=====================
= End-of-Day report =
=====================
Timeframe: Montag 07-01-2019 18:00 − Dienstag 08-01-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Digging Up the Past: Windows Registry Forensics Revisited ∗∗∗
---------------------------------------------
Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. This can be useful to discover malicious activity and to determine what data may have been stolen from a network. Many different types of data are present in the registry that can provide evidence of program execution, application settings, malware persistence, and other valuable artifacts.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-win…
∗∗∗ Software auf vielen Routern nutzt etablierte Sicherheitsmechanismen nicht ∗∗∗
---------------------------------------------
Sicherheitsforscher von Cyber-ITL haben sich die Software auf 28 Router mit ARM- und MIPS-Architektur für den Heimgebrauch angeschaut und herausgefunden, dass viele Modelle ihr Sicherheitspotenzial nicht ausschöpfen: Viele Firmware-Versionen setzen in der Linux-Basis eigentlich vorhandene Sicherheitsmechanismen wie Address Space Layout Randomization (ASLR) und Data Execution Prevention (DEP) nicht ein.
---------------------------------------------
http://heise.de/-4268046
∗∗∗ Bitcoin-Erpressung mit Masturbationsvideo ∗∗∗
---------------------------------------------
Internet-User/innen finden E-Mails mit dem Betreff „Hohe Gefahr. Konto wurde angegriffen.“ in ihrem Posteingang. Die Versandadresse entspricht fälschlicherweise der Empfangsadresse. Eine angebliche Hacker/in droht damit, ein Selbstbefriedigungs-Video der Empfänger/in zu veröffentlichen. Der geforderte Bitcoin-Betrag darf nicht bezahlt werden, denn das Video existiert nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/bitcoin-erpressung-mit-masturbations…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Flash Player (APSB19-01), Adobe Connect (APSB19-05) and Adobe Digital Editions (APSB19-04). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1685
∗∗∗ Google Android: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen. Als Folge kann der Angreifer die Kontrolle über das Gerät übernehmen, Daten ausspionieren, das Gerät zum Absturz bringen oder unbrauchbar machen. Zur erfolgreichen Ausnutzung der Schwachstellen genügt es, eine manipulierte App zu öffnen oder einen Link anzutippen, der zu einer bösartigen Software führt.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/01/warn…
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libav), Fedora (krb5), Red Hat (source-to-image), and SUSE (gpg2, libgit2, and libsoup).
---------------------------------------------
https://lwn.net/Articles/776215/
∗∗∗ SAP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen SAP Produkten ausnutzen, um dadurch die Vertraulichkeit, Verfügbarkeit und die Integrität der Anwendung zu gefährden.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0012
∗∗∗ VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update ∗∗∗
---------------------------------------------
https://kb.cert.org/vuls/id/317277
∗∗∗ Vulnerability in Java Deserialization Affecting Cisco Products ∗∗∗
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
∗∗∗ SIP User Directory Information Disclosure ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5741 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-is-affected-by-…
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ SSA-180635 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in S7-1500 CPU ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf
∗∗∗ SSA-293562 (Last Update: 2019-01-08): Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf
∗∗∗ SSA-306710 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf
∗∗∗ SSA-559174 (Last Update: 2019-01-08): Multiple Vulnerabilities in CP1604 and CP1616 devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf
∗∗∗ SSA-579309 (Last Update: 2019-01-08): Denial-of-Service in SICAM A8000 Series ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf
∗∗∗ SSA-325546 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module of SWT3000 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf
∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K16940442
∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K65481741
∗∗∗ GnuTLS vulnerability CVE-2018-16868 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K18955141
∗∗∗ Nettle vulnerability CVE-2018-16869 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K45616155
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 04-01-2019 18:00 − Montag 07-01-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Betrügerische Mails versprechen Millionen ∗∗∗
---------------------------------------------
Immer wieder erhalten Internetnutzer/innen E-Mails, die schnelles Geld in Form von Erbschaften, Spenden und Geschenken in Millionenhöhe versprechen. Im konkreten Fall hat der Absender angeblich 533 Millionen US-Dollar gewonnen und möchte zwei Millionen davon an die Empfänger/in spenden. Damit die Konsument/innen das Geld erhalten, sollen sie Vorauszahlungen leisten. Wer dies tut, verliert Geld und persönliche Daten an Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-mails-versprechen-mil…
∗∗∗ Warnung vor monaco-modding.com ∗∗∗
---------------------------------------------
Der Anbieter monaco-modding.com bezeichnet sich als Deutschland schnellsten Moddingservice. Er bietet Kund/innen Unlock Alls für GTA 5, Skins für Fortnite, Eingabekeys für Black Ops 4 oder Red Dead Redemption 2 sowie günstige Netflix- und Spotify-Accounts an. Von einer Bestellung auf monaco-modding.com ist dringend abzuraten, denn der Anbieter liefert keine Ware.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-monaco-moddingcom/
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitslücke: Mit Skype Android-PIN umgehen ∗∗∗
---------------------------------------------
Mit einem einfachen Skype-Anruf lassen sich trotz PIN-Sperre Fotos, Kontakte und mehr auf einem Android-Smartphone einsehen. Ein Update wurde veröffentlicht, steht aber noch nicht für alle Geräte zur Verfügung. (Android, Skype)
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-mit-skype-android-pin-umgehen-1…
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (keepalived), Debian (python-django), Fedora (tcpreplay), Mageia (apache-commons-compress, aubio, dcraw, freerdp, imagemagick, ldb, talloc, samba, libao, libextractor, libgxps, libpgf, openjpeg2, pdns, pdns-recursor, php-phpmailer, plexus-archiver, units, wget, and xmlrpc), Oracle (keepalived and kernel), and SUSE (polkit and xen).
---------------------------------------------
https://lwn.net/Articles/776162/
∗∗∗ IBM Security Bulletin: API Connect is affected by a vulnerability in the role-based access control (CVE-2018-1932) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect…
∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator…
∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator…
∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator…
∗∗∗ IBM Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2018-1918) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit…
∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K50394032
∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K30503705
∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K86075480
∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10281096
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 03-01-2019 18:00 − Freitag 04-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Open redirects - the vulnerability class no one but attackers cares about ∗∗∗
---------------------------------------------
Open redirects is an underrated bug class that is often considered a non-vulnerability. In certain cases it could lead to Windows credential stealing, javascript execution and in the best case it can only be used in phishing attacks, malicious redirecting and damaging the brand off the vulnerable company.
---------------------------------------------
https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-cla…
∗∗∗ OWASP Top 10 Security Risks – Part IV ∗∗∗
---------------------------------------------
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.
---------------------------------------------
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-iv.html
∗∗∗ Phishing template uses fake fonts to decode content and evade detection ∗∗∗
---------------------------------------------
Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding.
---------------------------------------------
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fa…
∗∗∗ Sicherheitsupdates: Zwei kritische Lücken in Adobe Acrobat und Reader ∗∗∗
---------------------------------------------
Adobe patcht seine PDF-Anwendungen außer der Reihe. Über ein Schlupfloch könnten Angreifer Schadcode ausführen.
---------------------------------------------
http://heise.de/-4265230
=====================
= Vulnerabilities =
=====================
∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an improper input validation vulnerability in Schneider Electrics Pro-face GP-Pro EX, an HMI screen editor and logic programming software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01
∗∗∗ Yokogawa Vnet/IP Open Communication Driver ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for a resource management error vulnerability in Yokogawas Vnet/IP open communication driver.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02
∗∗∗ Hetronic Nova-M ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an authentication bypass by capture-relay vulnerability in Hetronics Nova-M remote control transmitters and receivers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (wget), Oracle (kernel), Red Hat (keepalived), Scientific Linux (keepalived), and SUSE (GraphicsMagick and mailman).
---------------------------------------------
https://lwn.net/Articles/776019/
∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0007
∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0006
∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-b…
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib…
∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln…
∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vuln…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1677) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by weak cryptographic algorithms (CVE-2018-1665) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a man in the middle vulnerability (CVE-2018-1663) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a XML External Entity Injection (XXE) vulnerability (CVE-2018-1669) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 02-01-2019 18:00 − Donnerstag 03-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ NRSMiner updates to newer version ∗∗∗
---------------------------------------------
More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, [...]
---------------------------------------------
https://labsblog.f-secure.com/2019/01/03/nrsminer-updates-to-newer-version/
∗∗∗ Malicious Script Leaking Data via FTP ∗∗∗
---------------------------------------------
The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on standard Windows tools.
---------------------------------------------
https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/244…
∗∗∗ Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X ∗∗∗
---------------------------------------------
Today, Cisco Talos is disclosing several vulnerabilities in MacPaws CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them. In all of these bugs, an attacker with local access to the victim machine could modify the file system as root.
---------------------------------------------
https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-CleanMyM…
∗∗∗ CastHack: Zehntausende Chromecast-Adapter spielten plötzlich Youtube-Video ab ∗∗∗
---------------------------------------------
Gutmütige Hacker zeigen, dass Googles Chromecast oft über das Internet erreichbar ist. Das ist ein generelles Problem und durchaus gefährlich.
---------------------------------------------
http://heise.de/-4263887
∗∗∗ Unterkunft nicht auf bookingsallgala.com buchen! ∗∗∗
---------------------------------------------
Auf bookinsallgala.com finden Sie Unterkünfte und Hotels rund um die Welt. Eine Buchung sollten Sie hier aber auf keinen Fall abschließen, denn die Seite wird von Kriminellen betrieben! Während Geld von Ihrer Kreditkarte abgebucht wird, erreicht Ihre Reservierung nie das Hotel und Sie erhalten die bezahlte Leistung nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/unterkunft-nicht-auf-bookingsallgala…
∗∗∗ Betrugsgefahren beim Privateinkauf ∗∗∗
---------------------------------------------
Personen, die über Kleinanzeigen-Plattformen Produkte kaufen, können an Kriminelle geraten. Sie verlangen eine Bezahlung der Ware im Voraus oder einen Identitätsnachweis zu ihrer Sicherheit. Ihre Ware liefern sie jedoch nicht, weshalb Opfer ihr Geld und ihre Identität an Kriminelle verlieren. Die Watchlist Internet zeigt Ihnen bekannte Betrugsformen beim Privateinkauf, damit Sie sicher auf Kleinanzeigen-Plattformen einkaufen können.
---------------------------------------------
https://www.watchlist-internet.at/news/betrugsgefahren-beim-privateinkauf/
∗∗∗ Gefälschte Billa-Gewinn-SMS im Umlauf! ∗∗∗
---------------------------------------------
Erneut haben Betrüger/innen eine gefälschte Gewinn-SMS von Billa in Umlauf gebracht. Personen, die der Nachricht Glauben schenken, dem Link in der SMS folgen und die Umfrage beantworten, sollen zwei Euro per Kreditkarte zahlen, um ein iPhone XS mit 256 GB geschenkt zu bekommen. Wer das macht, tappt in eine Abo-Falle und erhält kein iPhone XS.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-billa-gewinn-sms-im-umla…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-02) ∗∗∗
---------------------------------------------
Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-02). The updates referenced in the bulletin address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1682
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jasper, libdatetime-timezone-perl, qtbase-opensource-src, thunderbird, and tzdata), Red Hat (rh-perl524-perl), and SUSE (libraw, polkit, and xen).
---------------------------------------------
https://lwn.net/Articles/775937/
∗∗∗ Microsoft Windows 10: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0005
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an OpenSource Apache Struts vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul…
∗∗∗ IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2018-1888. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i-access-for-wind…
∗∗∗ IBM Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-is…
∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit…
∗∗∗ IBM Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-affects…
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-…
∗∗∗ IBM Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 28-12-2018 18:00 − Mittwoch 02-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data ∗∗∗
---------------------------------------------
A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-allows-…
∗∗∗ How to Decrypt the FilesLocker Ransomware with FilesLockerDecrypter ∗∗∗
---------------------------------------------
On December 29th, an unknown user released the master RSA decryption key for FilesLocker v1 and v2. This allowed Michael Gillespie to release a decryptor for files encrypted by the FilesLocker Ransomware that have the .[fileslocker(a)pm.me] extension appended to file names.
---------------------------------------------
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-fi…
∗∗∗ EU finanziert Bug Bounty für Open-Source-Software wie VLC ∗∗∗
---------------------------------------------
Wer Fehler in Open-Source-Software entdeckt, kann sich ab Jänner von der EU dafür belohnen lassen.
---------------------------------------------
https://futurezone.at/netzpolitik/eu-finanziert-bug-bounty-fuer-open-source…
∗∗∗ Sicherheitslücke: DoS-Angriff auf Bluetooth-Chips von Broadcom ∗∗∗
---------------------------------------------
Bluetooth auf einem fremden Smartphone ausknipsen und einen Bluetooth-Lautsprecher zum Schweigen bringen? Mit einer Sicherheitslücke in Bluetooth-Chips von Broadcom ist das möglich. (Bluetooth, CCC)
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-dos-angriff-auf-bluetooth-chips…
∗∗∗ Phishing & Co: Immer skeptisch bleiben – sicher unterwegs im vernetzten Büro ∗∗∗
---------------------------------------------
Firmen geraten zunehmend ins Visier von Angreifern. Die IT-Systeme stellen dabei gar nicht die größte Schwachstelle dar. Es sind die Mitarbeiter.
---------------------------------------------
http://heise.de/-4260197
∗∗∗ Vorsicht bei Veröffentlichung und Kauf beim AV Akademikerverlag ∗∗∗
---------------------------------------------
Universitätsabsolvent/innen, die kurz nach Abschluss ihres Studiums überlegen, ihre Bachelor-, Master- oder Doktorarbeiten zu publizieren, ist von einer Veröffentlichung beim AV Akademikerverlag abzuraten. Während die Publikation kostenlos ist, tritt man seine Veröffentlichungsrechte an der Arbeit an einen Verlag ab, der einen zweifelhaften Ruf hat.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-veroeffentlichung-und-k…
∗∗∗ cyber-giant.com ist ein Fake-Shop ∗∗∗
---------------------------------------------
Der Fake-Shop cyber-giant.com bietet günstige Elektroartikel an. Konsument/innen, die bei dem Händler einkaufen, verlieren ihr Geld und ihre Identität an Kriminelle, denn er ist betrügerisch und liefert keine Waren. Das zeigt eine Internetrecherche, ein Preisvergleich und die ausschließliche Möglichkeit, die Ware nur im Voraus zu bezahlen.
---------------------------------------------
https://www.watchlist-internet.at/news/cyber-giantcom-ist-ein-fake-shop/
∗∗∗ DNS-Blacklists und Neujahrsvorsätze ∗∗∗
---------------------------------------------
Die altehrwürdige DNS-Blacklist njabl.org hat 2013 den Betrieb eingestellt. Vor kurzem dürfte nun die Domain den Besitzer gewechselt haben, und wer diese DNSBL noch immer benutzt, bekommt nun auf alle Anfragen ein positives Ergebnis. Mit dem Effekt, dass etliche Mailserver alle eingehende Mail ablehnen.
---------------------------------------------
http://www.cert.at/services/blog/20190102135412-2339.html
∗∗∗ Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security ∗∗∗
---------------------------------------------
The "white hat" hacker, who claimed to be part of a group calling itself the "Anonymous Calgary Mindhive", said it hadn’t been hard for him to hijack control of a man's Nest security camera.
---------------------------------------------
https://hotforsecurity.bitdefender.com/blog/spooked-by-a-speaking-security-…
=====================
= Vulnerabilities =
=====================
∗∗∗ [CVE-2018-17191] Apache NetBeans 9.0 Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE) ∗∗∗
---------------------------------------------
To be vulnerable to the issue, the system running NetBeans needs to be configured to use Proxy Auto-Configuration (PAC), NetBeans must be configured to use the system proxy settings and the attacker needs to be able to modify the PAC script.
---------------------------------------------
https://seclists.org/oss-sec/2018/q4/275
∗∗∗ Fehler in Software-Suite gefährdet NAS-Geräte von Synology ∗∗∗
---------------------------------------------
Kritische Sicherheitslücken betreffen Software von Synology und machen Netzwerkspeicher des Herstellers angreifbar. Updates sind verfügbar.
---------------------------------------------
http://heise.de/-4261032
∗∗∗ Synology-SA-19:01 Photo Station ∗∗∗
---------------------------------------------
These vulnerabilities allow remote attackers to execute arbitrary SQL commands and remote authenticated users to upload arbitrary files via a susceptible version of Photo Station.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_01
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (go, go-pie, and webkit2gtk), Debian (c3p0, debian-security-support, libextractor, and tar), Fedora (electron-cash, leptonica, LibRaw, mingw-leptonica, mingw-openjpeg2, mingw-poppler, nettle, openjpeg2, php-pear, sqlite, and vcftools), Gentoo (GKSu and rust), Mageia (keepalived and libtiff), openSUSE (containerd, docker, go, go, GraphicsMagick, libraw, mozilla-nspr and mozilla-nss, netatalk, polkit, wireshark, and xen), and SUSE (containerd, [...]
---------------------------------------------
https://lwn.net/Articles/775790/
∗∗∗ Security updates for the new year ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (graphicsmagick, poppler, python, and python-lxml) and openSUSE (GraphicsMagick).
---------------------------------------------
https://lwn.net/Articles/775824/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (thunderbird), Fedora (terminology), openSUSE (GraphicsMagick), and Red Hat (rh-perl526-perl).
---------------------------------------------
https://lwn.net/Articles/775852/
∗∗∗ Vuln: ZTE ZMAX Multiple Security Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106361
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K24353255
∗∗∗ Binutils vulnerability CVE-2018-17985 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35710418
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 27-12-2018 18:00 − Freitag 28-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ BUNDESGESETZBLATT FÜR DIE REPUBLIK ÖSTERREICH ∗∗∗
---------------------------------------------
111. Bundesgesetz, mit dem das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz – NISG) erlassen und das Telekommunikationsgesetz 2003 geändert wird
---------------------------------------------
https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2018_I_111/BGBLA_2018_I_…
∗∗∗ 35C3: Hacker zeigt Schwachstellen in IoT-Netzwerk Sigfox auf ∗∗∗
---------------------------------------------
Die Datenkommunikation über das Sigfox-Funknetz, das auf das Internet der Dinge ausgerichtet ist, lässt sich momentan bei vielen Geräten recht einfach abhören.
---------------------------------------------
http://heise.de/-4259662
∗∗∗ Warnung vor elektro-hilfe.at ∗∗∗
---------------------------------------------
Bei elektro-hilfe.at handelt es sich um einen 24h-Elektriker-Notdienst, der verspricht, Pannen und Schäden die durch Wasserrohrbrüche, verstopfte Leitungen u.Ä. verursacht wurden, zu beheben. Verlockend klingen vor allem auch die günstigen Preise, mit denen auf der Website geworben wird. Der Anbieter ist nicht vertrauenswürdig, denn vor Ort werden überhöhte Preise verrechnet.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-elektro-hilfeat/
∗∗∗ Hijacking Online Accounts Via Hacked Voicemail Systems ∗∗∗
---------------------------------------------
Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services.
---------------------------------------------
https://threatpost.com/hijacking-online-accounts-via-hacked-voicemail-syste…
∗∗∗ Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage ∗∗∗
---------------------------------------------
The home surveillance cams have hard-coded credentials.
---------------------------------------------
https://threatpost.com/guardzilla-cameras-flaw/140415/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ghostscript, graphicsmagick, libarchive, libsndfile, libvncserver, ruby-sanitize, and wireshark), Fedora (mosquitto and tinc), Mageia (monit, sqlite3, and thunderbird), and SUSE (openssl).
---------------------------------------------
https://lwn.net/Articles/775635/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libphp-phpmailer), Fedora (mosquitto and tinc), and Mageia (ruby-i18n and tcpdump).
---------------------------------------------
https://lwn.net/Articles/775670/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-11784) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-open-source-apache-to…
∗∗∗ BIG-IP APM portal access may potentially leak host name information for back-end servers ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K31333705
∗∗∗ BIG-IP APM webtop vulnerability CVE-2018-15334 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K74114570
∗∗∗ BIG-IP ARM BGP vulnerability CVE-2018-17539 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K17264695
∗∗∗ The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K95010813
∗∗∗ BIG-IP vulnerability CVE-2018-15333 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K53620021
∗∗∗ BIG-IP APM OAuth failure response message vulnerability CVE-2018-15335 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K27617652
Next End-of-Day report: 2019-01-02
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 21-12-2018 18:00 − Donnerstag 27-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-02) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB19-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, January 03, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1680
∗∗∗ 5 Steps to Mitigate Endpoint Security Incidents ∗∗∗
---------------------------------------------
Endpoint security may be the best investment you have ever made. According to a Ponemon survey – The 2017 State of Endpoint Security Risk – the average cost to an organization of attacks that managed to breach endpoint security was $5 million. In this article, we will look at what you need to know about [...]
---------------------------------------------
https://resources.infosecinstitute.com/5-steps-to-mitigate-endpoint-securit…
∗∗∗ Warnung vor Auresoil Sensi & Secure ∗∗∗
---------------------------------------------
Auf einem erfundenen österreichischen Medizinportal behaupten Unbekannte, dass es mit Auresoil Sensi & Secure möglich sei, „das Hörvermögen zu 100% wiederherzustellen“. Das Produkt können Interessent/innen um 57 Euro auf bestmarkethub.com/43/auresoil-med/gps erwerben. Davon raten wir ab, denn die medizinische Wirkung von Auresoil Sensi & Secure ist unklar und kann schädlich sein.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-auresoil-sensi-secure/
∗∗∗ Nicht bei der Knurf GmbH & Co. KG bewerben ∗∗∗
---------------------------------------------
Die betrügerische Knurf GmbH & Co. KG sucht über knurf.net Proband/innen, die Produkte oder Dienstleitungen testen sollen. Die Aufgabe von Interessent/innen besteht letzen Endes darin, dass sie ein Online-Konto eröffnen und ihre Zugangsdaten an das erfundene Unternehmen senden. Damit ist es den Kriminellen möglich, Verbrechen und Geldwäscherei unter dem Namen ihrer Opfer zu begehen.
---------------------------------------------
https://www.watchlist-internet.at/news/nicht-bei-der-knurf-gmbh-co-kg-bewer…
=====================
= Vulnerabilities =
=====================
∗∗∗ spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials ∗∗∗
---------------------------------------------
An authenticated user can visit the page spaces.htm, for example, http://victime_ip/spaces.htm, and obtain clear text password of user admin [...]
---------------------------------------------
https://seclists.org/fulldisclosure/2018/Dec/45
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox), Debian (ghostscript, libarchive, openjpeg2, and sqlite3), Fedora (krb5, mariadb, mariadb-connector-c, mingw-openjpeg2, openjpeg2, phpMyAdmin, python-lxml, spatialite-tools, sqlite, and squid), Mageia (kernel), openSUSE (bluez, git, go1.10, libnettle, libqt5-qtbase, ovmf, pdns, perl, tcpdump, tiff, tryton, and yast2-rmt), Slackware (netatalk), and SUSE (buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, [...]
---------------------------------------------
https://lwn.net/Articles/775549/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libextractor and nagios3) and Fedora (adplug, mingw-podofo, and podofo).
---------------------------------------------
https://lwn.net/Articles/775584/
∗∗∗ Synology-SA-18:63 DS File ∗∗∗
---------------------------------------------
A vulnerability allows local users to obtain sensitive information via a susceptible version of Android DS File.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_63
∗∗∗ Synology-SA-18:64 DSM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_64
∗∗∗ Synology-SA-18:65 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_65
∗∗∗ Vuln: McAfee Application and Change Control Multiple Security Bypass Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106282
∗∗∗ Vuln: Kibana CVE-2018-17246 Local File Include Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106285
∗∗∗ diverse Router: Schwachstelle ermöglicht Erlangen von Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1200
∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th…
∗∗∗ IBM Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ja…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-12882) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-classific…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 20-12-2018 18:00 − Freitag 21-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers ∗∗∗
---------------------------------------------
Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmati…
∗∗∗ Warnung vor Phishing-Mails mit Adresse help(a)orf.at ∗∗∗
---------------------------------------------
Seit einigen Stunden sind Phishing-Mails in Umlauf, die als Reply-Adresse help(a)orf.at eingetragen haben. ORF.at weist ausdrücklich darauf hin, dass von der Konsumentenredaktion des ORF-Radio keinerlei Mails ausgeschickt werden und warnt davor, solche Mails zu öffnen.
---------------------------------------------
https://orf.at/stories/3105176
∗∗∗ Betrügerische WhatsApp-Nachrichten beim Privatverkauf ∗∗∗
---------------------------------------------
Privatverkäufer/innen erhalten von einer Nummer mit der Vorwahl „+1“ eine WhatsApp-Nachricht. Darin erkundigen sich Kriminelle nach dem Produktpreis und schlagen die Kaufabwicklung mit der EMS Shipping Company vor. Sie bestätigt einen überhöhten Zahlungseingang. Verkäufer/innen sollen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie beides.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Horner Automation Cscape ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an improper input validation vulnerability in Horner Automation’s Cscape, a Control System Application programming software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01
∗∗∗ Schneider Electric EcoStruxure ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an open redirect vulnerability in Schneider Electric’s EcoStruxure, an IoT-enabled architecture and platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-354-02
∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗
---------------------------------------------
Project: JSON:APIDate: 2018-December-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities.The module doesnt sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability.
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-081
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libapache-mod-jk, libav, and netatalk), Fedora (kernel-headers, kernel-tools, and phpMyAdmin), Gentoo (go), Mageia (netty, jctools, php, and phpmyadmin), openSUSE (keepalived), Scientific Linux (ntp), SUSE (enigmail, libqt5-qtbase, mariadb, netatalk, and yast2-rmt), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-aws-hwe, [...]
---------------------------------------------
https://lwn.net/Articles/775420/
∗∗∗ Synology-SA-18:62 Netatalk ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM) and Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_62
∗∗∗ Vuln: Ghostscript CVE-2018-19134 Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106278
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-cpu-hardware-utiliz…
∗∗∗ December 20, 2018 TNS-2018-17 [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2018-17
∗∗∗ TMM vulnerability CVE-2018-15330 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23328310
∗∗∗ BIG-IP AAM DCDB vulnerability CVE-2018-15331 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54843525
∗∗∗ TMUI vulnerability CVE-2018-15329 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61620494
Next End-of-Day report: 2018-12-27
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 19-12-2018 18:00 − Donnerstag 20-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ On VBScript ∗∗∗
---------------------------------------------
Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default. Yet this did not deter attackers ..
---------------------------------------------
https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html
∗∗∗ Rise of the Webminers ∗∗∗
---------------------------------------------
About a year ago webminers began to appear on more and more website. It was popularized by CoinHive and a couple of high-profile scandals revolving around ThePirateBay and Showtime and, in ..
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rise-of-the…
∗∗∗ WPA3 WLAN Encryption: All Good Things Come In 3s! ∗∗∗
---------------------------------------------
The current protocol WPA2 (WiFi Protected Access) from 2004 is getting on in years. In early 2018, the WiFi Alliance (WFA) announced an update at the Consumer Electronics Show in Las Vegas. WPA3 is the designated successor, which should eliminate weak points as well as the comfort and the security would clearly increase. In the last ..
---------------------------------------------
http://www.ikarussecurity.com/about-ikarus/security-blog/wpa3-wlan-encrypti…
∗∗∗ Kritische Sicherheitslücke in Internet Explorer - Patches verfügbar ∗∗∗
---------------------------------------------
Microsoft hat ausserhalb des monatlichen Patch-Zyklus Updates für den Internet Explorer veröffentlicht, mit denen eine kritische Sicherheitslücke geschlossen wird. Diese Schwachstelle soll bereits aktiv ..
---------------------------------------------
http://www.cert.at/warnings/all/20181219.html
∗∗∗ sgifashop.com ist unseriös ∗∗∗
---------------------------------------------
Der Online-Shop sgifashop.com ist mit seinem Sortiment sehr breit aufgestellt, so ist auch bestimmt für Sie das gewünschte Produkt dabei. Der Alleskönner ist jedoch betrügerisch und liefert ..
---------------------------------------------
https://www.watchlist-internet.at/news/sgifashopcom-ist-unserioes/
∗∗∗ Researcher publishes PoC for new Windows zero-day ∗∗∗
---------------------------------------------
This is the third Windows zero-day the researcher dumps online in the last five months.
---------------------------------------------
https://www.zdnet.com/article/researcher-publishes-poc-for-new-windows-zero…
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4355 openssl1.0 - security update ∗∗∗
---------------------------------------------
Several local side channel attacks and a denial of service via largeDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4355
∗∗∗ Vuln: Jenkins Multiple Security Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106176
∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-081
∗∗∗ E-Sign - Moderately critical - Cross site scripting - SA-CONTRIB-2018-080 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-080
∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocol of Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-…
∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Business Automation Workflow (CVE-2018-1849) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ D-LINK Router: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1191
∗∗∗ FreeBSD OS: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1192
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily