Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 15.01.2019
by Daily end-of-shift report 15 Jan '19

15 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 14-01-2019 18:00 − Dienstag 15-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Schwer ausnutzbar: Die ungefixten Sicherheitslücken ∗∗∗ --------------------------------------------- Sicherheitslücken wie Spectre, Rowhammer und Heist lassen sich kaum vollständig beheben, ohne gravierende Performance-Einbußen zu akzeptieren. Daher bleiben sie ungefixt. Trotzdem werden sie bisher kaum ausgenutzt. --------------------------------------------- https://www.golem.de/news/schwer-ausnutzbar-die-ungefixten-sicherheitslueck… ∗∗∗ Sicherheitslücken: Bauarbeitern die Maschinen weghacken ∗∗∗ --------------------------------------------- Bergbaumaschinen, Kräne und andere Industriegeräte lassen sich fernsteuern oder durch einen DoS-Angriff unbenutzbar machen. Das ist laut einer Studie nicht nur gefährlich, sondern auch vergleichsweise einfach. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-bauarbeitern-die-maschinen-weg… ∗∗∗ Erpressungs-Mail von ‚Anonymer Hacker‘ ignorieren ∗∗∗ --------------------------------------------- Konsument/innen erhalten E-Mails von Kriminellen, die sich als „Anonymer Hacker“ ausgeben. Man erpresst Empfänger/innen damit, dass intimes Videomaterial veröffentlicht wird, wenn keine Bitcoins im Wert von 2000 Euro überwiesen werden. Wer die Nachricht empfangen hat, darf nichts bezahlen und kann sie getrost ignorieren, denn ein Masturbationsvideo existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/erpressungs-mail-von-anonymer-hacker… ∗∗∗ Kein Geld an Credit Management Europe zahlen ∗∗∗ --------------------------------------------- Credit Management Europe versendet eine Zahlungsaufforderung in Höhe von 292,13 Euro an Unternehmen. Darin heißt es, dass Empfänger/innen eine offene Rechnung bei Internet Domain Services Austria (IDSA) haben. Bezahlen Empfänger/innen diese nicht, kommt es zur Einleitung rechtlicher Schritte. Unternehmen können die Androhung ignorieren und müssen keine Zahlung leisten, denn das Schreiben ist betrügerisch. --------------------------------------------- https://www.watchlist-internet.at/news/kein-geld-an-credit-management-europ… ∗∗∗ Gefälschte DHL Express-Mail enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten gefälschte Nachrichten vom DHL-Kundendienst. Darin werden sie über einen angeblichen Lieferversuch benachrichtigt und aufgefordert einen Dateianhang zu öffnen. Achtung: Der Inhalt ist frei erfunden und der Anhang darf nicht geöffnet werden. Er enthält Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-dhl-express-mail-enthael… ===================== = Vulnerabilities = ===================== ∗∗∗ OpenSSH & Putty: Sicherheitlücke in SCP ermöglicht Dateiaustausch ∗∗∗ --------------------------------------------- Ein bösartiger Server kann Dateien austauschen, die mittels SCP über SSH heruntergeladen werden - im schlimmsten Fall Schadcode. Die insgesamt fünf Sicherheitslücken klaffen in den aktuellen Versionen von OpenSSH, Putty und WinSCP. --------------------------------------------- https://www.golem.de/news/openssh-putty-sicherheitluecke-in-scp-ermoeglicht… ∗∗∗ [20190104] - Core - Stored XSS issue in the Global Configuration help url ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-i… ∗∗∗ [20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-i… ∗∗∗ [20190102] - Core - Stored XSS in com_contact ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in com_contact leads to a stored XSS vulnerability Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-i… ∗∗∗ [20190101] - Core - Stored XSS in mod_banners ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Low Severity: Low Description: Inadequate escaping in mod_banners leads to a stored XSS vulnerability. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.1 Solution Upgrade to version 3.9.2 --------------------------------------------- https://developer.joomla.org/security-centre/760-20190101-core-stored-xss-i… ∗∗∗ Sicherheitsforscher brechen aus Docker-Container aus ∗∗∗ --------------------------------------------- Forschern ist es gelungen, aus einem Container der Docker-Testumgebung "Play with Docker" auf das darunterliegende System zuzugreifen und Code auszuführen. --------------------------------------------- http://heise.de/-4276108 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (irssi and systemd), CentOS (systemd), Debian (xen and zeromq3), Fedora (gnutls, kernel, kernel-headers, kernel-tools, and nbdkit), Oracle (libvncserver and systemd), Red Hat (libvncserver), and Ubuntu (haproxy, libarchive, and php-pear). --------------------------------------------- https://lwn.net/Articles/776771/ ∗∗∗ Synology-SA-19:04 Calendar ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_04 ∗∗∗ Synology-SA-19:03 Surveillance Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Surveillance Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_03 ∗∗∗ Synology-SA-19:02 VS960HD ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of VS960HD. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_02 ∗∗∗ Vuln: Identicard Premisys Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106552 ∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM Cloud Private ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by an Apache CXF vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling External Authentication Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.01.2019
by Daily end-of-shift report 14 Jan '19

14 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-01-2019 18:00 − Montag 14-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Nicht bestellen auf thaisawadee.de ∗∗∗ --------------------------------------------- Auf thaisawadee.de werden Konsument/innen asiatische Kunst, Schmuck, Spezialitäten und Salben angeboten. Der Shop hat seinen Sitz in Thailand und eine Bezahlung ist nur per Vorkasse möglich. Berichten zufolge bleibt die Lieferung häufig aus und bezahltes Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bestellen-auf-thaisawadeede/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (sqlite3, systemd, and vlc), Fedora (mingw-nettle and polkit), Mageia (graphicsmagick, python-django, spice-vdagent, and to), openSUSE (aria2, discount, gpg2, GraphicsMagick, gthumb, haproxy, irssi, java-1_7_0-openjdk, java-1_8_0-openjdk, libgit2, LibVNCServer, and sssd), Red Hat (systemd), Scientific Linux (systemd), Slackware (irssi and zsh), SUSE (LibVNCServer and sssd), and Ubuntu (gnome-bluetooth and systemd). --------------------------------------------- https://lwn.net/Articles/776685/ ∗∗∗ VideoLAN VLC Media Player: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VideoLAN VLC Media Player ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0042 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM® SPSS Analytic Server is vulnerable to Cross-Site Scripting (CVE-2018-1772) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-analytic-ser… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by WAS is susceptible to TLS downgrade if using FIPS and JVM property if using non WAS keystore/truststore ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2019
by Daily end-of-shift report 11 Jan '19

11 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-01-2019 18:00 − Freitag 11-01-2019 18:00 Handler: Dimitri Robl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenleak - mal ganz ohne Hype ∗∗∗ --------------------------------------------- Datenleak - mal ganz ohne Hype11. Jänner 2019Man hätte sich in den letzten Tagen enorm anstrengen müssen, um der Berichterstattung zu dem vor knapp einer Woche in Deutschland bekannt gewordenen Datenleak zu entgehen.Um es trotzdem nochmal kurz zusammenzufassen: Unbekannte Täter veröffentlichten im Laufe des Dezembers Dokumente und persönliche Informationen hunderter deutscher Politiker und anderer Personen des öffentlichen Lebens in Form eines bizarren --------------------------------------------- http://www.cert.at/services/blog/20190111135415-2348.html ∗∗∗ Vivy & Co.: Gesundheitsapps kranken an der Sicherheit ∗∗∗ --------------------------------------------- Mit Sicherheitsversprechen geizen die Hersteller von Gesundheitsapps wahrlich nicht. Doch wie ist es wirklich darum bestellt? (Medizin, Gesundheitskarte) --------------------------------------------- https://www.golem.de/news/vivy-co-gesundheitsapps-kranken-an-der-sicherheit… ∗∗∗ Using Wireshark – Display Filter Expressions ∗∗∗ --------------------------------------------- As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review packet captures (pcaps) of network traffic generated by malware samples. To better accomplish this work, I use a customized Wireshark column display as described my previous blog about using Wireshark. Today’s post provides more tips for analysts toThe post Using Wireshark – Display Filter Expressions appeared first on Unit42. --------------------------------------------- https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressi… ∗∗∗ Windows 10 Experts Guide: Everything you need to know about BitLocker ∗∗∗ --------------------------------------------- Encrypting every bit of data on a Windows 10 PC is a crucial security precaution. Every edition of Windows 10 includes strong encryption options, with business editions having the best set of management tools. Heres a hands-on guide. --------------------------------------------- https://www.zdnet.com/article/windows-10-experts-guide-everything-you-need-… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson DeltaV ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass vulnerability in Emersons DeltaV distributed control system workstation products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-01 ∗∗∗ Omron CX-One CX-Protocol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a type confusion vulnerability in Omrons CX-Protocol within the CX-One software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-02 ∗∗∗ Pilz PNOZmulti Configurator ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a clear-text storage of sensitive information vulnerability in the Pilz PNOZmulti Configurator, a safety circuit configuration tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03 ∗∗∗ Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 ∗∗∗ --------------------------------------------- This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is now being released to the NCCIC/ICS-CERT website. This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in the Tridium Niagara Enterprise Security, the Niagara AX, and the Niagara 4 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02 ∗∗∗ USN-3855-1: systemd vulnerabilities ∗∗∗ --------------------------------------------- systemd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarySeveral security issues were fixed in systemd.Software Descriptionsystemd - system and service managerDetailsIt was discovered that systemd-journald allocated variable-length buffersfor certain message fields on the stack. A local attacker couldpotentially exploit this to cause a denial of service, or executearbitrary code. --------------------------------------------- https://usn.ubuntu.com/3855-1/ ∗∗∗ Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar ∗∗∗ --------------------------------------------- Sicherheitslücken (teils kritisch) in Juniper ATP, Junos OS und Space OS Software - Patches verfügbar 11. Jänner 2019 Beschreibung Der Netzwerkausrüster Juniper hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Juniper Space OS, Junos OS und ATP Software veröffentlicht. Zwei der Schwachstellen in Juniper ATP werden mit dem höchstmöglichen CVSS3 Score von 10 als kritisch eingestuft: CVE-2019-0020, CVE-2019-0022 [...] --------------------------------------------- http://www.cert.at/warnings/all/20190111.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (systemd and wireshark-cli), Debian (libsndfile and tmpreaper), Fedora (beep, electrum, gnutls, haproxy, krb5, mupdf, php-horde-Horde-Image, python-django, and wget), Mageia (libarchive and terminology), openSUSE (libraw, polkit, and singularity), SUSE (haproxy, java-1_8_0-openjdk, LibVNCServer, and webkit2gtk3), and Ubuntu (exiv2, gnupg2, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/776518/ ∗∗∗ ZDI-19-013: (0day) Microsoft Windows vcf File Insufficient UI Warning Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-013/ ∗∗∗ Format String Vulnerability in SSH username ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-018 ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by an IBM WebSphere Application Server vulnerability(CVE-2017-1788) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1956, CVE-2018-1969, CVE-2018-1967 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1904) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-remote-code… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2019
by Daily end-of-shift report 10 Jan '19

10 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-01-2019 18:00 − Donnerstag 10-01-2019 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ WordPress-Related Vulnerabilities Tripled in 2018 ∗∗∗ --------------------------------------------- WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites. --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-related-vulnerabil… ∗∗∗ Global DNS Hijacking Campaign: DNS Record Manipulation at Scale ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-ca… ∗∗∗ North Korea APT(?) and recent Ryuk Ransomware attacks ∗∗∗ --------------------------------------------- Our Threat Intelligence team has been tracking the Emotet botnet throughout 2018. In our previous post we reported a large scale Emotet campaign focused on e-mail content exfiltration.Today, we review the evidence gathered from our Telltale Threat Intelligence Service, which suggests the involvement of Emotet as the delivery mechanism for the latest wave of Ryuk ransomware attacks being dubbed as North Korean state-sponsored cyber-attacks.The evidence from the dataset completes the missing --------------------------------------------- https://blog.kryptoslogic.com/malware/2019/01/10/dprk-emotet.html ∗∗∗ E-Mail von mir selbst-erklärt ∗∗∗ --------------------------------------------- Sie erhalten vermeintlich von sich selbst eine E-Mail und fragen sich, wie das möglich ist? Die Antwort darauf ist, dass Kriminelle eine E-Mail so verändern können, dass die Absender/innen- mit der Empfänger/innen-Adresse ident ist. Das bedeutet jedoch nicht, dass Unbekannte Zugriff auf Ihr Konto haben und über dieses betrügerische Nachrichten an Sie versenden. --------------------------------------------- https://www.watchlist-internet.at/news/erklaerung-fuer-e-mail-von-mir-selbs… ∗∗∗ Gehälter durch Datenklau bei Wohnungssuche gestohlen! ∗∗∗ --------------------------------------------- Konsument/innen, die auf Mietwohnungssuche sind, stoßen mitunter auf gefälschte Wohnungsinserate. Bei Interesse an einer Immobilie senden sie, wie üblich, ihre Gehaltsabrechnungen der letzten Monate an die angeblichen Vermieter/innen. Kriminelle nutzen die Daten, um die Arbeitgeber/innen der Wohnungssuchenden über einen Kontowechsel zu informieren und Gehälter abzuzweigen! --------------------------------------------- https://www.watchlist-internet.at/news/gehaelter-durch-datenklau-bei-wohnun… ===================== = Vulnerabilities = ===================== ∗∗∗ Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001 ∗∗∗ --------------------------------------------- Description: This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unused function. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-001 ∗∗∗ Sicherheitslücken mit Höchstwertung in Juniper ATP ∗∗∗ --------------------------------------------- Angreifer könnten mit vergleichsweise wenig Aufwand die volle Kontrolle über das Schutzprodukt Advanced Threat Prevention (ATP) übernehmen. Darüber hinaus sind verschiedene Versionen des Betriebssystems Junos OS und die Management-Plattform für Netzwerke Junos Space angreifbar. Zwei Lücken (CVE-2019-0022, CVE-2019-0025) sind mit dem höchstmöglichen CVSS 3 Score 10 von 10 eingestuft. --------------------------------------------- http://heise.de/-4271009 ∗∗∗ Multiple Vulnerabilities in Cisco VOIP Phones, e.g. models 88XX ∗∗∗ --------------------------------------------- SEC Consult was able to identify a JavaScript like code injection in the Cisco VoIP Phone 8800 Series via the built-in T9 keyboard. Moreover, multiple outdated libraries and hard coded credentials got identified by conducting a static firmware analysis using the IoT Inspector platform. Patches are already available by Cisco. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerabilities-in-cisco-voi… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libcaca), Fedora (beep and libgxps), Mageia (krb5, live, ffmpeg, mplayer, and vlc, and mbedtls), SUSE (helm-mirror, java-1_7_0-openjdk, and systemd), and Ubuntu (nss and python-django). --------------------------------------------- https://lwn.net/Articles/776397/ ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2019
by Daily end-of-shift report 09 Jan '19

09 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-01-2019 18:00 − Mittwoch 09-01-2019 18:00 Handler: Robert Waldner Co-Handler: Dimitri Robl ===================== = News = ===================== ∗∗∗ Face Unlock: 42 von 110 Handys lassen sich mit Portrait-Fotos austricksen ∗∗∗ --------------------------------------------- Im Test einer NGO ließen sich alle Handys von Nokia und Sony mit Portrait-Fotos entsperren. Die Bilanz anderer Hersteller ist mit einer Ausnahme durchwachsen. --------------------------------------------- http://heise.de/-4269897 ∗∗∗ Gefälschte card complete Sicherheits-App enthält Schadsoftware ∗∗∗ --------------------------------------------- Internetnutzer/innen finden gefälschte card complete Nachrichten in ihrem Posteingang. Darin behaupten die kriminellen Versender/innen, dass eine Sicherheits-App am Mobiltelefon installiert werden muss, damit die Kreditkarte weiterhin genutzt werden kann. Die App darf nicht heruntergeladen werden, denn sie enthält Schadsoftware! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-card-complete-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Zelio Soft 2 ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a use after free vulnerability in Schneider Electrics Zelio Soft 2 programming platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-01 ∗∗∗ Schneider Electric IIoT Monitor ∗∗∗ --------------------------------------------- This advisory includes mitigations for path traversal, unrestricted upload of file with dangerous type, and XXE vulnerabilities in the Schneider Electric IIoT Monitor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-008-02 ∗∗∗ Intel Patches High-Severity Privilege-Escalation Bugs ∗∗∗ --------------------------------------------- Overall, the chip giant patched five vulnerabilities across an array of its products. --------------------------------------------- https://threatpost.com/intel-patches-privilege-escalation-bugs/140665/ ∗∗∗ Patchday: Fast nur "wichtige" Sicherheitsupdates für Windows & Co. ∗∗∗ --------------------------------------------- Microsoft kümmert sich um Software-Schwachstellen in unter anderem Windows. Nutzer sollten eine baldige Installation der Updates sicherstellen. --------------------------------------------- http://heise.de/-4269105 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (elfutils, polkit, and tar), Debian (python-django and ruby-loofah), and Mageia (ansible, avidemux, coreutils, discount, nettle, openafs, opensc, and qtbase5). --------------------------------------------- https://lwn.net/Articles/776310/ ∗∗∗ Cisco Content Security Management Appliance Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASR 900 Series Aggregation Services Router Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Password Recovery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent Software Redis Server Unauthenticated Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite Graphite Unauthenticated Read-Only Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Porduct ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ Security Advisory - Use After Free Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-… ∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by an httpclient package in WAS internally Vulnerability(CVE-2012-5783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2019
by Daily end-of-shift report 08 Jan '19

08 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 07-01-2019 18:00 − Dienstag 08-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Digging Up the Past: Windows Registry Forensics Revisited ∗∗∗ --------------------------------------------- Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. This can be useful to discover malicious activity and to determine what data may have been stolen from a network. Many different types of data are present in the registry that can provide evidence of program execution, application settings, malware persistence, and other valuable artifacts. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-win… ∗∗∗ Software auf vielen Routern nutzt etablierte Sicherheitsmechanismen nicht ∗∗∗ --------------------------------------------- Sicherheitsforscher von Cyber-ITL haben sich die Software auf 28 Router mit ARM- und MIPS-Architektur für den Heimgebrauch angeschaut und herausgefunden, dass viele Modelle ihr Sicherheitspotenzial nicht ausschöpfen: Viele Firmware-Versionen setzen in der Linux-Basis eigentlich vorhandene Sicherheitsmechanismen wie Address Space Layout Randomization (ASLR) und Data Execution Prevention (DEP) nicht ein. --------------------------------------------- http://heise.de/-4268046 ∗∗∗ Bitcoin-Erpressung mit Masturbationsvideo ∗∗∗ --------------------------------------------- Internet-User/innen finden E-Mails mit dem Betreff „Hohe Gefahr. Konto wurde angegriffen.“ in ihrem Posteingang. Die Versandadresse entspricht fälschlicherweise der Empfangsadresse. Eine angebliche Hacker/in droht damit, ein Selbstbefriedigungs-Video der Empfänger/in zu veröffentlichen. Der geforderte Bitcoin-Betrag darf nicht bezahlt werden, denn das Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressung-mit-masturbations… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB19-01), Adobe Connect (APSB19-05) and Adobe Digital Editions (APSB19-04). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1685 ∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen. Als Folge kann der Angreifer die Kontrolle über das Gerät übernehmen, Daten ausspionieren, das Gerät zum Absturz bringen oder unbrauchbar machen. Zur erfolgreichen Ausnutzung der Schwachstellen genügt es, eine manipulierte App zu öffnen oder einen Link anzutippen, der zu einer bösartigen Software führt. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/01/warn… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libav), Fedora (krb5), Red Hat (source-to-image), and SUSE (gpg2, libgit2, and libsoup). --------------------------------------------- https://lwn.net/Articles/776215/ ∗∗∗ SAP: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen SAP Produkten ausnutzen, um dadurch die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendung zu gefährden. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0012 ∗∗∗ VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update ∗∗∗ --------------------------------------------- https://kb.cert.org/vuls/id/317277 ∗∗∗ Vulnerability in Java Deserialization Affecting Cisco Products ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ SIP User Directory Information Disclosure ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5741 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ SSA-180635 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf ∗∗∗ SSA-293562 (Last Update: 2019-01-08): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf ∗∗∗ SSA-306710 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf ∗∗∗ SSA-559174 (Last Update: 2019-01-08): Multiple Vulnerabilities in CP1604 and CP1616 devices ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf ∗∗∗ SSA-579309 (Last Update: 2019-01-08): Denial-of-Service in SICAM A8000 Series ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf ∗∗∗ SSA-325546 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module of SWT3000 ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ GnuTLS vulnerability CVE-2018-16868 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18955141 ∗∗∗ Nettle vulnerability CVE-2018-16869 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45616155 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.01.2019
by Daily end-of-shift report 07 Jan '19

07 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-01-2019 18:00 − Montag 07-01-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Betrügerische Mails versprechen Millionen ∗∗∗ --------------------------------------------- Immer wieder erhalten Internetnutzer/innen E-Mails, die schnelles Geld in Form von Erbschaften, Spenden und Geschenken in Millionenhöhe versprechen. Im konkreten Fall hat der Absender angeblich 533 Millionen US-Dollar gewonnen und möchte zwei Millionen davon an die Empfänger/in spenden. Damit die Konsument/innen das Geld erhalten, sollen sie Vorauszahlungen leisten. Wer dies tut, verliert Geld und persönliche Daten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-mails-versprechen-mil… ∗∗∗ Warnung vor monaco-modding.com ∗∗∗ --------------------------------------------- Der Anbieter monaco-modding.com bezeichnet sich als Deutschland schnellsten Moddingservice. Er bietet Kund/innen Unlock Alls für GTA 5, Skins für Fortnite, Eingabekeys für Black Ops 4 oder Red Dead Redemption 2 sowie günstige Netflix- und Spotify-Accounts an. Von einer Bestellung auf monaco-modding.com ist dringend abzuraten, denn der Anbieter liefert keine Ware. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-monaco-moddingcom/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Mit Skype Android-PIN umgehen ∗∗∗ --------------------------------------------- Mit einem einfachen Skype-Anruf lassen sich trotz PIN-Sperre Fotos, Kontakte und mehr auf einem Android-Smartphone einsehen. Ein Update wurde veröffentlicht, steht aber noch nicht für alle Geräte zur Verfügung. (Android, Skype) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-mit-skype-android-pin-umgehen-1… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (keepalived), Debian (python-django), Fedora (tcpreplay), Mageia (apache-commons-compress, aubio, dcraw, freerdp, imagemagick, ldb, talloc, samba, libao, libextractor, libgxps, libpgf, openjpeg2, pdns, pdns-recursor, php-phpmailer, plexus-archiver, units, wget, and xmlrpc), Oracle (keepalived and kernel), and SUSE (polkit and xen). --------------------------------------------- https://lwn.net/Articles/776162/ ∗∗∗ IBM Security Bulletin: API Connect is affected by a vulnerability in the role-based access control (CVE-2018-1932) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2018-1918) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.01.2019
by Daily end-of-shift report 04 Jan '19

04 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-01-2019 18:00 − Freitag 04-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Open redirects - the vulnerability class no one but attackers cares about ∗∗∗ --------------------------------------------- Open redirects is an underrated bug class that is often considered a non-vulnerability. In certain cases it could lead to Windows credential stealing, javascript execution and in the best case it can only be used in phishing attacks, malicious redirecting and damaging the brand off the vulnerable company. --------------------------------------------- https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-cla… ∗∗∗ OWASP Top 10 Security Risks – Part IV ∗∗∗ --------------------------------------------- To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. --------------------------------------------- https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-iv.html ∗∗∗ Phishing template uses fake fonts to decode content and evade detection ∗∗∗ --------------------------------------------- Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding. --------------------------------------------- https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fa… ∗∗∗ Sicherheitsupdates: Zwei kritische Lücken in Adobe Acrobat und Reader ∗∗∗ --------------------------------------------- Adobe patcht seine PDF-Anwendungen außer der Reihe. Über ein Schlupfloch könnten Angreifer Schadcode ausführen. --------------------------------------------- http://heise.de/-4265230 ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an improper input validation vulnerability in Schneider Electrics Pro-face GP-Pro EX, an HMI screen editor and logic programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01 ∗∗∗ Yokogawa Vnet/IP Open Communication Driver ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a resource management error vulnerability in Yokogawas Vnet/IP open communication driver. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02 ∗∗∗ Hetronic Nova-M ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for an authentication bypass by capture-relay vulnerability in Hetronics Nova-M remote control transmitters and receivers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (wget), Oracle (kernel), Red Hat (keepalived), Scientific Linux (keepalived), and SUSE (GraphicsMagick and mailman). --------------------------------------------- https://lwn.net/Articles/776019/ ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0007 ∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0006 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1677) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by weak cryptographic algorithms (CVE-2018-1665) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a man in the middle vulnerability (CVE-2018-1663) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a XML External Entity Injection (XXE) vulnerability (CVE-2018-1669) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2019
by Daily end-of-shift report 03 Jan '19

03 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-01-2019 18:00 − Donnerstag 03-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ NRSMiner updates to newer version ∗∗∗ --------------------------------------------- More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, [...] --------------------------------------------- https://labsblog.f-secure.com/2019/01/03/nrsminer-updates-to-newer-version/ ∗∗∗ Malicious Script Leaking Data via FTP ∗∗∗ --------------------------------------------- The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on standard Windows tools. --------------------------------------------- https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/244… ∗∗∗ Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing several vulnerabilities in MacPaws CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them. In all of these bugs, an attacker with local access to the victim machine could modify the file system as root. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-CleanMyM… ∗∗∗ CastHack: Zehntausende Chromecast-Adapter spielten plötzlich Youtube-Video ab ∗∗∗ --------------------------------------------- Gutmütige Hacker zeigen, dass Googles Chromecast oft über das Internet erreichbar ist. Das ist ein generelles Problem und durchaus gefährlich. --------------------------------------------- http://heise.de/-4263887 ∗∗∗ Unterkunft nicht auf bookingsallgala.com buchen! ∗∗∗ --------------------------------------------- Auf bookinsallgala.com finden Sie Unterkünfte und Hotels rund um die Welt. Eine Buchung sollten Sie hier aber auf keinen Fall abschließen, denn die Seite wird von Kriminellen betrieben! Während Geld von Ihrer Kreditkarte abgebucht wird, erreicht Ihre Reservierung nie das Hotel und Sie erhalten die bezahlte Leistung nicht. --------------------------------------------- https://www.watchlist-internet.at/news/unterkunft-nicht-auf-bookingsallgala… ∗∗∗ Betrugsgefahren beim Privateinkauf ∗∗∗ --------------------------------------------- Personen, die über Kleinanzeigen-Plattformen Produkte kaufen, können an Kriminelle geraten. Sie verlangen eine Bezahlung der Ware im Voraus oder einen Identitätsnachweis zu ihrer Sicherheit. Ihre Ware liefern sie jedoch nicht, weshalb Opfer ihr Geld und ihre Identität an Kriminelle verlieren. Die Watchlist Internet zeigt Ihnen bekannte Betrugsformen beim Privateinkauf, damit Sie sicher auf Kleinanzeigen-Plattformen einkaufen können. --------------------------------------------- https://www.watchlist-internet.at/news/betrugsgefahren-beim-privateinkauf/ ∗∗∗ Gefälschte Billa-Gewinn-SMS im Umlauf! ∗∗∗ --------------------------------------------- Erneut haben Betrüger/innen eine gefälschte Gewinn-SMS von Billa in Umlauf gebracht. Personen, die der Nachricht Glauben schenken, dem Link in der SMS folgen und die Umfrage beantworten, sollen zwei Euro per Kreditkarte zahlen, um ein iPhone XS mit 256 GB geschenkt zu bekommen. Wer das macht, tappt in eine Abo-Falle und erhält kein iPhone XS. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-billa-gewinn-sms-im-umla… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-02) ∗∗∗ --------------------------------------------- Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-02). The updates referenced in the bulletin address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1682 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (jasper, libdatetime-timezone-perl, qtbase-opensource-src, thunderbird, and tzdata), Red Hat (rh-perl524-perl), and SUSE (libraw, polkit, and xen). --------------------------------------------- https://lwn.net/Articles/775937/ ∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0005 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2018-1888. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-access-for-wind… ∗∗∗ IBM Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is… ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-affects… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2019
by Daily end-of-shift report 02 Jan '19

02 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-12-2018 18:00 − Mittwoch 02-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data ∗∗∗ --------------------------------------------- A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-allows-… ∗∗∗ How to Decrypt the FilesLocker Ransomware with FilesLockerDecrypter ∗∗∗ --------------------------------------------- On December 29th, an unknown user released the master RSA decryption key for FilesLocker v1 and v2. This allowed Michael Gillespie to release a decryptor for files encrypted by the FilesLocker Ransomware that have the .[fileslocker(a)pm.me] extension appended to file names. --------------------------------------------- https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-fi… ∗∗∗ EU finanziert Bug Bounty für Open-Source-Software wie VLC ∗∗∗ --------------------------------------------- Wer Fehler in Open-Source-Software entdeckt, kann sich ab Jänner von der EU dafür belohnen lassen. --------------------------------------------- https://futurezone.at/netzpolitik/eu-finanziert-bug-bounty-fuer-open-source… ∗∗∗ Sicherheitslücke: DoS-Angriff auf Bluetooth-Chips von Broadcom ∗∗∗ --------------------------------------------- Bluetooth auf einem fremden Smartphone ausknipsen und einen Bluetooth-Lautsprecher zum Schweigen bringen? Mit einer Sicherheitslücke in Bluetooth-Chips von Broadcom ist das möglich. (Bluetooth, CCC) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-dos-angriff-auf-bluetooth-chips… ∗∗∗ Phishing & Co: Immer skeptisch bleiben – sicher unterwegs im vernetzten Büro ∗∗∗ --------------------------------------------- Firmen geraten zunehmend ins Visier von Angreifern. Die IT-Systeme stellen dabei gar nicht die größte Schwachstelle dar. Es sind die Mitarbeiter. --------------------------------------------- http://heise.de/-4260197 ∗∗∗ Vorsicht bei Veröffentlichung und Kauf beim AV Akademikerverlag ∗∗∗ --------------------------------------------- Universitätsabsolvent/innen, die kurz nach Abschluss ihres Studiums überlegen, ihre Bachelor-, Master- oder Doktorarbeiten zu publizieren, ist von einer Veröffentlichung beim AV Akademikerverlag abzuraten. Während die Publikation kostenlos ist, tritt man seine Veröffentlichungsrechte an der Arbeit an einen Verlag ab, der einen zweifelhaften Ruf hat. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-veroeffentlichung-und-k… ∗∗∗ cyber-giant.com ist ein Fake-Shop ∗∗∗ --------------------------------------------- Der Fake-Shop cyber-giant.com bietet günstige Elektroartikel an. Konsument/innen, die bei dem Händler einkaufen, verlieren ihr Geld und ihre Identität an Kriminelle, denn er ist betrügerisch und liefert keine Waren. Das zeigt eine Internetrecherche, ein Preisvergleich und die ausschließliche Möglichkeit, die Ware nur im Voraus zu bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/cyber-giantcom-ist-ein-fake-shop/ ∗∗∗ DNS-Blacklists und Neujahrsvorsätze ∗∗∗ --------------------------------------------- Die altehrwürdige DNS-Blacklist njabl.org hat 2013 den Betrieb eingestellt. Vor kurzem dürfte nun die Domain den Besitzer gewechselt haben, und wer diese DNSBL noch immer benutzt, bekommt nun auf alle Anfragen ein positives Ergebnis. Mit dem Effekt, dass etliche Mailserver alle eingehende Mail ablehnen. --------------------------------------------- http://www.cert.at/services/blog/20190102135412-2339.html ∗∗∗ Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security ∗∗∗ --------------------------------------------- The "white hat" hacker, who claimed to be part of a group calling itself the "Anonymous Calgary Mindhive", said it hadn’t been hard for him to hijack control of a man's Nest security camera. --------------------------------------------- https://hotforsecurity.bitdefender.com/blog/spooked-by-a-speaking-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ [CVE-2018-17191] Apache NetBeans 9.0 Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE) ∗∗∗ --------------------------------------------- To be vulnerable to the issue, the system running NetBeans needs to be configured to use Proxy Auto-Configuration (PAC), NetBeans must be configured to use the system proxy settings and the attacker needs to be able to modify the PAC script. --------------------------------------------- https://seclists.org/oss-sec/2018/q4/275 ∗∗∗ Fehler in Software-Suite gefährdet NAS-Geräte von Synology ∗∗∗ --------------------------------------------- Kritische Sicherheitslücken betreffen Software von Synology und machen Netzwerkspeicher des Herstellers angreifbar. Updates sind verfügbar. --------------------------------------------- http://heise.de/-4261032 ∗∗∗ Synology-SA-19:01 Photo Station ∗∗∗ --------------------------------------------- These vulnerabilities allow remote attackers to execute arbitrary SQL commands and remote authenticated users to upload arbitrary files via a susceptible version of Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_01 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go, go-pie, and webkit2gtk), Debian (c3p0, debian-security-support, libextractor, and tar), Fedora (electron-cash, leptonica, LibRaw, mingw-leptonica, mingw-openjpeg2, mingw-poppler, nettle, openjpeg2, php-pear, sqlite, and vcftools), Gentoo (GKSu and rust), Mageia (keepalived and libtiff), openSUSE (containerd, docker, go, go, GraphicsMagick, libraw, mozilla-nspr and mozilla-nss, netatalk, polkit, wireshark, and xen), and SUSE (containerd, [...] --------------------------------------------- https://lwn.net/Articles/775790/ ∗∗∗ Security updates for the new year ∗∗∗ --------------------------------------------- Security updates have been issued by Mageia (graphicsmagick, poppler, python, and python-lxml) and openSUSE (GraphicsMagick). --------------------------------------------- https://lwn.net/Articles/775824/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (thunderbird), Fedora (terminology), openSUSE (GraphicsMagick), and Red Hat (rh-perl526-perl). --------------------------------------------- https://lwn.net/Articles/775852/ ∗∗∗ Vuln: ZTE ZMAX Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106361 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24353255 ∗∗∗ Binutils vulnerability CVE-2018-17985 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35710418 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily