Daily

daily@lists.cert.at

1 participants
3088 discussions

Tageszusammenfassung - 17.12.2018
by Daily end-of-shift report 17 Dec '18

17 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-12-2018 18:00 − Montag 17-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Shamoon Disk Wiper Returns with Second Sample Uncovered this Month ∗∗∗ --------------------------------------------- Shamoons comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/shamoon-disk-wiper-returns-w… ∗∗∗ Datenbank: Fehler in SQLite ermöglichte Codeausführung ∗∗∗ --------------------------------------------- Anwendungen, die SQLite einsetzen und von außen SQL-Zugriff darauf bieten, sind offenbar von einem Fehler betroffen, der eine beliebige Codeausführung ermöglicht. Dazu gehören unter anderem Browser auf Chromium-Basis, für die inzwischen Updates bereitstehen. (Security, Browser) --------------------------------------------- https://www.golem.de/news/datenbank-fehler-in-sqlite-ermoeglichte-codeausfu… ∗∗∗ Worst passwords list is out, but this time we’re not scolding users ∗∗∗ --------------------------------------------- This is on you, makers of sites and services that allow users to create passwords like "password." You can do better! --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but… ∗∗∗ The GPS 2019 Week Rollover - What You Need to Know ∗∗∗ --------------------------------------------- The Global Positioning System provides accurate timing information to many of our critical systems - power grid, communications, financial markets, emergency services, and industrial control to name a few. [...] The next time the counter will reach week 1023 and rollover to zero is on April 6, 2019. --------------------------------------------- https://spectracom.com/resources/blog/lisa-perdue/2018/gps-2019-week-rollov… ∗∗∗ Intels NUCs: Viele Mini-PCs mit fehlerhaftem BIOS-Schutz ∗∗∗ --------------------------------------------- Bei einigen Mini-PCs aus Intels NUC-Reihe lässt sich das BIOS mit manipuliertem Code überschreiben, etwa um eine Backdoor einzupflanzen. --------------------------------------------- http://heise.de/-4251738 ∗∗∗ Betrügerische Androhung von Pfändungsterminen ∗∗∗ --------------------------------------------- Konsument/innen erhalten von erfundenen Inkassobüros und Rechtsanwält/innen letzte Zahlungsaufforderungen in Höhe von 479,16 Euro. Darin heißt es, dass es zu einer Pfändung ihrer Wertgegenstände komme, wenn sie den geforderten Geldbetrag nicht bezahlen. Empfänger/innen können das Schreiben ignorieren und müssen keine Überweisung tätigen. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-androhung-von-pfaendu… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php5, poppler, and samba), Fedora (firefox, mbedtls, nbdkit, pdns-recursor, php, php-symfony, php-symfony3, and php-symfony4), Gentoo (CouchDB, scala, and spamassassin), Mageia (firefox, libwpd, nss, and thunderbird), openSUSE (Chromium, cups, ghostscript, kernel, openvswitch, phpMyAdmin, qemu, and tcpdump), Red Hat (RHGS WA), and SUSE (ansible, openldap2, openvswitch, qemu, and tcpdump). --------------------------------------------- https://lwn.net/Articles/775102/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gs… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-nt… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability. (CVE-2018-1667) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Potential redirection to external site when using the the IBM Event Streams API (CVE-2018-1833) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-redirection… ∗∗∗ NodeJS vulnerability CVE-2018-12120 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K37111863 ∗∗∗ OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43741620 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.12.2018
by Daily end-of-shift report 14 Dec '18

14 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-12-2018 18:00 − Freitag 14-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ The economics of vulnerability disclosure ∗∗∗ --------------------------------------------- A new ENISA report aims to provide a glimpse into the costs, incentives, and impact related to discovering and disclosing vulnerabilities in information security. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-economics-of-vulnerability-… ∗∗∗ How to protect yourself as the threat of scam apps grows ∗∗∗ --------------------------------------------- As the threat of bogus apps continues, what can we do to protect ourselves against these fraudulent practices? --------------------------------------------- https://www.welivesecurity.com/2018/12/14/protect-yourself-threat-scam-apps… ===================== = Vulnerabilities = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Logitech Keystroke Injection Flaw Went Unaddressed for Months ∗∗∗ --------------------------------------------- The flaw allows a remote attacker to gain full access over a machine. --------------------------------------------- https://threatpost.com/logitech-keystroke-injection-flaw/139928/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript, git, java-1.7.0-openjdk, java-11-openjdk, kernel, NetworkManager, python-paramiko, ruby, sos-collector, thunderbird, and xorg-x11-server), Debian (gcc-4.9), and SUSE (amanda, ntfs-3g_ntfsprogs, and tiff). --------------------------------------------- https://lwn.net/Articles/774940/ ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009 ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE identifiers: CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0009.html ∗∗∗ QEMU: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um Informationen offenzulegen oder einen Denial of Service zu verursachen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1175 ∗∗∗ Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01 ∗∗∗ Schneider Electric GUIcon Eurotherm ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-01 ∗∗∗ Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-02 ∗∗∗ Geutebrück GmbH E2 Series IP Cameras ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03 ∗∗∗ GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04 ∗∗∗ Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN87535892/ ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – Cross-site scripting (CVE-2018-18997) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005753… ∗∗∗ 2018-12-14: Vulnerability in GATE E2 – No Access Control (CVE-2018-18995) ∗∗∗ --------------------------------------------- https://search-ext.abb.com/library/Download.aspx?DocumentID=2CMT2018-005751… ∗∗∗ IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Guardium (CVE-2016-1181, CVE-2016-1182) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-st… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Cross-Site scripting vulnerability in user login vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-1656; CVE-2018-2973; CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a public disclosed vulnerability from Apache ZooKeeper ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.12.2018
by Daily end-of-shift report 13 Dec '18

13 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-12-2018 18:00 − Donnerstag 13-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Captchas are dead...ish. ∗∗∗ --------------------------------------------- According to a recently published research paper, some types of Captchas are now obsolete. The reason: machines have learned to solve those Captchas. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/12/31374-captchas-are-dead-ish ∗∗∗ OWASP Top 10 Security Risks – Part III ∗∗∗ --------------------------------------------- Today, we are going to explore items 5 and 6: broken access control and security misconfigurations. --------------------------------------------- https://blog.sucuri.net/2018/12/owasp-top-10-security-risks-part-iii.html ∗∗∗ Wichtiges Sicherheitsupdate: WordPress 5.0.1 ist da ∗∗∗ --------------------------------------------- Aufgrund von mehreren Sicherheitslücken könnten Angreifer mit WordPress erstellte Websites attackieren. Eine fehlerbereinigte Version steht bereit. --------------------------------------------- http://heise.de/-4249500 ∗∗∗ Scanning for Flaws, Scoring for Security ∗∗∗ --------------------------------------------- Is it fair to judge an organizations information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. --------------------------------------------- https://krebsonsecurity.com/2018/12/scanning-for-flaws-scoring-for-security/ ∗∗∗ Vorsicht bei gamestar4.com ∗∗∗ --------------------------------------------- Der Online-Shop gamestar4.com, mit angeblichem Sitz in Wien, ist betrügerisch. Auf gamestar4.com finden Sie neben Haushaltszubehör und Elektrogeräten, billige Spielkonsolen, die als Wochendeals beworben werden. Bestellen Sie bei gamestar4.com, verlieren Sie Ihr Geld, übermitteln Betrüger/innen sensible Daten und erhalten keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-gamestar4com/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firefox-esr), Fedora (singularity), openSUSE (compat-openssl098, cups, firefox, mozilla-nss, and xen), and SUSE (cups, exiv2, ghostscript, and git). --------------------------------------------- https://lwn.net/Articles/774845/ ∗∗∗ Linux kernel vulnerability CVE-2018-5390 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95343321 ∗∗∗ IBM Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-contains-a-de… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1848) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: Potential MITM attack in Apache CXF used by IBM Event Streams (CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-mitm-attack… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by multiple vulnerabilities in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: IBM Security Directory Server is affected by a vulnerability in GSKit ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-director… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.12.2018
by Daily end-of-shift report 12 Dec '18

12 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 11-12-2018 18:00 − Mittwoch 12-12-2018 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Logitech Options: Logitech-Software ermöglicht bösartige Codeausführung ∗∗∗ --------------------------------------------- In einer Software zur Konfiguration von Logitech-Tastaturen und Mäusen klafft ein riesiges Sicherheitsloch. Nutzer von Logitech Options sollten es vorerst deinstallieren: Bisher gibt es keinen Fix. (Logitech, Eingabegerät) --------------------------------------------- https://www.golem.de/news/logitech-options-logitech-software-ermoeglicht-bo… ∗∗∗ Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp ∗∗∗ --------------------------------------------- Posted by Natalie Silvanovich, Project ZeroWhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC project. I fuzzed this implementation to see if it had similar results to WebRTC and FaceTime.Fuzzing Set-upPJSIP is open source, so it was easy to identify the PJSIP code in the Android WhatsApp binary [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ A bug in Microsoft’s login system made it easy to hijack anyone’s Office account ∗∗∗ --------------------------------------------- A string of bugs when chained together created the perfect attack to gain access to someones Microsoft account - simply by tricking a user into clicking a link. --------------------------------------------- https://techcrunch.com/2018/12/11/microsoft-login-bug-hijack-office-account… ∗∗∗ Patchday: Attacken auf Windows-Kernel-Lücke ∗∗∗ --------------------------------------------- Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehrere Schwachstellen gelten als kritisch. --------------------------------------------- http://heise.de/-4248309 ∗∗∗ Sicherheitsupdates: Angreifer könnten IP-Kameras von Bosch übernehmen ∗∗∗ --------------------------------------------- Einige IP-Kamera-Modelle von Bosch sind über eine als kritisch eingestufte Sicherheitslücke attackierbar. Updates schaffen Abhilfe. --------------------------------------------- http://heise.de/-4248751 ∗∗∗ Bitcoin Profit ist Betrug ∗∗∗ --------------------------------------------- Auf einer gefälschten orf.at-Website bewerben Kriminelle die Trading-Plattform Bitcoin Profit. In dem irreführenden Beitrag behaupten sie, dass es damit sehr einfach sei, sehr hohe Gewinne zu erzielen. Über die Werbung gelangen Leser/innen auf btcprofitnow.pro. Melden sie sich auf der Website für Bitcoin Profit an und überweisen sie ihr Geld an Kriminelle, verlieren sie es und ihre Daten an Betrüger/innen. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-profit-ist-betrug/ ∗∗∗ Schadsoftware in gefälschter DHL-Sendungsbenachrichtigung ∗∗∗ --------------------------------------------- Zur Weihnachtszeit ist es leicht möglich, dass Sie Versandbenachrichtigungen in Ihrem E-Mail-Posteingang erwarten. Dennoch überrascht Sie dort womöglich eine gefälschte DHL-Nachricht. Die Mail gibt vor, Sie über eine anstehende Lieferung zu informieren, die gar nicht existiert. Wenn Sie auf den Link in der Nachricht klicken, wird versucht eine Datei herunterzuladen. Vorsicht! Diese vermeintliche Word-Datei enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/schadsoftware-in-gefaelschter-dhl-se… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, firefox, lib32-openssl, lib32-openssl-1.0, openssl, openssl-1.0, texlive-bin, and wireshark-cli), Fedora (perl), openSUSE (pdns), Oracle (kernel), Red Hat (kernel), Slackware (mozilla), SUSE (kernel, postgresql10, qemu, and xen), and Ubuntu (firefox, freerdp, freerdp2, pixman, and poppler). --------------------------------------------- https://lwn.net/Articles/774731/ ∗∗∗ Security Advisory - Cache Timing Vulnerability in OpenSSL RSA Key Generation ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181212-… ∗∗∗ IBM Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vul… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, CVE-2018-5407) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-op… ∗∗∗ IBM Security Bulletin: Vulnerability in Xorg affects AIX (CVE-2018-14665) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-xorg… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in Oracle Solaris affects AIX (CVE-2017-3623) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-orac… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.12.2018
by Daily end-of-shift report 11 Dec '18

11 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 10-12-2018 18:00 − Dienstag 11-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ MySQL-Frontend: Lücke in PhpMyAdmin erlaubt Datendiebstahl ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im MySQL-Frontend PhpMyAdmin erlaubt es, lokale Dateien auszulesen. Dafür benötigt man jedoch einen bereits existierenden Login. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/mysql-frontend-luecke-in-phpmyadmin-erlaubt-daten… ∗∗∗ Warnung vor schlossauf.at ∗∗∗ --------------------------------------------- Die Website schlossauf.at wirbt mit einem seriösen und preiswerter Schlüsseldienst, der in 20min vor Ort bei Kund/innen ist. Konsument/innen, die den Dienst nutzen, nehmen in Wahrheit Kontakt mit der deutschen Gesellschaft MK Notservice GmbH auf. Sie vermittelt Schlosser/innen. Die Dienste vor Ort sind laut Kund/innenmeinungen mit langen Wartezeiten verbunden und sehr teuer. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-schlossaufat/ ∗∗∗ Augen auf beim digitale Vignetten-Kauf! ∗∗∗ --------------------------------------------- Die digitale Vignette können Sie an unterschiedlichsten Stellen erstehen. Neben der ASFINAG, dem ÖAMTC oder dem ARBÖ vertreiben nämlich auch andere unbekanntere Anbieter die digitale Vignette. Achtung: Hier werden zum Teil zusätzliche Kosten verrechnet, die Sie leicht vermeiden können, indem Sie einen kurzen Vergleich anstellen. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-digitale-vignetten-ka… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB18-41). The updates referenced in the bulletin address critical and important vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1674 ∗∗∗ Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018-071 ∗∗∗ --------------------------------------------- Project: Decoupled RouterVersion: 8.x-1.18.x-1.0Date: 2018-October-31Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label.The module doesnt sufficiently check access before displaying entity labels. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-071 ∗∗∗ TYPO3 9.5.2, 8.7.21 and 7.6.32 security releases published ∗∗∗ --------------------------------------------- We are announcing the release of the following TYPO3 updates: * TYPO3 9.5.2 LTS * TYPO3 8.7.21 LTS * TYPO3 7.6.32 LTS All versions are security releases and contain important security fixes. --------------------------------------------- https://typo3.org/article/typo3-952-8721-and-7632-security-releases-publish… ∗∗∗ SAP Security Patch Day – December 2018 ∗∗∗ --------------------------------------------- On 11th of December 2018, SAP Security Patch Day saw the release of 9 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php7.0), Fedora (keepalived, kernel, kernel-headers, kernel-tools, mingw-uriparser, and uriparser), openSUSE (pdns-recursor), Oracle (kernel), SUSE (compat-openssl098, glibc, java-1_8_0-ibm, kernel, opensc, python, python-base, python-cryptography, python-pyOpenSSL, samba, and soundtouch), and Ubuntu (cups). --------------------------------------------- https://lwn.net/Articles/774590/ ∗∗∗ SSA-982399: Missing Authentication in TIM 1531 IRC Modules ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-982399.txt ∗∗∗ SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-181018.txt ∗∗∗ SSA-674165: Vulnerability in McAfee MACC product for SINAMICS PERFECT HARMONY GH180 drives ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-674165.txt ∗∗∗ SSA-170881: Vulnerabilities in SINUMERIK Controllers ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-170881.txt ∗∗∗ IBM Security Bulletin: Open Source Python-paramiko vulnerability affects IBM Netezza Host Management. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-python-pa… ∗∗∗ IBM Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-… ∗∗∗ IBM Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… ∗∗∗ IBM Security Bulletin: Vulnerability in BIND affects Power Hardware Management Console (CVE-2018-5740) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-bind… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a glibc vulnerability (CVE-2017-15670) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-access-m… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2018-1060, CVE-2018-1061) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0732, CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-manager-wit… ∗∗∗ glibc vulnerability CVE-2017-16997 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K43546166 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.12.2018
by Daily end-of-shift report 10 Dec '18

10 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 07-12-2018 18:00 − Montag 10-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gefälschte T-Mobile-Nachricht fordert Auskunft ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte T-Mobile-Nachricht. Darin behaupten sie, dass Kund/innen im Zusammenhang mit der Nutzung von Diensten persönliche Daten bekannt geben und ihre Telefonnummer bestätigen müssen. Das soll auf einer gefälschten T-Mobile-Website geschehen. Konsument/innen, die die von Ihnen verlangten Informationen bekannt geben, werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-t-mobile-nachricht-forde… ∗∗∗ Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans ∗∗∗ --------------------------------------------- Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/sextortion-emails-now-leadin… ∗∗∗ How can businesses get the most out of pentesting? ∗∗∗ --------------------------------------------- More than 4.5 billion data records were compromised in the first half of this year. If you still feel like your enterprise is secure after reading that statistic, you’re one of the few. Hackers utilizing high-profile exploits to victimize organizations is becoming an almost daily occurrence, with 18,000 to 19,000 new vulnerabilities estimated to show up in 2018. Here’s the thing though – we can still address the situation and make the current threat landscape [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/12/10/get-the-most-out-of-pentesting/ ∗∗∗ Mac malware combines EmPyre backdoor and XMRig miner ∗∗∗ --------------------------------------------- New Mac malware is using the EmPyre backdoor and the XMRig cryptominer to drain processor power—and possibly worse. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/12/mac-malware-combines-… ∗∗∗ Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix ∗∗∗ --------------------------------------------- Bug dealt with in Chrome and Edge, but still a problem for Firefox users. --------------------------------------------- https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml). --------------------------------------------- https://lwn.net/Articles/774489/ ∗∗∗ WPForms <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9164 ∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-s, 1801-t and 1801-u ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-s… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Voice Gateway ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a stored cross-site scripting vulnerability (CVE-2018-1900) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains an open redirect vulnerability (CVE-2018-1654) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-prog… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for libcURL (CVE-2018-14618) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from OpenSSL (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1652) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.12.2018
by Daily end-of-shift report 07 Dec '18

07 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 06-12-2018 18:00 − Freitag 07-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Using Fuzzing to Mine for Zero-Days ∗∗∗ --------------------------------------------- Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in todays security landscape. --------------------------------------------- https://threatpost.com/using-fuzzing-to-mine-for-zero-days/139683/ ∗∗∗ Is it Time to Uninstall Flash? (If you havent already) ∗∗∗ --------------------------------------------- If you havent uninstalled Flash yet, maybe today should be that day. The update posted yesterday has a remote code exec proof-of-concept already here: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+have… ∗∗∗ Array string obfuscation ∗∗∗ --------------------------------------------- We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method has been increasingly utilized: [...] --------------------------------------------- http://labs.sucuri.net/?note=2018-12-06 ===================== = Vulnerabilities = ===================== ∗∗∗ Philips HealthSuite Health Android App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an inadequate encryption strength vulnerability in Philips HealthSuite Health Android App. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01 ∗∗∗ GE Proficy GDS ∗∗∗ --------------------------------------------- This advisory contains mitigations for an improper restriction of XML external entity reference vulnerability in GEs Proficy GDS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01 ∗∗∗ Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules ∗∗∗ --------------------------------------------- This advisory contains mitigations for a missing authentication vulnerability in the Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02 ∗∗∗ watchOS 5.1.2 ∗∗∗ --------------------------------------------- This document describes the security content of watchOS 5.1.2. --------------------------------------------- https://support.apple.com/en-us/HT209343 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack). --------------------------------------------- https://lwn.net/Articles/774270/ ∗∗∗ Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN89767228/ ∗∗∗ IBM Security Bulletin: Potential information disclosure in WebSphere Application Server (CVE-2018-1957) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-information… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by multiple openssl vulnerabilities. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-se… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-social-program-ma… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.12.2018
by Daily end-of-shift report 06 Dec '18

06 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 05-12-2018 18:00 − Donnerstag 06-12-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 2: Fun with FaceTime ∗∗∗ --------------------------------------------- FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the .. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Data Exfiltration in Penetration Tests ∗∗∗ --------------------------------------------- In many penetration tests, therell be a point where you need to exfiltrate some data. Sometimes this is a situation of "OK, we got the crown jewels, lets get the data off premise". Or sometimes in .. --------------------------------------------- https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24… ∗∗∗ Campaign evolution: Hancitor changes its Word macros ∗∗∗ --------------------------------------------- Todays diary reviews trends in recent malicious spam (malspam) pushing Hancitor. --------------------------------------------- https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+changes+its+W… ∗∗∗ MikroTik: Hunderttausende Router schürfen heimlich Kryptogeld ∗∗∗ --------------------------------------------- Eine im August bekannt gewordenen Schwachstelle in den Geräten wird momentan öfter angegriffen denn je. --------------------------------------------- http://heise.de/-4243857 ∗∗∗ Linux: Besserer Spectre-V2-Schutz jetzt im Kernel, kaum Geschwindigkeitsverlust ∗∗∗ --------------------------------------------- Nach einem abgelehnten Patch haben die Linux-Entwickler den Schutz gegen die CPU-Lücke Spectre V2 in den Kerneln 4.14.86 und 4.19.7 verbessert. --------------------------------------------- http://heise.de/-4244052 ∗∗∗ Betrügerischer Sicherheitsalarm im Postfach ∗∗∗ --------------------------------------------- Konsument/innen finden in ihrem E-Mailpostfach eine Nachricht mit dem Betreff „Sicherheitsalarm. Hacker kennen das Passwort vom (E-Mailadresse)“. In dem Schreiben behaupten Kriminelle .. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3205&tx… ∗∗∗ konsolensultan.de ist ein Fake-Shop ∗∗∗ --------------------------------------------- Bestellen Sie nicht bei konsolensultan.de, es handelt sich um einen unseriösen Anbieter. Die gewünschten Spielkonsolen und Controller werden Sie nie erreichen. Sie verlieren Ihr Geld. --------------------------------------------- https://www.watchlist-internet.at/news/konsolensultande-ist-ein-fake-shop/ ∗∗∗ A botnet of over 20,000 WordPress sites is attacking other WordPress sites ∗∗∗ --------------------------------------------- Botnet is still up and running but law enforcement has been notified. --------------------------------------------- https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-att… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-41) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-41) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, December 11, 2018. We will continue to provide updates on the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1669 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin). --------------------------------------------- https://lwn.net/Articles/774089/ ∗∗∗ MISP 2.4.99 released (aka API/UI fixes and critical security vulnerability fixed) ∗∗∗ --------------------------------------------- A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.Thanks to Francois-Xavier Stellamans from NCI Agency Cyber Security who reported a critical vulnerability in the STIX 1 import code. The vulnerability allows a malicious authenticated user to inject commands via .. --------------------------------------------- https://www.misp-project.org/2018/12/06/MISP.2.4.99.released.html ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Mul… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-5407 and CVE-2018-0734 in OpenSSL affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2… ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1896) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-could-… ∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a downgrade vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.12.2018
by Daily end-of-shift report 05 Dec '18

05 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 04-12-2018 18:00 − Mittwoch 05-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Adventures in Video Conferencing Part 1: The Wild World of WebRTC ∗∗∗ --------------------------------------------- Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. While a lot of research has been done into the cryptographic and privacy properties of video conferencing, there is limited information available about the attack surface of these platforms [...] --------------------------------------------- https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferen… ∗∗∗ Notfallpatch: Exploit-Code für kritische Flash-Lücke im Umlauf ∗∗∗ --------------------------------------------- Es gibt ein wichtiges Sicherheitsupdate für Adobes Flash Player. Nutzer sollten es dringend installieren. --------------------------------------------- http://heise.de/-4242328 ∗∗∗ SplitSpectre: Neue Methode macht Prozessor-Angriffe einfacher ∗∗∗ --------------------------------------------- Eine neue Abwandlung des Spectre-V1-Angriffs macht solche Attacken auf CPUs realistischer. Sie lässt sich über die JavaScript-Engine eines Browsers ausführen. --------------------------------------------- http://heise.de/-4241478 ∗∗∗ Achtung Dynamit-Phishing: Gefährliche Trojaner-Welle legt ganze Firmen lahm ∗∗∗ --------------------------------------------- BSI, CERT-Bund und Cybercrime-Spezialisten der LKAs sehen eine akute Welle von Infektionen mit Emotet, die Millionenschäden anrichtet. --------------------------------------------- http://heise.de/-4241424 ∗∗∗ The Dark Side of the ForSSHe ∗∗∗ --------------------------------------------- ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, "The Dark Side of the ForSSHe", they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats --------------------------------------------- https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/ ∗∗∗ Achtung: Gefälschte PayPal-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Konsument/innen wird per E-Mail eine angebliche Rechnung von PayPal zugesandt - für ein Produkt, das nie bestellt wurde. Um die Rechnung zu stornieren, soll man einem Link folgen und dort seine persönlichen Daten und Zahlungsinformationen bekannt geben. Wer der Aufforderung nachkommt, wird Opfer eines Datendiebstahls und ermöglicht Kriminellen Zahlungen im eigenen Namen! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-gefaelschte-paypal-rechnunge… ∗∗∗ It looked like a Citrix ShareFile phishing attack, but wasn’t ∗∗∗ --------------------------------------------- Guest contributor Bob Covello isn’t happy about a password reset email that Citrix has been sending its customers.If you’re a company contacting your customers via email, please make sure it doesn’t look phishy. --------------------------------------------- https://www.grahamcluley.com/citrix-sharefile-not-phishing-email/ ===================== = Vulnerabilities = ===================== ∗∗∗ Omron CX-One ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow and use after free vulnerabilities in Omrons CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01 ∗∗∗ SpiderControl SCADA WebServer ∗∗∗ --------------------------------------------- This advisory includes mitigations for a reflected cross-site scripting vulnerability in SpiderControls SCADA WebServer software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02 ∗∗∗ Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018 ∗∗∗ --------------------------------------------- Version 1.15: Final --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Inadequate cryptography implementation in Kerio Control VPN protocol ∗∗∗ --------------------------------------------- A vulnerability in the Kerio Control VPN protocol allowed an attacker to modify data transferred through the VPN. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/inadequate-cryptography-impl… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby). --------------------------------------------- https://lwn.net/Articles/773964/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1935) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-secur… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Financial Transaction Manager for Check Services ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-17/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-im… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a XSS vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyz… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.12.2018
by Daily end-of-shift report 04 Dec '18

04 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 03-12-2018 18:00 − Dienstag 04-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KoffeyMaker: notebook vs. ATM ∗∗∗ --------------------------------------------- Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack. --------------------------------------------- https://securelist.com/koffeymaker-notebook-vs-atm/89161/ ∗∗∗ SamSam Ransomware ∗∗∗ --------------------------------------------- Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide.NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information. This product is provided subject to this --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/03/SamSam-Ransomware ∗∗∗ App-Store-Betrug mit Touch-ID-Geräten ∗∗∗ --------------------------------------------- Verschiedene Entwickler versuchen, Nutzer zum Kauf teurer In-App-Angebote zu bringen – mittels "Fingerabdruckklau". Apple reagiert. --------------------------------------------- http://heise.de/-4239342 ∗∗∗ Kubernetes: Kritisches Update für Container-Verwaltung ∗∗∗ --------------------------------------------- In Kubernetes steckt eine gefährliche Sicherheitslücke, über die unangemeldete Angreifer Code mit Admin-Rechten im Cluster ausführen können. --------------------------------------------- http://heise.de/-4240804 ∗∗∗ Gebietskörperschaften erhalten gefälschte Geschäftskorrespondenz ∗∗∗ --------------------------------------------- Betrüger/innen schreiben Gebietskörperschaften an und geben sich als Geschäftspartner/innen des Bundes, der Länder oder der Gemeinden aus. Sie erfinden einen Grund, der es angeblich notwendig macht, dass sie die Vertragskopie für ein Rechtsgeschäft erhalten. In diese fügen sie neue Bankdaten ein und fordern die Geldüberweisung auf ein neues Konto. Beamt/innen und Vertragsbedienstete, die die Transaktion durchführen, überweisen Geld an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gebietskoerperschaften-erhalten-gefa… ∗∗∗ In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct ∗∗∗ --------------------------------------------- Since we began reporting on online card skimming, we have noted consistent evolutions in modus operandi of the various Magecart groups, and even the Magecart phenomenon itself. The web-skimming ecosystem has exploded, spawning multiple groups that want a piece of the action, many of which we reported on in our recent report “Inside Magecart.” […]The post In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct appeared first on RiskIQ. --------------------------------------------- https://www.riskiq.com/blog/labs/magecart-vision-direct/ ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-12-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2018-12-01.html ∗∗∗ Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is [...] --------------------------------------------- https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injectio… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/773826/ ∗∗∗ Cisco Energy Management Suite Default PostgreSQL Password Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ TMM vulnerability CVE-2018-5535 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19634255 ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM WebSphere Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-15/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Transparent Cloud Tiering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-14/ ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: QRadar Advisor with Watson ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-13/ ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Apache PDFBox as used in IBM QRadar Incident Forensics is vulnerable to Publicly disclosed vulnerability. (CVE-2018-8036) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-as-used… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily