter auslesen. --------------------------------------------- https://heise.de/-3992126 ∗∗∗ Sicherheitsforscher beschreiben 12 Lücken in AMD-Prozessoren ∗∗∗ --------------------------------------------- Die Firma CTS-Labs meldet 12 Sicherheitslücken, die aktuelle AMD-Prozessoren wie Ryzen, Ryzen Pro und Epyc betreffen beziehungsweise deren integrierte AMD Secure Processors (PSP). --------------------------------------------- https://heise.de/-3993807 ∗∗∗ rt-sa-2017-012 ∗∗∗ --------------------------------------------- Shopware Cart Accessible by Third-Party Websites --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-012.txt ∗∗∗ SAP Security Patch Day - March 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/ ∗∗∗ Kritische Sicherheitslücke in Samba4 - Patches verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Samba4 - Patches verfügbar 13. März 2018 Beschreibung Wie das Samba-Projekt bekanntgegeben hat, gibt es 2 Sicherheitsprobleme in allen aktuellen Samba-Versionen, eine davon stufen wir als kritisch ein. CVE-Nummern: CVE-2018-1057 CVE-2018-1050 Auswirkungen Durch Ausnutzen von CVE-2018-1057 kann ein angemeldeter Benutzer auf einem Samba Domain Controller die Passwörter beliebiger Benutzerkonten ändern. Dies inkludiert Dienst-Accounts von --------------------------------------------- http://www.cert.at/warnings/all/20180313.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (samba), Fedora (tor), openSUSE (glibc, mysql-connector-java, and shadow), Oracle (dhcp), Red Hat (bind, chromium-browser, and dhcp), Scientific Linux (dhcp), and SUSE (java-1_7_0-openjdk, java-1_8_0-ibm, and java-1_8_0-openjdk). --------------------------------------------- https://lwn.net/Articles/749177/ ∗∗∗ BSRT-2018-001 Vulnerability in UEM Management Console impacts UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013951 ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2017-3145 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022495 ∗∗∗ IBM Security Bulletin: Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2018-1388) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014196 ∗∗∗ IBM Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022490 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2018
by Daily end-of-shift report 12 Mar '18

12 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-03-2018 18:00 − Montag 12-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files ∗∗∗ --------------------------------------------- A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victims files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted files name. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-g… ∗∗∗ Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers ∗∗∗ --------------------------------------------- Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer). --------------------------------------------- https://www.bleepingcomputer.com/news/security/coinminer-campaigns-target-r… ∗∗∗ SmartCam: Kritische Sicherheitslücken in Cloud-Anbindung von Samsung-IP-Kameras ∗∗∗ --------------------------------------------- Lücken in der IP-Kamera SNH-V6410PN/PNW ermöglichen es, das Linux darauf zu kapern. Da die Sicherheitslücke in der Cloud-Anbindung liegt, sind wahrscheinlich weitere SmartCam-Modelle betroffen. Der Cloud-Dienst verwaltet die Kameras per Jabber-Server. --------------------------------------------- https://www.heise.de/security/meldung/SmartCam-Kritische-Sicherheitsluecken… ∗∗∗ TLS 1.3 and Proxies ∗∗∗ --------------------------------------------- I'll generally ignore the internet froth in a given week as much as possible, but when Her Majesty's Government starts repeating misunderstandings about TLS 1.3 it is necessary to write something, if only to have a pointer ready for when people start citing it as evidence. --------------------------------------------- http://www.imperialviolet.org/2018/03/10/tls13.html ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Critical Vulnerabilities in SecurEnvoy SecurMail ∗∗∗ --------------------------------------------- Several vulnerabilities in the SecurEnvoy SecurMail encrypted mail transfer solution allow an attacker to read other users' encrypted e-mails and overwrite or delete e-mails stored in other users' inboxes. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, libreoffice, php, quagga, and ruby), Debian (ming, util-linux, vips, and zsh), Fedora (community-mysql, php, ruby, and transmission), Gentoo (newsbeuter), Mageia (libraw and mbedtls), openSUSE (php7 and python-Django), Red Hat (MRG Realtime 2.5), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/749087/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1444) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014392 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects MegaRAID Storage Manager (CVE-2016-7055) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099769 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009613 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013943 ∗∗∗ IBM Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013339 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013818 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013557 ∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011110 ∗∗∗ IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012171 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.03.2018
by Daily end-of-shift report 09 Mar '18

09 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-03-2018 18:00 − Freitag 09-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ LLVM 6.0: Clang bekommt Maßnahme gegen Spectre-Angriff ∗∗∗ --------------------------------------------- Die neue Version der LLVM-Compiler wie Clang bringt mit Retpolines eine wichtige Maßnahme gegen Angriffe über Spectre. Davon profitieren auch künftige Windows-Versionen von Google Chrome. Optimierungen gibt es außerdem bei der Diagnose von Quelltexten. --------------------------------------------- https://www.golem.de/news/llvm-6-0-clang-bekommt-massnahme-gegen-spectre-an… ∗∗∗ Avast: CCleaner-Infektion enthielt Keylogger-Funktion ∗∗∗ --------------------------------------------- Die im vergangenen Jahr mit CCleaner verteilte Malware sollte Unternehmen wohl auch per Keylogger ausspionieren. Avast hat im eigenen Netzwerk die Shadowpad-Malware gefunden, geht aber davon aus, dass diese bei Kunden nicht installiert wurde. --------------------------------------------- https://www.golem.de/news/avast-ccleaner-infektion-enthielt-keylogger-funkt… ∗∗∗ Look-Alike Domains and Visual Confusion ∗∗∗ --------------------------------------------- How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well .. --------------------------------------------- https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/ ∗∗∗ Researchers Demonstrate Ransomware Attack on Robots ∗∗∗ --------------------------------------------- IOActive security researchers today revealed a ransomware attack on robots, demonstrating not only that such assaults are possible, but also their potential financial impact. read more --------------------------------------------- https://www.securityweek.com/researchers-demonstrate-ransomware-attack-robo… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module ∗∗∗ --------------------------------------------- This advisory includes mitigations for missing authentication for critical function, and inadequate encryption strength vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01 ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension ∗∗∗ --------------------------------------------- This advisory includes mitigation details for a missing authentication for critical function vulnerability in the Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Honor Smart Scale Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in eNSP Software ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ IBM Security Bulletin: IBM Notes Privilege Escalation in IBM Notes System Diagnostics service (CVE-2018-1437) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014201 ∗∗∗ IBM Security Bulletin: IBM Notes Remote Code Execution Vulnerability (CVE-2018-1435) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2018
by Daily end-of-shift report 08 Mar '18

08 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-03-2018 18:00 − Donnerstag 08-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours ∗∗∗ --------------------------------------------- Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-stops-malware-camp… ∗∗∗ Memcached Amplification: Neue Hacker-Tools verursachen Rekord-DDoS-Angriffe ∗∗∗ --------------------------------------------- DDoS-Angriffe per Memcached Amplification sind erst seit etwa einer Woche bekannt, nun existieren einfach zu bedienende Werkzeuge für solche Attacken. Unter anderem wurde auf diese Art GitHub mit einem Rekord-Angriff aus dem Internet geschwemmt. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Neue-Hacker-T… ∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗ --------------------------------------------- We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this .. --------------------------------------------- https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/07/Cisco-Releases-Sec… ∗∗∗ DFN-CERT-2018-0455/">Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0455/ ∗∗∗ rt-sa-2018-001 ∗∗∗ --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2018-001.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2018
by Daily end-of-shift report 07 Mar '18

07 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-03-2018 18:00 − Mittwoch 07-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Encryption 101: How to break encryption ∗∗∗ --------------------------------------------- Continuing on in our Encryption 101 series, where we gave a malware analyst’s primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some kind of secret flaw. That flaw is often a result of an error in implementation. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Releases Security Update for Chrome ∗∗∗ --------------------------------------------- Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/06/Google-Releases-Se… ∗∗∗ DFN-CERT-2018-0444/">Citrix NetScaler Application Delivery Controller, Citrix NetScaler Gateway: Mehrere Schwachstellen ermöglichen u.a. die Übernahme des Systems ∗∗∗ --------------------------------------------- Eine Schwachstelle in Citrix VPX ermöglicht einem entfernten, einfach authentisierten Angreifer die Ausführung beliebigen Programmcodes und damit letztlich die Übernahme des Systems. Weitere Schwachstellen ermöglichen einem entfernten, vermutlich nicht authentisierten Angreifer das Ausspähen beliebiger Dateien, die Eskalation von Privilegien sowie einen Cross-Site-Scripting (XSS)-Angriff. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0444/ ∗∗∗ FortiWebs cookie tampering protection can be bypassed by erasing the FortiWeb session cookie ∗∗∗ --------------------------------------------- FortiWeb 5.6.0 introduced a feature called "Signed Security Mode", which, when enabled, would prevent an attacker from tampering with "regular" cookies set by the web-sites protected by FortiWeb; in effect, access to the protected web-site can be blocked when cookie tampering is detected (depending on the "Action" selected by the FortiWeb admin).This protection can however be made inoperant if the attacker removes FortiWebs own session cookie. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-279 ∗∗∗ RSA Archer eGRC Bugs Let Remote Users Redirect Users to an Arbitrary Site and Let Remote Authenticated Users Obtain Username Information ∗∗∗ --------------------------------------------- A remote authenticated user can exploit an access control flaw in an API to determine valid usernames on the target system [CVE-2018-1219]. A remote user can exploit a flaw in the QuickLinks feature to redirect the target user to an arbitrary site [CVE-2018-1220]. --------------------------------------------- http://www.securitytracker.com/id/1040457 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (leptonlib), Fedora (bugzilla, cryptopp, electrum, firefox, freexl, glibc, jhead, libcdio, libsamplerate, libXcursor, libXfont, libXfont2, mingw-wavpack, nx-libs, php, python-crypto, quagga, sharutils, unzip, x2goserver, and xen), Gentoo (exim), openSUSE (cups, go1.8, ImageMagick, jgraphx, leptonica, openexr, tor, and wavpack), Red Hat (389-ds-base, java-1.7.1-ibm, kernel, kernel-rt, libreoffice, and --------------------------------------------- https://lwn.net/Articles/748741/ ∗∗∗ Hirschmann Automation and Control GmbH Classic Platform Switches ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01 ∗∗∗ Schneider Electric SoMove Software and DTM Software Components ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02 ∗∗∗ Eaton ELCSoft ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-03 ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Permission Control Vulnerability in Huawei Video Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012342 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014257 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2018
by Daily end-of-shift report 06 Mar '18

06 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-03-2018 18:00 − Dienstag 06-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ E-Mail-Clients für Android: Kennwörter werden an Entwickler der App übermittelt ∗∗∗ --------------------------------------------- Der E-Mail-Client sollte mit Bedacht gewählt werden. Zwei Apps für Android übermitteln die Kennwörter an den Anbieter der App. Der Entdecker des Sicherheitsrisikos rät zur Deinstallation der Apps und zur Zurücksetzung des E-Mail-Kennworts. --------------------------------------------- https://www.golem.de/news/e-mail-clients-fuer-android-kennwoerter-werden-im… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0432/">NetIQ Identiy Manager: Eine Schwachstelle ermöglicht das Ausspähen von Passwörtern ∗∗∗ --------------------------------------------- Ein vermutlich lokaler, einfach authentisierter Angreifer kann Passwörter ausspähen, welche unter Umständen in Logdateien gespeichert werden. NetIQ stellt den NetIQ Identiy Manager in der Version 4.6 zur Behebung der Schwachstelle bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0432/ ∗∗∗ DFN-CERT-2018-0431/">GitLab: Mehrere Schwachstellen ermöglichen u.a. einen kompletten Denial-of-Service (DoS)-Angriff ∗∗∗ --------------------------------------------- Zwei Schwachstellen betreffen GitLab Enterprise und ermöglichen einem vermutlich entfernten und einfach authentisierten Angreifer das Bewirken kompletter Denial-of-Service (DoS)-Zustände. Weitere Schwachstellen ermöglichen dem Angreifer das Umgehen von Sicherheitsvorkehrungen, das Ausspähen von Informationen und Darstellen falscher Informationen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0431/ ∗∗∗ Android: März-Update schließt Fülle an kritischen Lücken ∗∗∗ --------------------------------------------- Den ersten Montag des Monats nutzt Google üblicherweise, um Sicherheitslücken in Android zu bereinigen. Und so gibt es auch jetzt wieder ein neues Update, das sich vor allem der Bereinigung solcher Probleme bereinigt. --------------------------------------------- http://derstandard.at/2000075574454 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dhclient and dhcp), Debian (tomcat7 and xen), Fedora (dhcp), Mageia (glibc and xerces-c), SUSE (xen), and Ubuntu (irssi, memcached, postgresql-9.3, postgresql-9.5, postgresql-9.6, and twisted). --------------------------------------------- https://lwn.net/Articles/748625/ ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Product Attributes ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541839 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Downloadable Products ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541838 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541840 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541837 ∗∗∗ IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014161 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014160 ∗∗∗ IBM Security Bulletin: IBM Security Guardium has released patch in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013322 ∗∗∗ IBM Security Bulletin: Response Time Monitoring Agent is affected by a NoSQL Injection vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013500 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-14746, CVE-2017-15275) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012067 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013972 ∗∗∗ IBM Security Bulletin: Monitoring Agent for WebSphere Applications is affected by a potential for sensitive personal information to be visible when you use the diagnostics or transaction tracking capability of the agent ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014035 ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013974 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014235 ∗∗∗ IBM Security Bulletin: IBM’s Pulse App for QRadar is vulnerable to sensitive information exposure. (CVE-2017-1625) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014284 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2016-0706 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18174924 ∗∗∗ Apache Tomcat 6.x vulnerabilities CVE-2016-0714 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K58084500 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2015-5345 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34341852 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2018
by Daily end-of-shift report 05 Mar '18

05 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-03-2018 18:00 − Montag 05-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Spring break! Critical vuln in Pivotal frameworks Data parts plugged ∗∗∗ --------------------------------------------- Similar to Apache Struts flaw that stuffed Equifax Pivotals Spring Data REST project has a serious security hole that needs patching. --------------------------------------------- www.theregister.co.uk/2018/03/05/rest_vuln/ ∗∗∗ Bei 40 günstigen Android-Smartphones ist ein Trojaner ab Werk inklusive ∗∗∗ --------------------------------------------- Sicherheitsforscher listen über 40 Android-Smartphones auf, die einen von Angreifern modifizierbaren Trojaner an Bord haben. Dieser soll sich nicht ohne Weiteres entfernen lassen. --------------------------------------------- https://www.heise.de/meldung/Bei-40-guenstigen-Android-Smartphones-ist-ein-… ∗∗∗ Powerful New DDoS Method Adds Extortion ∗∗∗ --------------------------------------------- Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence .. --------------------------------------------- https://krebsonsecurity.com/2018/03/powerful-new-ddos-method-adds-extortion/ ∗∗∗ Gefälschte Klarna-Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine Rechnung mit dem Betreff „Automatische Konto-Lastschrift von Klarna Bank konnte nicht durchgeführt werden“. Sie fordern die Empfänger/innen der Nachricht dazu auf, dass sie weiterführende Informationen zur offenen Forderung einer ZIP-Datei entnehmen. Sie verbirgt Schadsoftware. Aus diesem Grund dürfen Adressat/innen die angebliche Rechnung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at//themen/e-mail/ ∗∗∗ LTE: Massive Lücke erlaubt SMS- und Standort-Spionage ∗∗∗ --------------------------------------------- Angreifer könnten auch gefälschte Katastrophenwarnungen an großen Zahl von Nutzern gleichzeitig verschicken --------------------------------------------- http://derstandard.at/2000075435289 ∗∗∗ 700 Gbit/s: Bislang größte DDoS-Attacke auf Österreich gemessen ∗∗∗ --------------------------------------------- Galt "internationalem Service-Provider" – Zeitgleich zu Angriff auf Github und andere Seiten --------------------------------------------- http://derstandard.at/2000075492832 ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2018-001 ∗∗∗ IBM Security Bulletin: IBM MessageSight V1.2 has released 1.2.0.3-IBM-IMA-IFIT24219 in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.03.2018
by Daily end-of-shift report 02 Mar '18

02 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-03-2018 18:00 − Freitag 02-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones ∗∗∗ --------------------------------------------- Over 40 models of low-cost Android smartphones are sold already infected with the Triada banking trojan, says Dr.Web, a Russia-based antivirus vendor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over… ∗∗∗ Chromes WebUSB Feature Leaves Some Yubikeys Vulnerable to Attack ∗∗∗ --------------------------------------------- While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome. --------------------------------------------- https://www.wired.com/story/chrome-yubikey-phishing-webusb ∗∗∗ Spectre-Lücke: Microcode-Updates nun doch als Windows Update ∗∗∗ --------------------------------------------- So wie einige Linux-Distributionen (re-)aktiviert Microsoft die Möglichkeit, Microcode-Updates mit IBC-Patches gegen Spectre als Update des Betriebssystems einzuspielen – vorerst nur für Core i-6000 (Skylake). --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Microcode-Updates-nun-doch-als-… ∗∗∗ Rekord-DDoS-Attacke mit 1,35 Terabit pro Sekunde gegen Github.com ∗∗∗ --------------------------------------------- Die Webseite von Github hat die bislang heftigste dokumentierte DDoS-Attacke überstanden. Die Angreifer setzten dabei auf einen erst kürzlich bekanntgewordenen Angriffsvektor. --------------------------------------------- https://www.heise.de/meldung/Rekord-DDoS-Attacke-mit-1-35-Terabit-pro-Sekun… ∗∗∗ Financial Cyber Threat Sharing Group Phished ∗∗∗ --------------------------------------------- The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected [...] --------------------------------------------- https://krebsonsecurity.com/2018/03/financial-cyber-threat-sharing-group-ph… ∗∗∗ Warnung vor gefälschter Raiffeisen Bank-Kundeninformation ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Raiffeisen Bank-Kundeninformation. Darin fordern sie Empfänger/innen dazu auf, dass sie eine angebliche Sicherheits-App für die weitere Nutzung ihres ELBA Internet-Kontos installieren. Die Anwendung ist Schadsoftware. Sie ermöglicht es den Kriminellen, auf das Konto ihrer Opfer zuzugreifen und Geld zu stehlen. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=6&tx_news_pi1[overwriteDemand… ∗∗∗ Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image ∗∗∗ --------------------------------------------- OverviewTalos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog and many Humble Bundle games. SDL officially supports Windows, --------------------------------------------- http://blog.talosintelligence.com/2018/03/vulnerability-spotlight-simple.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC, SIMOTION, and SINUMERIK ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and permissions, privileges, and access controls vulnerabilities in the Siemens SIMATIC, SIMOTION, and SINUMERIK Industrial PCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-01 ∗∗∗ Moxa OnCell G3100-HSPA Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for reliance on cookies without validation and integrity checking, improper handling of length parameter inconsistency, and NULL pointer dereference vulnerabilities in the Moxa OnCell G3100-HSPA Series IP gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02 ∗∗∗ Delta Electronics Delta Industrial Automation DOPSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation DOPSoft human machine interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-03 ∗∗∗ MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Operations Orchestration. The vulnerability could be remotely exploited to allow Denial of Service (DoS). --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freexl and simplesamlphp), Fedora (krb5, libvirt, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, and phpMyAdmin), Mageia (krb5, leptonica, and libvirt), Slackware (dhcp and ntp), and Ubuntu (isc-dhcp). --------------------------------------------- https://lwn.net/Articles/748422/ ∗∗∗ Vuln: Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.securityfocus.com/bid/103201 ∗∗∗ DFN-CERT-2018-0399: PHP: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0399/ ∗∗∗ DFN-CERT-2018-0418: SimpleSAMLphp: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0418/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.03.2018
by Daily end-of-shift report 01 Mar '18

01 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-02-2018 18:00 − Donnerstag 01-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DDoS-Reflection mit Memcached ∗∗∗ --------------------------------------------- Auf diesen Seiten war schon viel über DDoS zu lesen, insbesondere der Variante, bei der schlecht betriebene Services im Netz sich als Reflektoren/Verstärker missbrauchen lassen. Übliche Vektoren in den letzten Jahren waren DNS, NTP, SSDP, SNMP und auch LDAP. Jetzt ist hier was neues am Radar aufgetaucht: Memcached. --------------------------------------------- http://www.cert.at/services/blog/20180228181107-2150.html ∗∗∗ Trustico/Digicert: Chaos um 23.000 Zertifikate und private Schlüssel ∗∗∗ --------------------------------------------- Der Zertifikatsreseller Trustico bittet aus unklaren Gründen darum, dass 50.000 Zertifikate zurückgezogen werden. Zu knapp der Hälfte davon besaß Trustico offenbar die privaten Schlüssel - die ein Zertifikatshändler eigentlich nie haben sollte. --------------------------------------------- https://www.golem.de/news/trustico-digicert-chaos-um-23-000-zertifikate-und… ∗∗∗ Spectre-Attacken auch auf Sicherheitsfunktion Intel SGX möglich ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen zwei Szenarien auf, in denen sie Intels Software Guard Extensions (SGX) erfolgreich über die Spectre-Lücke angreifen. --------------------------------------------- https://heise.de/-3983848 ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0400/">ISC Bind Supported Preview Edition: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Die BIND Supported Preview Edition ist ein spezieller BIND Feature Preview Branch für ISC Support Kunden. Keine der allgemein veröffentlichten BIND Versionen ist von der jetzt behobenen Schwachstelle betroffen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0400/ ∗∗∗ DFN-CERT-2018-0401/">ISC DHCP: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann zwei Schwachstellen in ISC DHCP ausnutzen, um verschiedene Denial-of-Service (DoS)-Angriffe durchzuführen. Eine der Schwachstellen kann eventuell auch die Ausführung beliebigen Programmcodes ermöglichen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0401/ ∗∗∗ DFN-CERT-2018-0407/">Sophos UTM: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Verschiedene Schwachstellen in den Komponenten Exim und SSH Server von Sophos Unified Threat Management (UTM) ermöglichen unter anderem einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes und das Ausspähen von Informationen. Weitere Schwachstellen ermöglichen diese Angriffe auch einem lokalen einfach authentisierten Angreifer. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0407/ ∗∗∗ DFN-CERT-2018-0408/">NTP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in NTP ermöglichen einem entfernten, zumeist nicht authentisierten Angreifer das Ausführen beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe, das Fälschen von Zeitinformationen und das Ausspähen von Informationen. (Note: Remote Code Execution betrifft nur das ntpq Tool) --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0408/ ∗∗∗ DFN-CERT-2018-0409/">PostgreSQL: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in PostgreSQL ausnutzen, um die beabsichtigten Funktionen von PostgreSQL zu ändern. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0409/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (xmltooling), Fedora (mbedtls), openSUSE (freexl), Oracle (quagga and ruby), Red Hat (.NET Core, quagga, and ruby), Scientific Linux (quagga and ruby), SUSE (glibc), and Ubuntu (libreoffice). --------------------------------------------- https://lwn.net/Articles/748350/ ∗∗∗ IBM Security Bulletin: IBM Cloud Private has released a patch in response to the vulnerabilities known as Spectre and Meltdown(CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 and OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013398 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza SQL Extensions ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013399 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Information disclosure in WebSphere Application Server (CVE-2017-1681) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014125 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Open Source Apache Poi vulnerability (CVE-2017-5644) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014107 ∗∗∗ Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX232199 ∗∗∗ TMM vulnerability CVE-2018-5500 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33211839 ∗∗∗ DNS TCP virtual server vulnerability CVE-2018-5501 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44200194 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6150 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62712037 ∗∗∗ BIG-IP ASM data processing vulnerability CVE-2017-6154 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K38243073 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.02.2018
by Daily end-of-shift report 28 Feb '18

28 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-02-2018 18:00 − Mittwoch 28-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Free Decrypter Available for GandCrab Ransomware Victims ∗∗∗ --------------------------------------------- Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-decrypter-available-for… ∗∗∗ Dissecting Hancitor’s Latest 2018 Packer ∗∗∗ --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/02/unit42-dissecting-hanci… ∗∗∗ Sicherheits-Netzbetriebssystem: Fortinet präsentiert FortiOS 6.0 ∗∗∗ --------------------------------------------- Auf seiner Hausveranstaltung Accelerate 18 hat Fortinet Version 6.0 seines Security-Network-Betriebssystems FortiOS vorgestellt. Das Update umfasst über 200 Aktualisierungen. --------------------------------------------- https://www.heise.de/meldung/Sicherheits-Netzbetriebssystem-Fortinet-praese… ∗∗∗ Electra: Erster umfassender Jailbreak für iOS 11 erschienen ∗∗∗ --------------------------------------------- Ein neuer Jailbreak soll erstmals den alternativen App Store Cydia auf iOS 11 bringen. Dafür wird der Exploit eines Google-Sicherheitsforschers eingesetzt, der allerdings nur in älteren Versionen des Betriebssystems funktioniert. --------------------------------------------- https://www.heise.de/meldung/Electra-Erster-umfassender-Jailbreak-fuer-iOS-… ∗∗∗ Who Wasn’t Responsible for Olympic Destroyer? ∗∗∗ --------------------------------------------- This blog post is authored by Paul Rascagneres and Martin Lee.SummaryAbsent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The threat actor responsible for the attack has purposefully included .. --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/VvKIOSM9n5Y/who-wasnt-re… ∗∗∗ First true native IPv6 DDoS attack spotted in wild ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/first-true-native-ipv6-ddos-attack-spotte… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson ControlWave Micro Process Automation Controller ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in the Emerson ControlWave Micro Process Automation Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-03 ∗∗∗ Delta Electronics WPLSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow, heap-based buffer overflow, out-of-bounds write vulnerabilities in the Delta Electronics WPLSoft PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 ∗∗∗ Medtronic 2090 Carelink Programmer Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in Medtronic’s 2090 CareLink Programmer and its accompanying software deployment network. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01 ∗∗∗ Philips Intellispace Portal ISP Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in the Philips’ IntelliSpace Portal (ISP), an advanced visualization and image analysis system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 ∗∗∗ Siemens SIMATIC Industrial PCs ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013543 ∗∗∗ IBM Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013436 ∗∗∗ Insecure Direct Object Reference in TestLink Open Source Test Management ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/insecure-direct-object-refer… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2018
by Daily end-of-shift report 27 Feb '18

27 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-02-2018 18:00 − Dienstag 27-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SAML Vulnerability Lets Attackers Log in as Other Users ∗∗∗ --------------------------------------------- Security researchers from Duo Labs and the US Computer Emergency Response Team (US-CERT) will release security advisories today detailing a new SAML vulnerability that allows malicious attackers to authenticate as legitimate users without knowledge of the victims password. --------------------------------------------- https://www.bleepingcomputer.com/news/security/saml-vulnerability-lets-atta… ∗∗∗ New Guide on How to Clean a Hacked Website ∗∗∗ --------------------------------------------- Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are eager to share with you some tips on how to clean your hacked website. We are happy to help the community learn the steps they can follow to get rid of a website hack. You can find all our guides to website security in a section of our website dedicated to providing concise and comprehensive tips on different areas of --------------------------------------------- https://blog.sucuri.net/2018/02/new-guide-clean-hacked-website.html ∗∗∗ Memcached Amplification Attack: Neuer DDoS-Angriffsvektor aufgetaucht ∗∗∗ --------------------------------------------- Öffentlich erreichbare Memcached-Installationen werden von Angreifern für mächtige DDoS-Attacken missbraucht. Die Besitzer dieser Server wissen oft nicht, dass sie dabei helfen, Webseiten aus dem Internet zu spülen. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Attack-Neuer-… ===================== = Vulnerabilities = ===================== ∗∗∗ OS command injection, arbitrary file upload & SQL injection in ClipBucket ∗∗∗ --------------------------------------------- Critical security issues such as OS command injection or arbitrary file upload allow an attacker to fully compromise the web server which has the video and media management solution “ClipBucket” installed. Potentially sensitive data might get exposed through this attack. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitra… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (exim, irssi, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, phpMyAdmin, and seamonkey), Mageia (cups, flatpak, golang, jhead, and qpdf), Oracle (gcab, java-1.7.0-openjdk, and kernel), Red Hat (gcab, java-1.7.0-openjdk, and java-1.8.0-ibm), Scientific Linux (gcab and java-1.7.0-openjdk), and Ubuntu (sensible-utils). --------------------------------------------- https://lwn.net/Articles/748179/ ∗∗∗ DFN-CERT-2018-0389: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0389/ ∗∗∗ IBM Security Bulletin: Potential hard-coded password vulnerability affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013961 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010869 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a Public disclosed vulnerability from Apache Struts vulnerability (CVE-2017-15707) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013305 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012547 ∗∗∗ GNU C Library vulnerability CVE-2018-6551 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11274054 ∗∗∗ XSA-256 - x86 PVH guest without LAPIC may DoS the host ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-256.html ∗∗∗ XSA-255 - grant table v2 -> v1 transition may crash Xen ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-255.html ∗∗∗ XSA-252 - DoS via non-preemptable L3/L4 pagetable freeing ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-252.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2018
by Daily end-of-shift report 26 Feb '18

26 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-02-2018 18:00 − Montag 26-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Incident Response: Social Engineering funktioniert als Angriffsvektor weiterhin ∗∗∗ --------------------------------------------- Was passiert, nachdem ein Unternehmen gehackt wurde - und welche Mechanismen werden dafür genutzt? Das Sicherheitsunternehmen F-Secure hat Zahlen des eigenen Incident-Response-Teams veröffentlicht und stellt fest: Besonders im Gaming-Sektor und bei Behörden gibt es gezielte Angriffe. --------------------------------------------- https://www.golem.de/news/incident-response-social-engineering-funktioniert… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0384/">Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht authentisierten Angreifer für verschiedene Denial-of-Service (DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen erfordert die Verarbeitung speziell präparierter Datenpakete oder Packet-Trace-Dateien. Der Hersteller stellt Wireshark 2.2.13 und 2.4.5 als Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0384/ ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. ... Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-wavpack, phpmyadmin, unixodbc, and wavpack), Debian (drupal7, golang, imagemagick, libdatetime-timezone-perl, libvpx, and tzdata), Fedora (exim, irssi, kernel, milkytracker, qt5-qtwebengine, seamonkey, and suricata), Mageia (advancecomp, apache-commons-email, freetype2, ghostscript, glpi, jackson-databind, kernel, mariadb, and postgresql), openSUSE (dhcp, GraphicsMagick, lame, php5, phpMyAdmin, timidity, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/748073/ ∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1416) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013706 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013753 ∗∗∗ IBM Security Bulletin:IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities (CVE-2016-1000220, CVE-2017-11479) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013921 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Inadequate Encryption Strength vulnerability (CVE-2018-1425) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013751 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Weak password policy vulnerability (CVE-2018-1372) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013832 ∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013094 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security is affected by a publicly disclosed vulnerability in BIND ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013558 ∗∗∗ IBM Security Bulletin: IBM Protector is affected by Open Source XMLsoft Libxml2 Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013890 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.02.2018
by Daily end-of-shift report 23 Feb '18

23 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-02-2018 18:00 − Freitag 23-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Botched npm Update Crashes Linux Systems, Forces Users to Reinstall ∗∗∗ --------------------------------------------- A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. --------------------------------------------- https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linu… ∗∗∗ Android P Will Block Background Apps from Accessing Phones Camera & Microphone ∗∗∗ --------------------------------------------- Android P, the next major version of the Android operating system, will block idle (background) applications from accessing a smartphones camera or microphone. --------------------------------------------- https://www.bleepingcomputer.com/news/mobile/android-p-will-block-backgroun… ∗∗∗ Pwned Passwords: Troy Hunt veröffentlicht eine halbe Milliarde Passworthashes ∗∗∗ --------------------------------------------- Bei HaveIBeenPwned können Nutzer aktuell rund eine halbe Milliarde Passwort-Hashes herunterladen. Damit könnten sie Dienste in die Lage versetzen, geleakte Passwörter abzulehnen. --------------------------------------------- https://www.golem.de/news/pwned-passwords-troy-hunt-veroeffentlicht-eine-ha… ∗∗∗ Mitm6 - Pwning IPv4 Via IPv6 ∗∗∗ --------------------------------------------- Mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server [...] --------------------------------------------- https://www.kitploit.com/2018/02/mitm6-pwning-ipv4-via-ipv6.html ∗∗∗ Versionsverwaltung: GitLab 10.5 integriert Verschlüsselung mit Lets Encrypt ∗∗∗ --------------------------------------------- Insgesamt 26 Neuerungen bringt die neue Version von GitLab mit. Spannend sind vor allem die Verschlüsselung mit Lets Encrypt, externe Daten in CI/CD-Pipelines, und der Einzug von Gemnasium in die Versionsverwaltung. --------------------------------------------- https://www.heise.de/developer/meldung/Versionsverwaltung-GitLab-10-5-integ… ∗∗∗ Name, Adresse, Geburtsdatum: ÖBB-App zeigte fremde Nutzerdaten an ∗∗∗ --------------------------------------------- Betroffene sahen sensible Daten anderer Nutzer. Ob auch Kreditkarteninformationen im Detail eingesehen werden konnten, ist noch nicht klar --------------------------------------------- http://derstandard.at/2000074884009 ∗∗∗ Report Highlights Challenges of Incident Response ∗∗∗ --------------------------------------------- False Positives Lead to a Surprising Number of Incident Response Investigations read more --------------------------------------------- https://www.securityweek.com/report-highlights-challenges-incident-response ===================== = Vulnerabilities = ===================== ∗∗∗ MFSBGN03798 rev.1 - Micro Focus UCMDB-Browser, Apache Struts Instance ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Universal CMDB. The vulnerability could be remotely exploited to allow Arbitrary Code Execution. --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups, gcc-6, irssi, kernel, and squid3), Fedora (mupdf), Mageia (irssi, mpv, qpdf, and quagga), openSUSE (libmad and postgresql95), SUSE (kernel and php5), and Ubuntu (kernel, linux-lts-trusty, linux-raspi2, and wavpack). --------------------------------------------- https://lwn.net/Articles/747911/ ∗∗∗ DFN-CERT-2018-0378: Apache Tomcat: Zwei Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0378/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.02.2018
by Daily end-of-shift report 22 Feb '18

22 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-02-2018 18:00 − Donnerstag 22-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gefälschte BAWAG P.S.K.-Kundeninformation im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte BAWAG P.S.K.-Kundeninformation. Darin fordern sie die Empfänger/innen dazu auf, dass sie ihre Nutzerinformationen bei der Bank bestätigen. Das soll auf einer fremden Website geschehen. Konsument/innen, die der Aufforderung nachkommen, übermitteln Betrüger/innen ihre Daten. Die Kriminellen nützen diese, um Geld zu stehlen und Verbrechen unter fremden Namen zu begehen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-bawag-psk-kundeninformat… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0364/">Digium Asterisk, Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Der Hersteller informiert über die Schwachstellen und stellt Asterisk Open Source 13.19.2, 14.7.6 und 15.2.2 sowie Certified Asterisk 13.18-cert3 als Sicherheitsupdates bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0364/ ∗∗∗ DFN-CERT-2018-0356/">Red Hat Satellite: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung von Systemen ∗∗∗ --------------------------------------------- Eine Vielzahl von Schwachstellen in von Red Hat Satellite verwendeten Komponenten, insbesondere Foreman, ermöglichen auch einem entfernten und nicht authentisierten Angreifer das Ausspähen sensibler Informationen wie Passwörtern, einen Cross-Site-Scripting (XSS)-Angriff, Denial-of-Service (DoS)-Angriffe und möglicherweise die Ausführung beliebigen Programmcodes ... --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0356/ ∗∗∗ Sicherheitsupdates: Drupal-Webseiten können Inhalte leaken ∗∗∗ --------------------------------------------- Im CMS Drupal klaffen mehrere Sicherheitslücken. Davon gelten zwei als kritisch. Sicherheitsupdates für verschiene Versionsstränge stehen bereit. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Drupal-Webseiten-koennen-In… ∗∗∗ Trend Micro fixes serious vulnerabilities in Email Encryption Gateway ∗∗∗ --------------------------------------------- Trend Micro has plugged a bucketload of vulnerabilities in its Email Encryption Gateway, some of which can be combined to execute root commands from the perspective of a remote unauthenticated attacker. --------------------------------------------- https://www.helpnetsecurity.com/2018/02/22/email-encryption-gateway-vulnera… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (strongswan), Fedora (torbrowser-launcher), openSUSE (libdb-4_5, libdb-4_8, postgresql96, python3-openpyxl, and xv), Red Hat (rh-maven35-jackson-databind), and Ubuntu (kernel, libreoffice, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-oem, and linux-lts-xenial, linux-aws). --------------------------------------------- https://lwn.net/Articles/747805/ ∗∗∗ IBM Security Bulletin: IBM b-type SAN Network/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012115 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM API Connect (CVE-2017-3738, CVE-2017-3737) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013801 ∗∗∗ IBM Security Bulletin: API Connect is affected by weaker than expected cryptographic algorithm usage vulnerability (CVE-2018-1385) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013051 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by Information Exposure vulnerability (CVE-2017-1774 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013595 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Password in Clear Text vulnerability (CVE-2018-1377 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013596 ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by Liberty for Java for IBM Cloud (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013713 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM API Connect (CVE-2017-7668, CVE-2017-7679) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012455 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.02.2018
by Daily end-of-shift report 21 Feb '18

21 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 20-02-2018 18:00 − Mittwoch 21-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ New Spectre/Meltdown Variants ∗∗∗ --------------------------------------------- Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks. --------------------------------------------- https://www.schneier.com/blog/archives/2018/02/new_spectremelt.html ===================== = Vulnerabilities = ===================== ∗∗∗ ABB netCADOPS Web Application ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an information exposure vulnerability in the ABB netCADOPS Web Application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01 ∗∗∗ DFN-CERT-2018-0347/">phpMyAdmin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in phpMyAdmin ausnutzen, um einen Cross-Site-Scripting (XSS)-Angriff gegen sich selbst durchzuführen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0347/ ∗∗∗ Mozillas executable installers: FUBAR ∗∗∗ --------------------------------------------- #1) "Firefox Installer.exe" (digitally signed 2018-01-28) 58.0.1 is vulnerable to DLL hijacking #2) "setup-stub.exe" extracted and executed by "Firefox Installer.exe" is vulnerable to DLL hijacking #3) "Firefox Setup 52.6.0esr.exe" (digitally signed 2018-01-19) is vulnerable to DLL hijacking #4) "setup.exe" extracted and executed by "Firefox Setup 52.6.0esr.exe" is vulnerable to DLL hijacking --------------------------------------------- http://seclists.org/fulldisclosure/2018/Feb/58 ∗∗∗ Sicherheitsforscher empfiehlt, BitTorrent-Client uTorrent Web vorerst nicht zu nutzen ∗∗∗ --------------------------------------------- Zwei uTorrent-Clients sind verwundbar. Es gibt zwar Sicherheitspatches, doch offenbar wirken diese nur teilweise. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsforscher-empfiehlt-BitTorrent-Clien… ∗∗∗ Coldroot: macOS-Trojaner offenbar seit zwei Jahren unentdeckt ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Remote-Access-Malware für Apple-Rechner entdeckt, die seit mindestens 2016 kursieren soll. --------------------------------------------- https://www.heise.de/meldung/Coldroot-macOS-Trojaner-offenbar-seit-zwei-Jah… ∗∗∗ Internet of Babies – When baby monitors fail to be smart ∗∗∗ --------------------------------------------- Baby monitors serve an important purpose in securing and monitoring our loved ones. An estimated 52k user accounts and video baby monitors are affected by a number of critical security vulnerabilities in "miSafes" video monitor products. --------------------------------------------- https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-mo… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmspack), Debian (zziplib), Fedora (ca-certificates, firefox, freetype, golang, krb5, libreoffice, monit, patch, plasma-workspace, ruby, sox, tomcat, and zziplib), openSUSE (dovecot22, glibc, GraphicsMagick, libXcursor, mbedtls, p7zip, SDL_image, SDL2_image, sox, and transfig), Red Hat (chromium-browser), and Ubuntu (cups, libvirt, and qemu). --------------------------------------------- https://lwn.net/Articles/747711/ ∗∗∗ Cisco Unity Connection Mail Relay Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Service Catalog Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=swg22012965 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1415) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013796 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2018-1414) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013797 ∗∗∗ IBM Security Bulletin: IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012113 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential input validation vulnerability (CVE-2018-1392) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013249 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential Denial of Service (DOS) vulnerability (CVE-2018-1391) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013247 ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012828 ∗∗∗ IBM Security Bulletin: IBM Transformation Extender Advanced is Potentially Vulnerable to an XML External Entity (XXE) Injection in its REST API. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013432 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013088 ∗∗∗ IBM Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027035 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.02.2018
by Daily end-of-shift report 20 Feb '18

20 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 19-02-2018 18:00 − Dienstag 20-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Coldroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years Ago ∗∗∗ --------------------------------------------- Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetecta… ∗∗∗ Pirated Wordpress Add-On makes Websites Distribute Malware ∗∗∗ --------------------------------------------- Wordpress is a popular tool for creating web pages. Numerous extensions make your own programming skills superfluous. However, one should be careful when choosing its extensions. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/02/30506-wordpress-add-on-malware ∗∗∗ Biggest Crypto Hacking Operation Ever Uncovered ∗∗∗ --------------------------------------------- Hackers are targeting Jenkins CI servers to exploit a vulnerability and secretly mine millions of dollars worth of cryptocurrency. --------------------------------------------- https://www.htbridge.com/blog/biggest-crypto-hacking-operation-ever-uncover… ∗∗∗ Wikipedia Page Review Reveals Minr Malware ∗∗∗ --------------------------------------------- Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen any new malware using it. It was definitely a surprise for us when approximately 3 months ago we noticed the JJEncode obfuscator was once again in [...] --------------------------------------------- https://blog.sucuri.net/2018/02/wikipedia-page-review-revealed-minr-malware… ∗∗∗ Textbombe: Apple räumt verheerenden Fehler mit Update aus ∗∗∗ --------------------------------------------- Neue Versionen von iOS und macOS verfügbar – Zeichenfolge konnte zahlreiche Apps zum Absturz bringen --------------------------------------------- http://derstandard.at/2000074619775 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9). --------------------------------------------- https://lwn.net/Articles/747630/ ∗∗∗ DFN-CERT-2018-0340: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0340/ ∗∗∗ IBM Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by the Following OpenSSL Vulnerabilities (CVE-2017-3637, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013705 ∗∗∗ JSA10843 - 2018-02 Security Bulletin: AppFormix: Debug Shell Command Execution in AppFormix Agent (CVE-2018-0015) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10843&actp=RSS -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.02.2018
by Daily end-of-shift report 19 Feb '18

19 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 16-02-2018 18:00 − Montag 19-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers pilfered $6M from Russian central bank via SWIFT system ∗∗∗ --------------------------------------------- Hackers nicked $6 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank. --------------------------------------------- https://www.scmagazine.com/hackers-pilfered-6m-from-russian-central-bank-vi… ∗∗∗ WWW: Tracking-Methoden werden brutaler, Browser-Hersteller schauen weg ∗∗∗ --------------------------------------------- Die Überwachungsmethoden der Tracker werden immer ausgefeilter. Selbst bei Online-Apotheken bedienen sich die Datendealer. Datenschutz-Forscher Arvind Narayanan ärgert sich über die Untätigkeit der großen Browser-Hersteller. --------------------------------------------- https://heise.de/-3718112 ∗∗∗ FSX: Add-On-Entwickler FSLabs liest heimlich Passwörter von Raubkopierern aus ∗∗∗ --------------------------------------------- FlightSimLabs verkauft Zusatzflugzeuge für den beliebten Microsoft Flight Simulator. Die Firma gibt zu, mutmaßlichen Raubkopierern eine Software auf den Rechner installiert zu haben, die deren Chrome-Passwörter an die Entwickler übermittelt. --------------------------------------------- https://heise.de/-3973485 ∗∗∗ Security bugs in Dell storage platform allowed hackers to gain root access ∗∗∗ --------------------------------------------- Security researchers recently unearthed as many as nine security vulnerabilities in Dell EMC's Isilon OneFS platform allowing remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root. --------------------------------------------- https://www.scmagazineuk.com/news/security-bugs-in-dell-storage-platform-al… ∗∗∗ Record-Breaking Number of Vulnerabilities Disclosed in 2017: Report ∗∗∗ --------------------------------------------- A record-breaking number of vulnerabilities were disclosed in 2017, with a total of 20,832 such security flaws, a new report from Risk Based Security shows. read more --------------------------------------------- https://www.securityweek.com/record-breaking-number-vulnerabilities-disclos… ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft-Browser Edge: Google veröffentlicht Zero-Day-Lücke, kein Patch in Sicht ∗∗∗ --------------------------------------------- Der JIT-Compiler, der Microsofts Edge-Browser von Angriffscode aus dem Web isolieren soll, lässt sich selbst zum Einschleusen von Angriffscode missbrauchen. Google hat die dazugehörige Lücke nun veröffentlicht, ohne dass Microsoft Zeit zum Patchen hatte. --------------------------------------------- https://heise.de/-3973380 ∗∗∗ DSA-4118 tomcat-native - security update ∗∗∗ --------------------------------------------- Jonas Klempel reported that tomcat-native, a library giving Tomcataccess to the Apache Portable Runtime (APR) librarys network connection(socket) implementation and random-number generator, does not properlyhandle fields longer than 127 bytes when parsing the AIA-Extension fieldof a client certificate. If OCSP checks are used, this could result inclient certificates that should have been rejected to be accepted. --------------------------------------------- https://www.debian.org/security/2018/dsa-4118 ∗∗∗ DFN-CERT-2016-0125: Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- Red Hat aktualisiert seinen Sicherheitshinweis vom 21.01.2016 und gibt bekannt, dass die Schwachstelle CVE-2012-1148 auch in der aktualisierten Version des Red Hat JBoss Webserver enthalten ist. Bislang gibt es keine Information darüber, wann ein Sicherheitsupdate zur Behebung dieser Schwachstelle zur Verfügung stehen wird. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0125/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi), Debian (bind9, gcc-4.9, plasma-workspace, quagga, and tomcat-native), Fedora (p7zip), Mageia (nasm), openSUSE (exim, ffmpeg, irssi, mpv, qpdf, quagga, rrdtool, and rubygem-puppet), and SUSE (p7zip and xen). --------------------------------------------- https://lwn.net/Articles/747548/rss ∗∗∗ Tenda AC15 Remote Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2018020216 ∗∗∗ IBM Security Bulletin: IBM Maximo Anywhere is vulnerable to cross-site scripting (CVE-2017-1604) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011883 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects Rational Rhapsody Design Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013739 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.02.2018
by Daily end-of-shift report 16 Feb '18

16 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-02-2018 18:00 − Freitag 16-02-2018 18:00 Handler: n/a Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Saturn Ransomware Actively Infecting Victims ∗∗∗ --------------------------------------------- A new ransomware was discovered this week by MalwareHunterTeam called Saturn. This ransomware will encrypt the files on a computer and then append the .saturn extension to the files name. At this time it is not known how Saturn Ransomware is being distributed. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-saturn-ransomware-active… ∗∗∗ Using the Chrome Task Manager to Find In-Browser Miners ∗∗∗ --------------------------------------------- The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager. --------------------------------------------- https://www.bleepingcomputer.com/news/security/using-the-chrome-task-manage… ∗∗∗ Behörden ignorieren Sicherheitsbedenken gegenüber Windows 10 ∗∗∗ --------------------------------------------- Deutsche Behörden kaufen fleißig Software bei Microsoft. Dabei gibt es erhebliche Sicherheitsbedenken, die das US-Unternehmen wohl immer noch nicht ausräumen konnte. Unklar ist etwa, welche Daten an den Konzern fließen. --------------------------------------------- https://www.heise.de/newsticker/meldung/Behoerden-ignorieren-Sicherheitsbed… ∗∗∗ Infizierte Heimrouter: Satori-Botnetz legt stark zu ∗∗∗ --------------------------------------------- Der Mirai-Nachfolger Satori infiziert immer mehr Heimrouter und IoT-Geräte. Die zugrundeliegenden Sicherheitslücken werden von den Herstellern oft ignoriert. In der Zwischenzeit schürfen die Angreifer munter Kryptogeld. --------------------------------------------- https://www.heise.de/meldung/Infizierte-Heimrouter-Satori-Botnetz-legt-star… ∗∗∗ Oracle WebLogic Server Flaw Exploited to Deliver Crypto-Miners ∗∗∗ --------------------------------------------- Threat actors are exploiting a recently patched vulnerability in Oracle WebLogic Server to infect systems with crypto-currency mining malware, FireEye reports. --------------------------------------------- https://www.securityweek.com/oracle-weblogic-server-flaw-exploited-deliver-… ===================== = Vulnerabilities = ===================== ∗∗∗ Nortek Linear eMerge E3 Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a command injection vulnerability in the Nortek Linear eMerge E3 Series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-01 ∗∗∗ GE D60 Line Distance Relay ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and improper restriction of operations within the bounds of a memory buffer vulnerabilities in GE’s D60 Line Distance Relay. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02 ∗∗∗ Schneider Electric IGSS Mobile ∗∗∗ --------------------------------------------- This advisory contains mitigation details for Improper certificate validation and plaintext storage of a password vulnerabilities in the Schneider Electric IGSS Mobile products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03 ∗∗∗ Schneider Electric StruxureOn Gateway ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unrestricted upload of file with dangerous type vulnerability in Schneider Electrics StruxureOn Gateway software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-04 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (quagga), Mageia (freetype2, kernel-linus, and kernel-tmb), openSUSE (chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware (irssi), SUSE (glibc and quagga), and Ubuntu (quagga). --------------------------------------------- https://lwn.net/Articles/747439/rss ∗∗∗ 2018-01-06 (updated 2018-02-16): Cyber Security Notification - Meltdown & Spectre ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A8219&… ∗∗∗ DFN-CERT-2018-0320: Quagga: Mehrere Schwachstellen ermöglichen u.a. einen Distributed-Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0320/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027118 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013416 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Host On-Demand ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012447 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008816 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2018
by Daily end-of-shift report 15 Feb '18

15 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-02-2018 18:00 − Donnerstag 15-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Spam and phishing in 2017 ∗∗∗ --------------------------------------------- The share of spam in email traffic in 2017 fell by 1.68% to 56.63%. The lowest share (52.67%) was recorded in December 2017. The highest (59.56%) belonged to September. In 2017, the Anti-Phishing system was triggered 246,231,645 times on computers of Kaspersky Lab users as a result of phishing redirection attempts. --------------------------------------------- http://securelist.com/spam-and-phishing-in-2017/83833/ ∗∗∗ Inside the MSRC– The Monthly Security Update Releases ∗∗∗ --------------------------------------------- For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence. October 2003 ushered in .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/02/14/inside-the-msrc-the-mon… ∗∗∗ Multi-Stage Email Word Attack without Macros ∗∗∗ --------------------------------------------- Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Multi-Stage-Email-Word-… ∗∗∗ Besser vernetzt - besser geschützt ∗∗∗ --------------------------------------------- Zweitägiger Workshop im BRZ ermöglicht raschere Reaktion auf Malware und andere Bedrohungen. 70 Teilnehmer/innen von österreichischen und internationalen CERTs waren dabei. --------------------------------------------- https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html ∗∗∗ MeltdownPrime & SpectrePrime: Neue Software automatisiert CPU-Angriffe ∗∗∗ --------------------------------------------- Nach Meltdown und Spectre hatten Experten prognostiziert, dass das Zuschneiden auf spezifische Chips eine Weile dauern würde. Dieser Prozess lässt sich nun durch Automatisierung beschleunigen. Dabei wurden auch neue Variationen der Angriffe gefunden. --------------------------------------------- https://www.heise.de/meldung/MeltdownPrime-SpectrePrime-Neue-Software-autom… ∗∗∗ Cryptojacking: Hacker infiltrieren 5.000 Websites, verdienen nur 23 Euro ∗∗∗ --------------------------------------------- Laut Angaben von Skript-Entwickler Coinhive – Angreifer schleusten Code in Vorlese-Plugin .. --------------------------------------------- http://derstandard.at/2000074318850 ∗∗∗ COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style ∗∗∗ --------------------------------------------- This post is authored by Jeremiah OConnor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive SummaryCisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign .. --------------------------------------------- http://blog.talosintelligence.com/2018/02/coinhoarder.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4112 xen - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4112 ∗∗∗ Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-013 ∗∗∗ Entity Backup - Critical - Module Unsupported - SA-CONTRIB-2018-012 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2018
by Daily end-of-shift report 14 Feb '18

14 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-02-2018 18:00 − Mittwoch 14-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File ∗∗∗ --------------------------------------------- Returning to this particular flavor of malware, we see a rather simple way to bypass the detection products: it simply copies kernel32.dll. The copied version is identical and serves to relay requests from Word in to the kernel in precisely the same way; however, the copy name is subtly different. Therefore, some products fail to detect the malware activity as it passes from Word to the kernel. --------------------------------------------- https://blogs.bromium.com/malware-copies-file-evades-detection/ ∗∗∗ DoubleDoor Botnet Chains Exploits to Bypass Firewalls ∗∗∗ --------------------------------------------- Anubhav says DoubleDoor attackers are using the first exploit to bypass Juniper Netscreen firewalls and then scan internal networks for ZyXEL routers to exploit with the second exploit. ... But the botnet is not a major danger just yet. Anubhav says DoubleDoor looks like a work in progress and still under heavy development. --------------------------------------------- https://www.bleepingcomputer.com/news/security /doubledoor-botnet-chains-exploits-to-bypass-firewalls/ ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft - February 2018 Security Updates ∗∗∗ --------------------------------------------- The February security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance /releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573 ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-02) and Adobe Experience Manager (APSB18-04). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1530 ∗∗∗ Zu aufwendig: Microsoft will schwere Skype-Lücke nicht beheben ∗∗∗ --------------------------------------------- Leck erlaubt Übernahme von Windows-System – Kein Patch geplant, Fehler soll erst in neuer Version entfernt werden --------------------------------------------- http://derstandard.at/2000074186504 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (exim and mpv), Debian (advancecomp and graphicsmagick), Red Hat (collectd, erlang, httpd24-apr, openstack-aodh, and openstack-nova), SUSE (kernel and xen), and Ubuntu (libvorbis). --------------------------------------------- https://lwn.net/Articles/747244/rss ∗∗∗ SAP Resolves High Risk Flaws with February 2018 Patches ∗∗∗ --------------------------------------------- SAP this week released its monthly set of security updates for its products, addressing a total of 11 new vulnerabilities, including two considered high severity. --------------------------------------------- https://www.securityweek.com /sap-resolves-high-risk-flaws-february-2018-patches ∗∗∗ WAGO PFC200 Series ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 ∗∗∗ Schneider Electric IGSS SCADA Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-02 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010883 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1681, CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013359 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013041 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5647) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010892 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2018
by Daily end-of-shift report 13 Feb '18

13 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-02-2018 18:00 − Dienstag 13-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ If You Thought Ransomware was Big, Illegal Crypto-Mining May be Bigger ∗∗∗ --------------------------------------------- There has been an interesting trend if you follow the daily barrage of security breaches, malware, and other .. --------------------------------------------- https://www.beyondtrust.com/blog/thought-ransomware-big-illegal-crypto-mini… ∗∗∗ Cybersecurity-Experten warnen for Valentinstags-Angeboten ∗∗∗ --------------------------------------------- Der Valentinstag am 14. Februar wird von Cyber-Kriminellen zum Versand von E-Mails mit gefährlichen Sonderangeboten genutzt. --------------------------------------------- https://futurezone.at/digital-life/cybersecurity-experten-warnen-for-valent… ∗∗∗ Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Microsoft Office Professional Plus 2016 and Office 365 ProPlus 2016 apps. There are no changes from the draft .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/02/13/security-baseline-f… ∗∗∗ Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins ∗∗∗ --------------------------------------------- On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks .. --------------------------------------------- https://blog.sucuri.net/2018/02/unwanted-popups-caused-injectbody-injectscr… ∗∗∗ Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1 ∗∗∗ --------------------------------------------- Redmond extends ATP to older builds, adds third-party links Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) antivirus tool from Windows 10 to Windows 7 and 8.1. --------------------------------------------- www.theregister.co.uk/2018/02/12/microsoft_windows_atp/ ∗∗∗ Sicherheitsupdates: Gefährliche Lücken in IBM AIX und Notes ∗∗∗ --------------------------------------------- In AIX von IBM klafft eine kritische Sicherheitslücke. Darüber hinaus stopft ein Update eine Schwachstelle in Notes. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Gefaehrliche-Luecken-in-IBM… ∗∗∗ Chrome-Security-Chefin: "Wenn Flash entfernt wird, feiern wir eine Party" ∗∗∗ --------------------------------------------- Parisa Tabriz leitet die Elite-Hacker Gruppe Project Zero – sie sagt, dass Phishing eine größere Gefahr für die breite Masse als die Lücken "Meltdown" und Spectre ist --------------------------------------------- http://derstandard.at/2000073871421 ∗∗∗ Olympic Destroyer Takes Aim At Winter Olympics ∗∗∗ --------------------------------------------- This blog post is authored by Warren Mercer and Paul Rascagneres.Update 2/13 08:30 We have updated the information regarding the use of stolen credentialsUpdate 2/12 12:00: We have updated the destructor section with action taken .. --------------------------------------------- blog.talosintelligence.com/2018/02/olympic-destroyer.html ∗∗∗ Zero-Day in Telegrams Windows Client Exploited for Months ∗∗∗ --------------------------------------------- A zero-day vulnerability impacting Telegram Messenger’s Windows client had been exploited in malicious attacks for months before being discovered and addressed. read more --------------------------------------------- https://www.securityweek.com/zero-day-telegrams-windows-client-exploited-mo… ===================== = Vulnerabilities = ===================== ∗∗∗ [KDE] Plasma Desktop: Arbitrary command execution in the removable device notifier ∗∗∗ --------------------------------------------- When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, its interpreted as a shell command, leaving a possibility of arbitrary commands execution. --------------------------------------------- https://www.kde.org/info/security/advisory-20180208-2.txt ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1530 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.02.2018
by Daily end-of-shift report 12 Feb '18

12 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-02-2018 18:00 − Montag 12-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Vor allem Porno-Seiten spannen Nutzer zum Krypto-Mining ein ∗∗∗ --------------------------------------------- Laut einer aktuellen Studie enthalten mehr als 240 der beliebtesten Websites Code, der die Rechner ihre Besucher zum "Schürfen" von Kryptowährungen nutzt. --------------------------------------------- https://futurezone.at/digital-life/vor-allem-porno-seiten-spannen-nutzer-zu… ∗∗∗ Cisco Confirms Critical Firewall Software Bug Is Under Attack ∗∗∗ --------------------------------------------- Cisco has issued patches for the vulnerability, which could be up to seven years old. --------------------------------------------- http://threatpost.com/cisco-confirms-critical-firewall-software-bug-is-unde… ∗∗∗ Cryakl ransomware keys made public ∗∗∗ --------------------------------------------- The Belgian Federal Police are releasing free decryption keys for Cryakl ransomware and have become a partner with the No More Ransom Project. --------------------------------------------- https://www.scmagazine.com/cryakl-ransomware-keys-made-public/article/74332… ∗∗∗ GitHub-Account-Zombies erregen die Gemüter ∗∗∗ --------------------------------------------- Löscht ein Nutzer seinen Account bei GitHub, wird der Name sofort wieder für neue Nutzer frei. Das können Kriminelle missbrauchen, um über die Entwicklerseite Malware zu verteilen. Entwickler sollten Accounts daher lieber downgraden statt löschen. --------------------------------------------- https://www.heise.de/security/meldung/GitHub-Account-Zombies-erregen-die-Ge… ∗∗∗ Equifax-Hack betrifft noch mehr Daten als bisher bekannt ∗∗∗ --------------------------------------------- In einem Papier an den Bankenausschuss des US-Senats räumt Equifax ein, dass bei dem spektakulären Hack im September 2017 noch mehr Daten abgegriffen wurden als bisher zugegeben. Zusätzlich betroffen waren Steuernummern und Angaben im Führerschein. --------------------------------------------- https://www.heise.de/security/meldung/Equifax-Hack-betrifft-noch-mehr-Daten… ∗∗∗ Italienische Kryptobörse ausgeraubt: BitGrail fehlen 140 Millionen Euro ∗∗∗ --------------------------------------------- Diebe erbeuteten 17 Millionen sogenannte "Nano". BitGrail setzte den Handel vorerst aus. Die Polizei ermittelt. --------------------------------------------- https://www.heise.de/security/meldung/Italienische-Kryptoboerse-ausgeraubt-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go, go-pie, and plasma-workspace), Debian (audacity, exim4, libreoffice, librsvg, ruby-omniauth, tomcat-native, and uwsgi), Fedora (tomcat-native), Gentoo (virtualbox), Mageia (kernel), openSUSE (freetype2, ghostscript, jhead, and libxml2), and SUSE (freetype2 and kernel). --------------------------------------------- https://lwn.net/Articles/747120/rss ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell.The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ BlackBerry powered by Android Security Bulletin - February 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ DSA-4110 exim4 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4110 ∗∗∗ DSA-4111 libreoffice - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4111 ∗∗∗ DFN-CERT-2018-0286: Oracle MySQL Community Server: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0286/ ∗∗∗ IBM Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012395 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013351 ∗∗∗ VMSA-2018-0007 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0007.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.02.2018
by Daily end-of-shift report 09 Feb '18

09 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-02-2018 18:00 − Freitag 09-02-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Free Decryption Tool Released for Cryakl Ransomware ∗∗∗ --------------------------------------------- Belgian Federal Police together with Kaspersky Lab have released a free decryption tool for some versions of the Cryakl ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-decryption-tool-release… ∗∗∗ X.509 Certificates Can Be Abused for Data Exfiltration ∗∗∗ --------------------------------------------- Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected. --------------------------------------------- https://www.bleepingcomputer.com/news/security/x-509-certificates-can-be-ab… ∗∗∗ Verschlüsselung: Github testet Abschaltung alter Krypto ∗∗∗ --------------------------------------------- Github-Nutzer sollten ihre Clients auf Kompatibilität prüfen: Ab dem 22. Februar werden alte TLS-Versionen und einige Diffie-Hellman-Gruppen deaktiviert. Am Donnerstagabend wurde die Abschaltung schon einmal getestet. --------------------------------------------- https://www.golem.de/news/verschluesselung-github-testet-abschaltung-alter-… ∗∗∗ Living in a Smart Home ∗∗∗ --------------------------------------------- In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results. --------------------------------------------- https://www.schneier.com/blog/archives/2018/02/living_in_a_sma.html ∗∗∗ WannaMine: Cryptocurrency Mining Malware That Uses An NSA Exploit ∗∗∗ --------------------------------------------- The recent months have seen an increase in cyberattacks using cryptocurrency-mining tools, which has now become one of the main security threats. --------------------------------------------- https://www.techworm.net/2018/02/wannamine-cryptocurrency-mining-malware-us… ∗∗∗ Einige Netgear-Router lassen sich mit simplem URL-Trick übernehmen ∗∗∗ --------------------------------------------- In vielen Routern von Netgear klaffen Sicherheitslücken, die Angreifern mitunter Tür und Tor öffnen können. Updates schaffen Abhilfe. --------------------------------------------- https://www.heise.de/security/meldung/Einige-Netgear-Router-lassen-sich-mit… ∗∗∗ WordPress 4.9.3 schießt automatische Update-Funktion ab ∗∗∗ --------------------------------------------- Die WordPress-Ausgabe 4.9.3 hat zwar in erster Linie Bugs gefixt, aber auch einen neuen mitgebracht: Die automatische Aktualisierung funktioniert nicht mehr. Eine neue Version löst das Problem. --------------------------------------------- https://www.heise.de/security/meldung/WordPress-4-9-3-schiesst-automatische… ∗∗∗ Spectre-2-Lücke: Intel verspricht Updates auch für ältere Prozessoren ∗∗∗ --------------------------------------------- Für Skylake-Prozessoren, zahlreiche Atoms und damit verwandte Celerons gibt es nun wieder Microcode-Updates – zunächst nur für OEM-Partner; doch Intel will auch ältere Prozessoren patchen. --------------------------------------------- https://www.heise.de/security/meldung/Spectre-2-Luecke-Intel-verspricht-Upd… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-02) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 13, 2018. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1527 ∗∗∗ DSA-4108 mailman - security update ∗∗∗ --------------------------------------------- Calum Hutton and the Mailman team discovered a cross site scripting andinformation leak vulnerability in the user options page. A remoteattacker could use a crafted URL to steal cookie information or tofish for whether a user is subscribed to a list with a private roster. --------------------------------------------- https://www.debian.org/security/2018/dsa-4108 ∗∗∗ Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro ∗∗∗ --------------------------------------------- Sonatype Nexus Repository Manager OSS/Pro is affected by multiple cross-site scripting vulnerabilities (both reflected and stored) in both version 2 and 3 of the product which could be used by an attacker to execute JavaScript code in the user’s browser. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scriptin… ∗∗∗ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗ --------------------------------------------- Abstract: NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. This release does not contain any new features. --------------------------------------------- https://download.novell.com/Download?buildid=MtsbTyzebZw~ ∗∗∗ JRE vulnerability CVE-2012-5081 ∗∗∗ --------------------------------------------- JRE vulnerability CVE-2012-5081. Security Advisory. Security Advisory Description. Unspecified vulnerability in the Java ... --------------------------------------------- https://support.f5.com/csp/article/K21018505 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav), Debian (mailman, mpv, and simplesamlphp), Fedora (tomcat-native), openSUSE (docker, docker-runc, containerd,, kernel, mupdf, and python-mistune), Red Hat (kernel), and Ubuntu (mailman and postgresql-9.3, postgresql-9.5, postgresql-9.6). --------------------------------------------- https://lwn.net/Articles/746988/rss ∗∗∗ DFN-CERT-2018-0278: Nextcloud Server: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0278/ ∗∗∗ IBM Security Bulletin: IBM i is affected by GSKIT vulnerability CVE-2018-1388 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022451 ∗∗∗ IBM Security Bulletin: Vulnerability impacts AIX and VIOS (CVE-2018-1383) ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc ∗∗∗ IBM Security Bulletin: Open Source Apache CXF Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013336 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.02.2018
by Daily end-of-shift report 08 Feb '18

08 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-02-2018 18:00 − Donnerstag 08-02-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ HTTPS: Viele Webseiten nutzen alte Symantec-Zertifikate ∗∗∗ --------------------------------------------- In Kürze wird Chrome vielen alten Symantec-Zertifikaten nicht mehr trauen, eine Testversion zeigt schon jetzt Warnmeldungen. Doch viele Seiten haben noch nicht umgestellt - darunter auch prominente Seiten wie Wechat oder Spiegel Online. --------------------------------------------- https://www.golem.de/news/https-viele-webseiten-nutzen-alte-symantec-zertif… ∗∗∗ Gefälschte card complete-Sicherheitsmitteilung ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte card complete-Sicherheitsmitteilung. Darin behaupten sie, dass das Unternehmen "einige Informationen von Ihnen (braucht) , Einloggen und aktualisieren Sie Ihr Konto". Empfänger/innen dürfen der Aufforderung nicht nachkommen, denn andernfalls übermitteln sie ihre Kreditkartendaten an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1%5bnews%5d=301… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (django-anymail, libtasn1-6, and postgresql-9.1), Fedora (w3m), Mageia (389-ds-base, gcc, libtasn1, and p7zip), openSUSE (flatpak, ImageMagick, libjpeg-turbo, libsndfile, mariadb, plasma5-workspace, pound, and spice-vdagent), Oracle (kernel), Red Hat (flash-plugin), SUSE (docker, docker-runc, containerd, golang-github-docker-libnetwork and kernel), and Ubuntu (libvirt, miniupnpc, and QEMU). --------------------------------------------- https://lwn.net/Articles/746915/rss ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1761) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012416 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012829 ∗∗∗ IBM Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013053 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2018
by Daily end-of-shift report 07 Feb '18

07 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-02-2018 18:00 − Mittwoch 07-02-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Flaw In Hotspot Shield Can Expose VPN Users, Locations ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from ZDNet: A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy. Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/zRG3hEa7Tro/a-flaw-in-hotsp… ===================== = Vulnerabilities = ===================== ∗∗∗ Update: "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches nun verfügbar ∗∗∗ --------------------------------------------- Update: 7. Februar 2018 Adobe hat nun ein entsprechendes Update veröffentlicht, die Details finden sich unter https://helpx.adobe.com/security/products/flash-player/apsb18-03.html --------------------------------------------- http://www.cert.at/warnings/all/20180201.html ∗∗∗ Vyaire Medical CareFusion Upgrade Utility Vulnerability ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for an uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01 ∗∗∗ Bugtraq: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip ∗∗∗ --------------------------------------------- Business recommendation: InfoZip Unzip should be updated to the latest available version. --------------------------------------------- http://www.securityfocus.com/archive/1/541753 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mpv), Fedora (jackson-databind), Mageia (flash-player-plugin), Slackware (kernel), and Ubuntu (python-django). --------------------------------------------- https://lwn.net/Articles/746787/rss ∗∗∗ Cisco Enterprise License Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Central Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Spark Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower System Software BitTorrent File Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite RADIUS Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network TCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Six Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Two Vulnerabilities in the SIP Module of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Two Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the GPU Driver of Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1401) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22013097 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008892 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Server Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012410 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Struts Affect IBM Emptoris Contract Management and IBM Emptoris Spend (CVE-2016-1181,CVE-2016-1182) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013334 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012609 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Insufficient Authorization Checks vulnerability (CVE-2018-1368 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013302 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012605 ∗∗∗ IBM Security Bulletin:Vulnerability in Apache Poi Affects IBM Emptoris Sourcing and IBM Emptoris Contract Management (CVE-2017-5644) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012515 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2018
by Daily end-of-shift report 06 Feb '18

06 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-02-2018 18:00 − Dienstag 06-02-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Research papers and Youtube videos from BlueHat Israel 2018 ∗∗∗ --------------------------------------------- http://www.bluehatil.com/abstracts.html ∗∗∗ European Cyber Security Month ECSM 2017 deployment report ∗∗∗ --------------------------------------------- ENISA is today pleased to publish the ‘European Cyber Security Month deployment report’, a summary of the activities carried out throughout ECSM 2017 by the Agency and participating Member States. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/european-cyber-security-month-e… ∗∗∗ Strong cybersecurity culture as efficient firewall for organisations ∗∗∗ --------------------------------------------- ENISA’s Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/strong-cybersecurity-culture-as… ∗∗∗ Krypto-Miner schlich über Download-Verzeichnis MacUpdate auf Macs ∗∗∗ --------------------------------------------- Mac-Nutzer, die beliebte Software wie etwa den Browser Firefox über MacUpdate heruntergeladen haben, handelten sich dadurch unter Umständen Malware ein. --------------------------------------------- https://www.heise.de/meldung/Krypto-Miner-schlich-ueber-Download-Verzeichni… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Flash Player (APSB18-03) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1522 ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a common separated value (CSV) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012674 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM JRE affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013271 ∗∗∗ February 2018 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2018-02-01.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2018
by Daily end-of-shift report 05 Feb '18

05 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-02-2018 18:00 − Montag 05-02-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Safer Internet Day ∗∗∗ --------------------------------------------- February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/02/05/Safer-Internet-Day ===================== = Vulnerabilities = ===================== ∗∗∗ New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices ∗∗∗ --------------------------------------------- Two new WD My Cloud vulnerabilities have been identified, adding to last month’s bevy of security bugs. --------------------------------------------- http://threatpost.com/new-western-digital-my-cloud-bugs-give-local-attacker… ∗∗∗ NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗ --------------------------------------------- NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. --------------------------------------------- https://download.novell.com/Download?buildid=MtsbTyzebZw~ ∗∗∗ Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0235/">Django: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Eine Schwachstelle in Django ermöglicht einem entfernten, nicht authentisierten Angreifer Informationen zu berechtigten Benutzern auszuspähen. Der Hersteller hat Django 2.0.2 und 1.11.10 als Security Releases veröffentlicht und stellt Patches für den Master Branch und die Releases Branches 2.0 und 1.11 zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0235/ ∗∗∗ DFN-CERT-2018-0234/">7-Zip: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Angriff durchzuführen (Out-of-bounds Write) oder möglicherweise mit Hilfe eines präparierten ZIP-Archivs beliebigen Programmcode zur Ausführung bringen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0234/ ∗∗∗ Update: Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗ --------------------------------------------- Update: 5. Februar 2018 Cisco hat bekanntgegeben, dass im Zuge interner Untersuchungen noch weitere Lücken gefunden wurden, sowie dass die bisher veröffentlichten gefixten Versionen Fehler enthalten. --------------------------------------------- http://www.cert.at/warnings/all/20180130.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dokuwiki and p7zip), Fedora (kernel, pdns, rsync, and webkitgtk4), openSUSE (chromium and translate-toolkit), Red Hat (jboss-ec2-eap and Red Hat Satellite 6), Slackware (php), and SUSE (bind and firefox). --------------------------------------------- https://lwn.net/Articles/746568/rss ∗∗∗ IBM Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013054 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by authenticated user access to sensitive information vulnerability (CVE-2017-1785) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013061 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013153 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026841 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025910 ∗∗∗ IBM Security Bulletin: October 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011818 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.02.2018
by Daily end-of-shift report 02 Feb '18

02 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-02-2018 18:00 − Freitag 02-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Crypto Miners May Be the 'New Payload of Choice' for Attackers ∗∗∗ --------------------------------------------- Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware. --------------------------------------------- http://threatpost.com/crypto-miners-may-be-the-new-payload-of-choice-for-at… ∗∗∗ Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd) ∗∗∗ --------------------------------------------- Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Janes 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body. --------------------------------------------- https://isc.sans.edu/diary/rss/23305 ∗∗∗ Multiple Vulnerabilities in WD MyCloud ∗∗∗ --------------------------------------------- While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilitie… ∗∗∗ There is no evidence in-the-wild malware is using Meltdown or Spectre ∗∗∗ --------------------------------------------- Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/02/there-no-evidence-wild-malwa… ∗∗∗ Service-Router von Cisco können sich an IPv6-Paketen verschlucken ∗∗∗ --------------------------------------------- Ein Sicherheitsupdate schließt eine DoS-Schwachstelle in Cisco ASR 9000. --------------------------------------------- https://www.heise.de/security/meldung/Service-Router-von-Cisco-koennen-sich… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (systemd and thunderbird), Debian (squid and squid3), Fedora (firefox), Mageia (java-1.8.0-openjdk and sox), openSUSE (ecryptfs-utils and libXfont), Oracle (systemd and thunderbird), Scientific Linux (thunderbird), and Ubuntu (dovecot and w3m). --------------------------------------------- https://lwn.net/Articles/746326/rss ===================== = Vulnerabilities = ===================== ∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar ∗∗∗ --------------------------------------------- "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar 1. Februar 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-4878 Es ist noch keine entsprechend gefixte Version verfügbar - Adobe hat eine solche für nächste Woche (beginnend mit 5. Februar 2018) in Aussicht --------------------------------------------- http://www.cert.at/warnings/all/20180201.html ∗∗∗ IBM Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012719 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Kernel, libvirt and qemu-kvm affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012641 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.02.2018
by Daily end-of-shift report 01 Feb '18

01 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 31-01-2018 18:00 − Donnerstag 01-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DDG: A Mining Botnet Aiming at Database Servers ∗∗∗ --------------------------------------------- Starting 2017-10-25, we noticed there was a large scale ongoing scan targeting the OrientDB databases. Further analysis found that this is a long-running botnet whose main .. --------------------------------------------- http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/ ∗∗∗ Adaptive Phishing Kit ∗∗∗ --------------------------------------------- Phishing kits are everywhere! If your server is compromised today, they are chances that it will be used to mine cryptocurrency, to deliver malware payloads or to host a phishing kit. Phishing remains a common attack scenario to collect valid credentials and impersonate the user account or, in larger attacks, it is one of the first steps to .. --------------------------------------------- https://isc.sans.edu/diary/rss/23299 ∗∗∗ Internet of Dildos – a long way to a vibrant future ∗∗∗ --------------------------------------------- Schwachstellen in Sexspielzeugen sind nicht nur aus technischer Sicht sehr interessant, sondern vor allem datenschutzrechtlich. Mehrere „Smart Sex“ Spielzeuge der Marke Vibratissimo und die dazugehörige Cloud Plattform waren von schwerwiegenden Schwachstellen betroffenen. --------------------------------------------- https://www.sec-consult.com/blog/2018/02/internet-of-dildos-a-long-way-to-a… ∗∗∗ Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready? ∗∗∗ --------------------------------------------- It has been few weeks since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws. Spectre and Meltdown are security .. --------------------------------------------- https://thehackernews.com/2018/02/meltdown-spectre-malware-hacking.html ∗∗∗ Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet ∗∗∗ --------------------------------------------- The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affects more than half a million users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrom… ∗∗∗ "Ändere dein Passwort"-Tag: Lass es doch einfach bleiben! ∗∗∗ --------------------------------------------- Am 1. Februar ist "Ändere dein Passwort"-Tag. Aber ist es wirklich sinnvoll, Passwörter regelmäßig zu ändern? Und wie wählt man überhaupt gute Passwörter, die Hackerangriffen standhalten? --------------------------------------------- https://www.heise.de/meldung/Aendere-dein-Passwort-Tag-Lass-es-doch-einfach… ∗∗∗ Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions ∗∗∗ --------------------------------------------- The threat landscape is constantly changing; over the last few years malware threat vectors, methods and payloads have rapidly evolved. Recently, as cryptocurrency values have exploded, mining .. --------------------------------------------- http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html ∗∗∗ Chrome’s Plan to Distrust Symantec Certificates ∗∗∗ --------------------------------------------- Posted by Devon O’Brien, Ryan Sleevi, Andrew Whalley, Chrome SecurityThis post is a broader announcement of plans already finalized on the blink-dev mailing list.Update, 1/31/18: Post was updated to further clarify 13 month validity limitationsAt the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and .. --------------------------------------------- https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.h… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4103 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4103 ∗∗∗ Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2018
by Daily end-of-shift report 31 Jan '18

31 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 30-01-2018 18:00 − Mittwoch 31-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Microsoft Drops the Hammer on Coercive Registry Cleaners & System Optimizers ∗∗∗ --------------------------------------------- Starting March 1st 2018, Windows Defender and other Microsoft products will begin to remove programs that display coercive behavior. This includes registry cleaners and system optimizers that offer free scans, display alarming messages, and then require the user to purchase it.before fixing anything. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-drops-the-hammer-… ∗∗∗ Google hat 2017 mehr als 700.000 bösartige Apps aus Google Play verbannt ∗∗∗ --------------------------------------------- In einem Jahresbericht führt Google aus, wie sicher der eigene Android-App-Store Google Play doch ist. Aufgrund einiger Vorfälle wirkt die Argumentation stellenweise jedoch nicht ganz glaubwürdig. --------------------------------------------- https://www.heise.de/meldung/Google-hat-2017-mehr-als-700-000-boesartige-Ap… ∗∗∗ Kritische Sicherheitslücke in Mozilla Firefox - Patch verfügbar ∗∗∗ --------------------------------------------- Mozilla hat einen Out-of-Band Patch für eine kritische Sicherheitslücke im Webbrowser Firefox veröffentlicht. Auswirkungen Durch Ausnützen dieser Lücke kann ein Angreifer beliebigen Code auf betroffenen Systemen, mit den Rechten des angemeldeten Benutzers, ausführen. Dazu reicht es, den Browser zum Anzeigen einer entsprechend präparierten Webseite .. --------------------------------------------- http://www.cert.at/warnings/all/20180131.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4102 thunderbird - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4102 ∗∗∗ PHOENIX CONTACT mGuard ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01 ∗∗∗ Siemens TeleControl Server Basic ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02 ∗∗∗ WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN30636823/ ∗∗∗ Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2018
by Daily end-of-shift report 30 Jan '18

30 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 29-01-2018 18:00 − Dienstag 30-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ IBM-Studie: Viele Nutzer halten biometrische Anmeldung für sicher ∗∗∗ --------------------------------------------- Gerade junge Leute wollen sich heutzutage keine Passwörter mehr merken: Eine IBM-Studie untersucht Vorlieben von Nutzern aller Altersgruppen. Teilnehmer ab 55 Jahren hingegen merken sich viele verschiedene Passwörter auf einmal - auch ohne Passwort-Manager. --------------------------------------------- https://www.golem.de/news/ibm-studie-viele-nutzer-halten-biometrische-anmel… ∗∗∗ Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery ∗∗∗ --------------------------------------------- Of course this does nothing for victims encrypted files Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets. --------------------------------------------- theregister.com/feed/www.theregister.co.uk/2018/01/30/ransomware_diversions/ ∗∗∗ Chrome Extension Malware Has Evolved ∗∗∗ --------------------------------------------- While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data. --------------------------------------------- https://www.wired.com/story/chrome-extension-malware ∗∗∗ ENISA organises cyber-exercise to boost CSIRT cooperation ∗∗∗ --------------------------------------------- On 30 January 2018, the EU Cybersecurity Agency ENISA organised ‘Cyber SOPEx’, the first cooperation exercise of the CSIRTs Network. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-organises-cyber-exercise-… ∗∗∗ E-Mail-Betrug: Vorarlberger Firma zahlt 150.000 Euro ∗∗∗ --------------------------------------------- Mitarbeiterin überwies knapp 150.000 Euro ins Ausland – 83.000 Euro konnten zurückgeholt werden --------------------------------------------- http://derstandard.at/2000073288109 ∗∗∗ "spotzi" und "bier1": Cybasar-Leak zeigt die unsicheren Passwörter der Österreicher ∗∗∗ --------------------------------------------- Viele Kennwörter offenbaren fahrlässigen Umgang mit eigenen Informationen im Netz – auch von Behördenmitarbeitern --------------------------------------------- http://derstandard.at/2000073316365 ∗∗∗ 2017 in Snort Signatures. ∗∗∗ --------------------------------------------- This post was written by Martin Lee and Vanja Svajcer.2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact .. --------------------------------------------- http://blog.talosintelligence.com/2018/01/2017-in-snort-signatures.html ∗∗∗ Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗ --------------------------------------------- Cisco hat ein Advisory zu einer kritischen Sicherheitslücke in Cisco ASA Software veröffentlicht. Die Lücke befindet sich im Code, der für das "webvpn"-Feature zuständig .. --------------------------------------------- http://www.cert.at/warnings/all/20180130.html ===================== = Vulnerabilities = ===================== ∗∗∗ [20180103] - Core - XSS vulnerability in Uri class ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/721-20180103-core-xss-vulnerab… ∗∗∗ [20180102] - Core - XSS vulnerability in com_fields ∗∗∗ --------------------------------------------- https://developer.joomla.org/security-centre/720-20180102-core-xss-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2018
by Daily end-of-shift report 29 Jan '18

29 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 26-01-2018 18:00 − Montag 29-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Cyberattacken auf niederländische Banken: Netbanking weg ∗∗∗ --------------------------------------------- Die drei größten Banken der Niederlande hatten am Wochenende mit Cyberangriffen zu kämpfen. Teilweise fiel auch das Online-Banking aus. --------------------------------------------- https://futurezone.at/digital-life/cyberattacken-auf-niederlaendische-banke… ∗∗∗ Coincheck: Kryptowährung im Wert von 429 Millionen Euro gestohlen ∗∗∗ --------------------------------------------- Für das Unternehmen Coincheck war es ein schwarzer Freitag: Eine große Menge der Kryptowährung NEM wurde gestohlen. Der Kurs sank dadurch um elf Prozent. Auch Bitcoin und Etherium waren davon betroffen. Der Angriff ist für einige ein Anlass zur Kritik an Japans Regulierung des Kryptohandels. --------------------------------------------- https://www.golem.de/news/coincheck-kryptowaehrung-im-wert-von-429-milliard… ∗∗∗ Security: Lenovo gesteht Sicherheitslücken im Fingerprint Manager ein ∗∗∗ --------------------------------------------- Die Software Fingerprint Manager Pro speichert biometrische Daten auf dem Gerät. Allerdings sagt selbst Lenovo, dass das unsicher sei und rät daher zu einem Update. Windows-10-Geräte sind davon jedoch nicht betroffen. --------------------------------------------- https://www.golem.de/news/security-lenovo-gesteht-sicherheitsluecken-im-fin… ∗∗∗ Meltdown & Spectre: Windows-Update deaktiviert Schutz gegen Spectre V2 ∗∗∗ --------------------------------------------- Ein aktuelles Windows-Update schaltet den Schutz gegen Spectre Variant 2 ab, um Instabilitäten des Systems vorzubeugen. --------------------------------------------- https://www.heise.de/newsticker/meldung/Meltdown-Spectre-Windows-Update-dea… ∗∗∗ First 'Jackpotting' Attacks Hit U.S. ATMs ∗∗∗ --------------------------------------------- ATM "jackpotting" - a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand - has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United [...] --------------------------------------------- https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/ ∗∗∗ Cybasar.at gehackt: 70.000 österreichische Log-ins im Netz aufgetaucht ∗∗∗ --------------------------------------------- Hunderte E-Mails und Passwörter von offiziellen Stellen enthalten – Daten stammen von Gebrauchtwagenplattform Cybasar --------------------------------------------- http://derstandard.at/2000073253135 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4099 ffmpeg - security update ∗∗∗ --------------------------------------------- Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed. --------------------------------------------- https://www.debian.org/security/2018/dsa-4099 ∗∗∗ DSA-4101 wireshark - security update ∗∗∗ --------------------------------------------- It was discovered that wireshark, a network protocol analyzer, containedseveral vulnerabilities in the dissectors/file parsers for IxVeriWave,WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial ofservice or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2018/dsa-4101 ∗∗∗ DFN-CERT-2018-0020 ∗∗∗ --------------------------------------------- Auf diesem Wege noch einmal der Hinweis, dass wir unsere Security Advisories zu #Spectre und #Meltdown (DFN-CERT-2018-0020) sowie Spectre 2 (DFN-CERT-2018-0019) beinahe täglich aktualisieren. Bleiben Sie via @DFNCERT_ADV auf dem neuesten Stand. --------------------------------------------- https://twitter.com/DFNCERT/status/956906148388536321 ∗∗∗ DFN-CERT-2018-0196: VMware AirWatch Console (AWC): Eine Schwachstelle ermöglicht einen Cross-Site-Request-Forgery-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0196/ ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180129-… ∗∗∗ IBM Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.a… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012707 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.01.2018
by Daily end-of-shift report 26 Jan '18

26 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 25-01-2018 18:00 − Freitag 26-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Virenscanner: ClamAV hat zahlreiche Schwachstellen ∗∗∗ --------------------------------------------- Nutzer von ClamAV sollten so schnell wie möglich auf die aktuelle Version der Software wechseln. Denn Sicherheitslücken ermöglichen Angreifern, zum Beispiel mit einem zugeschickten PDF Code auf dem Rechner der Nutzer auszuführen. --------------------------------------------- https://www.golem.de/news/virenscanner-clamav-hat-zahlreiche-schwachstellen… ∗∗∗ Niederländische Geheimdienste hackten russische Hacker ∗∗∗ --------------------------------------------- Russisches Eindringen in digitale Systeme der US-Regierung festgestellt – Hackergruppe "Cozy Beer" jahrelang observiert --------------------------------------------- http://derstandard.at/2000073070848 ∗∗∗ London wirft Moskau Ausspähen strategischer Infrastruktur vor ∗∗∗ --------------------------------------------- Verteidigungsminister Williamson: Totales Chaos mit abertausenden Toten möglich --------------------------------------------- http://derstandard.at/2000073086515 ===================== = Vulnerabilities = ===================== ∗∗∗ Nari PCS-9611 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-025-01 ∗∗∗ Siemens Desigo PXC ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02 ∗∗∗ Philips IntelliSpace Cardiovascular System Vulnerability ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-025-01 ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by an XML External Entity Injection (XXE) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012595 ∗∗∗ Linux RPM vulnerability CVE-2017-7501 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K03710547 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.01.2018
by Daily end-of-shift report 25 Jan '18

25 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 24-01-2018 18:00 − Donnerstag 25-01-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack ∗∗∗ --------------------------------------------- The worlds largest container shipping company â€”A.P. MÃ¸ller-Maerskâ€” said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pc… ∗∗∗ BSI-Richtlinie: Der streng geheime Streit über die Routersicherheit ∗∗∗ --------------------------------------------- Das BSI will in den kommenden Monaten eine Technische Richtlinie für Heimrouter herausgeben. Vor allem die Kabelnetzbetreiber halten nichts davon, für möglichst viel Sicherheit bei den Geräten zu sorgen. Der CCC spricht von "Lobbying-Sabotage". --------------------------------------------- https://www.golem.de/news/bsi-richtlinie-der-streng-geheime-streit-ueber-di… ∗∗∗ Windows 10: Microsoft will aufzeigen, was an Gerätedaten gesammelt wird ∗∗∗ --------------------------------------------- Sprachdaten, Positionsdaten und Browserverlauf: Nutzer sollen künftig einen besseren Überblick über gesammelte Daten in Windows 10 bekommen. Dazu stellt Microsoft ein Dashboard für Microsoft-Accounts und einen Diagnostic Viewer für Geräteinformation zur Verfügung. (Microsoft, Datenschutz) --------------------------------------------- https://www.golem.de/news/windows-10-microsoft-will-aufzeigen-was-an-geraet… ∗∗∗ Cloudflare[.]solutions Keylogger Returns on New Domains ∗∗∗ --------------------------------------------- A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains. Keylogger Spreads to New Domains A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken [...] --------------------------------------------- https://blog.sucuri.net/2018/01/cloudflare-solutions-keylogger-returns-on-n… ∗∗∗ libcurl has had auth leak bug since the first commit we recorded ∗∗∗ --------------------------------------------- Fixed in 7.58.0 If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/01/25/curl_carrie… ∗∗∗ Healthcare CERTs highlight the need for security guidance for specific sectors ∗∗∗ --------------------------------------------- A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/01/healthcare-certs-show-need-s… ∗∗∗ Announcing turndown of the deprecated Google Safe Browsing APIs ∗∗∗ --------------------------------------------- Posted by Alex Wozniak, Software Engineer, Safe Browsing TeamIn May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect over 3 billion devices from unsafe web resources.Coupled with that announcement was the deprecation of legacy Safe Browsing APIs, v2 and v3. Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must [...] --------------------------------------------- https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.h… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4096 firefox-esr - security update ∗∗∗ --------------------------------------------- Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees, integeroverflows and other implementation errors may lead to the execution ofarbitrary code, denial of service or URL spoofing. --------------------------------------------- https://www.debian.org/security/2018/dsa-4096 ∗∗∗ Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified ∗∗∗ --------------------------------------------- Update 1/25/18: Blender has released version 2.79a to address these issues Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since its free and open-source software. However, this also make it an attractive target for adversaries to audit and find vulnerabilities. Given the user base of Blender, exploiting these vulnerabilities to [...] --------------------------------------------- http://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html ∗∗∗ DFN-CERT-2018-0177: Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0177/ ∗∗∗ IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026853 ∗∗∗ IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026733 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026732 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Portable Runtime affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026735 ∗∗∗ IBM Security Bulletin: A vulnerability in procmail affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026736 ∗∗∗ IBM Security Bulletin: A vulnerability in curl affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026734 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012767 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026731 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007398 ∗∗∗ IBM Security Bulletin: Rational DOORS is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012789 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.01.2018
by Daily end-of-shift report 24 Jan '18

24 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 23-01-2018 18:00 − Mittwoch 24-01-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Skype, Signal, Slack, other apps inherit Electron vuln ∗∗∗ --------------------------------------------- If youve built a Windows application on Electron, check to see if its subject to a just-announced remote code execution vulnerability. ... Slack users should update to version 3.0.3 or better, and the latest version of Skype for Windows is protected --------------------------------------------- https://www.theregister.co.uk/2018/01/24/skype_signal_slack_nherit_electron… ∗∗∗ [papers] Hardcore SAP Penetration Testing ∗∗∗ --------------------------------------------- http://www.exploit-db.com/docs/english/43859-hardcore-sap-penetration-testi… ∗∗∗ 14 flaws found that could take over industrial control systems ∗∗∗ --------------------------------------------- Licence management systems used in industrial control systems are plagued with vulnerabilities - contain 14 flaws could enable hackers to take control of systems and carry out DoS attacks --------------------------------------------- https://www.scmagazineuk.com/news/14-flaws-found-that-could-take-over-indus… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory contains mitigation details for path traversal and SQL injection vulnerabilities in Advantech’s WebAccess/SCADA software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (smarty3), Fedora (bind, bind-dyndb-ldap, dnsperf, glibc, kernel, libtasn1, libvpx, mariadb, python-bottle, ruby, and sox), Red Hat (rh-eclipse46-jackson-databind), SUSE (kernel), and Ubuntu (kernel, linux, linux-aws, linux-euclid, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync). --------------------------------------------- https://lwn.net/Articles/745165/rss ∗∗∗ Apple Updates Everything, Again, (Tue, Jan 23rd) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/23269 ∗∗∗ Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102765 ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180124-… ∗∗∗ Security Advisory - Two Vulnerabilities in MGCP Protocol of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-… ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012739 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012712 ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in MyFaces for WebSphere Application Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012737 ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in Apache MyFaces ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012735 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012623 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012627 ∗∗∗ SSA-824231 (Last Update 2018-01-24): Unauthenticated Firmware Upload Vulnerability in Desigo PXC ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.01.2018
by Daily end-of-shift report 23 Jan '18

23 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 22-01-2018 18:00 − Dienstag 23-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Newsletter-Dienst: Mailchimp verrät E-Mail-Adressen von Newsletter-Abonnenten ∗∗∗ --------------------------------------------- Spezifische Referrer für jeden Newsletter-Nutzer haben dazu geführt, dass Webseitenbetreiber die E-Mail-Adressen von Mailchimp-Nutzern herausfinden konnten. Das Problem wurde nach Meldung an den Anbieter mittlerweile behoben. --------------------------------------------- https://www.golem.de/news/newsletter-dienst-mailchimp-verraet-e-mail-adress… ∗∗∗ Just Keep Swimming: How to Avoid Phishing on Social Media ∗∗∗ --------------------------------------------- >From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell? Phishing attacks attempt to steal .. --------------------------------------------- https://www.webroot.com/blog/2018/01/22/how-to-avoid-phishing-social-media/ ∗∗∗ "MaMi": MacOS-Malware hört User ab und manipuliert Datenverkehr ∗∗∗ --------------------------------------------- Schädling leitet Traffic über von Unbekannten kontrollierte DNS-Server um --------------------------------------------- http://derstandard.at/2000072382780 ∗∗∗ Millionen PCs verwundbar: Forscher deckt Lücke in allen Blizzard-Games auf ∗∗∗ --------------------------------------------- Konzern arbeitet bereits an Lösung – Problem bei Client --------------------------------------------- http://derstandard.at/2000072835431 ∗∗∗ Achtung: Whatsapp Abo-Betrug kursiert derzeit per Mail ∗∗∗ --------------------------------------------- "Konto ist abgelaufen" – ehemaliges Abomodell von Whatsapp wird instrumentalisiert um Kreditkartendaten zu ergattern --------------------------------------------- http://derstandard.at/2000072831670 ∗∗∗ SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks ∗∗∗ --------------------------------------------- This post was written by Vitor VenturaIntroductionTalos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do not appear to be highly targeted, and appear to be more opportunistic in nature.Given SamSams victimology, its impacts are not just felt within the business world, they are also impacting people, --------------------------------------------- http://blog.talosintelligence.com/2018/01/samsam-evolution-continues-nettin… ===================== = Vulnerabilities = ===================== ∗∗∗ HTTP Host header attacks against web proxy disclaimer response webpage ∗∗∗ --------------------------------------------- The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim.In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-262 ∗∗∗ VMSA-2018-0002.3 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0002.html ∗∗∗ JSA10836 - 2018-01 Security Bulletin: SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836 ∗∗∗ XXE & Reflected XSS in Oracle Financial Services Analytical Applications ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/xxe-reflected-xss-in-oracle-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.01.2018
by Daily end-of-shift report 22 Jan '18

22 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 19-01-2018 18:00 − Montag 22-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hacker One: Nur 20 Prozent der Bounty-Jäger hacken in Vollzeit ∗∗∗ --------------------------------------------- Das US-Unternehmen Hacker One hat aktuelle Zahlen vorgestellt: Die meisten Bounties werden nach wie vor von US-Unternehmen gezahlt. Die Daten zeigen außerdem, dass das Finden von Schwachstellen für die meisten ein Nebenberuf oder Hobby ist. --------------------------------------------- https://www.golem.de/news/hacker-one-nur-20-prozent-der-bounty-jaeger-hacke… ∗∗∗ Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017 ∗∗∗ --------------------------------------------- The Skygofree spyware analyzed by Kaspersky today was first spotted by the researcher Lukas Stefanko and the first analysis was published last year by the experts of CSE Cybsec ZLab. The Skygofree .. --------------------------------------------- http://resources.infosecinstitute.com/powerful-skygofree-spyware-already-re… ∗∗∗ Apple Preps ChaiOS iMessage Bug Fix, Report ∗∗∗ --------------------------------------------- A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources. --------------------------------------------- http://threatpost.com/apple-preps-chaios-imessage-bug-fix-report/129544/ ∗∗∗ Followup to IPv6 brute force and IPv6 blocking ∗∗∗ --------------------------------------------- My diary earlier this week led to some good discussion in the comments and on twitter. I want to, first off, apologize for not responding as much or as quickly as I would have liked, I&#;x26;#;39;ve actually been ill most of this week since posting the previous diary (and signing up for this slot as handler on duty). Having said that, .. --------------------------------------------- https://isc.sans.edu/diary/23253 ∗∗∗ Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining ∗∗∗ --------------------------------------------- Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnu… ∗∗∗ Dark Caracal: Good News and Bad News ∗∗∗ --------------------------------------------- Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer .. --------------------------------------------- https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news ∗∗∗ DarkComet upload vulnerability ∗∗∗ --------------------------------------------- This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability. A quick disclaimer before we go into the actual matter: Hacking a C&C server might seem morally justified but it is still illegal. Don’t do it. --------------------------------------------- https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/ ∗∗∗ Zweiter Faktor: Nur wenige User sichern ihren Google-Account zusätzlich ab ∗∗∗ --------------------------------------------- Laut Google wird Zwei-Faktor-Authentifizierung gerade einmal von zehn Prozent alle Nutzer eingesetzt --------------------------------------------- http://derstandard.at/2000072757014 ∗∗∗ 2018 ICS Security Predictions ∗∗∗ --------------------------------------------- We just closed another year in the ICS security industry, one filled with advanced (and exciting) product developments. We also saw an increased market awareness, with growing a emphasis on protecting industrial infrastructure. --------------------------------------------- https://www.bayshorenetworks.com/blog/ics-security-2018-predictions ∗∗∗ Cryptocurrency Hacks and Heists in 2017 ∗∗∗ --------------------------------------------- The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the .. --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9013 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.01.2018
by Daily end-of-shift report 19 Jan '18

19 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 18-01-2018 18:00 − Freitag 19-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Magento: Kreditkartendaten von bis zu 40.000 Oneplus-Käufern kopiert ∗∗∗ --------------------------------------------- Oneplus hat seine Untersuchung zu kopierten Kreditkarten abgeschlossen. Angreifer konnten wohl eine Schwachstelle für Cross-Site-Scripting ausnutzen. --------------------------------------------- https://www.golem.de/news/magento-kreditkartendaten-von-bis-zu-40-000-onepl… ∗∗∗ NCSC Releases Security Advisory ∗∗∗ --------------------------------------------- Original release date: January 18, 2018 The United Kingdoms National Cyber Security Centre (NCSC) has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. NCCIC/US-CERT encourages users and administrators to review the NCSC advisory to access the report and for more information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/18/NCSC-Releases-Secu… ∗∗∗ 2018: Vierfach-Jubiläum für Österreichs Internet ∗∗∗ --------------------------------------------- Nicht nur die Republik begeht im heurigen Jahr mehrere Jahrestage, auch Österreichs Internet hat 2018 mehrfachen Grund zu feiern: Vor genau dreißig Jahren wurde die Internet-Endung .at ins weltweite Domain Name System eingetragen, 1998 wurden die Vergabestelle nic.at und die Online-Meldestelle Stopline ins Leben gerufen. Das CERT.at, Österreichs nationales Computer Emergency Response Team, feiert 2018 seinen zehnten Geburtstag. --------------------------------------------- https://www.nic.at/de/news/pressemeldungen/2018-vierfach-jubilaum-fur-oster… ∗∗∗ Militärs, Journalisten, Aktivisten: Libanesische Hacker vergaßen Daten auf offenem Server ∗∗∗ --------------------------------------------- Libanesischer Geheimdienst GDGS als Urheber des Leaks vermutet – Betroffene aus über 20 Ländern --------------------------------------------- http://derstandard.at/2000072593892 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Original release date: January 17, 2018 | Last revised: January 18, 2018 Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/17/Cisco-Releases-Sec… ∗∗∗ Filr 3.0 - Security Update 3 ∗∗∗ --------------------------------------------- Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360950Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:readme_filr_3su3.txt (2.68 kB)Products:Filr 3 Standard EditionFilr 3 Advanced EditionSuperceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=4_X7yeGlMKg~ ∗∗∗ Filr 2.0 - Security Update 4 ∗∗∗ --------------------------------------------- Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360930Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:Search-2.0.0.423.HP.zip (157.55 MB)MySQL-2.0.0.205.HP.zip (157.55 MB)Filr-2.0.0.494.HP.zip (157.55 MB)Products:Filr 2Superceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=h0wMCm1OqIU~ ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001), Citrix has superseded these hotfixes with new hotfixes listed below. Customers are strongly recommended to apply these new hotfixes. --------------------------------------------- https://support.citrix.com/article/CTX231390 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (bind, irssi, nrpe, perl-xml-libxml, and transmission-cli), CentOS (java-1.8.0-openjdk), Debian (awstats, libgd2, mysql-5.5, rsync, smarty3, and transmission), Fedora (keycloak-httpd-client-install and rootsh), and Red Hat (java-1.7.0-oracle and java-1.8.0-oracle). --------------------------------------------- https://lwn.net/Articles/744791/rss ∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0136: Symantec Advanced Secure Gateway, ProxySG: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0136/ ∗∗∗ CPU hardware vulnerable to Meltdown and Spectre attacks ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-18-002 ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012718 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for IBM Cloud October 2017 CPU ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011913 ∗∗∗ IBM Security Bulletin: September 2016 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010852 ∗∗∗ BIG-IP AFM vulnerability CVE-2017-6142 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20682450 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.01.2018
by Daily end-of-shift report 18 Jan '18

18 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 17-01-2018 18:00 − Donnerstag 18-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ How I exploited ACME TLS-SNI-01 issuing Lets Encrypt SSL-certs for any domain using shared hosting ∗∗∗ --------------------------------------------- TL;DR: I was able to issue SSL certificates I was not supposed to be able to. AWS CloudFront and Heroku were among the affected. The issue was in the specification of ACME TLS-SNI-01 in combination with shared hosting providers. To be clear, Let’s Encrypt only followed the specification, they did nothing wrong here. Quite the opposite I would say. --------------------------------------------- https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issui… ∗∗∗ Some Basic Rules for Securing Your IoT Stuff ∗∗∗ --------------------------------------------- Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured "Internet of Things" or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldnt begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and "smart" lightbulbs. Throughout 2016 and 2017, [...] --------------------------------------------- https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-… ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities (Update B) ∗∗∗ --------------------------------------------- This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01A Meltdown and Spectre Vulnerabilities that was published January 16, 2018, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01B ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- Due to concerns about the robustness of some of the Intel microcode updates included in the hotfixes below, Citrix recommends that customers ... --------------------------------------------- https://support.citrix.com/article/CTX231390 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (linux-firmware and microcode_ctl), Fedora (icecat and transmission), Oracle (java-1.8.0-openjdk and microcode_ctl), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), Slackware (bind), SUSE (kernel), and Ubuntu (eglibc). --------------------------------------------- https://lwn.net/Articles/744713/rss ∗∗∗ Bugtraq: [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541694 ∗∗∗ DFN-CERT-2018-0111: GitLab: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0111/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012552 ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012696 ∗∗∗ SSA-284673 (Last Update 2018-01-18): Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673… ∗∗∗ SSA-275839 (Last Update 2018-01-18): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-346262 (Last Update 2018-01-18): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262… ∗∗∗ SSA-701708 (Last Update 2018-01-18): Local Privilege Escalation in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… ∗∗∗ SSA-127490 (Last Update 2018-01-18): Vulnerabilities in SIMATIC WinCC Add-Ons ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-127490… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.01.2018
by Daily end-of-shift report 17 Jan '18

17 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 16-01-2018 18:00 − Mittwoch 17-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Linux-Kernel 4.15 schützt vor Meltdown und Spectre ∗∗∗ --------------------------------------------- Das noch diesen Monat erwartete Linux 4.15 versucht, die Prozessor-Sicherheitslücken Meltdown und Spectre im Zaum zu halten. Ohne Performance-Verlust geht das aber auch bei Linux nicht – und vollständig sind die Gegenmaßnahmen auch noch nicht. --------------------------------------------- https://heise.de/-3900646 ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities (Update A) ∗∗∗ --------------------------------------------- This updated alert is a follow-up to the original alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities that was published January 11, 2018, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01A ∗∗∗ Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the administrative shell of the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Oracle Critical Patch Update Advisory - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ Critical Patch Update - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ Solaris Third Party Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinjan2018-4181198.h… ∗∗∗ Oracle Linux Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2018-4214… ∗∗∗ Oracle VM Server for x86 Bulletin - January 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjan2018-421464… ∗∗∗ WordPress 4.9.2 Security and Maintenance Release ∗∗∗ --------------------------------------------- https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.01.2018
by Daily end-of-shift report 16 Jan '18

16 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 15-01-2018 18:00 − Dienstag 16-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Skygofree: Kaspersky findet mutmaßlichen Staatstrojaner ∗∗∗ --------------------------------------------- Ein Unternehmen aus Italien soll hinter einer Android-Malware stecken, die seit Jahren verteilt wird. Interessant ist dabei die Vielzahl an Kontrollmöglichkeiten der Angreifer - von HTTP über XMPP und die Firebase-Dienste. --------------------------------------------- https://www.golem.de/news/skygofree-kaspersky-findet-mutmasslichen-staatstr… ∗∗∗ WhatsApp und Signal: Forscher beschreiben Schwächen verschlüsselter Gruppenchats ∗∗∗ --------------------------------------------- Zwar ist die Ende-zu-Ende-Verschlüsselung bei WhatsApp und Signal sicher, das Drumherum lässt aber eventuell zu wünschen übrig. So wird ein von Spionen gekaperter Kontrollserver mitunter zur Schwachstelle. --------------------------------------------- https://heise.de/-3942046 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ca-certificates, gdk-pixbuf, and graphicsmagick), Fedora (qtpass), openSUSE (python-openpyxl and syncthing), Slackware (kernel), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/744503/rss ∗∗∗ BlackBerry powered by Android Security Bulletin – January 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Vuln: Atlassian JIRA CVE-2017-16862 Cross Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102506 ∗∗∗ Vuln: Atlassian JIRA CVE-2017-16864 Cross Site Scripting Vulnerabiliy ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102505 ∗∗∗ IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012528 ∗∗∗ IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011808 ∗∗∗ IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011816 ∗∗∗ IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21982952 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012619 ∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010868 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012476 ∗∗∗ IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011203 ∗∗∗ IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011720 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099753 ∗∗∗ [R1] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2017-16 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.01.2018
by Daily end-of-shift report 15 Jan '18

15 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 12-01-2018 18:00 − Montag 15-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ List of Links: BIOS Updates for the Meltdown and Spectre Patches ∗∗∗ --------------------------------------------- As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-f… ∗∗∗ Lenovo findet Backdoor in eigenen Netzwerk-Switches ∗∗∗ --------------------------------------------- Die kompromitierten Switch-Modelle, die nun zu Lenovos Portfolio gehören, hatte ursprünglich der längst aufgelöste Netzwerk-Zulieferer Nortel entwickelt. --------------------------------------------- https://heise.de/-3940562 ∗∗∗ Intel AMT: Exploit hebelt Zugangsschutz von Firmen-Notebooks aus ∗∗∗ --------------------------------------------- F-Secure berichtet über eine potenzielle Sicherheitslücke in Intel AMT, die es Angreifern ermöglicht, sämtliche gängigen Zugangsschutzmaßnahmen vieler Firmen-Notebooks auszuhebeln. --------------------------------------------- https://heise.de/-3940637 ∗∗∗ Personal Cloud: Seagate sichert NAS gegen Fernzugriff ab ∗∗∗ --------------------------------------------- In Netzwerkspeichern des Herstellers Seagate stecken Bugs, die mit einigem Aufwand für den Remote-Zugriff missbraucht werden können. Ein Firmware-Update behebt das Problem. --------------------------------------------- https://heise.de/-3941451 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates für VMware Workstation, Player, Fusion und ESXi ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/01/warn… ∗∗∗ DSA-4086 libxml2 - security update ∗∗∗ --------------------------------------------- Nick Wellnhofer discovered that certain function calls inside XPathpredicates can lead to use-after-free and double-free errors whenexecuted by libxml2s XPath engine via an XSLT transformation. --------------------------------------------- https://www.debian.org/security/2018/dsa-4086 ∗∗∗ DSA-4087 transmission - security update ∗∗∗ --------------------------------------------- Tavis Ormandy discovered a vulnerability in the Transmission BitTorrentclient; insecure RPC handling between the Transmission daemon and theclient interface(s) may result in the execution of arbitrary code if auser visits a malicious website while Transmission is running. --------------------------------------------- https://www.debian.org/security/2018/dsa-4087 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (qtpass), Debian (libkohana2-php, libxml2, transmission, and xmltooling), Fedora (kernel and qpid-cpp), Gentoo (PolarSSL and xen), Mageia (flash-player-plugin, irssi, kernel, kernel-linus, kernel-tmb, libvorbis, microcode, nvidia-current, php & libgd, poppler, webkit2, and wireshark), openSUSE (gifsicle, glibc, GraphicsMagick, gwenhywfar, ImageMagick, libetpan, mariadb, pngcrush, postgresql94, rsync, tiff, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/744398/rss ∗∗∗ DFN-CERT-2018-0084: XMLTooling, Shibboleth Service Provider (SP): Eine Schwachstelle ermöglicht u.a. die Übernahme einer Identität ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0084/ ∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1026811 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012518 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012519 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2015-8982 CVE-2015-8983 CVE-2015-8984 CVE-2015-8985) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012428 ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012517 ∗∗∗ IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022433 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022429 ∗∗∗ IBM Security Bulletin: Vulnerabilities in WebSphere eXtreme Scale Version 8.6.0.8 Libraries Affect IBM B2B Advanced Communications (CVE-2015-4936) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012332 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache HTTP Components Libraries Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012312 ∗∗∗ Palo Alto PAN-OS RSA TLS Implementation Lets Remote Users Decrypt Data Communicated By the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040149 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040148 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040147 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.01.2018
by Daily end-of-shift report 12 Jan '18

12 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-01-2018 18:00 − Freitag 12-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AMD Will Release CPU Microcode Updates for Spectre Flaw This Week ∗∗∗ --------------------------------------------- AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw. --------------------------------------------- https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microco… ∗∗∗ PowerStager Analysis ∗∗∗ --------------------------------------------- Unit 42 analyzes PowerStager and the unique obfuscation technique it was employing for its PowerShell segments --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-anal… ∗∗∗ Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search ∗∗∗ --------------------------------------------- In this part we will demonstrate that sometimes traditional approach does not work. If SAP pentesters know a number of SAP vulnerabilities and downloaded free tools from the Internet, they won’t be able to hack a system because some companies have applied the latest patches and they don’t have at least the most common issues (e.g. Gateway bypass, Verb Tampering, or default passwords). [...] This article will show what we did to break the walls. --------------------------------------------- https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-… ∗∗∗ Vorsicht vor Fake-Mails vom BSI mit angeblichen Meltdown-/Spectre-Patches ∗∗∗ --------------------------------------------- Betrügerische Mails im Namen des Bundesamt für Sicherheit in der Informationstechnik wollen Opfern einen als Meltdown-/Spectre-Patch getarnten Trojaner unterjubeln. --------------------------------------------- https://www.heise.de/security/meldung/Vorsicht-vor-Fake-Mails-vom-BSI-mit-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities ∗∗∗ --------------------------------------------- NCCIC/ICS-CERT is referencing CERT/CC’s vulnerability note VU#584653 CPU hardware vulnerable to side-channel attacks to enhance the awareness of critical infrastructure asset owners/operators and to identify affected product vendors that have contacted ICS-CERT for help disseminating customer notifications/recommendations to mitigate the risk associated with cache side-channel attacks known as Meltdown and Spectre. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01 ∗∗∗ Advantech WebAccess (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, improper input validation, unrestricted upload of file with dangerous type, and use after free vulnerabilities in Advantech’s WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based and heap-based buffer overflow vulnerabilities in the WECON LeviStudio HMI Editor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unquoted search path or element vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authorization and information exposure vulnerabilities in the PHOENIX CONTACT FL SWITCH. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (intel-ucode), Debian (gifsicle), Fedora (awstats and kernel), Gentoo (icoutils, pysaml2, and tigervnc), Mageia (dokuwiki and poppler), Oracle (kernel), SUSE (glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu (intel-microcode). --------------------------------------------- https://lwn.net/Articles/744175/rss ∗∗∗ DFN-CERT-2018-0080: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0080/ ∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012454 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012458 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012358 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012355 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012406 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008807 ∗∗∗ Critical Patch Update - January 2018 - Pre-Release Announcement ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ SSB-068644 (Last Update 2018-01-11): General Customer Information for Spectre and Meltdown ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-068644… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2018
by Daily end-of-shift report 11 Jan '18

11 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-01-2018 18:00 − Donnerstag 11-01-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ mitm6 – compromising IPv4 networks via IPv6 ∗∗∗ --------------------------------------------- ... most companies are unaware that while IPv6 might not be actively in use, all Windows versions since Windows Vista (including server variants) have IPv6 enabled and prefer it over IPv4. In this blog, an attack is presented that abuses the default IPv6 configuration in Windows networks to spoof DNS replies by acting as a malicious DNS servers and redirect traffic to an attacker specified endpoint. --------------------------------------------- https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv… ===================== = Vulnerabilities = ===================== ∗∗∗ SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software ∗∗∗ --------------------------------------------- The Simple Network Management Protocol(SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0073/">Juniper Networks ScreenOS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann die Schwachstelle in ScreenOS, die auch unter dem Namen 'Etherleak' geführt wird, ausnutzen, um Informationen auszuspähen. Der Hersteller veröffentlicht die ScreenOS Version 6.3.0r25 zur Behebung der Schwachstelle. Alle nachfolgenden ScreenOS Versionen sind über diese Schwachstelle ebenfalls nicht mehr verwundbar. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0073/ ∗∗∗ DFN-CERT-2018-0077/">Juniper Junos Space: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- Es existieren mehrere Schwachstellen im Junos Space Security Director and Log Collector, in Junos Space sowie den enthaltenen Komponenten Apache Commons Collections, Apache HTTP-Server (httpd), Apache Log4, Apache Tomcat, JBoss Enterprise Application Platform (EAP), dessen Webkonsole, dem JGroups Framework, dem Linux-Kernel, OpenSSH und rpcbind. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0077/ ∗∗∗ DFN-CERT-2018-0071/">Juniper Junos OS: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Für einige der genannten Schwachstellen stehen Workarounds zur Mitigation zur Verfügung. Die Hinweise dazu finden sich in den einzelnen Security Bulletins. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0071/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0001 ∗∗∗ --------------------------------------------- Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the speculative execution by utilizing branch target injection. Description: Security improvements are included to mitigate the effects. --------------------------------------------- https://www.securityfocus.com/archive/1/541659 ∗∗∗ Spectre-Lücke: Auch Server mit IBM POWER, Fujitsu SPARC und ARMv8 betroffen ∗∗∗ --------------------------------------------- IBM stellt Firmware-Updates für Server mit POWER7+, POWER8 und POWER9 bereit, Fujitsu will einige SPARC-M10- und -M12-Server patchen; zu ARM-SoCs für Server fehlen Infos. --------------------------------------------- https://heise.de/-3938749 ∗∗∗ VMSA-2018-0005 ∗∗∗ --------------------------------------------- VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0005.html ∗∗∗ January 2018 Office Update Release ∗∗∗ --------------------------------------------- The January 2018 Public Update releases for Office are now available! This month, there are 36 security updates and 25 non-security updates. All of the security and non-security updates are listed in KB article 4058103. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/01/09… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (glibc and lib32-glibc), Debian (ming and poco), Fedora (electron-cash, electrum, firefox, heketi, microcode_ctl, and python-jsonrpclib), openSUSE (clamav-database and ucode-intel), Red Hat (flash-plugin), SUSE (OBS toolchain), and Ubuntu (webkit2gtk). --------------------------------------------- https://lwn.net/Articles/744075/rss ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011739 ∗∗∗ IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009368 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily