Daily

daily@lists.cert.at

1 participants
3087 discussions

Tageszusammenfassung - 11.07.2018
by Daily end-of-shift report 11 Jul '18

11 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-07-2018 18:00 − Mittwoch 11-07-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ CoinRocket GmbH sucht Finanzverwalter für strafbare Arbeit ∗∗∗ --------------------------------------------- Die CoinRocket GmbH mit Sitz in Hard in der Steiermark betreibt die Website coinrocket.at. Auf Jobportalen inseriert die angebliche Firma Stellenausschreibungen für die Position eines/r FinanzverwaltungsassistentIn in Heimarbeit. InteressentInnen müssen bei dieser Arbeit ihre Kontodaten bekannt geben und sollen eingehende Zahlungen weiterleiten. Das Geld stammt dabei von Verbrechen und die FinanzverwalterInnen machen sich durch ihr Zutun strafbar. --------------------------------------------- https://www.watchlist-internet.at/news/coinrocket-gmbh-sucht-finanzverwalte… ∗∗∗ New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed ∗∗∗ --------------------------------------------- Two security researchers have revealed details about two new Spectre-class vulnerabilities, which theyve named Spectre 1.1 and Spectre 1.2. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-1… ∗∗∗ Internet: Viele ISPs geben BGP-Probleme einfach weiter ∗∗∗ --------------------------------------------- Immer wieder kommt es per BGP-Hijacking zum Umleiten von Internetverkehr. Ebenso werden falsche BGP-Routen auch einfach weitergeleitet. Eine Auswertung zeigt, dass die großen ISPs hier zu wenig agieren. Es gibt aber auch Abhilfe gegen besonders bösartige Akteure. (BGP, DE-CIX) --------------------------------------------- https://www.golem.de/news/internet-viele-isps-geben-bgp-probleme-einfach-we… ∗∗∗ July 2018 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/07/10/july-2018-security-upda… ∗∗∗ Department of Commerce Report on the Botnet Threat ∗∗∗ --------------------------------------------- Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic.T --------------------------------------------- https://www.schneier.com/blog/archives/2018/07/department_of_c.html ∗∗∗ Intel, Microsoft, Adobe release a swarm of bug fixes to ruin your week ∗∗∗ --------------------------------------------- Massive patch dump with 112 fixes... and thats just for the Photoshop giant IT admins face a busy week ahead as Microsoft, Intel, and Adobe have issued bundles of scheduled security fixes addressing more than 150 CVE-listed vulnerabilities.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/07/11/july_patch_… ∗∗∗ Spectre-NG: Intel dokumentiert "spekulativen Buffer Overflow" ∗∗∗ --------------------------------------------- Wie sich jetzt herausstellt, können Spectre-NG-Exploits nicht nur geschützten Speicher auslesen, sondern auch schreiben, wo sie wollen – vorläufig zumindest. --------------------------------------------- http://heise.de/-4108008 ===================== = Vulnerabilities = ===================== ∗∗∗ Arch Linux PDF reader package poisoned ∗∗∗ --------------------------------------------- Trust nobody: abandoned code was adopted by a miscreant Arch Linux has pulled a user-provided AUR (Arch User Repository) package, because it contained malware. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/07/11/someone_mod… ∗∗∗ Patchday: Kritische Lücke in SAP Bussines Client ∗∗∗ --------------------------------------------- Im Juli hat SAP 11 neue Sicherheitswarnungen veröffentlicht. Davon gilt aber nur eine als kritisch. Sicherheitsupdates sind verfügbar. --------------------------------------------- http://heise.de/-4108062 ∗∗∗ SSA-635129 (Last Update: 2018-07-11): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module and SIPROTEC 5 relays ∗∗∗ --------------------------------------------- The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by security vulnerabilities which could allow an attacker to conduct a Denial-of-Service attack over the network.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (cups), Oracle (kernel and qemu-kvm), Red Hat (ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux (kernel and qemu-kvm), Slackware (thunderbird), and Ubuntu (curl, firefox, imagemagick, and xapian-core). --------------------------------------------- https://lwn.net/Articles/759525/ ∗∗∗ IBM Security Bulletin: Vulnerability in IPSec-Tools affects IBM Integrated Management Module II (IMM2) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716865 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Virtual Fabric 10Gb Switch Module is affected by vulnerabilites in libxml2 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10715837 ∗∗∗ IBM Security Bulletin: Vulnerability in bind affects IBM Integrated Management Module II (IMM2) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10716769 ∗∗∗ IBM Security Bulletin: FileNet Content Management Interoperability Services (CMIS), which ships with IBM Content Navigator, is affected by the ability to parse untrusted XML input containing a reference to an external entity ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22017354 ∗∗∗ IBM Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016643 ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016869 ∗∗∗ HPESBHF03856 rev.1 - Comware v7 and Intelligent Management Center Products, Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.07.2018
by Daily end-of-shift report 10 Jul '18

10 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 09-07-2018 18:00 − Dienstag 10-07-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ APT Trends Report Q2 2018 ∗∗∗ --------------------------------------------- These summaries are a representative snapshot of what has been discussed in greater detail in our private reports during Q2 2018. They aim to highlight the significant events and findings that we feel people should be aware of. --------------------------------------------- https://securelist.com/apt-trends-report-q2-2018/86487/ ∗∗∗ Researchers Reveal Bypass for Apple’s USB Restricted Mode ∗∗∗ --------------------------------------------- Researchers released a workaround for Apples USB Restricted Mode security feature the same day it was rolled out. --------------------------------------------- https://threatpost.com/researchers-reveal-bypass-for-apples-usb-restricted-… ∗∗∗ Apple Patches Everything Again., (Tue, Jul 10th) ∗∗∗ --------------------------------------------- As usual for Apple patches, vulnerabilities tend to affect all/most Apple operating systems. One notable security issue that was addressed, but is not listed here, is the "USB accessory unlock" issue. This allowed systems like Greylock to unlock phones by brute forcing the passcode via the lightning port / USB. iOS 11.4.1 only allows USB devices to connect within 1 hour after the phone/tablet is locked. This is enabled by default but can be disabled by the user. OS X also fixes the [...] --------------------------------------------- https://isc.sans.edu/diary/rss/23852 ∗∗∗ Worm (Mirai?) Exploiting Android Debug Bridge (Port 5555/tcp), (Tue, Jul 10th) ∗∗∗ --------------------------------------------- Today, I noticed a marked increase in %%port:5555%% scans. --------------------------------------------- https://isc.sans.edu/diary/rss/23856 ∗∗∗ What’s New in the Xen Project Hypervisor 4.11 ∗∗∗ --------------------------------------------- This release contains mitigations for the Meltdown and Spectre vulnerabilities. It is worth noting that we spent a significant amount of time on completing and optimizing fixes for Meltdown and Spectre vulnerabilities. --------------------------------------------- https://blog.xenproject.org/2018/07/10/whats-new-in-the-xen-project-hypervi… ∗∗∗ Betrügerische Urlaubsnachricht von Kriminellen ∗∗∗ --------------------------------------------- Internet-Nutzer/innen erhalten von ihren Kontakten die Nachricht, dass sie im Ausland seien und Hilfe benötigen, denn sie haben ihre "Tasche verloren samt Reispass und kreditkarte". Aus diesem Grund sollen Empfänger/innen Geld mit Western Union ins Ausland überweisen. Es wird für ein "ticket und die hotelrechnungen" benötigt. In Wahrheit stammt die Nachricht von Kriminellen. Das Geld ist bei einer Auslandsüberweisung verloren. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-urlaubsnachricht-von-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-21), Adobe Connect (APSB18-22), Adobe Experience Manager (APSB18-23) and Adobe Flash Player (APSB18-24). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1581 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ruby-sprockets), Red Hat (ansible and rh-git29-git), Scientific Linux (firefox), SUSE (ceph), and Ubuntu (libjpeg-turbo, ntp, and openslp-dfsg). --------------------------------------------- https://lwn.net/Articles/759436/ ∗∗∗ [webapps] D-Link DIR601 2.02 - Credential Disclosure ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/45002/?rss ∗∗∗ IBM Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10716319 ∗∗∗ IBM Security Bulletin: OpenSSL vulnerabilties affect IBM NeXtScale Fan Power Controller (FPC) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10716741 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache CXF affects IBM TRIRIGA Application Platform (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716291 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10715747 ∗∗∗ WAGO Multiple vulnerabilities in e!DISPLAY products ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2018-010 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.07.2018
by Daily end-of-shift report 09 Jul '18

09 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-07-2018 18:00 − Montag 09-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hacker stehlen 2300 Liter Benzin von Tankstelle ∗∗∗ --------------------------------------------- Eine Zapfsäule einer Tankstelle in den USA wurde so manipuliert, dass sie kostenlos Sprit ausgab. --------------------------------------------- https://futurezone.at/digital-life/hacker-stehlen-2300-liter-benzin-von-tan… ∗∗∗ In cryptoland, trust can be costly ∗∗∗ --------------------------------------------- While the legal status of cryptocurrencies and laws to regulate them continue to be hammered out, scammers are busy exploiting the digital gold rush. Besides hacking cryptocurrency exchanges, exploiting smart-contract .. --------------------------------------------- https://securelist.com/in-cryptoland-trust-can-be-costly/86367/ ∗∗∗ PROPagate Code Injection Seen in the Wild ∗∗∗ --------------------------------------------- Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware:This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the properties of windows running in the same .. --------------------------------------------- https://www.schneier.com/blog/archives/2018/07/propagate_code_.html ∗∗∗ Stolen D-Link Certificate Used to Digitally Sign Spying Malware ∗∗∗ --------------------------------------------- Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from .. --------------------------------------------- https://thehackernews.com/2018/07/digital-certificate-malware.html ∗∗∗ Domain Factory confirms January 2018 data breach ∗∗∗ --------------------------------------------- German name n hosting outfit tells customers told to reset passwords after hacker taunts German hosting company Domainfactory has taken down its forums after someone posted messages alleging to have compromised the compa .. --------------------------------------------- www.theregister.co.uk/2018/07/09/domainfactory_in_germany_confirms_brdata_b… ∗∗∗ The Worst Cybersecurity Breaches of 2018 So Far ∗∗∗ --------------------------------------------- There havent been as many hacks and attacks compared to this time last year, but thats where the good news ends. --------------------------------------------- https://www.wired.com/story/2018-worst-hacks-so-far ∗∗∗ Jetzt patchen! Exploit-Code für extrem kritische Lücke in HPE iLO4 öffentlich ∗∗∗ --------------------------------------------- Sendet ein Angreifer eine cURL-Anfrage mit „AAAAAAAAAAAAAAAAAAAAAAAAAAAAA“ an verwundbare HP-Proliant-Server, könnte er diese übernehmen. --------------------------------------------- http://heise.de/-4104590 ∗∗∗ iTunes und iCloud für Windows: Update dringend angeraten ∗∗∗ --------------------------------------------- Die jüngsten Versionen von Apples Medienabpieler und der Cloud-Unterstützung für den PC beheben problematische Sicherheitslücken. --------------------------------------------- http://heise.de/-4104663 ===================== = Vulnerabilities = ===================== ∗∗∗ VMSA-2018-0016 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0016.html ∗∗∗ VMSA-2018-0011.1 ∗∗∗ --------------------------------------------- Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0011.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bouncycastle and ca-certificates), Fedora (cantata, cinnamon, php-symfony3, and transifex-client), openSUSE (ghostscript, openssl, openvpn, php7, rubygem-yard, thunderbird, ucode-intel, and unzip), and SUSE (libqt4, nodejs8, and openslp). --------------------------------------------- https://lwn.net/Articles/759361/ ∗∗∗ VLC: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗ --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/07/warn… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.07.2018
by Daily end-of-shift report 06 Jul '18

06 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-07-2018 18:00 − Freitag 06-07-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ HNS Botnet Recent Activities ∗∗∗ --------------------------------------------- Author: Rootkiter, yegenshenHNS is an IoT botnet (Hide and Seek) originally discovered by BitDefender in January this year. In that report, the researchers pointed out that HNS used CVE-2016-10401, and other vulnerabilities to propagate malicious code and stole user information. The HNS communicates through the P2P mechanism, which is [...] --------------------------------------------- http://blog.netlab.360.com/hns-botnet-recent-activities-en/ ∗∗∗ CoinImp Cryptominer and Fully Qualified Domain Names ∗∗∗ --------------------------------------------- We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. "www.example.com", where "www" is a subdomain, "example" is a second level domain, and "com" is a top level domain. However, very few know that there is also a DNS root domain and it can be also specified in the fully qualified domain names. --------------------------------------------- https://blog.sucuri.net/2018/07/coinimp-cryptominer-and-fully-qualified-dom… ∗∗∗ Schädlinge unterminieren Windows-Zertifikats-System ∗∗∗ --------------------------------------------- Immer mehr Trojaner installieren eigene Root-CAs in Windows, um damit ihre Schadprogramme signieren oder Web-Seiten-Aufrufe manipulieren zu können. --------------------------------------------- http://heise.de/-4100993 ∗∗∗ Apple stopft WLAN-Lücken auf Macs unter Windows ∗∗∗ --------------------------------------------- Mit einem Update sollen zwei Angriffspunkte in den Boot-Camp-Treibern behoben werden, mit denen Macs das Microsoft-Betriebssystem nutzen. --------------------------------------------- http://heise.de/-4102490 ∗∗∗ Datenleck bei Domainfactory: Hacker knackt Systeme, lässt Kundendaten mitgehen ∗∗∗ --------------------------------------------- Die Systeme des Hosters Domainfactory wurden offensichtlich von einem Hacker kompromittiert, der nun Zugang zu sensiblen Daten der Kunden hat. --------------------------------------------- http://heise.de/-4102881 ∗∗∗ IT-Sicherheit - Elektronikhändler e-tec und Ditech wurden Kundendaten gestohlen ∗∗∗ --------------------------------------------- Altes Passwort ist abgelaufen und muss neu gesetzt werden, Zahlungsdaten zu Kreditkarten und Kontoverbindungen nicht betroffen --------------------------------------------- https://derstandard.at/2000082932960/Elektronikhaendler-e-tec-und-Ditech-wu… ∗∗∗ What is it that Makes a Microsoft Executable a Microsoft Executable? ∗∗∗ --------------------------------------------- What exactly is it that separates arbitrary code from code that originates from Microsoft? I would wager that the reaction of most people would be to claim, "well... if it's signed by Microsoft, then it comes from Microsoft. What else is there to talk about?" --------------------------------------------- https://posts.specterops.io/what-is-it-that-makes-a-microsoft-executable-a-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers BIOS Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ WordPress 4.9.7 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory. --------------------------------------------- https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance… ∗∗∗ Stored XSS under CA and CRL certificate view page ∗∗∗ --------------------------------------------- Javascript code and HTML tags can be injected into the CN value of CA and CRL certificates via the import CA and CRL certificates feature of the GUI. The injected code may be executed when the GUI administrator views the CA certificate details and browses CRL certificates when CN values are rendered. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-17-305 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dokuwiki, libsoup2.4, mercurial, php7.0, and phpmyadmin), Fedora (ant, gnupg, libgit2, and libsoup), openSUSE (cairo, git-annex, postgresql95, and zsh), Scientific Linux (firefox), Slackware (mozilla), SUSE (nodejs6 and rubygem-yard), and Ubuntu (AMD microcode, devscripts, and firefox). --------------------------------------------- https://lwn.net/Articles/759212/ ∗∗∗ 2018-07-06: Vulnerability in Panel Builder 800 - Improper Input Validation ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Langu… ∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by a resource leakage vulnerability (CVE-2018-1548) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22017136 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22017003 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016892 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016895 ∗∗∗ IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10716005 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015940 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2018-2602, CVE-2018-2634) ∗∗∗ --------------------------------------------- https://www-prd-trops.events.ibm.com/node/715345 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=ibm10713469 ∗∗∗ PEPPERL+FUCHS Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2018-009 ∗∗∗ PEPPERL+FUCHS Remote Code Execution Vulnerability in HMI Devices ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2018-008 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.07.2018
by Daily end-of-shift report 05 Jul '18

05 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 04-07-2018 18:00 − Donnerstag 05-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ First-Ever Person Sentenced for Malicious Use of Coinhive Library ∗∗∗ --------------------------------------------- Authorities in Japan have sentenced a man for the first time for using the Coinhive JavaScript library for malicious purposes. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-ever-person-sentenced-… ∗∗∗ Analysis: Downloader with a twist ∗∗∗ --------------------------------------------- In this latest analysis, we will stay on the topic of fileless malware. Having dissected the Rozena backdoor in the last article, we have taken a peek into another malware that uses “fileless” techniques. Case in point: a downloader. --------------------------------------------- https://www.gdatasoftware.com/blog/07/30876-analysis-downloader-with-a-twist ∗∗∗ How to Check App Permissions on iOS, Android, Windows, and macOS ∗∗∗ --------------------------------------------- Its never a bad time to audit your app permissions. In fact, its more important than ever. --------------------------------------------- https://www.wired.com/story/how-to-check-app-permissions-ios-android-macos-… ∗∗∗ NSO-Mitarbeiter bietet iOS-Spyware Pegasus im Darknet an ∗∗∗ --------------------------------------------- Der geheimnisumwitterten israelischen Sicherheitsfirma NSO Group sind mächtige Spyware-Tools abhanden gekommen. Ein Insider wollte sie im Darknet verkaufen. --------------------------------------------- http://heise.de/-4101187 ∗∗∗ Gentoos GitHub mirror compromise incident report ∗∗∗ --------------------------------------------- LWN reported on June 29 that Gentoos GitHub mirror had been compromised. Gentoo now considers the incident resolved and the full report is available. "An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. They then proceeded to make .. --------------------------------------------- https://lwn.net/Articles/759046/ ∗∗∗ Warnung vor gefälschtem Microsoft-Sicherheitshinweis ∗∗∗ --------------------------------------------- Konsument/innen sehen in ihrem Browser eine gefälschte Microsoft-Sicherheitswarnung. Darin heißt es, dass ihr Computer mit Schadsoftware befallen sei. Aus diesem Grund sollen sie einen technischen Support anrufen und ein Programm auf ihrem Computer installieren. Es ermöglicht Kriminellen, bei Bezahlung von Rechnungen die Kreditkartendaten ihrer Opfern zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gefaelschtem-microsoft-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Custom Tokens - Moderately critical - Arbitrary Code Execution - SA-CONTRIB-2018-046 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-046 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.07.2018
by Daily end-of-shift report 04 Jul '18

04 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 03-07-2018 18:00 − Mittwoch 04-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Malware Authors Seem Intent on Weaponizing Windows SettingContent-ms Files ∗∗∗ --------------------------------------------- Malware authors are frantically trying to weaponize a new infection vector that was revealed at the start of June. The trick relies on using Windows Settings (.SettingContent-ms) shortcut files in order to achieve .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-authors-seem-intent-… ∗∗∗ Lücken in Provider-Routern entdeckt ∗∗∗ --------------------------------------------- Durch Lücken in Routern des Herstellers ADB kann sich ein Angreifer Root-Rechte verschaffen. Das kann auch für die Provider zum Problem werden. --------------------------------------------- http://heise.de/-4099449 ∗∗∗ Phishing tales: Microsoft Access Macro (.MAM) shortcuts ∗∗∗ --------------------------------------------- Previously, I blogged about the ability to create malicious .ACCDE Microsoft Access Database files and using them as a phishing vector. This post expands on using the ACCDE format and will be introducing Microsoft Access Macro “MAM” .. --------------------------------------------- https://posts.specterops.io/phishing-tales-microsoft-access-macro-mam-short… ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation Allen-Bradley Stratix 5950 ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation, improper certificate validation, and resource management error vulnerabilities in the Allen-Bradley Stratix 5950 security appliance. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01 ∗∗∗ Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-lin… ∗∗∗ Authorization Bypass in all ADB Broadband Gateways / Routers ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-… ∗∗∗ Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-net… ∗∗∗ Security vulnerabilities fixed in Thunderbird 52.9 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.07.2018
by Daily end-of-shift report 03 Jul '18

03 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 02-07-2018 18:00 − Dienstag 03-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Malware lockt mit Fortnite-Cheats ∗∗∗ --------------------------------------------- Die Beliebtheit von Fortnite ruft vermehrt auch Kriminelle auf den Plan. --------------------------------------------- https://futurezone.at/games/malware-lockt-mit-fortnite-cheats/400060664 ∗∗∗ Akute Gefahr für Überwachungs-Software Nagios XI ∗∗∗ --------------------------------------------- Ein MetaSploit-Modul nutzt mehrere Schwachstellen in Nagios XI so geschickt aus, dass ein Angreifer den Monitoring-Server übernehmen kann. --------------------------------------------- http://heise.de/-4096379 ∗∗∗ Patchday: Google schließt teils kritische Android-Lücken ∗∗∗ --------------------------------------------- Die monatlich von Google veröffentlichten Sicherheits-Patches für Android betreffen im Juli ausnahmslos Lücken mit hohem bis kritischem Schweregrad. --------------------------------------------- http://heise.de/-4096435 ∗∗∗ Mac malware targets cryptomining users ∗∗∗ --------------------------------------------- A new Mac malware called OSX.Dummy is being distributed on cryptomining chat groups that, even after being removed, leaves behind remnants for future malware to find. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2018/07/mac-malware-targets… ∗∗∗ Smoking Guns - Smoke Loader learned new tricks ∗∗∗ --------------------------------------------- This post is authored by Ben Baker and Holger Unterbrink OverviewCisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to .. --------------------------------------------- https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learne… ∗∗∗ Kontrolle erlangt - Hacker integrierten bei Gentoo Linux gefährlichen Löschbefehl ∗∗∗ --------------------------------------------- Github-Repo übernommen und Befehl untergejubelt – mittlerweile haben die Entwickler aber wieder Kontrolle --------------------------------------------- https://derstandard.at/2000082722326/Hacker-integrierten-bei-Gentoo-Linux-g… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7-backup_migrate, firefox, and podman), Red Hat (python), Scientific Linux (glibc, kernel, libvirt, pcs, samba, samba4, sssd and ding-libs, and zsh), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, linux-oem, and zziplib). --------------------------------------------- https://lwn.net/Articles/758940/ ∗∗∗ Multiple vulnerabilities from IBM Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://www.securitytracker.com/id/1041211 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2018
by Daily end-of-shift report 02 Jul '18

02 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-06-2018 18:00 − Montag 02-07-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses ∗∗∗ --------------------------------------------- While we have covered cryptocurrency clipboard hijackers in the past, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses. This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses! --------------------------------------------- https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-m… ∗∗∗ DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident ∗∗∗ --------------------------------------------- The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dns-poisoning-or-bgp-hijacki… ∗∗∗ Newer Diameter Telephony Protocol Just As Vulnerable As SS7 ∗∗∗ --------------------------------------------- Security researchers say the Diameter protocol used with todays 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier. --------------------------------------------- https://www.bleepingcomputer.com/news/security/newer-diameter-telephony-pro… ∗∗∗ Taking apart a double zero-day sample discovered in joint hunt with ESET ∗∗∗ --------------------------------------------- In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherpanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same Read more --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-… ∗∗∗ Boffins want to stop Network Time Protocols time-travelling exploits ∗∗∗ --------------------------------------------- Ancient protocols key vulnerability is fixable Among the many problems that exist in the venerable Network Time Protocol is its vulnerability to timing attacks: turning servers into time-travellers can play all kinds of havoc with important systems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/07/02/ntp_revisio… ∗∗∗ The principle of least privilege: A strategy of limiting access to what is essential ∗∗∗ --------------------------------------------- The principle of least privilege is a security strategy applicable to different areas, which is based on the idea of only granting those permissions that are necessary for the performance of a certain activity --------------------------------------------- https://www.welivesecurity.com/2018/07/02/principle-least-privilege-strateg… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser, mosquitto, python-pysaml2, simplesamlphp, tiff, and tomcat7), Fedora (kernel, libgxps, nodejs, and phpMyAdmin), Mageia (ansible, firefox, java-1.8.0-openjdk, libcrypt, libgcrypt, ncurses, phpmyadmin, taglib, and webkit2), openSUSE (GraphicsMagick, ImageMagick, mailman, Opera, and rubygem-sprockets), and SUSE (ImageMagick, kernel, mariadb, and python-paramiko). --------------------------------------------- https://lwn.net/Articles/758845/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.06.2018
by Daily end-of-shift report 29 Jun '18

29 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-06-2018 18:00 − Freitag 29-06-2018 18:00 Handler: Olaf Schwarz Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ File-Wiping Malware Placed Inside Gentoo Linux Code After GitHub Account Hack ∗∗∗ --------------------------------------------- An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating systems distributions that would delete user files. --------------------------------------------- https://www.bleepingcomputer.com/news/linux/file-wiping-malware-placed-insi… ∗∗∗ Samsung-Smartphones schicken unbemerkt Fotos an Kontakte ∗∗∗ --------------------------------------------- Ein Fehler in Samsung-Handys schickt zufällig verschiedene Fotos an im Telefonbuch gespeicherte Kontakte. --------------------------------------------- https://futurezone.at/produkte/samsung-smartphones-schicken-unbemerkt-fotos… ∗∗∗ Überwachungskameras schickten Videos an falsche Nutzer ∗∗∗ --------------------------------------------- Bereits zum zweiten Mal wird ein Fall bekannt, in denen Kameras des Herstellers Swann Security Videobilder an die falschen Nutzer senden. --------------------------------------------- https://futurezone.at/digital-life/ueberwachungskameras-schickten-videos-an… ∗∗∗ RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique ∗∗∗ --------------------------------------------- Through FireEye Dynamic Threat Intelligence (DTI), we observed RIG Exploit Kit (EK) delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner (similar activity has been reported by Trend Micro). Apart from leveraging a relatively lesser known injection technique, the attack chain has some other interesting properties that we will touch on in this blog post. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/06/rig-ek-delivering-moner… ∗∗∗ Rampage: Neuer Rowhammer-Angriff betrifft alle Android-Handys seit 2011 ∗∗∗ --------------------------------------------- Mit einer neuen Technik lässt sich der Speicher von Android-Geräten manipulieren. Der Angreifer wird so auf die harte Art zum Admin. --------------------------------------------- http://heise.de/-4094782 ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic MyCareLink Patient Monitor ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for hard-coded password and exposed dangerous method or function vulnerabilities reported in Medtronics MyCareLink Patient Monitors. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01 ∗∗∗ VMSA-2018-0016 ∗∗∗ --------------------------------------------- VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0016.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox), Debian (firefox-esr, lava-server, libgcrypt20, mariadb-10.0, and zendframework), Fedora (firefox, podman, webkitgtk4, and xen), openSUSE (procps and unixODBC), Oracle (pki-core), Red Hat (firefox), SUSE (kernel, procps, and tomcat6), and Ubuntu (file and nasm). --------------------------------------------- https://lwn.net/Articles/758656/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.06.2018
by Daily end-of-shift report 28 Jun '18

28 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-06-2018 18:00 − Donnerstag 28-06-2018 18:00 Handler: Olaf Schwarz Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Defender Detecting Legitimate Files as Trojan:Win32/Bluteal.B!rfn ∗∗∗ --------------------------------------------- Recently there have been a lot of reports of Windows Defender suddenly detecting files as Trojan:Win32/Bluteal.B!rfn. The detected files range from CPU miners, which would make sense, to legitimate Windows files, which do not. --------------------------------------------- https://www.bleepingcomputer.com/news/security/windows-defender-detecting-l… ∗∗∗ Schneller Mobilfunk: Sicherheitslücken in LTE ∗∗∗ --------------------------------------------- Um die Lücken auszunutzen, braucht man viel Know-how und ausgeklügelte Hardware. Aber mit hinreichend Aufwand könnten darüber Geheimnisträger attackiert werden. --------------------------------------------- http://heise.de/-4093507 ∗∗∗ Jetzt patchen! Exploit für Cisco ASA im Umlauf ∗∗∗ --------------------------------------------- In Ciscos System für unter anderem Firewalls Adaptive Security Aplliance klafft eine Sicherheitslücke, die Angreifer bald ausnutzen könnten. --------------------------------------------- http://heise.de/-4093948 ∗∗∗ Spectre-Sicherheitslücken: Browser trotz Patches nicht sicher ∗∗∗ --------------------------------------------- Die Patches, die Chrome, Edge und Safari gegen Spectre V1 bekamen, verhindern Angriffe auf die Lücke nicht vollständig. Lediglich Firefox ist im Moment sicher. --------------------------------------------- http://heise.de/-4094014 ∗∗∗ UPnP als Tarnung: Verwundbare Router helfen DDoS-Angreifern ∗∗∗ --------------------------------------------- Der neueste Trick von DDoS-Angreifern ist das Tarnen von Traffic mithilfe unachtsamer Heim-Router und deren UPnP-Möglichkeiten. --------------------------------------------- http://heise.de/-4094140 ∗∗∗ Datendiebstahl mit angeblichen Deutsche Bahn-Gewinnspiel ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine angebliche Benachrichtigung der Deutschen Bahn. Darin heißt es, dass sie ein Einjahresticket 1. Klasse für 2 Personen gewinnen können. Die Teilnahme am Gewinnspiel setzt die Bekanntgabe von persönlichen Daten voraus. Sie soll auf einer gefälschten Deutsche Bahn-Website erfolgen. Gewinnspiel-Teilnehmer/innen übermitteln ihre Angaben an Kriminelle. Das Gewinnspiel gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebstahl-mit-angeblichen-deuts… ∗∗∗ Efail: HTML Mails have no Security Concept and are to blame ∗∗∗ --------------------------------------------- I recently wrote down my thoughts about why I think deprecated cryptographic standards are to blame for the Efail vulnerability in OpenPGP and S/MIME. However I promised that Ill also cover the other huge part that made a bug like Efail possible: HTML mails. --------------------------------------------- https://blog.hboeck.de:443/archives/894-Efail-HTML-Mails-have-no-Security-C… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (exiv2, firefox-esr, graphicsmagick, php-horde-crypt, ruby-passenger, tomcat7, and xen), Fedora (dcraw, file, kernel-tools, and mupdf), openSUSE (firefox and tiff), Oracle (kernel, libvirt, pki-core, and qemu-kvm), Red Hat (patch), SUSE (jpeg, python-Django, tiff, and unixODBC), and Ubuntu (jasper). --------------------------------------------- https://lwn.net/Articles/758550/ ∗∗∗ Linux kernel vulnerability CVE-2012-6701 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K13213573 ∗∗∗ Linux kernel vulnerability CVE-2017-7889 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K80440915 ∗∗∗ TMM vulnerability CVE-2018-5528 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27044729 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily