=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 22-02-2018 18:00 − Freitag 23-02-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Botched npm Update Crashes Linux Systems, Forces Users to Reinstall ∗∗∗
---------------------------------------------
A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot.
---------------------------------------------
https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linu…
∗∗∗ Android P Will Block Background Apps from Accessing Phones Camera & Microphone ∗∗∗
---------------------------------------------
Android P, the next major version of the Android operating system, will block idle (background) applications from accessing a smartphones camera or microphone.
---------------------------------------------
https://www.bleepingcomputer.com/news/mobile/android-p-will-block-backgroun…
∗∗∗ Pwned Passwords: Troy Hunt veröffentlicht eine halbe Milliarde Passworthashes ∗∗∗
---------------------------------------------
Bei HaveIBeenPwned können Nutzer aktuell rund eine halbe Milliarde Passwort-Hashes herunterladen. Damit könnten sie Dienste in die Lage versetzen, geleakte Passwörter abzulehnen.
---------------------------------------------
https://www.golem.de/news/pwned-passwords-troy-hunt-veroeffentlicht-eine-ha…
∗∗∗ Mitm6 - Pwning IPv4 Via IPv6 ∗∗∗
---------------------------------------------
Mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server [...]
---------------------------------------------
https://www.kitploit.com/2018/02/mitm6-pwning-ipv4-via-ipv6.html
∗∗∗ Versionsverwaltung: GitLab 10.5 integriert Verschlüsselung mit Lets Encrypt ∗∗∗
---------------------------------------------
Insgesamt 26 Neuerungen bringt die neue Version von GitLab mit. Spannend sind vor allem die Verschlüsselung mit Lets Encrypt, externe Daten in CI/CD-Pipelines, und der Einzug von Gemnasium in die Versionsverwaltung.
---------------------------------------------
https://www.heise.de/developer/meldung/Versionsverwaltung-GitLab-10-5-integ…
∗∗∗ Name, Adresse, Geburtsdatum: ÖBB-App zeigte fremde Nutzerdaten an ∗∗∗
---------------------------------------------
Betroffene sahen sensible Daten anderer Nutzer. Ob auch Kreditkarteninformationen im Detail eingesehen werden konnten, ist noch nicht klar
---------------------------------------------
http://derstandard.at/2000074884009
∗∗∗ Report Highlights Challenges of Incident Response ∗∗∗
---------------------------------------------
False Positives Lead to a Surprising Number of Incident Response Investigations read more
---------------------------------------------
https://www.securityweek.com/report-highlights-challenges-incident-response
=====================
= Vulnerabilities =
=====================
∗∗∗ MFSBGN03798 rev.1 - Micro Focus UCMDB-Browser, Apache Struts Instance ∗∗∗
---------------------------------------------
A potential security vulnerability has been identified in Micro Focus Universal CMDB. The vulnerability could be remotely exploited to allow Arbitrary Code Execution.
---------------------------------------------
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0…
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cups, gcc-6, irssi, kernel, and squid3), Fedora (mupdf), Mageia (irssi, mpv, qpdf, and quagga), openSUSE (libmad and postgresql95), SUSE (kernel and php5), and Ubuntu (kernel, linux-lts-trusty, linux-raspi2, and wavpack).
---------------------------------------------
https://lwn.net/Articles/747911/
∗∗∗ DFN-CERT-2018-0378: Apache Tomcat: Zwei Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0378/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 21-02-2018 18:00 − Donnerstag 22-02-2018 18:00
Handler: Nina Bieringer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Gefälschte BAWAG P.S.K.-Kundeninformation im Umlauf ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte BAWAG P.S.K.-Kundeninformation. Darin fordern sie die Empfänger/innen dazu auf, dass sie ihre Nutzerinformationen bei der Bank bestätigen. Das soll auf einer fremden Website geschehen. Konsument/innen, die der Aufforderung nachkommen, übermitteln Betrüger/innen ihre Daten. Die Kriminellen nützen diese, um Geld zu stehlen und Verbrechen unter fremden Namen zu begehen.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-bawag-psk-kundeninformat…
=====================
= Vulnerabilities =
=====================
∗∗∗ DFN-CERT-2018-0364/">Digium Asterisk, Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
Der Hersteller informiert über die Schwachstellen und stellt Asterisk Open Source 13.19.2, 14.7.6 und 15.2.2 sowie Certified Asterisk 13.18-cert3 als Sicherheitsupdates bereit.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0364/
∗∗∗ DFN-CERT-2018-0356/">Red Hat Satellite: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung von Systemen ∗∗∗
---------------------------------------------
Eine Vielzahl von Schwachstellen in von Red Hat Satellite verwendeten Komponenten, insbesondere Foreman, ermöglichen auch einem entfernten und nicht authentisierten Angreifer das Ausspähen sensibler Informationen wie Passwörtern, einen Cross-Site-Scripting (XSS)-Angriff, Denial-of-Service (DoS)-Angriffe und möglicherweise die Ausführung beliebigen Programmcodes ...
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0356/
∗∗∗ Sicherheitsupdates: Drupal-Webseiten können Inhalte leaken ∗∗∗
---------------------------------------------
Im CMS Drupal klaffen mehrere Sicherheitslücken. Davon gelten zwei als kritisch. Sicherheitsupdates für verschiene Versionsstränge stehen bereit.
---------------------------------------------
https://www.heise.de/meldung/Sicherheitsupdates-Drupal-Webseiten-koennen-In…
∗∗∗ Trend Micro fixes serious vulnerabilities in Email Encryption Gateway ∗∗∗
---------------------------------------------
Trend Micro has plugged a bucketload of vulnerabilities in its Email Encryption Gateway, some of which can be combined to execute root commands from the perspective of a remote unauthenticated attacker.
---------------------------------------------
https://www.helpnetsecurity.com/2018/02/22/email-encryption-gateway-vulnera…
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (strongswan), Fedora (torbrowser-launcher), openSUSE (libdb-4_5, libdb-4_8, postgresql96, python3-openpyxl, and xv), Red Hat (rh-maven35-jackson-databind), and Ubuntu (kernel, libreoffice, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-oem, and linux-lts-xenial, linux-aws).
---------------------------------------------
https://lwn.net/Articles/747805/
∗∗∗ IBM Security Bulletin: IBM b-type SAN Network/Storage switches is affected by a denial of service vulnerability, caused by a CPU consumption in the IPv6 stack (CVE-2017-6227). ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012115
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM API Connect (CVE-2017-3738, CVE-2017-3737) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013801
∗∗∗ IBM Security Bulletin: API Connect is affected by weaker than expected cryptographic algorithm usage vulnerability (CVE-2018-1385) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013051
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by Information Exposure vulnerability (CVE-2017-1774 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013595
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Password in Clear Text vulnerability (CVE-2018-1377 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013596
∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by Liberty for Java for IBM Cloud (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013713
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM API Connect (CVE-2017-7668, CVE-2017-7679) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012455
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 20-02-2018 18:00 − Mittwoch 21-02-2018 18:00
Handler: Nina Bieringer
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ New Spectre/Meltdown Variants ∗∗∗
---------------------------------------------
Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks.
---------------------------------------------
https://www.schneier.com/blog/archives/2018/02/new_spectremelt.html
=====================
= Vulnerabilities =
=====================
∗∗∗ ABB netCADOPS Web Application ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an information exposure vulnerability in the ABB netCADOPS Web Application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01
∗∗∗ DFN-CERT-2018-0347/">phpMyAdmin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗
---------------------------------------------
Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in phpMyAdmin ausnutzen, um einen Cross-Site-Scripting (XSS)-Angriff gegen sich selbst durchzuführen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0347/
∗∗∗ Mozillas executable installers: FUBAR ∗∗∗
---------------------------------------------
#1) "Firefox Installer.exe" (digitally signed 2018-01-28) 58.0.1
is vulnerable to DLL hijacking
#2) "setup-stub.exe" extracted and executed by "Firefox Installer.exe"
is vulnerable to DLL hijacking
#3) "Firefox Setup 52.6.0esr.exe" (digitally signed 2018-01-19)
is vulnerable to DLL hijacking
#4) "setup.exe" extracted and executed by "Firefox Setup 52.6.0esr.exe"
is vulnerable to DLL hijacking
---------------------------------------------
http://seclists.org/fulldisclosure/2018/Feb/58
∗∗∗ Sicherheitsforscher empfiehlt, BitTorrent-Client uTorrent Web vorerst nicht zu nutzen ∗∗∗
---------------------------------------------
Zwei uTorrent-Clients sind verwundbar. Es gibt zwar Sicherheitspatches, doch offenbar wirken diese nur teilweise.
---------------------------------------------
https://www.heise.de/meldung/Sicherheitsforscher-empfiehlt-BitTorrent-Clien…
∗∗∗ Coldroot: macOS-Trojaner offenbar seit zwei Jahren unentdeckt ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher hat eine Remote-Access-Malware für Apple-Rechner entdeckt, die seit mindestens 2016 kursieren soll.
---------------------------------------------
https://www.heise.de/meldung/Coldroot-macOS-Trojaner-offenbar-seit-zwei-Jah…
∗∗∗ Internet of Babies – When baby monitors fail to be smart ∗∗∗
---------------------------------------------
Baby monitors serve an important purpose in securing and monitoring our loved ones. An estimated 52k user accounts and video baby monitors are affected by a number of critical security vulnerabilities in "miSafes" video monitor products.
---------------------------------------------
https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-mo…
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (libmspack), Debian (zziplib), Fedora (ca-certificates, firefox, freetype, golang, krb5, libreoffice, monit, patch, plasma-workspace, ruby, sox, tomcat, and zziplib), openSUSE (dovecot22, glibc, GraphicsMagick, libXcursor, mbedtls, p7zip, SDL_image, SDL2_image, sox, and transfig), Red Hat (chromium-browser), and Ubuntu (cups, libvirt, and qemu).
---------------------------------------------
https://lwn.net/Articles/747711/
∗∗∗ Cisco Unity Connection Mail Relay Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Prime Service Catalog Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=swg22012965
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1415) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013796
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2018-1414) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013797
∗∗∗ IBM Security Bulletin: IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1012113
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential input validation vulnerability (CVE-2018-1392) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013249
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential Denial of Service (DOS) vulnerability (CVE-2018-1391) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013247
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012828
∗∗∗ IBM Security Bulletin: IBM Transformation Extender Advanced is Potentially Vulnerable to an XML External Entity (XXE) Injection in its REST API. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013432
∗∗∗ IBM Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013088
∗∗∗ IBM Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027035
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 19-02-2018 18:00 − Dienstag 20-02-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Coldroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years Ago ∗∗∗
---------------------------------------------
Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetecta…
∗∗∗ Pirated Wordpress Add-On makes Websites Distribute Malware ∗∗∗
---------------------------------------------
Wordpress is a popular tool for creating web pages. Numerous extensions make your own programming skills superfluous. However, one should be careful when choosing its extensions.
---------------------------------------------
https://www.gdatasoftware.com/blog/2018/02/30506-wordpress-add-on-malware
∗∗∗ Biggest Crypto Hacking Operation Ever Uncovered ∗∗∗
---------------------------------------------
Hackers are targeting Jenkins CI servers to exploit a vulnerability and secretly mine millions of dollars worth of cryptocurrency.
---------------------------------------------
https://www.htbridge.com/blog/biggest-crypto-hacking-operation-ever-uncover…
∗∗∗ Wikipedia Page Review Reveals Minr Malware ∗∗∗
---------------------------------------------
Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen any new malware using it. It was definitely a surprise for us when approximately 3 months ago we noticed the JJEncode obfuscator was once again in [...]
---------------------------------------------
https://blog.sucuri.net/2018/02/wikipedia-page-review-revealed-minr-malware…
∗∗∗ Textbombe: Apple räumt verheerenden Fehler mit Update aus ∗∗∗
---------------------------------------------
Neue Versionen von iOS und macOS verfügbar – Zeichenfolge konnte zahlreiche Apps zum Absturz bringen
---------------------------------------------
http://derstandard.at/2000074619775
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9).
---------------------------------------------
https://lwn.net/Articles/747630/
∗∗∗ DFN-CERT-2018-0340: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0340/
∗∗∗ IBM Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by the Following OpenSSL Vulnerabilities (CVE-2017-3637, CVE-2017-3737, CVE-2017-3738) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013705
∗∗∗ JSA10843 - 2018-02 Security Bulletin: AppFormix: Debug Shell Command Execution in AppFormix Agent (CVE-2018-0015) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10843&actp=RSS
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 16-02-2018 18:00 − Montag 19-02-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Hackers pilfered $6M from Russian central bank via SWIFT system ∗∗∗
---------------------------------------------
Hackers nicked $6 million from the Russian central bank last year via the SWIFT messaging system, according to report from the bank.
---------------------------------------------
https://www.scmagazine.com/hackers-pilfered-6m-from-russian-central-bank-vi…
∗∗∗ WWW: Tracking-Methoden werden brutaler, Browser-Hersteller schauen weg ∗∗∗
---------------------------------------------
Die Überwachungsmethoden der Tracker werden immer ausgefeilter. Selbst bei Online-Apotheken bedienen sich die Datendealer. Datenschutz-Forscher Arvind Narayanan ärgert sich über die Untätigkeit der großen Browser-Hersteller.
---------------------------------------------
https://heise.de/-3718112
∗∗∗ FSX: Add-On-Entwickler FSLabs liest heimlich Passwörter von Raubkopierern aus ∗∗∗
---------------------------------------------
FlightSimLabs verkauft Zusatzflugzeuge für den beliebten Microsoft Flight Simulator. Die Firma gibt zu, mutmaßlichen Raubkopierern eine Software auf den Rechner installiert zu haben, die deren Chrome-Passwörter an die Entwickler übermittelt.
---------------------------------------------
https://heise.de/-3973485
∗∗∗ Security bugs in Dell storage platform allowed hackers to gain root access ∗∗∗
---------------------------------------------
Security researchers recently unearthed as many as nine security vulnerabilities in Dell EMC's Isilon OneFS platform allowing remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root.
---------------------------------------------
https://www.scmagazineuk.com/news/security-bugs-in-dell-storage-platform-al…
∗∗∗ Record-Breaking Number of Vulnerabilities Disclosed in 2017: Report ∗∗∗
---------------------------------------------
A record-breaking number of vulnerabilities were disclosed in 2017, with a total of 20,832 such security flaws, a new report from Risk Based Security shows. read more
---------------------------------------------
https://www.securityweek.com/record-breaking-number-vulnerabilities-disclos…
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft-Browser Edge: Google veröffentlicht Zero-Day-Lücke, kein Patch in Sicht ∗∗∗
---------------------------------------------
Der JIT-Compiler, der Microsofts Edge-Browser von Angriffscode aus dem Web isolieren soll, lässt sich selbst zum Einschleusen von Angriffscode missbrauchen. Google hat die dazugehörige Lücke nun veröffentlicht, ohne dass Microsoft Zeit zum Patchen hatte.
---------------------------------------------
https://heise.de/-3973380
∗∗∗ DSA-4118 tomcat-native - security update ∗∗∗
---------------------------------------------
Jonas Klempel reported that tomcat-native, a library giving Tomcataccess to the Apache Portable Runtime (APR) librarys network connection(socket) implementation and random-number generator, does not properlyhandle fields longer than 127 bytes when parsing the AIA-Extension fieldof a client certificate. If OCSP checks are used, this could result inclient certificates that should have been rejected to be accepted.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4118
∗∗∗ DFN-CERT-2016-0125: Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
Red Hat aktualisiert seinen Sicherheitshinweis vom 21.01.2016 und gibt bekannt, dass die Schwachstelle CVE-2012-1148 auch in der aktualisierten Version des Red Hat JBoss Webserver enthalten ist. Bislang gibt es keine Information darüber, wann ein Sicherheitsupdate zur Behebung dieser Schwachstelle zur Verfügung stehen wird.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0125/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (irssi), Debian (bind9, gcc-4.9, plasma-workspace, quagga, and tomcat-native), Fedora (p7zip), Mageia (nasm), openSUSE (exim, ffmpeg, irssi, mpv, qpdf, quagga, rrdtool, and rubygem-puppet), and SUSE (p7zip and xen).
---------------------------------------------
https://lwn.net/Articles/747548/rss
∗∗∗ Tenda AC15 Remote Code Execution ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018020216
∗∗∗ IBM Security Bulletin: IBM Maximo Anywhere is vulnerable to cross-site scripting (CVE-2017-1604) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011883
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects Rational Rhapsody Design Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013739
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 15-02-2018 18:00 − Freitag 16-02-2018 18:00
Handler: n/a
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ New Saturn Ransomware Actively Infecting Victims ∗∗∗
---------------------------------------------
A new ransomware was discovered this week by MalwareHunterTeam called Saturn. This ransomware will encrypt the files on a computer and then append the .saturn extension to the files name. At this time it is not known how Saturn Ransomware is being distributed.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-saturn-ransomware-active…
∗∗∗ Using the Chrome Task Manager to Find In-Browser Miners ∗∗∗
---------------------------------------------
The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/using-the-chrome-task-manage…
∗∗∗ Behörden ignorieren Sicherheitsbedenken gegenüber Windows 10 ∗∗∗
---------------------------------------------
Deutsche Behörden kaufen fleißig Software bei Microsoft. Dabei gibt es erhebliche Sicherheitsbedenken, die das US-Unternehmen wohl immer noch nicht ausräumen konnte. Unklar ist etwa, welche Daten an den Konzern fließen.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Behoerden-ignorieren-Sicherheitsbed…
∗∗∗ Infizierte Heimrouter: Satori-Botnetz legt stark zu ∗∗∗
---------------------------------------------
Der Mirai-Nachfolger Satori infiziert immer mehr Heimrouter und IoT-Geräte. Die zugrundeliegenden Sicherheitslücken werden von den Herstellern oft ignoriert. In der Zwischenzeit schürfen die Angreifer munter Kryptogeld.
---------------------------------------------
https://www.heise.de/meldung/Infizierte-Heimrouter-Satori-Botnetz-legt-star…
∗∗∗ Oracle WebLogic Server Flaw Exploited to Deliver Crypto-Miners ∗∗∗
---------------------------------------------
Threat actors are exploiting a recently patched vulnerability in Oracle WebLogic Server to infect systems with crypto-currency mining malware, FireEye reports.
---------------------------------------------
https://www.securityweek.com/oracle-weblogic-server-flaw-exploited-deliver-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Nortek Linear eMerge E3 Series ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a command injection vulnerability in the Nortek Linear eMerge E3 Series.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-01
∗∗∗ GE D60 Line Distance Relay ∗∗∗
---------------------------------------------
This advisory contains mitigation details for stack-based buffer overflow and improper restriction of operations within the bounds of a memory buffer vulnerabilities in GE’s D60 Line Distance Relay.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02
∗∗∗ Schneider Electric IGSS Mobile ∗∗∗
---------------------------------------------
This advisory contains mitigation details for Improper certificate validation and plaintext storage of a password vulnerabilities in the Schneider Electric IGSS Mobile products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03
∗∗∗ Schneider Electric StruxureOn Gateway ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an unrestricted upload of file with dangerous type vulnerability in Schneider Electrics StruxureOn Gateway software management platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-04
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (quagga), Mageia (freetype2, kernel-linus, and kernel-tmb), openSUSE (chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware (irssi), SUSE (glibc and quagga), and Ubuntu (quagga).
---------------------------------------------
https://lwn.net/Articles/747439/rss
∗∗∗ 2018-01-06 (updated 2018-02-16): Cyber Security Notification - Meltdown & Spectre ∗∗∗
---------------------------------------------
http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A8219&…
∗∗∗ DFN-CERT-2018-0320: Quagga: Mehrere Schwachstellen ermöglichen u.a. einen Distributed-Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0320/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027118
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013416
∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Host On-Demand ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012447
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008816
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 14-02-2018 18:00 − Donnerstag 15-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Spam and phishing in 2017 ∗∗∗
---------------------------------------------
The share of spam in email traffic in 2017 fell by 1.68% to 56.63%. The lowest share (52.67%) was recorded in December 2017. The highest (59.56%) belonged to September. In 2017, the Anti-Phishing system was triggered 246,231,645 times on computers of Kaspersky Lab users as a result of phishing redirection attempts.
---------------------------------------------
http://securelist.com/spam-and-phishing-in-2017/83833/
∗∗∗ Inside the MSRC– The Monthly Security Update Releases ∗∗∗
---------------------------------------------
For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence. October 2003 ushered in ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2018/02/14/inside-the-msrc-the-mon…
∗∗∗ Multi-Stage Email Word Attack without Macros ∗∗∗
---------------------------------------------
Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Multi-Stage-Email-Word-…
∗∗∗ Besser vernetzt - besser geschützt ∗∗∗
---------------------------------------------
Zweitägiger Workshop im BRZ ermöglicht raschere Reaktion auf Malware und andere Bedrohungen. 70 Teilnehmer/innen von österreichischen und internationalen CERTs waren dabei.
---------------------------------------------
https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html
∗∗∗ MeltdownPrime & SpectrePrime: Neue Software automatisiert CPU-Angriffe ∗∗∗
---------------------------------------------
Nach Meltdown und Spectre hatten Experten prognostiziert, dass das Zuschneiden auf spezifische Chips eine Weile dauern würde. Dieser Prozess lässt sich nun durch Automatisierung beschleunigen. Dabei wurden auch neue Variationen der Angriffe gefunden.
---------------------------------------------
https://www.heise.de/meldung/MeltdownPrime-SpectrePrime-Neue-Software-autom…
∗∗∗ Cryptojacking: Hacker infiltrieren 5.000 Websites, verdienen nur 23 Euro ∗∗∗
---------------------------------------------
Laut Angaben von Skript-Entwickler Coinhive – Angreifer schleusten Code in Vorlese-Plugin ..
---------------------------------------------
http://derstandard.at/2000074318850
∗∗∗ COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style ∗∗∗
---------------------------------------------
This post is authored by Jeremiah OConnor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive SummaryCisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign ..
---------------------------------------------
http://blog.talosintelligence.com/2018/02/coinhoarder.html
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4112 xen - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4112
∗∗∗ Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-013
∗∗∗ Entity Backup - Critical - Module Unsupported - SA-CONTRIB-2018-012 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-012
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 13-02-2018 18:00 − Mittwoch 14-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ Hackers Keep it Simple: Malware Evades Detection by Simply Copying
a File ∗∗∗
---------------------------------------------
Returning to this particular flavor of malware, we see a rather simple
way to bypass the detection products: it simply copies kernel32.dll.
The copied version is identical and serves to relay requests from Word
in to the kernel in precisely the same way; however, the copy name is
subtly different. Therefore, some products fail to detect the malware
activity as it passes from Word to the kernel.
---------------------------------------------
https://blogs.bromium.com/malware-copies-file-evades-detection/
∗∗∗ DoubleDoor Botnet Chains Exploits to Bypass Firewalls ∗∗∗
---------------------------------------------
Anubhav says DoubleDoor attackers are using the first exploit to bypass
Juniper Netscreen firewalls and then scan internal networks for ZyXEL
routers to exploit with the second exploit.
...
But the botnet is not a major danger just yet. Anubhav says DoubleDoor
looks like a work in progress and still under heavy development.
---------------------------------------------
https://www.bleepingcomputer.com/news/security
/doubledoor-botnet-chains-exploits-to-bypass-firewalls/
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft - February 2018 Security Updates ∗∗∗
---------------------------------------------
The February security release consists of security updates for the
following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Adobe Flash
---------------------------------------------
https://portal.msrc.microsoft.com/en-us/security-guidance
/releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Acrobat and Reader
(APSB18-02) and Adobe Experience Manager (APSB18-04).
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1530
∗∗∗ Zu aufwendig: Microsoft will schwere Skype-Lücke nicht beheben ∗∗∗
---------------------------------------------
Leck erlaubt Übernahme von Windows-System – Kein Patch geplant, Fehler
soll erst in neuer Version entfernt werden
---------------------------------------------
http://derstandard.at/2000074186504
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (exim and mpv), Debian
(advancecomp and graphicsmagick), Red Hat (collectd, erlang,
httpd24-apr, openstack-aodh, and openstack-nova), SUSE (kernel and
xen), and Ubuntu (libvorbis).
---------------------------------------------
https://lwn.net/Articles/747244/rss
∗∗∗ SAP Resolves High Risk Flaws with February 2018 Patches ∗∗∗
---------------------------------------------
SAP this week released its monthly set of security updates for its
products, addressing a total of 11 new vulnerabilities, including two
considered high severity.
---------------------------------------------
https://www.securityweek.com
/sap-resolves-high-risk-flaws-february-2018-patches
∗∗∗ WAGO PFC200 Series ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01
∗∗∗ Schneider Electric IGSS SCADA Software ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-044-02
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects SAN
Volume Controller, Storwize family and FlashSystem V9000 products
(CVE-2016-4461) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010883
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM
WebSphere Application Server in IBM Cloud (CVE-2017-1681,
CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013359
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been
identified in Open SSL, which is shipped with IBM Tivoli Network
Manager IP Edition. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013041
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN
Volume Controller, Storwize family and FlashSystem V9000 products
(CVE-2017-5647) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010892
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 12-02-2018 18:00 − Dienstag 13-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ If You Thought Ransomware was Big, Illegal Crypto-Mining May be Bigger ∗∗∗
---------------------------------------------
There has been an interesting trend if you follow the daily barrage of security breaches, malware, and other ..
---------------------------------------------
https://www.beyondtrust.com/blog/thought-ransomware-big-illegal-crypto-mini…
∗∗∗ Cybersecurity-Experten warnen for Valentinstags-Angeboten ∗∗∗
---------------------------------------------
Der Valentinstag am 14. Februar wird von Cyber-Kriminellen zum Versand von E-Mails mit gefährlichen Sonderangeboten genutzt.
---------------------------------------------
https://futurezone.at/digital-life/cybersecurity-experten-warnen-for-valent…
∗∗∗ Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Microsoft Office Professional Plus 2016 and Office 365 ProPlus 2016 apps. There are no changes from the draft ..
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2018/02/13/security-baseline-f…
∗∗∗ Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins ∗∗∗
---------------------------------------------
On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks ..
---------------------------------------------
https://blog.sucuri.net/2018/02/unwanted-popups-caused-injectbody-injectscr…
∗∗∗ Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1 ∗∗∗
---------------------------------------------
Redmond extends ATP to older builds, adds third-party links Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) antivirus tool from Windows 10 to Windows 7 and 8.1.
---------------------------------------------
www.theregister.co.uk/2018/02/12/microsoft_windows_atp/
∗∗∗ Sicherheitsupdates: Gefährliche Lücken in IBM AIX und Notes ∗∗∗
---------------------------------------------
In AIX von IBM klafft eine kritische Sicherheitslücke. Darüber hinaus stopft ein Update eine Schwachstelle in Notes.
---------------------------------------------
https://www.heise.de/meldung/Sicherheitsupdates-Gefaehrliche-Luecken-in-IBM…
∗∗∗ Chrome-Security-Chefin: "Wenn Flash entfernt wird, feiern wir eine Party" ∗∗∗
---------------------------------------------
Parisa Tabriz leitet die Elite-Hacker Gruppe Project Zero – sie sagt, dass Phishing eine größere Gefahr für die breite Masse als die Lücken "Meltdown" und Spectre ist
---------------------------------------------
http://derstandard.at/2000073871421
∗∗∗ Olympic Destroyer Takes Aim At Winter Olympics ∗∗∗
---------------------------------------------
This blog post is authored by Warren Mercer and Paul Rascagneres.Update 2/13 08:30 We have updated the information regarding the use of stolen credentialsUpdate 2/12 12:00: We have updated the destructor section with action taken ..
---------------------------------------------
blog.talosintelligence.com/2018/02/olympic-destroyer.html
∗∗∗ Zero-Day in Telegrams Windows Client Exploited for Months ∗∗∗
---------------------------------------------
A zero-day vulnerability impacting Telegram Messenger’s Windows client had been exploited in malicious attacks for months before being discovered and addressed. read more
---------------------------------------------
https://www.securityweek.com/zero-day-telegrams-windows-client-exploited-mo…
=====================
= Vulnerabilities =
=====================
∗∗∗ [KDE] Plasma Desktop: Arbitrary command execution in the removable device notifier ∗∗∗
---------------------------------------------
When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, its interpreted as a shell command, leaving a possibility of arbitrary commands execution.
---------------------------------------------
https://www.kde.org/info/security/advisory-20180208-2.txt
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1530
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 09-02-2018 18:00 − Montag 12-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ Vor allem Porno-Seiten spannen Nutzer zum Krypto-Mining ein ∗∗∗
---------------------------------------------
Laut einer aktuellen Studie enthalten mehr als 240 der beliebtesten Websites Code, der die Rechner ihre Besucher zum "Schürfen" von Kryptowährungen nutzt.
---------------------------------------------
https://futurezone.at/digital-life/vor-allem-porno-seiten-spannen-nutzer-zu…
∗∗∗ Cisco Confirms Critical Firewall Software Bug Is Under Attack ∗∗∗
---------------------------------------------
Cisco has issued patches for the vulnerability, which could be up to seven years old.
---------------------------------------------
http://threatpost.com/cisco-confirms-critical-firewall-software-bug-is-unde…
∗∗∗ Cryakl ransomware keys made public ∗∗∗
---------------------------------------------
The Belgian Federal Police are releasing free decryption keys for Cryakl ransomware and have become a partner with the No More Ransom Project.
---------------------------------------------
https://www.scmagazine.com/cryakl-ransomware-keys-made-public/article/74332…
∗∗∗ GitHub-Account-Zombies erregen die Gemüter ∗∗∗
---------------------------------------------
Löscht ein Nutzer seinen Account bei GitHub, wird der Name sofort wieder für neue Nutzer frei. Das können Kriminelle missbrauchen, um über die Entwicklerseite Malware zu verteilen. Entwickler sollten Accounts daher lieber downgraden statt löschen.
---------------------------------------------
https://www.heise.de/security/meldung/GitHub-Account-Zombies-erregen-die-Ge…
∗∗∗ Equifax-Hack betrifft noch mehr Daten als bisher bekannt ∗∗∗
---------------------------------------------
In einem Papier an den Bankenausschuss des US-Senats räumt Equifax ein, dass bei dem spektakulären Hack im September 2017 noch mehr Daten abgegriffen wurden als bisher zugegeben. Zusätzlich betroffen waren Steuernummern und Angaben im Führerschein.
---------------------------------------------
https://www.heise.de/security/meldung/Equifax-Hack-betrifft-noch-mehr-Daten…
∗∗∗ Italienische Kryptobörse ausgeraubt: BitGrail fehlen 140 Millionen Euro ∗∗∗
---------------------------------------------
Diebe erbeuteten 17 Millionen sogenannte "Nano". BitGrail setzte den Handel vorerst aus. Die Polizei ermittelt.
---------------------------------------------
https://www.heise.de/security/meldung/Italienische-Kryptoboerse-ausgeraubt-…
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (go, go-pie, and plasma-workspace), Debian (audacity, exim4, libreoffice, librsvg, ruby-omniauth, tomcat-native, and uwsgi), Fedora (tomcat-native), Gentoo (virtualbox), Mageia (kernel), openSUSE (freetype2, ghostscript, jhead, and libxml2), and SUSE (freetype2 and kernel).
---------------------------------------------
https://lwn.net/Articles/747120/rss
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell.The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ BlackBerry powered by Android Security Bulletin - February 2018 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber…
∗∗∗ DSA-4110 exim4 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4110
∗∗∗ DSA-4111 libreoffice - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4111
∗∗∗ DFN-CERT-2018-0286: Oracle MySQL Community Server: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0286/
∗∗∗ IBM Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012395
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013351
∗∗∗ VMSA-2018-0007 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0007.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 08-02-2018 18:00 − Freitag 09-02-2018 18:00
Handler: Robert Waldner
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ Free Decryption Tool Released for Cryakl Ransomware ∗∗∗
---------------------------------------------
Belgian Federal Police together with Kaspersky Lab have released a free decryption tool for some versions of the Cryakl ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/free-decryption-tool-release…
∗∗∗ X.509 Certificates Can Be Abused for Data Exfiltration ∗∗∗
---------------------------------------------
Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/x-509-certificates-can-be-ab…
∗∗∗ Verschlüsselung: Github testet Abschaltung alter Krypto ∗∗∗
---------------------------------------------
Github-Nutzer sollten ihre Clients auf Kompatibilität prüfen: Ab dem 22. Februar werden alte TLS-Versionen und einige Diffie-Hellman-Gruppen deaktiviert. Am Donnerstagabend wurde die Abschaltung schon einmal getestet.
---------------------------------------------
https://www.golem.de/news/verschluesselung-github-testet-abschaltung-alter-…
∗∗∗ Living in a Smart Home ∗∗∗
---------------------------------------------
In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results.
---------------------------------------------
https://www.schneier.com/blog/archives/2018/02/living_in_a_sma.html
∗∗∗ WannaMine: Cryptocurrency Mining Malware That Uses An NSA Exploit ∗∗∗
---------------------------------------------
The recent months have seen an increase in cyberattacks using cryptocurrency-mining tools, which has now become one of the main security threats.
---------------------------------------------
https://www.techworm.net/2018/02/wannamine-cryptocurrency-mining-malware-us…
∗∗∗ Einige Netgear-Router lassen sich mit simplem URL-Trick übernehmen ∗∗∗
---------------------------------------------
In vielen Routern von Netgear klaffen Sicherheitslücken, die Angreifern mitunter Tür und Tor öffnen können. Updates schaffen Abhilfe.
---------------------------------------------
https://www.heise.de/security/meldung/Einige-Netgear-Router-lassen-sich-mit…
∗∗∗ WordPress 4.9.3 schießt automatische Update-Funktion ab ∗∗∗
---------------------------------------------
Die WordPress-Ausgabe 4.9.3 hat zwar in erster Linie Bugs gefixt, aber auch einen neuen mitgebracht: Die automatische Aktualisierung funktioniert nicht mehr. Eine neue Version löst das Problem.
---------------------------------------------
https://www.heise.de/security/meldung/WordPress-4-9-3-schiesst-automatische…
∗∗∗ Spectre-2-Lücke: Intel verspricht Updates auch für ältere Prozessoren ∗∗∗
---------------------------------------------
Für Skylake-Prozessoren, zahlreiche Atoms und damit verwandte Celerons gibt es nun wieder Microcode-Updates – zunächst nur für OEM-Partner; doch Intel will auch ältere Prozessoren patchen.
---------------------------------------------
https://www.heise.de/security/meldung/Spectre-2-Luecke-Intel-verspricht-Upd…
=====================
= Vulnerabilities =
=====================
∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-02) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB18-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 13, 2018. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1527
∗∗∗ DSA-4108 mailman - security update ∗∗∗
---------------------------------------------
Calum Hutton and the Mailman team discovered a cross site scripting andinformation leak vulnerability in the user options page. A remoteattacker could use a crafted URL to steal cookie information or tofish for whether a user is subscribed to a list with a private roster.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4108
∗∗∗ Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro ∗∗∗
---------------------------------------------
Sonatype Nexus Repository Manager OSS/Pro is affected by multiple cross-site scripting vulnerabilities (both reflected and stored) in both version 2 and 3 of the product which could be used by an attacker to execute JavaScript code in the user’s browser.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scriptin…
∗∗∗ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗
---------------------------------------------
Abstract: NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. This release does not contain any new features.
---------------------------------------------
https://download.novell.com/Download?buildid=MtsbTyzebZw~
∗∗∗ JRE vulnerability CVE-2012-5081 ∗∗∗
---------------------------------------------
JRE vulnerability CVE-2012-5081. Security Advisory. Security Advisory Description. Unspecified vulnerability in the Java ...
---------------------------------------------
https://support.f5.com/csp/article/K21018505
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (clamav), Debian (mailman, mpv, and simplesamlphp), Fedora (tomcat-native), openSUSE (docker, docker-runc, containerd,, kernel, mupdf, and python-mistune), Red Hat (kernel), and Ubuntu (mailman and postgresql-9.3, postgresql-9.5, postgresql-9.6).
---------------------------------------------
https://lwn.net/Articles/746988/rss
∗∗∗ DFN-CERT-2018-0278: Nextcloud Server: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0278/
∗∗∗ IBM Security Bulletin: IBM i is affected by GSKIT vulnerability CVE-2018-1388 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022451
∗∗∗ IBM Security Bulletin: Vulnerability impacts AIX and VIOS (CVE-2018-1383) ∗∗∗
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc
∗∗∗ IBM Security Bulletin: Open Source Apache CXF Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12624) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013336
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 07-02-2018 18:00 − Donnerstag 08-02-2018 18:00
Handler: Robert Waldner
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ HTTPS: Viele Webseiten nutzen alte Symantec-Zertifikate ∗∗∗
---------------------------------------------
In Kürze wird Chrome vielen alten Symantec-Zertifikaten nicht mehr trauen, eine Testversion zeigt schon jetzt Warnmeldungen. Doch viele Seiten haben noch nicht umgestellt - darunter auch prominente Seiten wie Wechat oder Spiegel Online.
---------------------------------------------
https://www.golem.de/news/https-viele-webseiten-nutzen-alte-symantec-zertif…
∗∗∗ Gefälschte card complete-Sicherheitsmitteilung ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte card complete-Sicherheitsmitteilung. Darin behaupten sie, dass das Unternehmen "einige Informationen von Ihnen (braucht) , Einloggen und aktualisieren Sie Ihr Konto". Empfänger/innen dürfen der Aufforderung nicht nachkommen, denn andernfalls übermitteln sie ihre Kreditkartendaten an Verbrecher/innen.
---------------------------------------------
https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1%5bnews%5d=301…
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (django-anymail, libtasn1-6, and postgresql-9.1), Fedora (w3m), Mageia (389-ds-base, gcc, libtasn1, and p7zip), openSUSE (flatpak, ImageMagick, libjpeg-turbo, libsndfile, mariadb, plasma5-workspace, pound, and spice-vdagent), Oracle (kernel), Red Hat (flash-plugin), SUSE (docker, docker-runc, containerd, golang-github-docker-libnetwork and kernel), and Ubuntu (libvirt, miniupnpc, and QEMU).
---------------------------------------------
https://lwn.net/Articles/746915/rss
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1761) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012416
∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012829
∗∗∗ IBM Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013053
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 05-02-2018 18:00 − Dienstag 06-02-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Research papers and Youtube videos from BlueHat Israel 2018 ∗∗∗
---------------------------------------------
http://www.bluehatil.com/abstracts.html
∗∗∗ European Cyber Security Month ECSM 2017 deployment report ∗∗∗
---------------------------------------------
ENISA is today pleased to publish the ‘European Cyber Security Month deployment report’, a summary of the activities carried out throughout ECSM 2017 by the Agency and participating Member States.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/european-cyber-security-month-e…
∗∗∗ Strong cybersecurity culture as efficient firewall for organisations ∗∗∗
---------------------------------------------
ENISA’s Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/strong-cybersecurity-culture-as…
∗∗∗ Krypto-Miner schlich über Download-Verzeichnis MacUpdate auf Macs ∗∗∗
---------------------------------------------
Mac-Nutzer, die beliebte Software wie etwa den Browser Firefox über MacUpdate heruntergeladen haben, handelten sich dadurch unter Umständen Malware ein.
---------------------------------------------
https://www.heise.de/meldung/Krypto-Miner-schlich-ueber-Download-Verzeichni…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates available for Adobe Flash Player (APSB18-03) ∗∗∗
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1522
∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a common separated value (CSV) vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012674
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM JRE affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013271
∗∗∗ February 2018 ∗∗∗
---------------------------------------------
https://source.android.com/security/bulletin/2018-02-01.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 02-02-2018 18:00 − Montag 05-02-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Safer Internet Day ∗∗∗
---------------------------------------------
February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/02/05/Safer-Internet-Day
=====================
= Vulnerabilities =
=====================
∗∗∗ New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices ∗∗∗
---------------------------------------------
Two new WD My Cloud vulnerabilities have been identified, adding to last month’s bevy of security bugs.
---------------------------------------------
http://threatpost.com/new-western-digital-my-cloud-bugs-give-local-attacker…
∗∗∗ NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗
---------------------------------------------
NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes.
---------------------------------------------
https://download.novell.com/Download?buildid=MtsbTyzebZw~
∗∗∗ Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities ∗∗∗
---------------------------------------------
Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ DFN-CERT-2018-0235/">Django: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗
---------------------------------------------
Eine Schwachstelle in Django ermöglicht einem entfernten, nicht authentisierten Angreifer Informationen zu berechtigten Benutzern auszuspähen.
Der Hersteller hat Django 2.0.2 und 1.11.10 als Security Releases veröffentlicht und stellt Patches für den Master Branch und die Releases Branches 2.0 und 1.11 zur Verfügung.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0235/
∗∗∗ DFN-CERT-2018-0234/">7-Zip: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Angriff durchzuführen (Out-of-bounds Write) oder möglicherweise mit Hilfe eines präparierten ZIP-Archivs beliebigen Programmcode zur Ausführung bringen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0234/
∗∗∗ Update: Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗
---------------------------------------------
Update: 5. Februar 2018 Cisco hat bekanntgegeben, dass im Zuge interner Untersuchungen noch weitere Lücken gefunden wurden, sowie dass die bisher veröffentlichten gefixten Versionen Fehler enthalten.
---------------------------------------------
http://www.cert.at/warnings/all/20180130.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dokuwiki and p7zip), Fedora (kernel, pdns, rsync, and webkitgtk4), openSUSE (chromium and translate-toolkit), Red Hat (jboss-ec2-eap and Red Hat Satellite 6), Slackware (php), and SUSE (bind and firefox).
---------------------------------------------
https://lwn.net/Articles/746568/rss
∗∗∗ IBM Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382 ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013054
∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by authenticated user access to sensitive information vulnerability (CVE-2017-1785) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013061
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013153
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026841
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025910
∗∗∗ IBM Security Bulletin: October 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011818
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 01-02-2018 18:00 − Freitag 02-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ Crypto Miners May Be the 'New Payload of Choice' for Attackers ∗∗∗
---------------------------------------------
Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware.
---------------------------------------------
http://threatpost.com/crypto-miners-may-be-the-new-payload-of-choice-for-at…
∗∗∗ Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd) ∗∗∗
---------------------------------------------
Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Janes 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body.
---------------------------------------------
https://isc.sans.edu/diary/rss/23305
∗∗∗ Multiple Vulnerabilities in WD MyCloud ∗∗∗
---------------------------------------------
While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details.
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilitie…
∗∗∗ There is no evidence in-the-wild malware is using Meltdown or Spectre ∗∗∗
---------------------------------------------
Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/02/there-no-evidence-wild-malwa…
∗∗∗ Service-Router von Cisco können sich an IPv6-Paketen verschlucken ∗∗∗
---------------------------------------------
Ein Sicherheitsupdate schließt eine DoS-Schwachstelle in Cisco ASR 9000.
---------------------------------------------
https://www.heise.de/security/meldung/Service-Router-von-Cisco-koennen-sich…
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (systemd and thunderbird), Debian (squid and squid3), Fedora (firefox), Mageia (java-1.8.0-openjdk and sox), openSUSE (ecryptfs-utils and libXfont), Oracle (systemd and thunderbird), Scientific Linux (thunderbird), and Ubuntu (dovecot and w3m).
---------------------------------------------
https://lwn.net/Articles/746326/rss
=====================
= Vulnerabilities =
=====================
∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar ∗∗∗
---------------------------------------------
"Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar 1. Februar 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-4878 Es ist noch keine entsprechend gefixte Version verfügbar - Adobe hat eine solche für nächste Woche (beginnend mit 5. Februar 2018) in Aussicht
---------------------------------------------
http://www.cert.at/warnings/all/20180201.html
∗∗∗ IBM Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012719
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Kernel, libvirt and qemu-kvm affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012641
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 31-01-2018 18:00 − Donnerstag 01-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ DDG: A Mining Botnet Aiming at Database Servers ∗∗∗
---------------------------------------------
Starting 2017-10-25, we noticed there was a large scale ongoing scan targeting the OrientDB databases. Further analysis found that this is a long-running botnet whose main ..
---------------------------------------------
http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/
∗∗∗ Adaptive Phishing Kit ∗∗∗
---------------------------------------------
Phishing kits are everywhere! If your server is compromised today, they are chances that it will be used to mine cryptocurrency, to deliver malware payloads or to host a phishing kit. Phishing remains a common attack scenario to collect valid credentials and impersonate the user account or, in larger attacks, it is one of the first steps to ..
---------------------------------------------
https://isc.sans.edu/diary/rss/23299
∗∗∗ Internet of Dildos – a long way to a vibrant future ∗∗∗
---------------------------------------------
Schwachstellen in Sexspielzeugen sind nicht nur aus technischer Sicht sehr interessant, sondern vor allem datenschutzrechtlich. Mehrere „Smart Sex“ Spielzeuge der Marke Vibratissimo und die dazugehörige Cloud Plattform waren von schwerwiegenden Schwachstellen betroffenen.
---------------------------------------------
https://www.sec-consult.com/blog/2018/02/internet-of-dildos-a-long-way-to-a…
∗∗∗ Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready? ∗∗∗
---------------------------------------------
It has been few weeks since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws. Spectre and Meltdown are security ..
---------------------------------------------
https://thehackernews.com/2018/02/meltdown-spectre-malware-hacking.html
∗∗∗ Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet ∗∗∗
---------------------------------------------
The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affects more than half a million users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular ..
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrom…
∗∗∗ "Ändere dein Passwort"-Tag: Lass es doch einfach bleiben! ∗∗∗
---------------------------------------------
Am 1. Februar ist "Ändere dein Passwort"-Tag. Aber ist es wirklich sinnvoll, Passwörter regelmäßig zu ändern? Und wie wählt man überhaupt gute Passwörter, die Hackerangriffen standhalten?
---------------------------------------------
https://www.heise.de/meldung/Aendere-dein-Passwort-Tag-Lass-es-doch-einfach…
∗∗∗ Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions ∗∗∗
---------------------------------------------
The threat landscape is constantly changing; over the last few years malware threat vectors, methods and payloads have rapidly evolved. Recently, as cryptocurrency values have exploded, mining ..
---------------------------------------------
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
∗∗∗ Chrome’s Plan to Distrust Symantec Certificates ∗∗∗
---------------------------------------------
Posted by Devon O’Brien, Ryan Sleevi, Andrew Whalley, Chrome SecurityThis post is a broader announcement of plans already finalized on the blink-dev mailing list.Update, 1/31/18: Post was updated to further clarify 13 month validity limitationsAt the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and ..
---------------------------------------------
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.h…
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4103 chromium-browser - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4103
∗∗∗ Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 30-01-2018 18:00 − Mittwoch 31-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft Drops the Hammer on Coercive Registry Cleaners & System Optimizers ∗∗∗
---------------------------------------------
Starting March 1st 2018, Windows Defender and other Microsoft products will begin to remove programs that display coercive behavior. This includes registry cleaners and system optimizers that offer free scans, display alarming messages, and then require the user to purchase it.before fixing anything.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-drops-the-hammer-…
∗∗∗ Google hat 2017 mehr als 700.000 bösartige Apps aus Google Play verbannt ∗∗∗
---------------------------------------------
In einem Jahresbericht führt Google aus, wie sicher der eigene Android-App-Store Google Play doch ist. Aufgrund einiger Vorfälle wirkt die Argumentation stellenweise jedoch nicht ganz glaubwürdig.
---------------------------------------------
https://www.heise.de/meldung/Google-hat-2017-mehr-als-700-000-boesartige-Ap…
∗∗∗ Kritische Sicherheitslücke in Mozilla Firefox - Patch verfügbar ∗∗∗
---------------------------------------------
Mozilla hat einen Out-of-Band Patch für eine kritische Sicherheitslücke im Webbrowser Firefox veröffentlicht. Auswirkungen Durch Ausnützen dieser Lücke kann ein Angreifer beliebigen Code auf betroffenen Systemen, mit den Rechten des angemeldeten Benutzers, ausführen. Dazu reicht es, den Browser zum Anzeigen einer entsprechend präparierten Webseite ..
---------------------------------------------
http://www.cert.at/warnings/all/20180131.html
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4102 thunderbird - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4102
∗∗∗ PHOENIX CONTACT mGuard ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01
∗∗∗ Siemens TeleControl Server Basic ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02
∗∗∗ WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
http://jvn.jp/en/jp/JVN30636823/
∗∗∗ Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 29-01-2018 18:00 − Dienstag 30-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ IBM-Studie: Viele Nutzer halten biometrische Anmeldung für sicher ∗∗∗
---------------------------------------------
Gerade junge Leute wollen sich heutzutage keine Passwörter mehr merken: Eine IBM-Studie untersucht Vorlieben von Nutzern aller Altersgruppen. Teilnehmer ab 55 Jahren hingegen merken sich viele verschiedene Passwörter auf einmal - auch ohne Passwort-Manager.
---------------------------------------------
https://www.golem.de/news/ibm-studie-viele-nutzer-halten-biometrische-anmel…
∗∗∗ Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery ∗∗∗
---------------------------------------------
Of course this does nothing for victims encrypted files Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets.
---------------------------------------------
theregister.com/feed/www.theregister.co.uk/2018/01/30/ransomware_diversions/
∗∗∗ Chrome Extension Malware Has Evolved ∗∗∗
---------------------------------------------
While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data.
---------------------------------------------
https://www.wired.com/story/chrome-extension-malware
∗∗∗ ENISA organises cyber-exercise to boost CSIRT cooperation ∗∗∗
---------------------------------------------
On 30 January 2018, the EU Cybersecurity Agency ENISA organised ‘Cyber SOPEx’, the first cooperation exercise of the CSIRTs Network.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-organises-cyber-exercise-…
∗∗∗ E-Mail-Betrug: Vorarlberger Firma zahlt 150.000 Euro ∗∗∗
---------------------------------------------
Mitarbeiterin überwies knapp 150.000 Euro ins Ausland – 83.000 Euro konnten zurückgeholt werden
---------------------------------------------
http://derstandard.at/2000073288109
∗∗∗ "spotzi" und "bier1": Cybasar-Leak zeigt die unsicheren Passwörter der Österreicher ∗∗∗
---------------------------------------------
Viele Kennwörter offenbaren fahrlässigen Umgang mit eigenen Informationen im Netz – auch von Behördenmitarbeitern
---------------------------------------------
http://derstandard.at/2000073316365
∗∗∗ 2017 in Snort Signatures. ∗∗∗
---------------------------------------------
This post was written by Martin Lee and Vanja Svajcer.2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact ..
---------------------------------------------
http://blog.talosintelligence.com/2018/01/2017-in-snort-signatures.html
∗∗∗ Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗
---------------------------------------------
Cisco hat ein Advisory zu einer kritischen Sicherheitslücke in Cisco ASA Software veröffentlicht. Die Lücke befindet sich im Code, der für das "webvpn"-Feature zuständig ..
---------------------------------------------
http://www.cert.at/warnings/all/20180130.html
=====================
= Vulnerabilities =
=====================
∗∗∗ [20180103] - Core - XSS vulnerability in Uri class ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/721-20180103-core-xss-vulnerab…
∗∗∗ [20180102] - Core - XSS vulnerability in com_fields ∗∗∗
---------------------------------------------
https://developer.joomla.org/security-centre/720-20180102-core-xss-vulnerab…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 26-01-2018 18:00 − Montag 29-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ Cyberattacken auf niederländische Banken: Netbanking weg ∗∗∗
---------------------------------------------
Die drei größten Banken der Niederlande hatten am Wochenende mit Cyberangriffen zu kämpfen. Teilweise fiel auch das Online-Banking aus.
---------------------------------------------
https://futurezone.at/digital-life/cyberattacken-auf-niederlaendische-banke…
∗∗∗ Coincheck: Kryptowährung im Wert von 429 Millionen Euro gestohlen ∗∗∗
---------------------------------------------
Für das Unternehmen Coincheck war es ein schwarzer Freitag: Eine große Menge der Kryptowährung NEM wurde gestohlen. Der Kurs sank dadurch um elf Prozent. Auch Bitcoin und Etherium waren davon betroffen. Der Angriff ist für einige ein Anlass zur Kritik an Japans Regulierung des Kryptohandels.
---------------------------------------------
https://www.golem.de/news/coincheck-kryptowaehrung-im-wert-von-429-milliard…
∗∗∗ Security: Lenovo gesteht Sicherheitslücken im Fingerprint Manager ein ∗∗∗
---------------------------------------------
Die Software Fingerprint Manager Pro speichert biometrische Daten auf dem Gerät. Allerdings sagt selbst Lenovo, dass das unsicher sei und rät daher zu einem Update. Windows-10-Geräte sind davon jedoch nicht betroffen.
---------------------------------------------
https://www.golem.de/news/security-lenovo-gesteht-sicherheitsluecken-im-fin…
∗∗∗ Meltdown & Spectre: Windows-Update deaktiviert Schutz gegen Spectre V2 ∗∗∗
---------------------------------------------
Ein aktuelles Windows-Update schaltet den Schutz gegen Spectre Variant 2 ab, um Instabilitäten des Systems vorzubeugen.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Meltdown-Spectre-Windows-Update-dea…
∗∗∗ First 'Jackpotting' Attacks Hit U.S. ATMs ∗∗∗
---------------------------------------------
ATM "jackpotting" - a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand - has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United [...]
---------------------------------------------
https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/
∗∗∗ Cybasar.at gehackt: 70.000 österreichische Log-ins im Netz aufgetaucht ∗∗∗
---------------------------------------------
Hunderte E-Mails und Passwörter von offiziellen Stellen enthalten – Daten stammen von Gebrauchtwagenplattform Cybasar
---------------------------------------------
http://derstandard.at/2000073253135
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4099 ffmpeg - security update ∗∗∗
---------------------------------------------
Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4099
∗∗∗ DSA-4101 wireshark - security update ∗∗∗
---------------------------------------------
It was discovered that wireshark, a network protocol analyzer, containedseveral vulnerabilities in the dissectors/file parsers for IxVeriWave,WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial ofservice or the execution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4101
∗∗∗ DFN-CERT-2018-0020 ∗∗∗
---------------------------------------------
Auf diesem Wege noch einmal der Hinweis, dass wir unsere Security Advisories zu #Spectre und #Meltdown (DFN-CERT-2018-0020) sowie Spectre 2 (DFN-CERT-2018-0019) beinahe täglich aktualisieren. Bleiben Sie via @DFNCERT_ADV auf dem neuesten Stand.
---------------------------------------------
https://twitter.com/DFNCERT/status/956906148388536321
∗∗∗ DFN-CERT-2018-0196: VMware AirWatch Console (AWC): Eine Schwachstelle ermöglicht einen Cross-Site-Request-Forgery-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0196/
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180129-…
∗∗∗ IBM Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.a…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012707
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 24-01-2018 18:00 − Donnerstag 25-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack ∗∗∗
---------------------------------------------
The worlds largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pc…
∗∗∗ BSI-Richtlinie: Der streng geheime Streit über die Routersicherheit ∗∗∗
---------------------------------------------
Das BSI will in den kommenden Monaten eine Technische Richtlinie für Heimrouter herausgeben. Vor allem die Kabelnetzbetreiber halten nichts davon, für möglichst viel Sicherheit bei den Geräten zu sorgen. Der CCC spricht von "Lobbying-Sabotage".
---------------------------------------------
https://www.golem.de/news/bsi-richtlinie-der-streng-geheime-streit-ueber-di…
∗∗∗ Windows 10: Microsoft will aufzeigen, was an Gerätedaten gesammelt wird ∗∗∗
---------------------------------------------
Sprachdaten, Positionsdaten und Browserverlauf: Nutzer sollen künftig einen besseren Überblick über gesammelte Daten in Windows 10 bekommen. Dazu stellt Microsoft ein Dashboard für Microsoft-Accounts und einen Diagnostic Viewer für Geräteinformation zur Verfügung. (Microsoft, Datenschutz)
---------------------------------------------
https://www.golem.de/news/windows-10-microsoft-will-aufzeigen-was-an-geraet…
∗∗∗ Cloudflare[.]solutions Keylogger Returns on New Domains ∗∗∗
---------------------------------------------
A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains. Keylogger Spreads to New Domains A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken [...]
---------------------------------------------
https://blog.sucuri.net/2018/01/cloudflare-solutions-keylogger-returns-on-n…
∗∗∗ libcurl has had auth leak bug since the first commit we recorded ∗∗∗
---------------------------------------------
Fixed in 7.58.0 If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/01/25/curl_carrie…
∗∗∗ Healthcare CERTs highlight the need for security guidance for specific sectors ∗∗∗
---------------------------------------------
A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development. Read more
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/01/healthcare-certs-show-need-s…
∗∗∗ Announcing turndown of the deprecated Google Safe Browsing APIs ∗∗∗
---------------------------------------------
Posted by Alex Wozniak, Software Engineer, Safe Browsing TeamIn May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect over 3 billion devices from unsafe web resources.Coupled with that announcement was the deprecation of legacy Safe Browsing APIs, v2 and v3. Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must [...]
---------------------------------------------
https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.h…
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4096 firefox-esr - security update ∗∗∗
---------------------------------------------
Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees, integeroverflows and other implementation errors may lead to the execution ofarbitrary code, denial of service or URL spoofing.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4096
∗∗∗ Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified ∗∗∗
---------------------------------------------
Update 1/25/18: Blender has released version 2.79a to address these issues
Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since its free and open-source software. However, this also make it an attractive target for adversaries to audit and find vulnerabilities. Given the user base of Blender, exploiting these vulnerabilities to [...]
---------------------------------------------
http://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html
∗∗∗ DFN-CERT-2018-0177: Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0177/
∗∗∗ IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026853
∗∗∗ IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026733
∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026732
∗∗∗ IBM Security Bulletin: A vulnerability in Apache Portable Runtime affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026735
∗∗∗ IBM Security Bulletin: A vulnerability in procmail affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026736
∗∗∗ IBM Security Bulletin: A vulnerability in curl affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026734
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012767
∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026731
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007398
∗∗∗ IBM Security Bulletin: Rational DOORS is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012789
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 23-01-2018 18:00 − Mittwoch 24-01-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Skype, Signal, Slack, other apps inherit Electron vuln ∗∗∗
---------------------------------------------
If youve built a Windows application on Electron, check to see if its subject to a just-announced remote code execution vulnerability. ... Slack users should update to version 3.0.3 or better, and the latest version of Skype for Windows is protected
---------------------------------------------
https://www.theregister.co.uk/2018/01/24/skype_signal_slack_nherit_electron…
∗∗∗ [papers] Hardcore SAP Penetration Testing ∗∗∗
---------------------------------------------
http://www.exploit-db.com/docs/english/43859-hardcore-sap-penetration-testi…
∗∗∗ 14 flaws found that could take over industrial control systems ∗∗∗
---------------------------------------------
Licence management systems used in industrial control systems are plagued with vulnerabilities - contain 14 flaws could enable hackers to take control of systems and carry out DoS attacks
---------------------------------------------
https://www.scmagazineuk.com/news/14-flaws-found-that-could-take-over-indus…
=====================
= Vulnerabilities =
=====================
∗∗∗ Advantech WebAccess/SCADA ∗∗∗
---------------------------------------------
This advisory contains mitigation details for path traversal and SQL injection vulnerabilities in Advantech’s WebAccess/SCADA software platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (smarty3), Fedora (bind, bind-dyndb-ldap, dnsperf, glibc, kernel, libtasn1, libvpx, mariadb, python-bottle, ruby, and sox), Red Hat (rh-eclipse46-jackson-databind), SUSE (kernel), and Ubuntu (kernel, linux, linux-aws, linux-euclid, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-aws, and rsync).
---------------------------------------------
https://lwn.net/Articles/745165/rss
∗∗∗ Apple Updates Everything, Again, (Tue, Jan 23rd) ∗∗∗
---------------------------------------------
https://isc.sans.edu/diary/rss/23269
∗∗∗ Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102765
∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180124-…
∗∗∗ Security Advisory - Two Vulnerabilities in MGCP Protocol of Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-…
∗∗∗ Security Advisory - Integer Overflow Vulnerability on Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-…
∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-…
∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012739
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012712
∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in MyFaces for WebSphere Application Server ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012737
∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by vulnerability due to information disclosure in Apache MyFaces ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012735
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012623
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012627
∗∗∗ SSA-824231 (Last Update 2018-01-24): Unauthenticated Firmware Upload Vulnerability in Desigo PXC ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 22-01-2018 18:00 − Dienstag 23-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Newsletter-Dienst: Mailchimp verrät E-Mail-Adressen von Newsletter-Abonnenten ∗∗∗
---------------------------------------------
Spezifische Referrer für jeden Newsletter-Nutzer haben dazu geführt, dass Webseitenbetreiber die E-Mail-Adressen von Mailchimp-Nutzern herausfinden konnten. Das Problem wurde nach Meldung an den Anbieter mittlerweile behoben.
---------------------------------------------
https://www.golem.de/news/newsletter-dienst-mailchimp-verraet-e-mail-adress…
∗∗∗ Just Keep Swimming: How to Avoid Phishing on Social Media ∗∗∗
---------------------------------------------
>From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell? Phishing attacks attempt to steal ..
---------------------------------------------
https://www.webroot.com/blog/2018/01/22/how-to-avoid-phishing-social-media/
∗∗∗ "MaMi": MacOS-Malware hört User ab und manipuliert Datenverkehr ∗∗∗
---------------------------------------------
Schädling leitet Traffic über von Unbekannten kontrollierte DNS-Server um
---------------------------------------------
http://derstandard.at/2000072382780
∗∗∗ Millionen PCs verwundbar: Forscher deckt Lücke in allen Blizzard-Games auf ∗∗∗
---------------------------------------------
Konzern arbeitet bereits an Lösung – Problem bei Client
---------------------------------------------
http://derstandard.at/2000072835431
∗∗∗ Achtung: Whatsapp Abo-Betrug kursiert derzeit per Mail ∗∗∗
---------------------------------------------
"Konto ist abgelaufen" – ehemaliges Abomodell von Whatsapp wird instrumentalisiert um Kreditkartendaten zu ergattern
---------------------------------------------
http://derstandard.at/2000072831670
∗∗∗ SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks ∗∗∗
---------------------------------------------
This post was written by Vitor VenturaIntroductionTalos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do not appear to be highly targeted, and appear to be more opportunistic in nature.Given SamSams victimology, its impacts are not just felt within the business world, they are also impacting people,
---------------------------------------------
http://blog.talosintelligence.com/2018/01/samsam-evolution-continues-nettin…
=====================
= Vulnerabilities =
=====================
∗∗∗ HTTP Host header attacks against web proxy disclaimer response webpage ∗∗∗
---------------------------------------------
The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim.In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-262
∗∗∗ VMSA-2018-0002.3 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0002.html
∗∗∗ JSA10836 - 2018-01 Security Bulletin: SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836
∗∗∗ XXE & Reflected XSS in Oracle Financial Services Analytical Applications ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/xxe-reflected-xss-in-oracle-…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 19-01-2018 18:00 − Montag 22-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Hacker One: Nur 20 Prozent der Bounty-Jäger hacken in Vollzeit ∗∗∗
---------------------------------------------
Das US-Unternehmen Hacker One hat aktuelle Zahlen vorgestellt: Die meisten Bounties werden nach wie vor von US-Unternehmen gezahlt. Die Daten zeigen außerdem, dass das Finden von Schwachstellen für die meisten ein Nebenberuf oder Hobby ist.
---------------------------------------------
https://www.golem.de/news/hacker-one-nur-20-prozent-der-bounty-jaeger-hacke…
∗∗∗ Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017 ∗∗∗
---------------------------------------------
The Skygofree spyware analyzed by Kaspersky today was first spotted by the researcher Lukas Stefanko and the first analysis was published last year by the experts of CSE Cybsec ZLab. The Skygofree ..
---------------------------------------------
http://resources.infosecinstitute.com/powerful-skygofree-spyware-already-re…
∗∗∗ Apple Preps ChaiOS iMessage Bug Fix, Report ∗∗∗
---------------------------------------------
A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources.
---------------------------------------------
http://threatpost.com/apple-preps-chaios-imessage-bug-fix-report/129544/
∗∗∗ Followup to IPv6 brute force and IPv6 blocking ∗∗∗
---------------------------------------------
My diary earlier this week led to some good discussion in the comments and on twitter. I want to, first off, apologize for not responding as much or as quickly as I would have liked, I&#;x26;#;39;ve actually been ill most of this week since posting the previous diary (and signing up for this slot as handler on duty). Having said that, ..
---------------------------------------------
https://isc.sans.edu/diary/23253
∗∗∗ Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining ∗∗∗
---------------------------------------------
Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain ..
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnu…
∗∗∗ Dark Caracal: Good News and Bad News ∗∗∗
---------------------------------------------
Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer ..
---------------------------------------------
https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news
∗∗∗ DarkComet upload vulnerability ∗∗∗
---------------------------------------------
This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability. A quick disclaimer before we go into the actual matter: Hacking a C&C server might seem morally justified but it is still illegal. Don’t do it.
---------------------------------------------
https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/
∗∗∗ Zweiter Faktor: Nur wenige User sichern ihren Google-Account zusätzlich ab ∗∗∗
---------------------------------------------
Laut Google wird Zwei-Faktor-Authentifizierung gerade einmal von zehn Prozent alle Nutzer eingesetzt
---------------------------------------------
http://derstandard.at/2000072757014
∗∗∗ 2018 ICS Security Predictions ∗∗∗
---------------------------------------------
We just closed another year in the ICS security industry, one filled with advanced (and exciting) product developments. We also saw an increased market awareness, with growing a emphasis on protecting industrial infrastructure.
---------------------------------------------
https://www.bayshorenetworks.com/blog/ics-security-2018-predictions
∗∗∗ Cryptocurrency Hacks and Heists in 2017 ∗∗∗
---------------------------------------------
The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the ..
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cyber-s…
=====================
= Vulnerabilities =
=====================
∗∗∗ Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF) ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/9013
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 18-01-2018 18:00 − Freitag 19-01-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Magento: Kreditkartendaten von bis zu 40.000 Oneplus-Käufern kopiert ∗∗∗
---------------------------------------------
Oneplus hat seine Untersuchung zu kopierten Kreditkarten abgeschlossen. Angreifer konnten wohl eine Schwachstelle für Cross-Site-Scripting ausnutzen.
---------------------------------------------
https://www.golem.de/news/magento-kreditkartendaten-von-bis-zu-40-000-onepl…
∗∗∗ NCSC Releases Security Advisory ∗∗∗
---------------------------------------------
Original release date: January 18, 2018 The United Kingdoms National Cyber Security Centre (NCSC) has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. NCCIC/US-CERT encourages users and administrators to review the NCSC advisory to access the report and for more information.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/01/18/NCSC-Releases-Secu…
∗∗∗ 2018: Vierfach-Jubiläum für Österreichs Internet ∗∗∗
---------------------------------------------
Nicht nur die Republik begeht im heurigen Jahr mehrere Jahrestage, auch Österreichs Internet hat 2018 mehrfachen Grund zu feiern: Vor genau dreißig Jahren wurde die Internet-Endung .at ins weltweite Domain Name System eingetragen, 1998 wurden die Vergabestelle nic.at und die Online-Meldestelle Stopline ins Leben gerufen. Das CERT.at, Österreichs nationales Computer Emergency Response Team, feiert 2018 seinen zehnten Geburtstag.
---------------------------------------------
https://www.nic.at/de/news/pressemeldungen/2018-vierfach-jubilaum-fur-oster…
∗∗∗ Militärs, Journalisten, Aktivisten: Libanesische Hacker vergaßen Daten auf offenem Server ∗∗∗
---------------------------------------------
Libanesischer Geheimdienst GDGS als Urheber des Leaks vermutet – Betroffene aus über 20 Ländern
---------------------------------------------
http://derstandard.at/2000072593892
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: January 17, 2018 | Last revised: January 18, 2018 Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/01/17/Cisco-Releases-Sec…
∗∗∗ Filr 3.0 - Security Update 3 ∗∗∗
---------------------------------------------
Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360950Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:readme_filr_3su3.txt (2.68 kB)Products:Filr 3 Standard EditionFilr 3 Advanced EditionSuperceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=4_X7yeGlMKg~
∗∗∗ Filr 2.0 - Security Update 4 ∗∗∗
---------------------------------------------
Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360930Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:Search-2.0.0.423.HP.zip (157.55 MB)MySQL-2.0.0.205.HP.zip (157.55 MB)Filr-2.0.0.494.HP.zip (157.55 MB)Products:Filr 2Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=h0wMCm1OqIU~
∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗
---------------------------------------------
Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001), Citrix has superseded these hotfixes with new hotfixes listed below. Customers are strongly recommended to apply these new hotfixes.
---------------------------------------------
https://support.citrix.com/article/CTX231390
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (bind, irssi, nrpe, perl-xml-libxml, and transmission-cli), CentOS (java-1.8.0-openjdk), Debian (awstats, libgd2, mysql-5.5, rsync, smarty3, and transmission), Fedora (keycloak-httpd-client-install and rootsh), and Red Hat (java-1.7.0-oracle and java-1.8.0-oracle).
---------------------------------------------
https://lwn.net/Articles/744791/rss
∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ DFN-CERT-2018-0136: Symantec Advanced Secure Gateway, ProxySG: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0136/
∗∗∗ CPU hardware vulnerable to Meltdown and Spectre attacks ∗∗∗
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-18-002
∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012718
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for IBM Cloud October 2017 CPU ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011913
∗∗∗ IBM Security Bulletin: September 2016 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010852
∗∗∗ BIG-IP AFM vulnerability CVE-2017-6142 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20682450
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 17-01-2018 18:00 − Donnerstag 18-01-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ How I exploited ACME TLS-SNI-01 issuing Lets Encrypt SSL-certs for any domain using shared hosting ∗∗∗
---------------------------------------------
TL;DR: I was able to issue SSL certificates I was not supposed to be able to. AWS CloudFront and Heroku were among the affected. The issue was in the specification of ACME TLS-SNI-01 in combination with shared hosting providers. To be clear, Let’s Encrypt only followed the specification, they did nothing wrong here. Quite the opposite I would say.
---------------------------------------------
https://labs.detectify.com/2018/01/12/how-i-exploited-acme-tls-sni-01-issui…
∗∗∗ Some Basic Rules for Securing Your IoT Stuff ∗∗∗
---------------------------------------------
Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured "Internet of Things" or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldnt begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and "smart" lightbulbs. Throughout 2016 and 2017, [...]
---------------------------------------------
https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Meltdown and Spectre Vulnerabilities (Update B) ∗∗∗
---------------------------------------------
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01A Meltdown and Spectre Vulnerabilities that was published January 16, 2018, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01B
∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗
---------------------------------------------
Due to concerns about the robustness of some of the Intel microcode updates included in the hotfixes below, Citrix recommends that customers ...
---------------------------------------------
https://support.citrix.com/article/CTX231390
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (linux-firmware and microcode_ctl), Fedora (icecat and transmission), Oracle (java-1.8.0-openjdk and microcode_ctl), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), Slackware (bind), SUSE (kernel), and Ubuntu (eglibc).
---------------------------------------------
https://lwn.net/Articles/744713/rss
∗∗∗ Bugtraq: [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541694
∗∗∗ DFN-CERT-2018-0111: GitLab: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0111/
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop (CVE-2017-3736) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012552
∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012696
∗∗∗ SSA-284673 (Last Update 2018-01-18): Vulnerability in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673…
∗∗∗ SSA-275839 (Last Update 2018-01-18): Denial-of-Service Vulnerability in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839…
∗∗∗ SSA-346262 (Last Update 2018-01-18): Denial-of-Service in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262…
∗∗∗ SSA-701708 (Last Update 2018-01-18): Local Privilege Escalation in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708…
∗∗∗ SSA-127490 (Last Update 2018-01-18): Vulnerabilities in SIMATIC WinCC Add-Ons ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-127490…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 16-01-2018 18:00 − Mittwoch 17-01-2018 18:00
Handler: Nina Bieringer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Linux-Kernel 4.15 schützt vor Meltdown und Spectre ∗∗∗
---------------------------------------------
Das noch diesen Monat erwartete Linux 4.15 versucht, die Prozessor-Sicherheitslücken Meltdown und Spectre im Zaum zu halten. Ohne Performance-Verlust geht das aber auch bei Linux nicht – und vollständig sind die Gegenmaßnahmen auch noch nicht.
---------------------------------------------
https://heise.de/-3900646
=====================
= Vulnerabilities =
=====================
∗∗∗ Meltdown and Spectre Vulnerabilities (Update A) ∗∗∗
---------------------------------------------
This updated alert is a follow-up to the original alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities that was published January 11, 2018, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01A
∗∗∗ Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco StarOS CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the administrative shell of the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Oracle Critical Patch Update Advisory - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
∗∗∗ Critical Patch Update - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
∗∗∗ Solaris Third Party Bulletin - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/bulletinjan2018-4181198.h…
∗∗∗ Oracle Linux Bulletin - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2018-4214…
∗∗∗ Oracle VM Server for x86 Bulletin - January 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/ovmbulletinjan2018-421464…
∗∗∗ WordPress 4.9.2 Security and Maintenance Release ∗∗∗
---------------------------------------------
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 15-01-2018 18:00 − Dienstag 16-01-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Skygofree: Kaspersky findet mutmaßlichen Staatstrojaner ∗∗∗
---------------------------------------------
Ein Unternehmen aus Italien soll hinter einer Android-Malware stecken, die seit Jahren verteilt wird. Interessant ist dabei die Vielzahl an Kontrollmöglichkeiten der Angreifer - von HTTP über XMPP und die Firebase-Dienste.
---------------------------------------------
https://www.golem.de/news/skygofree-kaspersky-findet-mutmasslichen-staatstr…
∗∗∗ WhatsApp und Signal: Forscher beschreiben Schwächen verschlüsselter Gruppenchats ∗∗∗
---------------------------------------------
Zwar ist die Ende-zu-Ende-Verschlüsselung bei WhatsApp und Signal sicher, das Drumherum lässt aber eventuell zu wünschen übrig. So wird ein von Spionen gekaperter Kontrollserver mitunter zur Schwachstelle.
---------------------------------------------
https://heise.de/-3942046
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ca-certificates, gdk-pixbuf, and graphicsmagick), Fedora (qtpass), openSUSE (python-openpyxl and syncthing), Slackware (kernel), and Ubuntu (gdk-pixbuf).
---------------------------------------------
https://lwn.net/Articles/744503/rss
∗∗∗ BlackBerry powered by Android Security Bulletin – January 2018 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber…
∗∗∗ Vuln: Atlassian JIRA CVE-2017-16862 Cross Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102506
∗∗∗ Vuln: Atlassian JIRA CVE-2017-16864 Cross Site Scripting Vulnerabiliy ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102505
∗∗∗ IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012528
∗∗∗ IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011808
∗∗∗ IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011816
∗∗∗ IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21982952
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012619
∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010868
∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012476
∗∗∗ IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011203
∗∗∗ IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011720
∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099753
∗∗∗ [R1] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2017-16
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 12-01-2018 18:00 − Montag 15-01-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ List of Links: BIOS Updates for the Meltdown and Spectre Patches ∗∗∗
---------------------------------------------
As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-f…
∗∗∗ Lenovo findet Backdoor in eigenen Netzwerk-Switches ∗∗∗
---------------------------------------------
Die kompromitierten Switch-Modelle, die nun zu Lenovos Portfolio gehören, hatte ursprünglich der längst aufgelöste Netzwerk-Zulieferer Nortel entwickelt.
---------------------------------------------
https://heise.de/-3940562
∗∗∗ Intel AMT: Exploit hebelt Zugangsschutz von Firmen-Notebooks aus ∗∗∗
---------------------------------------------
F-Secure berichtet über eine potenzielle Sicherheitslücke in Intel AMT, die es Angreifern ermöglicht, sämtliche gängigen Zugangsschutzmaßnahmen vieler Firmen-Notebooks auszuhebeln.
---------------------------------------------
https://heise.de/-3940637
∗∗∗ Personal Cloud: Seagate sichert NAS gegen Fernzugriff ab ∗∗∗
---------------------------------------------
In Netzwerkspeichern des Herstellers Seagate stecken Bugs, die mit einigem Aufwand für den Remote-Zugriff missbraucht werden können. Ein Firmware-Update behebt das Problem.
---------------------------------------------
https://heise.de/-3941451
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitsupdates für VMware Workstation, Player, Fusion und ESXi ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/01/warn…
∗∗∗ DSA-4086 libxml2 - security update ∗∗∗
---------------------------------------------
Nick Wellnhofer discovered that certain function calls inside XPathpredicates can lead to use-after-free and double-free errors whenexecuted by libxml2s XPath engine via an XSLT transformation.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4086
∗∗∗ DSA-4087 transmission - security update ∗∗∗
---------------------------------------------
Tavis Ormandy discovered a vulnerability in the Transmission BitTorrentclient; insecure RPC handling between the Transmission daemon and theclient interface(s) may result in the execution of arbitrary code if auser visits a malicious website while Transmission is running.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4087
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (qtpass), Debian (libkohana2-php, libxml2, transmission, and xmltooling), Fedora (kernel and qpid-cpp), Gentoo (PolarSSL and xen), Mageia (flash-player-plugin, irssi, kernel, kernel-linus, kernel-tmb, libvorbis, microcode, nvidia-current, php & libgd, poppler, webkit2, and wireshark), openSUSE (gifsicle, glibc, GraphicsMagick, gwenhywfar, ImageMagick, libetpan, mariadb, pngcrush, postgresql94, rsync, tiff, and wireshark), and Oracle (kernel).
---------------------------------------------
https://lwn.net/Articles/744398/rss
∗∗∗ DFN-CERT-2018-0084: XMLTooling, Shibboleth Service Provider (SP): Eine Schwachstelle ermöglicht u.a. die Übernahme einer Identität ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0084/
∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-…
∗∗∗ IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026811
∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3736) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012518
∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2017-3735) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012519
∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2015-8982 CVE-2015-8983 CVE-2015-8984 CVE-2015-8985) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012428
∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012517
∗∗∗ IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022433
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022429
∗∗∗ IBM Security Bulletin: Vulnerabilities in WebSphere eXtreme Scale Version 8.6.0.8 Libraries Affect IBM B2B Advanced Communications (CVE-2015-4936) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012332
∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache HTTP Components Libraries Affect IBM B2B Advanced Communications ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012312
∗∗∗ Palo Alto PAN-OS RSA TLS Implementation Lets Remote Users Decrypt Data Communicated By the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040149
∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040148
∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040147
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 11-01-2018 18:00 − Freitag 12-01-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ AMD Will Release CPU Microcode Updates for Spectre Flaw This Week ∗∗∗
---------------------------------------------
AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw.
---------------------------------------------
https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microco…
∗∗∗ PowerStager Analysis ∗∗∗
---------------------------------------------
Unit 42 analyzes PowerStager and the unique obfuscation technique it was employing for its PowerShell segments
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-anal…
∗∗∗ Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search ∗∗∗
---------------------------------------------
In this part we will demonstrate that sometimes traditional approach does not work. If SAP pentesters know a number of SAP vulnerabilities and downloaded free tools from the Internet, they won’t be able to hack a system because some companies have applied the latest patches and they don’t have at least the most common issues (e.g. Gateway bypass, Verb Tampering, or default passwords). [...] This article will show what we did to break the walls.
---------------------------------------------
https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-…
∗∗∗ Vorsicht vor Fake-Mails vom BSI mit angeblichen Meltdown-/Spectre-Patches ∗∗∗
---------------------------------------------
Betrügerische Mails im Namen des Bundesamt für Sicherheit in der Informationstechnik wollen Opfern einen als Meltdown-/Spectre-Patch getarnten Trojaner unterjubeln.
---------------------------------------------
https://www.heise.de/security/meldung/Vorsicht-vor-Fake-Mails-vom-BSI-mit-a…
=====================
= Vulnerabilities =
=====================
∗∗∗ Meltdown and Spectre Vulnerabilities ∗∗∗
---------------------------------------------
NCCIC/ICS-CERT is referencing CERT/CC’s vulnerability note VU#584653 CPU hardware vulnerable to side-channel attacks to enhance the awareness of critical infrastructure asset owners/operators and to identify affected product vendors that have contacted ICS-CERT for help disseminating customer notifications/recommendations to mitigate the risk associated with cache side-channel attacks known as Meltdown and Spectre.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01
∗∗∗ Advantech WebAccess (Update A) ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, improper input validation, unrestricted upload of file with dangerous type, and use after free vulnerabilities in Advantech’s WebAccess products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A
∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗
---------------------------------------------
This advisory contains mitigation details for stack-based and heap-based buffer overflow vulnerabilities in the WECON LeviStudio HMI Editor software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01
∗∗∗ Moxa MXview ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an unquoted search path or element vulnerability in the Moxa MXview network management software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02
∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗
---------------------------------------------
This advisory contains mitigation details for improper authorization and information exposure vulnerabilities in the PHOENIX CONTACT FL SWITCH.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-03
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (intel-ucode), Debian (gifsicle), Fedora (awstats and kernel), Gentoo (icoutils, pysaml2, and tigervnc), Mageia (dokuwiki and poppler), Oracle (kernel), SUSE (glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu (intel-microcode).
---------------------------------------------
https://lwn.net/Articles/744175/rss
∗∗∗ DFN-CERT-2018-0080: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0080/
∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-…
∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012454
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012458
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012358
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012355
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012406
∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008807
∗∗∗ Critical Patch Update - January 2018 - Pre-Release Announcement ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
∗∗∗ SSB-068644 (Last Update 2018-01-11): General Customer Information for Spectre and Meltdown ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-068644…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 10-01-2018 18:00 − Donnerstag 11-01-2018 18:00
Handler: Robert Waldner
Co-Handler: Nina Bieringer
=====================
= News =
=====================
∗∗∗ mitm6 – compromising IPv4 networks via IPv6 ∗∗∗
---------------------------------------------
... most companies are unaware that while IPv6 might not be actively in use, all Windows versions since Windows Vista (including server variants) have IPv6 enabled and prefer it over IPv4. In this blog, an attack is presented that abuses the default IPv6 configuration in Windows networks to spoof DNS replies by acting as a malicious DNS servers and redirect traffic to an attacker specified endpoint.
---------------------------------------------
https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv…
=====================
= Vulnerabilities =
=====================
∗∗∗ SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software ∗∗∗
---------------------------------------------
The Simple Network Management Protocol(SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ DFN-CERT-2018-0073/">Juniper Networks ScreenOS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗
---------------------------------------------
Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann die Schwachstelle in ScreenOS, die auch unter dem Namen 'Etherleak' geführt wird, ausnutzen, um Informationen auszuspähen.
Der Hersteller veröffentlicht die ScreenOS Version 6.3.0r25 zur Behebung der Schwachstelle. Alle nachfolgenden ScreenOS Versionen sind über diese Schwachstelle ebenfalls nicht mehr verwundbar.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0073/
∗∗∗ DFN-CERT-2018-0077/">Juniper Junos Space: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗
---------------------------------------------
Es existieren mehrere Schwachstellen im Junos Space Security Director and Log Collector, in Junos Space sowie den enthaltenen Komponenten Apache Commons Collections, Apache HTTP-Server (httpd), Apache Log4, Apache Tomcat, JBoss Enterprise Application Platform (EAP), dessen Webkonsole, dem JGroups Framework, dem Linux-Kernel, OpenSSH und rpcbind.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0077/
∗∗∗ DFN-CERT-2018-0071/">Juniper Junos OS: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
Für einige der genannten Schwachstellen stehen Workarounds zur Mitigation zur Verfügung. Die Hinweise dazu finden sich in den einzelnen Security Bulletins.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0071/
∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0001 ∗∗∗
---------------------------------------------
Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the speculative execution by utilizing branch target injection. Description: Security improvements are included to mitigate the effects.
---------------------------------------------
https://www.securityfocus.com/archive/1/541659
∗∗∗ Spectre-Lücke: Auch Server mit IBM POWER, Fujitsu SPARC und ARMv8 betroffen ∗∗∗
---------------------------------------------
IBM stellt Firmware-Updates für Server mit POWER7+, POWER8 und POWER9 bereit, Fujitsu will einige SPARC-M10- und -M12-Server patchen; zu ARM-SoCs für Server fehlen Infos.
---------------------------------------------
https://heise.de/-3938749
∗∗∗ VMSA-2018-0005 ∗∗∗
---------------------------------------------
VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0005.html
∗∗∗ January 2018 Office Update Release ∗∗∗
---------------------------------------------
The January 2018 Public Update releases for Office are now available! This month, there are 36 security updates and 25 non-security updates. All of the security and non-security updates are listed in KB article 4058103.
---------------------------------------------
https://blogs.technet.microsoft.com/office_sustained_engineering/2018/01/09…
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (glibc and lib32-glibc), Debian (ming and poco), Fedora (electron-cash, electrum, firefox, heketi, microcode_ctl, and python-jsonrpclib), openSUSE (clamav-database and ucode-intel), Red Hat (flash-plugin), SUSE (OBS toolchain), and Ubuntu (webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/744075/rss
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011739
∗∗∗ IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009368
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 09-01-2018 18:00 − Mittwoch 10-01-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Let’s Encrypt: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure ∗∗∗
---------------------------------------------
At approximately 5 p.m. Pacific time on January 9, 2018, we received a report from Frans Rosén of Detectify outlining a method of exploiting some shared hosting infrastructures to obtain certificates for domains he did not control, by making use of the ACME TLS-SNI-01 challenge type. We quickly confirmed the issue and mitigated it by entirely disabling TLS-SNI-01 validation in Let’s Encrypt
---------------------------------------------
https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-sh…
=====================
= Vulnerabilities =
=====================
∗∗∗ January 2018 security update release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this months security updates can be found in the Security Update Guide.
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2018/01/09/january-2018-security-u…
∗∗∗ Bugtraq: [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. ∗∗∗
---------------------------------------------
On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.
---------------------------------------------
http://www.securityfocus.com/archive/1/541654
∗∗∗ DFN-CERT-2018-0065/">Irssi: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Irssi ermöglichen auch einem entfernten, einfach authentisierten Angreifer verschiedene Denial-of-Service (DoS)-Angriffe. Das Irssi-Projekt stellt die Version 1.0.6 von Irssi im Quellcode zur Verfügung, um die Schwachstellen zu schließen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0065/
∗∗∗ Blue Coat ProxySG Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks and Obtain Authentication Information ∗∗∗
---------------------------------------------
Several vulnerabilities were reported in Blue Coat ProxySG. A remote user can redirect the target user's browser to an arbitrary site. A remote user can obtain authentication information on the target system. A remote user can conduct cross-site scripting attacks.
---------------------------------------------
http://www.securitytracker.com/id/1040138
∗∗∗ VMSA-2018-0004 ∗∗∗
---------------------------------------------
VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0004.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (awstats, gdk-pixbuf, plexus-utils, and plexus-utils2), Fedora (asterisk, gimp, heimdal, libexif, linux-firmware, mupdf, poppler, thunderbird, webkitgtk4, wireshark, and xrdp), openSUSE (diffoscope, irssi, and qemu), SUSE (java-1_7_0-ibm, kernel-firmware, and qemu), and Ubuntu (irssi, kernel, linux, linux-aws, linux-euclid, linux-kvm, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-lts-xenial, linux-aws,
---------------------------------------------
https://lwn.net/Articles/743903/rss
∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1361) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22012409
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012420
∗∗∗ IBM Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012366
∗∗∗ IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012372
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012374
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1478) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012323
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 08-01-2018 18:00 − Dienstag 09-01-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ VirusTotal Graph ∗∗∗
---------------------------------------------
[...] It is a visualization tool built on top of VirusTotals data set. It understands the relationship between files, URLs, domains and IP addresses and it provides an easy interface to pivot and navigate over them.
---------------------------------------------
http://blog.virustotal.com/2018/01/virustotal-graph.html
∗∗∗ Bitcoin- und Litecoin-Klau bei Electrum, Electron Cash und Electrum-LTC möglich ∗∗∗
---------------------------------------------
Eine von außen ausnutzbare Sicherheitslücke gefährdet Nutzer der Wallet-Programme Electrum (Bitcoin), Electron Cash (Bitcoin Cash) und Electrum-LTC (Litecoin). Angreifer könnten den Anwender deanonymisieren und im Extremfall das Guthaben stehlen.
---------------------------------------------
https://heise.de/-3936813
∗∗∗ Amazon-Händler/innen erhalten Phishingmails ∗∗∗
---------------------------------------------
Kriminelle versenden gefälschte Amazon Seller Center-Nachrichten. Darin fordern sie Händler/innen dazu auf, eine Website aufzurufen und ihre persönlichen Daten zu aktualisieren. Verkäufer/innen, die das tun, übermitteln ihr Passwort an Betrüger/innen. Dadurch können diese auf das fremde Shop-Konto zugreifen und es für Verbrechen nutzen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/amazon-haendlerinnen-erhalten-ph…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates available for Adobe Flash Player (APSB18-01) ∗∗∗
---------------------------------------------
A Security Bulletin (APSB18-01) has been published regarding security updates for Adobe Flash Player. These updates address an important out-of-bounds read vulnerability that could lead to information disclosure, and Adobe recommends users update their product installations to the latest versions
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1517
∗∗∗ DSA-4081 php5 - security update ∗∗∗
---------------------------------------------
Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language:
---------------------------------------------
https://www.debian.org/security/2018/dsa-4081
∗∗∗ DSA-4080 php7.0 - security update ∗∗∗
---------------------------------------------
Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language:
---------------------------------------------
https://www.debian.org/security/2018/dsa-4080
∗∗∗ First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services ∗∗∗
---------------------------------------------
We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has 1,000-5,000 installs as of writing, is capable of remote command execution, information theft, SMS sending, URL forwarding, and click ad
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/COv5LfcpYs8/
∗∗∗ Apple Releases Multiple Security Updates ∗∗∗
---------------------------------------------
Original release date: January 08, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:macOS High Sierra 10.13.2OS X El Capitan 10.11.6 and macOS Sierra 10.12.6iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/01/08/Apple-Releases-Mul…
∗∗∗ Patch gegen Spectre: Aktualisierte Nvidia-Grafiktreiber für GeForce und Quadro, Tesla-Treiber später ∗∗∗
---------------------------------------------
Nutzer von Nvidia-Grafikkarten sollten die neuen Grafiktreiber schnellstmöglich installieren. Sie enthalten Patches, die die Anfälligkeit für erfolgreiche Spectre-Attacken senken.
---------------------------------------------
https://heise.de/-3937247
∗∗∗ SAP Security Patch Day - January 2018 ∗∗∗
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that
---------------------------------------------
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (graphicsmagick and linux-lts), CentOS (thunderbird), Debian (kernel, opencv, php5, and php7.0), Fedora (electrum), Gentoo (libXfont), openSUSE (gimp, java-1_7_0-openjdk, and libvorbis), Oracle (thunderbird), Slackware (irssi), SUSE (kernel, kernel-firmware, and kvm), and Ubuntu (awstats, nvidia-graphics-drivers-384, python-pysaml2, and tomcat7, tomcat8).
---------------------------------------------
https://lwn.net/Articles/743700/rss
∗∗∗ IBM Security Bulletin: Information disclosure in Liberty for Java for IBM Bluemix (CVE-2017-1681, CVE-2013-6440) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011863
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by GnuTLS vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012330
∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem models 840 and 900 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011802
∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem model V840 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011803
∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem models 840 and 900 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011804
∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem model V840 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011805
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 05-01-2018 18:00 − Montag 08-01-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Meltdown and Spectre: clearing up the confusion, (Mon, Jan 8th) ∗∗∗
---------------------------------------------
Unless youve been living under a rock (or on a remote island, with no Internet connection), youve heard about the latest vulnerabilities that impact modern processors. Im sure that most of our readers are scrambling in order to assess the risk, patch systems and what not, so we have decided to write a diary that will clear the confusion a bit and point out some important things that people might not be aware of.
---------------------------------------------
https://isc.sans.edu/diary/rss/23197
∗∗∗ Meltdown und Spectre: Die Sicherheitshinweise und Updates von Hardware- und Software-Herstellern ∗∗∗
---------------------------------------------
Hersteller von Hard- und Software sind von den Sicherheitslücken Meltdown und Spectre gleichermaßen betroffen. Eine Linkübersicht zu Stellungnahmen, weiterführenden Informationen und Update-Hinweisen.
---------------------------------------------
https://heise.de/-3936141
=====================
= Vulnerabilities =
=====================
∗∗∗ Backdoor Account Removed from Western Digital NAS Hard Drives ∗∗∗
---------------------------------------------
A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/backdoor-account-removed-fro…
∗∗∗ AMD PSP fTPM Remote Code Execution ∗∗∗
---------------------------------------------
Topic: AMD PSP fTPM Remote Code Execution Risk: High Text:Introduction AMD PSP [1] is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isola...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018010061
∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗
---------------------------------------------
Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products, including the Cisco bug ID for each affected product.
-----
Vulnerable Products
Cisco 800 Industrial Integrated Services Routers
Cisco UCS B-Series M2 Blade Servers
Cisco UCS B-Series M3 Blade Servers
Cisco UCS B-Series M4 Blade Servers (except B260, B460)
Cisco UCS B-Series M5 Blade Servers
Cisco UCS B260 M4 Blade Server
Cisco UCS B460 M4 Blade Server
Cisco UCS C-Series M2 Rack Servers
Cisco UCS C-Series M3 Rack Servers
Cisco UCS C-Series M4 Rack Servers
Cisco UCS C-Series M5 Rack Servers
Cisco UCS C460 M4 Rack Server
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Juniper: Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method ∗∗∗
---------------------------------------------
The following products may be impacted if deployed in a way that allows unsigned code execution:
Junos OS based platforms
Junos Space appliance
Qfabric Director
CTP Series
NSMXpress/NSM3000/NSM4000 appliances
STRM/Juniper Secure Analytics (JSA) appliances
SRC/C Series
The following products are not impacted:
ScreenOS / Netscreen platforms
JUNOSe / E Series platforms
BTI platforms
---------------------------------------------
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=RSS
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware,
---------------------------------------------
https://lwn.net/Articles/743575/rss
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting. (CVE-2017-1623) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012344
∗∗∗ IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to sensitive information leakage. (CVE-2017-10115) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012301
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2016-9722) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012293
∗∗∗ IBM Security Bulletin: Vulnerability in NSS affects Power Hardware Management Console (CVE-2017-7805) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022320
∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022321
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1459) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012331
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an open redirect vulnerability (CVE-2017-1534) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008936
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site scripting vulnerability (CVE-2017-1533) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012327
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011534
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 04-01-2018 18:00 − Freitag 05-01-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks ∗∗∗
---------------------------------------------
Google has published details about a new coding technique created by the companys engineers that any developer can deploy and prevent Spectre attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/google/google-unveils-new-retpoline-c…
∗∗∗ Microsoft could soon be “password free” ∗∗∗
---------------------------------------------
Is it the beginning of the end for passwords?
---------------------------------------------
https://nakedsecurity.sophos.com/2018/01/05/microsoft-could-soon-be-passwor…
∗∗∗ How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws ∗∗∗
---------------------------------------------
[...] An editorial-form article is probably not the best format to give advice, so were going to present a simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsofts overly complicated announcement.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-win…
∗∗∗ How a researcher hacked his own computer and found worst chip flaw ∗∗∗
---------------------------------------------
FRANKFURT (Reuters) - Daniel Gruss didn’t sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel Corp (INTC.O).
---------------------------------------------
https://www.reuters.com/article/us-cyber-intel-researcher/how-a-researcher-…
∗∗∗ Meltdown und Spectre: Alle Macs und iOS-Geräte betroffen ∗∗∗
---------------------------------------------
Apple hat sich endlich zu der Chiplücke in ARM- und Intel-Prozessoren geäußert. Demnach sind alle aktuellen Produkte des Konzerns angreifebar – die Apple Watch nicht mit Meltdown. Erste Bugfixes existieren.
---------------------------------------------
https://heise.de/-3934477
∗∗∗ XeroxDay: Zero-Day-Schwachstelle bei Xerox Alto gefunden!!!1elf ∗∗∗
---------------------------------------------
Der Passwortschutz der 14-Zoll-Disketten für Xerox Alto lässt sich im Handumdrehen aushebeln. Ein Fix ist nicht in Sicht. Vom Produktiveinsatz mit sensiblen Daten sollte daher Abstand genommen werden.
---------------------------------------------
https://heise.de/-3934443
∗∗∗ Prozessor-Lücken Meltdown und Spectre: Intel und ARM führen betroffene Prozessoren auf, Nvidia analysiert noch ∗∗∗
---------------------------------------------
Betroffen sind unter anderem sämtliche Intel-Core-Prozessoren bis zurück zum Jahr 2008 sowie eine Vielzahl von ARM-Cortex-CPUs. Nvidia glaubt, dass die CUDA-GPUs nicht anfällig sind und analysiert noch seine Tegra-Prozessoren.
---------------------------------------------
https://heise.de/-3934667
∗∗∗ Trackmageddon: GPS-Tracking-Services ermöglichen unbefugten Zugriff ∗∗∗
---------------------------------------------
Sicherheitsforscher haben Schwachstellen in zahlreichen Online-Tracking-Services entdeckt, die Angreifern unter anderem das Abrufen von GPS-Daten ermöglichen. Eine Liste der verwundbaren Services ist online verfügbar.
---------------------------------------------
https://heise.de/-3934328
∗∗∗ Jetzt patchen: Kritische Lücken in Dell EMC Data Protection Suite ∗∗∗
---------------------------------------------
Einige Dell-EMC-Produkte sind anfällig für Angriffe, die im schlimmsten Fall die vollständige Systemkompromittierung ermöglichen. Patches stehen bereit.
---------------------------------------------
https://heise.de/-3935063
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4078 linux - security update ∗∗∗
---------------------------------------------
Multiple researchers have discovered a vulnerability in Intel processors,enabling an attacker controlling an unprivileged process to read memory fromarbitrary addresses, including from the kernel and all other processes runningon the system.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4078
∗∗∗ Delta Electronics Delta Industrial Automation Screen Editor ∗∗∗
---------------------------------------------
This advisory contains mitigation details for stack-based buffer overflow, use-after-free, out-of-bounds write, and type confusion vulnerabilities in the Delta Electronics Delta Industrial Automation Screen Editor.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01
∗∗∗ Advantech WebAccess ∗∗∗
---------------------------------------------
This advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, and improper input validation vulnerabilities in Advantech’s WebAccess products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
∗∗∗ Intel-SA-00086 Security Review Cumulative Update ∗∗∗
---------------------------------------------
Intel recently released a security update (Intel-SA-00086), regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products.The following Firmware are impacted:Intel Management Engine (ME) Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20Intel Server Platform Services (SPS) Firmware version 4.0Intel Trusted Execution Engine (TXE) version 3.0And the following Intel products are affected:6th, 7th & 8th Generation Intel Core Processor FamilyIntel Xeon Processor E3-1200 v5 & v6 Product
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-271
∗∗∗ VMSA-2018-0003 ∗∗∗
---------------------------------------------
vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0003.html
∗∗∗ Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 ∗∗∗
---------------------------------------------
A new class of issues has been identified in common CPU architectures. The presently known issues could allow unprivileged [...]
---------------------------------------------
https://support.citrix.com/article/CTX231399
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (kernel), CentOS (kernel, libvirt, microcode_ctl, and qemu-kvm), Debian (kernel and xen), Fedora (kernel), Mageia (backintime, erlang, and wildmidi), openSUSE (kernel and ucode-intel), Oracle (kernel, libvirt, microcode_ctl, and qemu-kvm), Red Hat (kernel, kernel-rt, libvirt, microcode_ctl, qemu-kvm, and qemu-kvm-rhev), Scientific Linux (libvirt and qemu-kvm), SUSE (kvm and qemu), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3).
---------------------------------------------
https://lwn.net/Articles/743242/rss
∗∗∗ Three new stable kernels ∗∗∗
---------------------------------------------
Greg Kroah-Hartman has announced the release of the 4.14.12, 4.9.75, and 4.4.110 stable kernels. The bulk of thechanges are either to fix the mitigations for Meltdown/Spectre (in 4.14.12) or to backportthose mitigations (in the two older kernels). There are apparently known (orsuspected) problems with each of the releases, which Kroah-Hartman is hoping to get shaken out inthe near term. For example, the 4.4.110 announcement warns: "But becareful, there have been some reports of problems [...]
---------------------------------------------
https://lwn.net/Articles/743246/rss
∗∗∗ Bugtraq: SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541633
∗∗∗ DFN-CERT-2018-0035: Ruby: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0035/
∗∗∗ DFN-CERT-2018-0029: Mozilla Firefox, Spectre: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0029/
∗∗∗ HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en…
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011668
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010680
∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011978
∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling File Gateway ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012006
∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by XML External Entity Injection (XXE) attack (CVE-2017-1666) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011970
∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by SQL injection (CVE-2017-1670 ) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012009
∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Spoofing through URL Redirection (CVE-2017-1668) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012010
∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Path Traversal vulnerability (CVE-2017-1671) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011967
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012324
∗∗∗ IBM Security Bulletin: Authenticated Users Can Gain Privilege in IBM UrbanCode Deploy (CVE-2017-1493) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000367
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 03-01-2018 18:00 − Donnerstag 04-01-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates ∗∗∗
---------------------------------------------
This article contains an continuously updated list of advisories,
bulletins, and software updates related to the Meltdown and Spectre
vulnerabilities discovered in modern processors. The related CVEs are
CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre…
∗∗∗ BeA: Noch mehr Sicherheitslücken im Anwaltspostfach ∗∗∗
---------------------------------------------
Das besondere elektronische Anwaltspostfach hat mehr als nur eine
Sicherheitslücke. Die Probleme reichen von einer falschen
Ende-zu-Ende-Verschlüsselung über Cross Site Scripting bis hin zu ROBOT
und veralteten Java-Libraries. Dabei hat die Firma SEC Consult einen
Sicherheitsaudit durchgeführt.
---------------------------------------------
https://www.golem.de/news/bea-noch-mehr-sicherheitsluecken-im-anwaltspostfa…
∗∗∗ SWIFT framework took effect Jan. 1 ∗∗∗
---------------------------------------------
While organizations often drag their feet in adopting new cyber
requirements, playing the odds that either they wont be breached or
found out by regulators, a banks compliance with the SWIFT framework is
transparent to other members of the global messaging platform.
---------------------------------------------
https://www.scmagazine.com/swift-framework-took-effect-jan-1/article/734615/
∗∗∗ TU Graz-Forscher entdecken schwere IT-Sicherheitslücke ∗∗∗
---------------------------------------------
Mit "Meltdown" und "Spectre" deckte ein internationales Team - darunter
Forscher der TU Graz – schwere Sicherheitslücken in
Computer-Prozessoren auf. Betroffen sind PCs, Server und Cloud-Dienste.
Ein Patch soll helfen.
---------------------------------------------
https://www.tugraz.at/tu-graz/services/news-stories/tu-graz-news/einzelansi…
∗∗∗ Android-Patchday: Google schließt 38 Sicherheitslücken ∗∗∗
---------------------------------------------
Im Rahmen seiner monatlichen Update-Routine schließt Google im Januar
38 Android-Lücken, von denen fünf als kritisch gelten. Für Pixel- und
Nexus-Geräte gibt es wieder zusätzliche Sicherheitspatches.
---------------------------------------------
https://heise.de/-3933932
∗∗∗ WordPress Supply Chain Attacks: An Emerging Threat ∗∗∗
---------------------------------------------
In the last few months, we have discovered a number of supply chain
attacks targeting WordPress plugins. In this post, we explain what a
supply chain attack is, why WordPress is an attractive target for them,
and what you can do to protect your site. What Is a Supply Chain
Attack? In the software industry, [...]
---------------------------------------------
https://www.wordfence.com/blog/2018/01/wordpress-supply-chain-attacks/
∗∗∗ Wartungsarbeiten Dienstag, 9.1.2018 ∗∗∗
---------------------------------------------
Am Dienstag, 9. Jänner 2018, ab etwa 18:00, werden wir Wartungsarbeiten
(ausserhalb des regulären Wartungsfensters, vgl.
https://www.cert.at/services/blog/20170609114214-2029.html) an unserer
Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern
erreichbaren Services (z.B. Mail, Webserver, Mailinglisten) führen,
diese können jeweils mehrere Minuten andauern. Es gehen dabei keine
Daten (z.B. Emails) [...]
---------------------------------------------
http://www.cert.at/services/blog/20180104144006-2108.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Bugtraq: [security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541628
∗∗∗ DFN-CERT-2018-0023: Microsoft Internet Explorer: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0023/
∗∗∗ DFN-CERT-2018-0021: Microsoft Edge: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0021/
∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011428
∗∗∗ IBM Security Bulletin: IBM WebSphere MQ is affected by a privilege escalation vulnerability (CVE-2017-1612) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009918
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ (CVE-2017-3735 CVE-2017-3736) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22009850
∗∗∗ VMSA-2018-0002 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0002.html
∗∗∗ Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K91229003
∗∗∗ XSA-254 ∗∗∗
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-254.html
∗∗∗ XSA-253 ∗∗∗
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-253.html
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 02-01-2018 18:00 − Mittwoch 03-01-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ 9% of Popular Websites Use Anti-Adblock Scripts ∗∗∗
---------------------------------------------
Around 9% of todays most popular websites deployed or are deploying anti-adblock scripts in an effort to maintain advertising revenues and fight off the rise in the adoption of ad-blocking extensions.
---------------------------------------------
https://www.bleepingcomputer.com/news/technology/9-percent-of-popular-websi…
∗∗∗ VMware Issues 3 Critical Patches for vSphere Data Protection ∗∗∗
---------------------------------------------
VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform.
---------------------------------------------
http://threatpost.com/vmware-issues-3-critical-patches-for-vsphere-data-pro…
∗∗∗ Massive Lücke in Intel-CPUs erfordert umfassende Patches ∗∗∗
---------------------------------------------
Derzeit arbeiten Linux- und Windows-Entwickler mit Hochdruck an umfangreichen Sicherheits-Patches, die Angriffe auf Kernel-Schwachstellen verhindern sollen. Grund für die Eile: eine Intel-spezifische Sicherheitslücke.
---------------------------------------------
https://heise.de/-3931562
∗∗∗ Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes ∗∗∗
---------------------------------------------
The individual who allegedly made a fake emergency call to Kansas police last week that summoned them to shoot and kill an unarmed local man has claimed credit for raising dozens of these dangerous false ..
---------------------------------------------
https://krebsonsecurity.com/2018/01/serial-swatter-swautistic-bragged-he-hi…
∗∗∗ Android-Update: Google räumt zahlreiche Sicherheitslücken aus ∗∗∗
---------------------------------------------
Media Framework bleibt problematischster Bereich – Update für Pixel- und Nexus-Devices begonnen
---------------------------------------------
http://derstandard.at/2000071414985
∗∗∗ Cybersecurity stand im Fokus eines Sicherheitsgipfels in St. Pölten ∗∗∗
---------------------------------------------
Behördliches Krisen- und Katastrophenmanagement soll u.a. weiter ausgebaut werden – Nächstes Treffen im Herbst
---------------------------------------------
http://derstandard.at/2000071416550
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ PMASA-2017-9 ∗∗∗
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2017-9/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 29-12-2017 18:00 − Dienstag 02-01-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ I Am Dave ∗∗∗
---------------------------------------------
This cartoon has been making the rounds on the internet for a long time. It depicts how all security technologies and efforts can be undone by "Dave" the 'stupid user'. I can't think of many (well no) real industries that treat their users, peers, and customers with the same level of disdain. Imagine the automotive industry pushing a similar message. 'On one hand we have seatbelts, ABS, airbags, five star safety features... and on the other hand we [...]
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/i-am-dave
∗∗∗ Scripts spionieren im Browser gespeicherte Login-Daten aus ∗∗∗
---------------------------------------------
Wer Nutzernamen und Passwörter direkt im Browser abspeichert, könnte dadurch ausspioniert werden, wie Sicherheitsforscher warnen.
---------------------------------------------
https://futurezone.at/digital-life/scripts-spionieren-im-browser-gespeicher…
∗∗∗ The mysterious case of the Linux Page Table Isolation patches ∗∗∗
---------------------------------------------
tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November.
---------------------------------------------
http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-…
∗∗∗ IOHIDeous: Zero-Day-Exploit für macOS veröffentlicht ∗∗∗
---------------------------------------------
Eine seit wohl 15 Jahren bestehende Schwachstelle kann es einem Angreifer ermöglichen, die Kontrolle über den Mac zu übernehmen. Der nun veröffentlichte Kernel-Exploit funktioniert in macOS bis hin zu 10.13 High Sierra.
---------------------------------------------
https://heise.de/-3929556
∗∗∗ Gefälschte Raiffeisenbank-Sicherheits-App im Umlauf ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte Raiffeisenbank-Nachricht. Darin behaupten sie, dass Kund/innen eine Sicherheits-App installieren müssen. Sie sei notwendig dafür, dass diese weiterhin ihr ELBA-Internet nützen können. In Wahrheit ist die Anwendung Schadsoftware. Sie ermöglicht es Datendieb/innen, dass Geld ihrer Opfer zu stehlen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-raiffeisenbank-siche…
=====================
= Vulnerabilities =
=====================
∗∗∗ DFN-CERT-2018-0003: Asterisk: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0003/
∗∗∗ DFN-CERT-2018-0004: GIMP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung von Denial-of-Service-Angriffen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0004/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 28-12-2017 18:00 − Freitag 29-12-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Twenty-plus years on, SMTP callbacks are still pointless and need to die ∗∗∗
---------------------------------------------
A rarely used legacy misfeature of the main Internet email protocol
creeps back from irrelevance as a minor annoyance. You should ask your
mail and antispam provider about their approach to SMTP callbacks. Be
wary of any assertion that is not backed by evidence.Even if you are an
IT professional and run an email system, you could be forgiven for not
being immediately aware that there is such a thing as SMTP callbacks,
also referred to as callback verification. As you will see from the
Wikipedia [...]
---------------------------------------------
http://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.h…
∗∗∗ Magento Sites Hacked via Helpdesk Widget ∗∗∗
---------------------------------------------
Hackers are actively targeting Magento sites running a popular helpdesk
extension, Dutch security researcher Willem de Groot has discovered.
[...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/magento-sites-hacked-via-hel…
∗∗∗ Hacker zeigen Lücken bei Tor-Funksteuerung auf ∗∗∗
---------------------------------------------
Wiener Sicherheitsforscher der Firma Trustworks zeigten am Chaos
Communication Congress, wie sie eine Funkfernsteuerung des deutschen
Herstellers Hörmann geknackt haben.
---------------------------------------------
https://futurezone.at/digital-life/hacker-zeigen-luecken-bei-tor-funksteuer…
∗∗∗ Code Used in Zero Day Huawei Router Attack Made Public ∗∗∗
---------------------------------------------
Researchers warn of copycat type attacks as exploit code used in Mirai
variant goes public.
---------------------------------------------
http://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-publi…
∗∗∗ Reverse Javascript Injection Redirects to Support Scam on WordPress ∗∗∗
---------------------------------------------
Over the last few weeks, we’ve noticed a JavaScript injection in a
number of WordPress databases, and we recently wrote about them in a
Sucuri Labs Note. The campaign attempts to redirect visitors to a
bogus Windows support page claiming that their computers are infected
with 'riskware' and will be disabled unless they call what is an
obviously bogus support hotline. Google and several other web
security vendors are currently blacklisting the domain; fortunately,
most [...]
---------------------------------------------
https://blog.sucuri.net/2017/12/reverse-javascript-injection-redirects-to-s…
∗∗∗ 34C3: Auch 4G-Mobilfunk ist einfach abzuhören und zu überwachen ∗∗∗
---------------------------------------------
GSM war sehr einfach zu knacken, 3G stand über das SS7-Protokoll offen
wie ein Scheunentor. Bei 4G sollte mit dem neuen Roaming- und
Abrechnungsprotokoll Diameter alles besser werden, doch viele
Angriffsflächen sind geblieben.
---------------------------------------------
https://heise.de/-3928496
∗∗∗ The State of Security in Industrial Control Systems ∗∗∗
---------------------------------------------
The main challenge for industrial control systems is that the processes
that control those systems are connected to critical infrastructure
such as power, water, gas, and transport. This means they require high
availability, and it is not easy to interrupt those systems to apply
security updates. Effects of any downtime means that it can affect
[...]
---------------------------------------------
https://www.tripwire.com/state-of-security/ics-security/state-security-indu…
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4074 imagemagick - security update ∗∗∗
---------------------------------------------
This update fixes several vulnerabilities in imagemagick: Various
memoryhandling problems and cases of missing or incomplete input
sanitising mayresult in denial of service, memory disclosure or the
execution ofarbitrary code if malformed image files are processed.
---------------------------------------------
https://www.debian.org/security/2017/dsa-4074
Next End-of-Day report: 2018-01-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 27-12-2017 18:00 − Donnerstag 28-12-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames ∗∗∗
---------------------------------------------
Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/web-trackers-exploit-flaw-in…
∗∗∗ Xiaomi: Mit einem Stück Alufolie autonome Staubsauger rooten ∗∗∗
---------------------------------------------
Obwohl Xiaomi in puncto Security viel richtig macht, lassen sich Staubsauger der Firma rooten - mit einem Stück Alufolie. Das ermöglicht dann den Zugriff auf zahlreiche Sensoren und die Nutzung eines eigenen Cloudinterfaces.
---------------------------------------------
https://www.golem.de/news/xiaomi-mit-einem-stueck-alufolie-autonome-staubsa…
∗∗∗ Computer Forensics: Forensic Techniques, Part 2 ∗∗∗
---------------------------------------------
Introduction This is a continuation of our "Forensic Techniques" series, in which we discuss some of the most common yet powerful computer forensic techniques for beginners. In Part 1, we took a look at live forensics, file carving, data/password recovery, known file filtering, and email header analysis. Part 2 will feature slightly more advanced techniques, [...]
---------------------------------------------
http://resources.infosecinstitute.com/computer-forensics-forensic-technique…
∗∗∗ The "Extended Random" Feature in the BSAFE Crypto Library ∗∗∗
---------------------------------------------
Matthew Green wrote a fascinating blog post about the NSAs efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSAs backdoor into the DUAL_EC_PRNG random number generator to weaken TLS.
---------------------------------------------
https://www.schneier.com/blog/archives/2017/12/the_extended_ra.html
∗∗∗ Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More ∗∗∗
---------------------------------------------
Attackers can use sound waves to interfere with a hard drives normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can…
∗∗∗ 34C3: "Nomorp" hebelt Schutzschild zahlreicher Banking-Apps aus ∗∗∗
---------------------------------------------
Der Sicherheitsforscher Vincent Haupert hat das Rätsel gelüftet, wie er zusammen mit einem Kollegen schwere Lücken bei App-basierten TAN-Verfahren ausnutzen und etwa Überweisungen manipulieren konnte.
---------------------------------------------
https://heise.de/-3928363
∗∗∗ Keine Identitätsbestätigung bei Amazon erforderlich ∗∗∗
---------------------------------------------
In einem gefälschten Amazon-Schreiben ist davon die Rede, dass Kund/innen ihre Identität bei dem Händler bestätigen müssen. Tun sie das nicht, sperrt er angeblich ihr Nutzerkonto. Empfänger/innen können die Nachricht ignorieren, denn sie stammt von Kriminellen. Diese wollen mit dem erfundenen Vorwand fremde Zugangsdaten stehlen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/keine-identitaetsbestaetigung-be…
∗∗∗ Three Plugins Backdoored in Supply Chain Attack ∗∗∗
---------------------------------------------
In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of [...]
---------------------------------------------
https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/
=====================
= Vulnerabilities =
=====================
∗∗∗ DFN-CERT-2017-2323: Digium Asterisk, Digium Certified Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2323/
∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-…
∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability on Some Huawei FireWall Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-…
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-…
∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Huawei USG product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-…
∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-…
∗∗∗ IBM Security Bulletin: Vulnerabilities in wget affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026217
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics Server (CVE-2017-10356, CVE-2017-10388) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011663
∗∗∗ IBM Security Bulletin: A vulnerability in libnl3 affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026208
∗∗∗ IBM Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026222
∗∗∗ IBM Security Bulletin: A vulnerability in httpd affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025957
∗∗∗ IBM Security Bulletin: Vulnerabilities in dnsmasq affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025956
∗∗∗ IBM Security Bulletin: A vulnerability in emacs affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025961
∗∗∗ IBM Security Bulletin: A vulnerability in ausgeas affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025962
∗∗∗ IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026031
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026032
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 22-12-2017 18:00 − Mittwoch 27-12-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Vulnerability Affects Hundreds of Thousands of IoT Devices ∗∗∗
---------------------------------------------
Heres something to be cheery on Christmas Day - a vulnerability affecting a web server thats been embedded in hundreds of thousands of IoT devices. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vulnerability-affects-hundre…
∗∗∗ Huawei Router Vulnerability Used to Spread Mirai Variant ∗∗∗
---------------------------------------------
Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori.
---------------------------------------------
http://threatpost.com/huawei-router-vulnerability-used-to-spread-mirai-vari…
∗∗∗ Recent Russian Routing Leak was Largely Preventable ∗∗∗
---------------------------------------------
Last week, the IP address space belonging to several high-profile companies, including Google, Facebook and Apple, was briefly announced out of Russia, as was first reported by BGPmon. Following the incident, Job Snijders of NTT wrote in a post entitled, “What to do about BGP hijacks”. He stated that, given the inherent security weaknesses in [...]
---------------------------------------------
https://dyn.com/blog/recent-russian-routing-leak-was-largely-preventable/
∗∗∗ Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet ∗∗∗
---------------------------------------------
Researchers found that network configuration errors have left thousands of high-end speakers open to epic audio pranking.
---------------------------------------------
https://www.wired.com/story/hackers-can-rickroll-sonos-bose-speakers-over-i…
∗∗∗ Botnetze können das Stromnetz sabotieren ∗∗∗
---------------------------------------------
Ein Botnetz könnte den Stromverbrauch vernetzter Geräte rascher beeinflussen, als Stromnetze darauf reagieren können. Damit könnte die Stromversorgung ganzer Länder sabotiert werden.
---------------------------------------------
https://heise.de/-3927886
∗∗∗ Inkasso-Sicherheitsleck offenbart Daten von über 33.000 Schuldnern ∗∗∗
---------------------------------------------
Der schweizerische Zweig der Eos-Inkassogruppe hat große Mengen sensibler Daten von Schuldnern in unbefugte Hände fallen lassen. Namen, Adressen, die Höhe von Schuldensbeträgen und sogar Krankenakten waren durch das Datenleck zugänglich.
---------------------------------------------
https://heise.de/-3928173
∗∗∗ 34C3: Riesige Sicherheitslücken bei Stromtankstellen ∗∗∗
---------------------------------------------
An Ladesäulen auf fremde Rechnung Strom fürs E-Auto abzuzapfen ist laut dem Sicherheitsforscher Mathias Dalheimer kein Problem. Die Abrechnungsnummer für Nutzerkarten könne einfach kopiert werden, die Kommunikationsinfrastruktur sei kaum geschützt.
---------------------------------------------
https://heise.de/-3928264
=====================
= Vulnerabilities =
=====================
∗∗∗ Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure ∗∗∗
---------------------------------------------
Input passed thru the file GET parameter in forceSave.php script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
∗∗∗ PMASA-2017-9 ∗∗∗
---------------------------------------------
XSRF/CSRF vulnerability in phpMyAdminAffected VersionsVersions 4.7.x (prior to 4.7.7) are affected.
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2017-9/
∗∗∗ SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Trend Micro has released some Critical Patches (CP) and an updated build for Trend Micro Smart Protection Server (Standalone) to resolve multiple vulnerabilities in the product.
---------------------------------------------
https://success.trendmicro.com/solution/1118992
∗∗∗ 2017-12-22: Cyber Security Notification - TRITON/TRISIS malware ∗∗∗
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A7931&Lang…
∗∗∗ 2017-12-08: Vulnerability in Ellipse8 - Ellipse Authentication to LDAP/AD ∗∗∗
---------------------------------------------
http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A7341&…
∗∗∗ Security Advisory - Activation Lock Bypass Vulnerability on Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-…
∗∗∗ Security Advisory - Several Vulnerabilities in H323 Protocol of Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-…
∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010779
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010778
∗∗∗ IBM Security Bulletin: A vulnerability in Eclipse Jetty affects the IBM InfoSphere Information Server installers ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009537
∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010776
∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem model V840 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010775
∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011689
∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011302
∗∗∗ Linux kernel vulnerability CVE-2017-16648 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73337338
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 21-12-2017 18:00 − Freitag 22-12-2017 18:00
Handler: Nina Bieringer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Myloc/Webtropia: Offene VNC-Ports ermöglichten Angriffe auf Server ∗∗∗
---------------------------------------------
Golem.de hat den Serverhoster Webtropia über eine kritische Schwachstelle informiert: Über eine Lücke in den Ports der Kontrollserver hätten Angreifer ohne Passwort die Kontrolle übernehmen können - zumindest bei einigen Systemen.
---------------------------------------------
https://www.golem.de/news/myloc-webtropia-offene-vnc-ports-ermoeglichten-an…
∗∗∗ Conference review: Botconf 2017 ∗∗∗
---------------------------------------------
Virus Bulletin researchers report back from a very interesting fifth edition of Botconf, the botnet fighting conference.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/12/conference-review-botconf-20…
∗∗∗ Opera: Version 50 soll vor Krypto-Mining im Browser schützen ∗∗∗
---------------------------------------------
Auf immer mehr Webseiten lauern Skripte, die unbemerkt CPUs anzapfen, um Kryptowährungen zu schürfen. Die neue Opera-Version enthält mit "NoCoin" einen eingebauten Schutzmechanismus gegen diese Masche.
---------------------------------------------
https://heise.de/-3926990
∗∗∗ Thunderbird: Version 52.5.2 fixt Mailsploit und weitere Schwachstellen ∗∗∗
---------------------------------------------
Mozilla reagiert auf unlängst von Forschern entdeckte Sicherheitsprobleme und bessert seinen Mail-Client nach. Nutzer sollten zeitnah auf die aktuelle Version umsteigen.
---------------------------------------------
https://heise.de/-3927213
=====================
= Vulnerabilities =
=====================
∗∗∗ Moxa NPort W2150A and W2250A ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a credentials management vulnerability in Moxas NPort W2150A and W2250A serial network interface.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01
∗∗∗ Schneider Electric Pelco VideoXpert Enterprise ∗∗∗
---------------------------------------------
This advisory contains mitigation details for path traversal and improper access control vulnerabilities in Schneider Electric’s Pelco VideoXpert Enterprise.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
∗∗∗ The installer of Music Center for PC may insecurely load Dynamic Link Libraries ∗∗∗
---------------------------------------------
http://jvn.jp/en/jp/JVN60695371/
∗∗∗ The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries ∗∗∗
---------------------------------------------
http://jvn.jp/en/jp/JVN95423049/
∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Print Spooler Service ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-…
∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-…
∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-…
∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1698) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011519
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been fixed in products bundled with IBM Security Directory Suite 8.0.1 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011971
∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010523
∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Cognos Planning. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011963
∗∗∗ Citrix XenServer Lets Local Administrative Users on a Guest System Cause Denial of Service Conditions on the Host System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040031
∗∗∗ SSA-323211 (Last Update 2017-12-22): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211…
Next End-of-Day report: 2017-12-27
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-12-2017 18:00 − Donnerstag 21-12-2017 18:00
Handler: Nina Bieringer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Infosec controls relaxed a little after latest Wassenaar meeting ∗∗∗
---------------------------------------------
A welcome dash of perspective Without much fanfare, negotiators crafting the Wassenaar Agreement earlier this month moved to make things easier for infosec white-hats.
---------------------------------------------
www.theregister.co.uk/2017/12/21/infosec_controls_relaxed_a_little_after_la…
∗∗∗ Einfache Mail-Verschlüsselung: PGP-Helfer Autocrypt in Version 1.0 vorgestellt ∗∗∗
---------------------------------------------
Eine benutzerfreundliche E-Mail-Verschlüsselung versprechen die Macher der Autocrypt-Spezifikation, die heute in Version 1.0 freigegeben wurde.
---------------------------------------------
https://heise.de/-3924855
∗∗∗ Massive Cryptomining Campaign Targeting WordPress Sites ∗∗∗
---------------------------------------------
On Monday we wrote about the massive spike in brute force attacks on WordPress sites that we observed. As reported, it was the most intense period of attacks we had ever recorded. We believe that a single botnet is behind the attacks. We were able ..
---------------------------------------------
https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpr…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Advisory for Buffer Overflow Vulnerabilities in QTS ∗∗∗
---------------------------------------------
Multiple buffer overflow vulnerabilities were recently found in QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier. If exploited, these vulnerabilities may allow remote attackers to run arbitrary code on NAS devices.
---------------------------------------------
https://www.qnap.com/en/security-advisory/nas-201712-15
∗∗∗ TMM vulnerability CVE-2017-6138 ∗∗∗
---------------------------------------------
TMM vulnerability CVE-2017-6138. Security Advisory. Security Advisory Description. Malicious requests made to virtual servers ..
---------------------------------------------
https://support.f5.com/csp/article/K34514540
∗∗∗ TMM vulnerability CVE-2017-6132 ∗∗∗
---------------------------------------------
TMM vulnerability CVE-2017-6132. Security Advisory. Security Advisory Description. Undisclosed sequence of packets sent ..
---------------------------------------------
https://support.f5.com/csp/article/K12044607
∗∗∗ Linux kernel vulnerability CVE-2017-6135 ∗∗∗
---------------------------------------------
Linux kernel vulnerability CVE-2017-6135. Security Advisory. Security Advisory Description. A slow memory leak as a result ..
---------------------------------------------
https://support.f5.com/csp/article/K43322910
∗∗∗ me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2017-097
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009491
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011039
∗∗∗ TMM vulnerability CVE-2017-6134 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K37404773
∗∗∗ SQL injection vulnerability CVE-2017-0304 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K39428424
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 19-12-2017 18:00 − Mittwoch 20-12-2017 18:00
Handler: Nina Bieringer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Verschlüsselung: Audit findet schwerwiegende Sicherheitslücken in Enigmail ∗∗∗
---------------------------------------------
Mozillas Secure Open Source Fund und der Berliner E-Mail-Anbieter Posteo haben einen Security-Audit für Thunderbird und die Erweiterung Enigmail in Auftrag gegeben. Dabei sind einige kritische und schwerwiegende Lücken gefunden worden.
---------------------------------------------
https://www.golem.de/news/verschluesselung-audit-findet-schwerwiegende-sich…
∗∗∗ Avast veröffentlicht Maschinencode-Decompiler als Open Source ∗∗∗
---------------------------------------------
Der Virenschutz-Hersteller Avast hat ein Werkzeug entwickelt, mit dem sich ausführbarer Maschinencode in lesbaren Quelltext zurückübersetzen lassen soll. Damit lässt sich das Verhalten von Programmen analysieren, ohne sie auszuführen.
---------------------------------------------
https://heise.de/-3923397
∗∗∗ Backdoor in Captcha Plugin Affects 300K WordPress Sites ∗∗∗
---------------------------------------------
The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check ..
---------------------------------------------
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
=====================
= Vulnerabilities =
=====================
∗∗∗ Ecava IntegraXor ∗∗∗
---------------------------------------------
This advisory contains mitigation details for SQL injection vulnerabilities in Ecava’s IntegraXor.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03
∗∗∗ Siemens LOGO! Soft Comfort ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a download of code without integrity check vulnerability in Siemens LOGO! Soft Comfort software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04
∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a heap-based buffer overflow vulnerability in WECON’s LeviStudio HMI.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-353-05
∗∗∗ Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol) ∗∗∗
---------------------------------------------
It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting.
---------------------------------------------
https://typo3.org/news/article/multiple-vulnerabilities-in-extension-jobcon…
∗∗∗ Captcha 4.3.6–4.4.4 - Backdoored ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8980
∗∗∗ DFN-CERT-2017-2302/">TYPO3 Extensions: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2302/
∗∗∗ DFN-CERT-2017-2305/">VMware ESXi, Workstation, Fusion, vCenter Server Appliance: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2305/
∗∗∗ Huawei Security Advisories ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories
∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by libxml2 vulnerabilty (CVE-2017-16932 CVE-2017-16931) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011831
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3735 CVE-2017-14919) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011851
∗∗∗ BIG-IP APM Portal Access vulnerability CVE-2017-0301 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54358225
∗∗∗ TMM vulnerability CVE-2017-6140 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K55102452
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 18-12-2017 18:00 − Dienstag 19-12-2017 18:00
Handler: Nina Bieringer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Dual EC: Wie Cisco, Avast und die NSA TLS 1.3 behindern ∗∗∗
---------------------------------------------
Auch der jüngste Entwurf des TLS-1.3-Protokolls führt zu Verbindungsabbrüchen. Google nennt jetzt einige Schuldige, darunter ein Gerät von Cisco, ein Virenscanner - und eine Spur zur NSA-Hintertüre Dual EC in der RSA-BSAFE-Bibliothek.
---------------------------------------------
https://www.golem.de/news/dual-ec-wie-cisco-avast-und-die-nsa-tls-1-3-behin…
∗∗∗ aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript ∗∗∗
---------------------------------------------
Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-win…
∗∗∗ Multifunktionstrojaner Loapi kann Android-Smartphones physisch beschädigen ∗∗∗
---------------------------------------------
Loapi ist die eierlegende Wollmilchsau unter den Android-Trojanern und geht so hart zu Werk, dass Smartphones aufplatzen können.
---------------------------------------------
https://heise.de/-3921651
∗∗∗ The Market for Stolen Account Credentials ∗∗∗
---------------------------------------------
Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Todays post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online ..
---------------------------------------------
https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentia…
∗∗∗ Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC ∗∗∗
---------------------------------------------
A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive ..
---------------------------------------------
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-att…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Advisory 2017-10: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framewo…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 15-12-2017 18:00 − Montag 18-12-2017 18:00
Handler: Nina Bieringer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Windows 10: Kritische Lücke in vorinstalliertem Passwortmanager ∗∗∗
---------------------------------------------
Keeper-Nutzer sollten unbedingt die gepatchte Version installieren. Der aktuell in Windows 10 vorinstallierte Passwortmanager Keeper hatte bis Version 11.3 einen Fehler, der es bösartigen Webseiten ermöglichte, über Clickjacking beliebige Passwörter auszulesen.
---------------------------------------------
https://www.golem.de/news/windows-10-kritische-luecke-in-vorinstalliertem-p…
∗∗∗ BGP-Hijacking: IP-Verkehr der Großen Vier nach Russland umgeleitet ∗∗∗
---------------------------------------------
Weil etliche Netzbetreiber immer noch ein Routing-Protokoll ohne Sicherheitsvorkehrungen nutzen, gelang es wieder einmal Angreifern, IP-Verkehr von Google, Facebook, Apple und Microsoft umzuleiten. Das Zwischenziel: Russland.
---------------------------------------------
https://heise.de/-3919524
∗∗∗ Kritische und bislang ungepatchte Lücken in Forensoftware vBulletin ∗∗∗
---------------------------------------------
In der aktuellen Version von vBulletin klaffen zwei Schwachstellen – davon ist mindestens eine als kritisch einzustufen. Angreifer könnten Schadcode ausführen.
---------------------------------------------
https://heise.de/-3920375
∗∗∗ Gesichtserkennung von Windows 10 mit Papierausdruck reingelegt ∗∗∗
---------------------------------------------
Sicherheitsforscher haben Windows Hello erfolgreich ausgetrickst und sich an damit gesicherten Computern angemeldet. Das funktioniert aber nur mit bestimmten Hard- und Softwarekonstellationen.
---------------------------------------------
https://heise.de/-3920864
∗∗∗ Hacker zeigte Probleme bei Ladekarten für Stromtankstellen auf ∗∗∗
---------------------------------------------
"Ich brauche nur diese Nummer, um auf fremde Kosten Strom zu laden"
---------------------------------------------
http://derstandard.at/2000070592621
∗∗∗ Über 10.000 Seiten schürfen mit PC-Leistung der Nutzer nach Kryptogeld ∗∗∗
---------------------------------------------
Sicherheitsexperten registrieren rasanten Anstieg seit Bitcoin-Hype
---------------------------------------------
http://derstandard.at/2000070618982
=====================
= Vulnerabilities =
=====================
∗∗∗ BlackBerry Powered by Android Security Bulletin – December 2017 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber…
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-…
∗∗∗ Security Advisory - Multiple Vulnerabilities in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-…
∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-…
∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1423) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22011400
∗∗∗ IBM Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010601
∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008673
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 14-12-2017 18:00 − Freitag 15-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft Considers Adding Python as an Official Scripting Language to Excel ∗∗∗
---------------------------------------------
Microsoft is considering adding Python as one of the official Excel scripting languages, according to ..
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-…
∗∗∗ Vigilante Removes Malware from Netgear Site After Company Fails to Do So for 2 Years ∗∗∗
---------------------------------------------
An anonymous vigilante has taken matters into his own hands and removed malware from a Netgear site after the ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vigilante-removes-malware-fr…
∗∗∗ The spy under your christmas tree ∗∗∗
---------------------------------------------
In the past few years, makers of internet-enabled toys have made the headlines multiple times, but not in a good way. Privacy and data protection clearly is not the highest priority in this sector. In Germany, the sale of some of those toys has already been banned after they were classified as concealed surveillance ..
---------------------------------------------
https://www.gdatasoftware.com/blog/2017/12/30277-the-spy-under-your-christm…
∗∗∗ Joanna Rutkowska: Qubes OS soll "einfach wie Ubuntu" werden ∗∗∗
---------------------------------------------
Die Gründerin von Qubes OS, Joanna Rutkowska, erklärt die grundlegenden Ideen und Konzepte des auf Sicherheit fokussierten Projektes. Außerdem verrät die Entwicklerin im Gespräch mit Golem.de weiter ..
---------------------------------------------
https://www.golem.de/news/joanna-rutkowska-qubes-os-soll-einfach-wie-ubuntu…
∗∗∗ Determining your risk ∗∗∗
---------------------------------------------
Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2998921
∗∗∗ Javascript Injection Creates Rogue WordPress Admin User ∗∗∗
---------------------------------------------
Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement ..
---------------------------------------------
https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpres…
∗∗∗ Root-Lücke in Firewalls von Palo Alto Networks ∗∗∗
---------------------------------------------
Kombinieren Angreifer drei Sicherheitslücken, könnten sie Firewalls von Palo Alto Networks kompromittieren, warnt ein Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3918909
=====================
= Vulnerabilities =
=====================
∗∗∗ Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake ∗∗∗
---------------------------------------------
A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could ..
---------------------------------------------
https://support.citrix.com/article/CTX230612
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 13-12-2017 18:00 − Donnerstag 14-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ The Intel ME vulnerabilities are a big deal for some people, harmless for most ∗∗∗
---------------------------------------------
(Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and its not absolutely the worst case scenario but its still ..
---------------------------------------------
https://mjg59.dreamwidth.org/49788.html
∗∗∗ Sneaky *.BAT File Leads to Spoofed Banking Page ∗∗∗
---------------------------------------------
If you thought using BAT files was old hat, think again. While monitoring our Secure Email Gateway Cloud service, we came across several suspect spam emails targeting Brazilian users. The figure ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Sneaky--BAT-File-Leads-to-Sp…
∗∗∗ Attack on Fox-IT shows how a DNS hijack can break multiple layers of security ∗∗∗
---------------------------------------------
Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS ..
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/12/attack-fox-it-shows-how-dns-…
∗∗∗ Triton Malware Targets Industrial Safety Systems In the Middle East ∗∗∗
---------------------------------------------
A rare and dangerous new form of malware targets the industrial safety control systems that protect human life.
---------------------------------------------
https://www.wired.com/story/triton-malware-targets-industrial-safety-system…
∗∗∗ Dezember-Patchday bei SAP ∗∗∗
---------------------------------------------
Es stehen Sicherheitsupdates für verschiedene SAP-Produkte bereit. Zwei Lücken sind mit dem Bedrohungsgrad "hoch" eingestuft.
---------------------------------------------
https://heise.de/-3918036
∗∗∗ Mirai: Wie Minecraft-Betrug das ganze Internet in die Knie zwang ∗∗∗
---------------------------------------------
Drei US-amerikanische Studenten gestehen Urheberschaft – Wollten eigentlich nur mit Angriffen gegen Spieleserver Geld machen
---------------------------------------------
http://derstandard.at/2000070340698
∗∗∗ 34C3: Das Programm für den Hacker-Kongress steht ∗∗∗
---------------------------------------------
Keynote von Science-Fiction-Autor Charles Stross – Findet heuer erstmals in Leipzig statt
---------------------------------------------
http://derstandard.at/2000070364235
∗∗∗ New MacOS malware steals bank log-in details and intellectual property ∗∗∗
---------------------------------------------
https://www.scmagazineuk.com/news/new-macos-malware-steals-bank-log-in-deta…
=====================
= Vulnerabilities =
=====================
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 12-12-2017 18:00 − Mittwoch 13-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Argy-bargy Argies barge into Starbucks Wi-Fi with alt-coin discharges ∗∗∗
---------------------------------------------
Venti vanilla skinny latte with sprinkles of JavaScript and a side of Monero mining, please Starbucks has joined the long growing list of organizations that have inadvertently and silently mined alt-coins on customers computers for mystery miscreants.…
---------------------------------------------
www.theregister.co.uk/2017/12/12/starbucks_wifi_crypto_mining/
∗∗∗ Apple Security Flaws Give Some Researchers Concern About Deeper Issues ∗∗∗
---------------------------------------------
Apples had some prominent security lapses lately. But is it just a rough patch, or something deeper?
---------------------------------------------
https://www.wired.com/story/apples-security-macos-high-sierra-ios-11
∗∗∗ ROBOT-Attacke: TLS-Angriff von 1998 funktioniert immer noch ∗∗∗
---------------------------------------------
Sicherheitsforscher haben eine neue Variante der Bleichenbacher-Attacke zum Entschlüsseln von Internettraffic vorgestellt. Davon sind unter anderem Facebook und PayPal betroffen.
---------------------------------------------
https://heise.de/-3916994
∗∗∗ KRACK- und Broadpwn-Schwachstelle: Apple flickt AirPort-WLAN-Basisstationen erst jetzt ∗∗∗
---------------------------------------------
Ein Firmware-Update soll Apples WLAN-Basisstationen vor gravierenden Schwachstellen schützen – es deckt AirPort Express, AirPort Extreme und Time Capsule ab.
---------------------------------------------
https://heise.de/-3916951
=====================
= Vulnerabilities =
=====================
∗∗∗ Gain Windows privileges with FortiClient vpn before logon and untrusted certificate ∗∗∗
---------------------------------------------
When the "VPN before logon" feature of FortiClient Windows is enabled (disabled by default), and when the server certificate is not valid, it is possible for an attacker without a user account on the targeted Windows workstation to obtain SYSTEM level privileges, via ..
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-070
∗∗∗ VPN credentials disclosure in Fortinet FortiClient ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-i…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily