Daily

daily@lists.cert.at

1 participants
3251 discussions

Tageszusammenfassung - 07.02.2019
by Daily end-of-shift report 07 Feb '19

07 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-02-2019 18:00 − Donnerstag 07-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Researcher reveals huge Mac password flaw to protest Apple bug bounty ∗∗∗ --------------------------------------------- Apples operating systems have recently had more than their fair share of serious security issues, and the latest problem will be enough to rattle millions of Mac users. Previously credible researcher Linuz Henze has revealed an exploit that in one button press can reveal the passwords in a Mac’s keychain. --------------------------------------------- https://venturebeat.com/2019/02/06/researcher-reveals-huge-mac-password-fla… ∗∗∗ Weiterer Workaround von Microsoft für verwundbare Exchange-Server ∗∗∗ --------------------------------------------- Bis ein Patch für Microsoft Exchange verfügbar ist, soll ein Notbehelf die Ausnutzung der in allen Versionen bestehenden Sicherheitslücke verhindern. --------------------------------------------- http://heise.de/-4300374 ∗∗∗ Gefälschte autoscout24.at-SMS stiehlt Daten ∗∗∗ --------------------------------------------- Kriminelle senden eine gefälschte autoscout24.at-SMS an Nutzer/innen der Plattform. Darin behaupten sie fälschlicherweise, dass Inserent/innen ihr Verkaufsangebot zweimal mit unterschiedlichen Preisen veröffentlicht haben. Aus diesem Grund sollen sie ihre Angaben auf einer fremden Website überprüfen. Das führt zu einem Datendiebstahl durch die Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-autoscout24at-sms-stiehl… ∗∗∗ Identitätsdiebstahl durch Umfrage auf prophylactus.com ∗∗∗ --------------------------------------------- prophylactus.com gibt vor, ein Marktforschungsinstitut zu sein. Konsument/innen sollen sich registrieren, um von zu Hause aus bis zu 50 Euro pro Stunde verdienen zu können. Achtung: Internetnutzer/innen dürfen sich nicht anmelden und an keinen Umfragen teilnehmen. Es handelt sich um versuchten Identitätsdiebstahl, der schwere Folgen für Betroffene haben kann. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-durch-umfrage-a… ∗∗∗ Bitcoin-Erpressungsmail mit Nacktbildern ∗∗∗ --------------------------------------------- Aktuell häufen sich betrügerische E-Mails von einem "anonymen Hacker". Der Sender hat angeblich intimes Videomaterial von Ihnen, das er an Freund/innen, Bekannte und Familie weiterleitet, sollte kein Schweigegeld in Form von Bitcoins überweisen werden. Im Anhang finden Sie veröffentlichte Nacktbilder von bisherigen Opfern, die der Forderung nicht nachgekommen sind. Ignorieren Sie E-Mails dieser Art! Das besagte Video existiert nicht. --------------------------------------------- https://www.watchlist-internet.at/news/bitcoin-erpressungsmail-mit-nacktbil… ∗∗∗ Hacker group uses Google Translate to hide phishing sites ∗∗∗ --------------------------------------------- New phishing technique looks silly on desktops but may have a fighting chance on mobile devices. --------------------------------------------- https://www.zdnet.com/article/hacker-group-uses-google-translate-to-hide-ph… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (curl, golang, libthrift-java, mumble, netmask, python3.4, and rssh), openSUSE (python-python-gnupg), Oracle (kernel), Scientific Linux (thunderbird), Slackware (curl), SUSE (firefox, python, and rmt-server), and Ubuntu (curl, libarchive, and libreoffice). --------------------------------------------- https://lwn.net/Articles/779192/ ∗∗∗ BlackBerry powered by Android Security Bulletin – February 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ HPESBUX03908 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities. ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBUX03909 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-enterprise-ins… ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: MaaS360 has identified a vulnerability in the MaaS360 iOS Application. (CVE-2018-1960) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-maas360-has-identifie… ∗∗∗ IBM Security Bulletin: OpenJPA as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2013-1768) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openjpa-as-used-in-ib… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM uses outdated hash algorithms. (CVE-2017-1695) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-uses-… ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x affected by vulnerability CVE-2017-1231 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-5-x… ∗∗∗ IBM Security Bulletin: BigFix Compliance (TEMA SUAv1 SCA SCM) affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-compliance-tem… ∗∗∗ Java SE vulnerability CVE-2018-3139 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65481741 ∗∗∗ Java SE vulnerability CVE-2018-3136 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K16940442 ∗∗∗ Java SE vulnerability CVE-2018-3211 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04224795 ∗∗∗ Java SE vulnerability CVE-2018-3214 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K86075480 ∗∗∗ TLS in Mozilla NSS vulnerability CVE-2018-12404 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10281096 ∗∗∗ Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K50394032 ∗∗∗ Java SE vulnerability CVE-2018-3180 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30503705 ∗∗∗ Oracle Java SE vulnerability CVE-2018-11212 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K63404203 ∗∗∗ BIG-IP SNMP vulnerability CVE-2018-15328 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42027747 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2019
by Daily end-of-shift report 06 Feb '19

06 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-02-2019 18:00 − Mittwoch 06-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Nicht auf apfel-deals.com bestellen! ∗∗∗ --------------------------------------------- apfel-deals.com wirbt aktuell aktiv um Kundschaft. Im Angebot hat der Shop den Großteil des Apple-Produktsortiments, wie zum Beispiel iPhones, MacBooks, iPads und die Apple Watch. Achtung: Die Preise sind zwar verlockend, doch es handelt sich um einen Fake-Shop, der keine Waren liefert. Konsument/innen zahlen per Vorkasse und verlieren dadurch ihr Geld an Kriminelle! --------------------------------------------- https://www.watchlist-internet.at/news/nicht-auf-apfel-dealscom-bestellen/ ∗∗∗ SuperBoost Wifi hält nicht, was es verspricht! ∗∗∗ --------------------------------------------- Auf superboostwifi.com bewirbt die Firma Strong Current Enterprises Limited ein Gerät, das in der Lage sein soll, die Geschwindigkeitsbegrenzung von Internet-Verbindungen auszuhebeln. Tatsächlich handelt es sich beim SuperBoost Wifi Booster lediglich um einen vergleichsweise teuren WLAN-Repeater. Die Internet-Geschwindigkeit bleibt ein und dieselbe, nur die Reichweite wird verbessert. --------------------------------------------- https://www.watchlist-internet.at/news/superboost-wifi-haelt-nicht-was-es-v… ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for Missing Authentication for Critical Function and Resource Injection vulnerabilities reported in the AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) applications. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01 ∗∗∗ Rockwell Automation EtherNet/IP Web Server Modules ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability reported in the Rockwell Automation EtherNet/IP Web Server Modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02 ∗∗∗ WECON LeviStudioU ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and memory corruption vulnerabilities reported in WECONs LeviStudioU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03 ∗∗∗ Siemens SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for uncontrolled resource consumption vulnerabilities reported in Siemens SIMATIC SV-1500 CPU. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-04 ∗∗∗ Kunbus PR100088 Modbus Gateway ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for improper authentication, missing authentication for critical function, and improper input validation vulnerabilities reported in the Kunbus PR100088 Modbus gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dovecot and libav), openSUSE (kernel and krb5), Scientific Linux (thunderbird), SUSE (curl, lua53, python3, and spice), and Ubuntu (dovecot). --------------------------------------------- https://lwn.net/Articles/779098/ ∗∗∗ ZDI: (0day) Hewlett Packard Enterprise Intelligent Management Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-162/ http://www.zerodayinitiative.com/advisories/ZDI-19-172/ http://www.zerodayinitiative.com/advisories/ZDI-19-171/ http://www.zerodayinitiative.com/advisories/ZDI-19-170/ http://www.zerodayinitiative.com/advisories/ZDI-19-169/ http://www.zerodayinitiative.com/advisories/ZDI-19-168/ http://www.zerodayinitiative.com/advisories/ZDI-19-167/ http://www.zerodayinitiative.com/advisories/ZDI-19-166/ http://www.zerodayinitiative.com/advisories/ZDI-19-165/ http://www.zerodayinitiative.com/advisories/ZDI-19-164/ http://www.zerodayinitiative.com/advisories/ZDI-19-163/ ∗∗∗ Cisco Aironet Active Sensor Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Decryption Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Business Suite Content Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Management Suite Simple Object Access Protocol Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server SIP Processing Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower Management Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by CVE-2018-3139 and CVE-2018-3180 vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spss-statistics-i… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Node.js (CVE-2018-12123) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY Reflected XSS in WebSphereSamISP ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message injection vulnerability (CVE-2018-1666) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY WebSphere XSS ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2019
by Daily end-of-shift report 05 Feb '19

05 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-02-2019 18:00 − Dienstag 05-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Reverse RDP Attack: Code Execution on RDP Clients ∗∗∗ --------------------------------------------- Check Point Research recently discovered multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security research’s computer. --------------------------------------------- https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-cl… ∗∗∗ Crooks Continue to Exploit GoDaddy Hole ∗∗∗ --------------------------------------------- Godaddy.com, the worlds largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddys fix hasnt gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. --------------------------------------------- https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/ ∗∗∗ Vorsicht bei (zu) günstiger Markenware im Internet! ∗∗∗ --------------------------------------------- Auf der Suche nach dem großen Schnäppchen stoßen Konsument/innen häufig auf betrügerische Online-Shops, die Markenware zu schier unglaublichen Preisen anbieten. Hinter den Websites stecken oftmals Kriminelle, die gefälschte Produkte liefern oder es nur auf die Daten ihrer Opfer abgesehen haben. Hier erhalten Internetuser/innen nützliche Tipps, zum Einkauf im Internet, um Ärgernisse zu vermeiden! --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstiger-markenwar… ∗∗∗ Warnung vor Nutresin - Herbapure Ear ∗∗∗ --------------------------------------------- Im Internet bewirbt der Molekularbiologe Prof. Karl Auer seine „makro-molekulare Formel" Nutresin - Herbapure Ear als Wundermittel gegen Hörverlust. Konsument/innen können Nutresin auf der Website yourmarket24.com bestellen. Die medizinische Wirkung der Ohrentropfen ist unklar. Aus diesem Grund ist von einer Bestellung des Mittels Nutresin dringend abzuraten. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-nutresin-herbapure-ear/ ===================== = Vulnerabilities = ===================== ∗∗∗ Kryptographische Schwachstellen in deutscher eGovernment Softwarekomponente ∗∗∗ --------------------------------------------- Die OSCI-Transport Bibliothek ist eine Softwarekomponente, welche von vielen deutschen Behörden eingesetzt wird, um Daten gemäß dem OSCI-Transport Protokoll sicher zu übertragen. Diese Java-Bibliothek war gegen zwei potentielle Angriffe anfällig, welche es einem Angreifer ermöglichten, einige Sicherheitsmaßnahmen zu umgehen. --------------------------------------------- https://www.sec-consult.com/blog/2019/02/kryptographische-schwachstellen-in… ∗∗∗ Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) ∗∗∗ --------------------------------------------- The Qkr! with MasterPass iOS application (version 5.0.6 and below), does not validate the SSL certificate it receives when connecting to the application login server. --------------------------------------------- https://www.info-sec.ca/advisories/Qkr-MasterCard.html ∗∗∗ Android Security Bulletin - February 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-02-01.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libgd2), Fedora (java-11-openjdk, kernel, and kernel-headers), openSUSE (firefox, mysql-community-server, and pdns-recursor), Oracle (thunderbird), Red Hat (rh-haproxy18-haproxy, systemd, and thunderbird), SUSE (haproxy, spice, and uriparser), and Ubuntu (dovecot, kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/778507/ ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by the use of Local Read Only Cache (LROC) which may result in directory corruption and undetected data corruption in regular files. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-ir… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-pla… ∗∗∗ HPESBHF03904 rev.1 - HPE Service Pack for ProLiant (SPP) Bundled Software, Local Access Restriction Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03907 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers, Remote Cross-Site Scripting in HPE iLO 5 Web User Interface ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.02.2019
by Daily end-of-shift report 04 Feb '19

04 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-02-2019 18:00 − Montag 04-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gute Passwörter erzeugen und sicher verwenden ∗∗∗ --------------------------------------------- Momentan ist das Ändern von Passwörtern wieder in aller Munde. Aber wie erzeugt man gute Passwörter und wie verwahrt man sie sicher? --------------------------------------------- http://heise.de/-4295052 ∗∗∗ Introducing Zombie POODLE and GOLDENDOODLE ∗∗∗ --------------------------------------------- I’m excited to announce that I will be presenting at this year’s Black Hat Asia about my research into detecting and exploiting CBC padding oracles! Zombie POODLE and GOLDENDOODLE are the names I’ve given to the vulnerabilities I’ll be discussing. Similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the troublesome feature is that TLSv1.2 supports CBC mode ciphersuites. --------------------------------------------- https://www.tripwire.com/state-of-security/vulnerability-management/zombie-… ∗∗∗ Datendiebe versenden gefälschte upc.at-Mail ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte upc.at-Nachricht. Darin behaupten sie, dass das E-Mailpostfach von Empfänger/innen voll sei. Damit Kund/innen weiterhin Nachrichten empfangen können, sollen sie ihre Zugangsdaten auf einer gefälschten upc.at-Website nennen. Folgen sie der Anweisung, werden sie Opfer eines Datendiebstahls. Kriminelle erlangen Zugriff auf ihr E-Mailkonto und können es für Verbrechen nutzen. --------------------------------------------- https://www.watchlist-internet.at/news/datendiebe-versenden-gefaelschte-upc… ∗∗∗ Security researchers discover new Linux backdoor named SpeakUp ∗∗∗ --------------------------------------------- Named SpeakUp, this malware is currently distributed to Linux servers mainly located in China. The hackers behind this recent wave of attacks are using an exploit for the ThinkPHP framework to infect servers with this new malware strain. --------------------------------------------- https://www.zdnet.com/article/security-researchers-discover-new-linux-backd… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheit: Libreoffice schließt Lücke, Openoffice bleibt verwundbar ∗∗∗ --------------------------------------------- Eine Sicherheitslücke, die die freien Office-Programme Libreoffice und Openoffice betrifft, erlaubt Angreifern das Ausführen von Code mittels einer Skript-Schnittstelle. Von Libreoffice gibt es ein Update, von Openoffice nicht. --------------------------------------------- https://www.golem.de/news/sicherheit-libreoffice-schliesst-luecke-openoffic… ∗∗∗ devolo dLAN 550 duo+ Starter Kit Remote Code Execution ∗∗∗ --------------------------------------------- The devolo firmware has what seems to be a hidden services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php ∗∗∗ Sicherheitsforscher: Kritische Lücke in macOS erlaubt Auslesen von Passwörtern ∗∗∗ --------------------------------------------- Erneut ist eine schwere Schwachstelle bei dem in macOS integrierten Schlüsselbund bekanntgeworden: Manipulierte Software sei dadurch in der Lage, sämtliche Zugangsdaten des Nutzers aus der lokalen Keychain auszulesen – mitsamt der Passwörter im Klartext, wie der Sicherheitsforscher Linus Henze mitteilte. --------------------------------------------- http://heise.de/-4297437 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (bind, firefox, GNOME, kernel, systemd, and thunderbird), Debian (debian-security-support, drupal7, libreoffice, libvncserver, phpmyadmin, and rssh), Fedora (binutils and firefox), Mageia (firefox and netatalk), openSUSE (avahi and python-paramiko), Red Hat (Red Hat Gluster Storage Web Administration), Slackware (mariadb), and SUSE (java-11-openjdk, kernel, and python). --------------------------------------------- https://lwn.net/Articles/778407/ ∗∗∗ D-LINK Router DIR-823G: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗ --------------------------------------------- Router der Firma D-Link enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert. Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in D-LINK Router DIR-823G ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0104 ∗∗∗ Over 485,000 Ubiquiti devices vulnerable to new attack ∗∗∗ --------------------------------------------- Ubiquiti Networks is working on a fix for a newly discovered security issue affecting its devices that attackers have been exploiting since July last year. Attackers are sending small packets of 56 bytes to port 10,001 on Ubiquiti devices, which are reflecting and relaying the packets to a target's IP address amplified to a size of 206 bytes (amplification factor of 3.67). --------------------------------------------- https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-ne… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by access token leak (CVE-2019-4008) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.02.2019
by Daily end-of-shift report 01 Feb '19

01 Feb '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 31-01-2019 18:00 − Freitag 01-02-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sextortion: Follow the Money Part 3 - The cashout begins! ∗∗∗ --------------------------------------------- There hasnt been much to update in the several months since the Sexploitation: Follow the money updates in Diary 1 and Diary 2. For those of you who didnt read those diaries. When the Sextortion email campaign began in July, I asked for ISC reader submissions of the BTC addresses from that campaign so we could attempt to follow the Bitcoins created by the payments from this campaign. --------------------------------------------- https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+ca… ∗∗∗ Pants down: Sicherheitslücke in Server-Fernwartung ∗∗∗ --------------------------------------------- Server und Mainboards mit einigen Fernwartungschips von Aspeed sind angreifbar; auch die offene BMC-Firmware OpenBMC ist betroffen. --------------------------------------------- http://heise.de/-4296144 ∗∗∗ Most Magento shops get compromised via vulnerable extensions ∗∗∗ --------------------------------------------- Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. "The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/02/01/magento-vulnerable-extensions/ ∗∗∗ Surviving DNS Flag Day ∗∗∗ --------------------------------------------- DNS Flag Day is here and with it comes new changes that could impact your domain's availability. What do you need to know and how can you quickly identify its impacts on you and your users? Read on for our quick guide to what it's all about and how to avoid disruption to your digital services. --------------------------------------------- https://blog.thousandeyes.com/surviving-dns-flag-day/ ∗∗∗ This smart light bulb could leak your Wi-Fi password ∗∗∗ --------------------------------------------- LIFX smart bulbs contained vulnerabilities which could be exploited with a little ingenuity and the help of a hacksaw. --------------------------------------------- https://www.zdnet.com/article/this-smart-light-bulb-could-leak-your-wi-fi-p… ===================== = Vulnerabilities = ===================== ∗∗∗ IDenticard PremiSys ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, use of hard-coded password, and inadequate encryption strength vulnerabilities reported in the IDenticard PremiSys access control system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-02 ∗∗∗ Schneider Electric EVLink Parking ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for use of hard-coded credentials, code injection, and SQL injection vulnerabilities reported in Schneider Electric’s EVLink Parking, an electric vehicle charging station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (agg, golang-1.7, golang-1.8, mariadb-10.0, and postgis), Fedora (kernel, kernel-headers, and kernel-tools), Mageia (gitolite and libvorbis), openSUSE (pdns-recursor and webkit2gtk3), Oracle (firefox, ghostscript, kernel, polkit, spice, and spice-server), Red Hat (etcd, ghostscript, polkit, spice, and spice-server), Scientific Linux (ghostscript, polkit, spice, and spice-server), SUSE (python3), and Ubuntu (libvncserver). --------------------------------------------- https://lwn.net/Articles/778285/ ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletins: There is a security vulnerability in the XLXP-C component which is shipped in IBM Integration Bus and App Connect Enterprise (CVE-2018-1801) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletins-there-is-a-security-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center (CVE-2018-1553, CVE-2018-1683, CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ Linux kernel vulnerability CVE-2018-16658 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K40523020 ∗∗∗ Java SE vulnerability CVE-2018-3183 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95003704 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.01.2019
by Daily end-of-shift report 31 Jan '19

31 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-01-2019 18:00 − Donnerstag 31-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac "CookieMiner" Malware Aims to Gobble Crypto Funds ∗∗∗ --------------------------------------------- A newly discovered malware steals cookies, credentials and more to break into victims cryptocurrency exchange accounts. --------------------------------------------- https://threatpost.com/mac-cookieminer-malware-crypto/141334/ ∗∗∗ The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild ∗∗∗ --------------------------------------------- Capsule8 demos takeover technique to help sysadmins check for vulnerabilities Those who havent already patched a trio of recent vulnerabilities in the Linux worlds SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes. --------------------------------------------- https://www.theregister.co.uk/2019/01/31/systemd_exploit/ ∗∗∗ Tracking Unexpected DNS Changes ∗∗∗ --------------------------------------------- DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning[1] about recent DNS hijacking attacks[2]. [...] it's not easy to detect unexpected changes but you can implement your own checks to tracks changes for your most visited websites. But from a website owner or network admin perspective, it is indeed a good practice to ensure that DNS servers authoritative for our domain zones are providing the --------------------------------------------- https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/ ∗∗∗ Top 10 Most Vulnerable WordPress Plugins ∗∗∗ --------------------------------------------- Kept properly updated, WordPress - including its plugins - is one of the most secure CMS available on the web. Provided the plugins are actively updated, most vulnerabilities are discovered and patched without widespread malicious exploitation. [...] In most cases, it's down to the users to make sure they apply the latest security updates to all their plugins. --------------------------------------------- https://www.htbridge.com/blog/top-10-most-vulnerable-wordpress-plugins.html ∗∗∗ IQ-Tests auf testific.com locken in Abo-Falle ∗∗∗ --------------------------------------------- Auf testific.com werden IQ- und Persönlichkeitstests angeboten. Konsument/innen, die an den Testungen teilnehmen, sollen ein Zertifikat erhalten, auf dem der IQ-Wert angegeben ist. Personen die den Intelligenztest durchführen, müssen im Anschluss 2,99 Euro bezahlen, um ihr Ergebnis zu erhalten. Ein versteckter Kostenhinweis zeigt: Es handelt sich um eine Abo-Falle, die 79,99 Euro pro Monat kostet. --------------------------------------------- https://www.watchlist-internet.at/news/iq-tests-auf-testificcom-locken-in-a… ∗∗∗ IoT botnet used in YouTube ad fraud scheme ∗∗∗ --------------------------------------------- TheMoons DDoS days are long gone. The botnet is now a proxy network for other criminal groups. --------------------------------------------- https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#f… ∗∗∗ New security flaw impacts 5G, 4G, and 3G telephony protocols ∗∗∗ --------------------------------------------- Researchers have reported their findings and fixes should be deployed by the end of 2019. --------------------------------------------- https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-teleph… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitspatch: Dell Networking OS10 anfällig für Lauschattacken ∗∗∗ --------------------------------------------- Ein wichtiges Update schließt eine Sicherheitslücke im Switch-Betriebssystem Networking OS10 von Dell. --------------------------------------------- http://heise.de/-4294467 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts). --------------------------------------------- https://lwn.net/Articles/778107/ ∗∗∗ BlackBerry powered by Android Security Bulletin - January 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190131-… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a limited code injection vulnerability (CVE-2019-4038) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-applicatio… ∗∗∗ Linux kernel vulnerability CVE-2018-10901 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K07721343 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.01.2019
by Daily end-of-shift report 30 Jan '19

30 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-01-2019 18:00 − Mittwoch 30-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New LockerGoga Ransomware Allegedly Used in Altran Attack ∗∗∗ --------------------------------------------- Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-al… ∗∗∗ Z1: Zahnarztsoftware installiert lückenhaften Adobe Reader ∗∗∗ --------------------------------------------- Eine Verwaltungssoftware für Zahnarztpraxen installiert beim Update automatisch einen Adobe Reader in einer sehr alten Version, der zahlreiche bekannte Sicherheitslücken hat. Der Hersteller meint, das Problem behoben zu haben, das stimmt aber offenbar nicht. (Adobe Reader, PDF) --------------------------------------------- https://www.golem.de/news/z1-zahnarztsoftware-installiert-lueckenhaften-ado… ∗∗∗ CTF Writeup: Complex Drupal POP Chain ∗∗∗ --------------------------------------------- A recent Capture-The-Flag tournament hosted by Insomnihack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain. --------------------------------------------- https://blog.ripstech.com/2019/complex-drupal-pop-chain/ ∗∗∗ Geldverlust und Datendiebstahl statt Traum-Immobilie! ∗∗∗ --------------------------------------------- Kriminelle inserieren günstige Miet- und Eigentumswohnungen, Häuser und Grundstücke auf bekannten Immobilienplattformen. Konsument/innen werden darüber informiert, dass eine Besichtigung über ein Treuhandunternehmen, also eine vertrauenswürdige Mittelsperson abgewickelt wird. Kautionen dürfen nicht bezahlt und Ausweisdokumente nicht übermittelt werden. Geld und Daten landen bei Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/news/geldverlust-und-datendiebstahl-statt… ∗∗∗ Matrix has slowly evolved into a Swiss Army knife of the ransomware world ∗∗∗ --------------------------------------------- The Matrix ransomware is usually deployed after cyber-criminals use unsecured RDP endpoints to compromise companies internal networks. --------------------------------------------- https://www.zdnet.com/article/matrix-has-slowly-evolved-into-a-swiss-army-k… ===================== = Vulnerabilities = ===================== ∗∗∗ Stryker Medical Beds ∗∗∗ --------------------------------------------- This medical device advisory provides mitigation recommendations for a reusing a nonce vulnerability in Strykers medical beds. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-01 ∗∗∗ Yokogawa License Manager Service ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a Unrestricted Upload of Files with Dangerous Type vulnerability reported in the Yokogawa License Manager Service application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-029-01 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5 ∗∗∗ --------------------------------------------- Cisco Talos is disclosing several vulnerabilities in ACD Systems Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format thats used in Canvas Draw. PCX was a popular image format with early computers, and [...] --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/4p-FF_Hp7xY/vulnerabilit… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (subversion), Debian (apache2, firefox-esr, qemu, rssh, and spice), Fedora (lua, mingw-python-qt5, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, [...] --------------------------------------------- https://lwn.net/Articles/777950/ ∗∗∗ Security Advisory - Double Free Vulnerability on Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190130-… ∗∗∗ Linux kernel vulnerability CVE-2018-18559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28241423 ∗∗∗ IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-cloud-paks-are… ∗∗∗ IBM Security Bulletin: IBM Navigator for i is affected by CVE-2019-4040 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-navigator-for-i-i… ∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulner… ∗∗∗ IBM Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bypass-security-vulne… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ ZDI-19-157: Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-157/ ∗∗∗ ZDI-19-158: Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-158/ ∗∗∗ ZDI-19-159: Bitdefender SafePay launch Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-159/ ∗∗∗ ZDI: (0Day) Wecon LeviStudioU Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-143/ http://www.zerodayinitiative.com/advisories/ZDI-19-144/ http://www.zerodayinitiative.com/advisories/ZDI-19-145/ http://www.zerodayinitiative.com/advisories/ZDI-19-146/ http://www.zerodayinitiative.com/advisories/ZDI-19-147/ http://www.zerodayinitiative.com/advisories/ZDI-19-148/ http://www.zerodayinitiative.com/advisories/ZDI-19-149/ http://www.zerodayinitiative.com/advisories/ZDI-19-150/ http://www.zerodayinitiative.com/advisories/ZDI-19-151/ http://www.zerodayinitiative.com/advisories/ZDI-19-152/ http://www.zerodayinitiative.com/advisories/ZDI-19-153/ http://www.zerodayinitiative.com/advisories/ZDI-19-154/ http://www.zerodayinitiative.com/advisories/ZDI-19-155/ http://www.zerodayinitiative.com/advisories/ZDI-19-156/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.01.2019
by Daily end-of-shift report 29 Jan '19

29 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Montag 28-01-2019 18:00 − Dienstag 29-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Miner Decline: The Surprising Slowdown of Cryptomining ∗∗∗ --------------------------------------------- This is the first of a three-part report on the state of three malware categories: miners, ransomware and information stealers. In Webroot's 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being [...] --------------------------------------------- https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slow… ∗∗∗ FaceTime als Wanze – Apple schaltet Gruppenfunktion des VoIP-Dienstes ab ∗∗∗ --------------------------------------------- Ein Bug in Apples Kommunikationsdienst ermöglicht, das Mikrofon von iPhone und Mac aus der Ferne zu aktivieren. Apple ergreift Notfallmaßnahmen. --------------------------------------------- http://heise.de/-4290587 ∗∗∗ Sicherheitslücken in Microsoft Exchange gewähren Domain-Admin-Berechtigungen ∗∗∗ --------------------------------------------- Schwachstellen in allen Exchange-Server-Versionen machen Angreifer zu Domain-Administratoren. Ein Patch steht noch aus. --------------------------------------------- http://heise.de/-4290574 ∗∗∗ Aktuelle Trojaner-Welle: Emotet lauert in gefälschten Rechnungsmails ∗∗∗ --------------------------------------------- Offensichtlich hat es der Emotet-Schädling nun auf Privatpersonen abgesehen. Derzeit sind gehäuft gefälschte Amazon-, Telekom- und Vodafone-Mails unterwegs. --------------------------------------------- http://heise.de/-4291268 ∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in coTURN ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called "DMZ" zones - any server reachable from the internet - to provide firewall traversal solutions. --------------------------------------------- https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple… ∗∗∗ Kleinanzeigen-Betrug boomt ∗∗∗ --------------------------------------------- Vorsicht beim Verkauf auf Kleinanzeigenplattformen wie willhaben, eBay, marketplace, quoka oder shpock. Aktuell häufen sich Anfragen von Interessent/innen, die das Geld angeblich einer Bank – die als Zwischenvermittler fungiert - "überweisen". Diese fragwürdige Bank hält den Betrag so lange zurück, bis Sie eine Versandbestätigung oder zu viel überwiesenes Geld übermitteln. Es handelt sich um eine Betrugsmasche! --------------------------------------------- https://www.watchlist-internet.at/news/kleinanzeigen-betrug-boomt/ ∗∗∗ Gefälschte Spar Umfrage: Versteckte Kosten statt gratis Technik! ∗∗∗ --------------------------------------------- Eine erfundene Umfrage wird momentan von Kriminellen massenhaft verschickt. Betroffene Personen, die den Links in der Nachricht folgen und die Umfrage durchführen, sollen mit einem gratis iPhone X, XS, Galaxy S9 oder einem MacBook belohnt werden. Ein versteckter Kostenhinweis bei der Eingabe der Kreditkartendaten zeigt aber: Statt Smartphone oder Laptop gibt's nur monatliche Kosten! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-spar-umfrage-versteckte-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go-pie), Debian (wireshark), openSUSE (freerdp, libraw, openssh, pdns-recursor, singularity, and systemd), and Ubuntu (kernel, linux-hwe, and spice). --------------------------------------------- https://lwn.net/Articles/777806/ ∗∗∗ IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-has-a… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Application Error vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-pa… ∗∗∗ IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-qradar-p… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ The BIG-IP HTTP parser can incorrectly parse a tab character ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18263026 ∗∗∗ A virtual server with a Client SSL profile may accept non-SSL traffic ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21942600 ∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6591 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K32840424 ∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6589 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23566124 ∗∗∗ TMM vulnerability CVE-2019-6590 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K55101404 ∗∗∗ The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01226413 ∗∗∗ The BIG-IP ASM system may redirect a client request to an incorrect URL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23432927 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.01.2019
by Daily end-of-shift report 28 Jan '19

28 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-01-2019 18:00 − Montag 28-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Datenbank: Lange bekannte MySQL-Lücke führt zu Angriffen ∗∗∗ --------------------------------------------- Das MySQL-Protokoll erlaubt es Servern, Daten des Clients auszulesen. Offenbar nutzte die kriminelle Gruppe Magecart dies zuletzt, um mit dem PHP-Datenbankfrontend Adminer Systeme anzugreifen. Auch PhpMyAdmin ist verwundbar. (MySQL, PHP) --------------------------------------------- https://www.golem.de/news/datenbank-lange-bekannte-mysql-luecke-fuehrt-zu-a… ∗∗∗ LabKey Vulnerabilities Threaten Medical Research Data ∗∗∗ --------------------------------------------- LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible. --------------------------------------------- https://threatpost.com/labkey-vulnerabilities-medical-research/141200/ ∗∗∗ NumPy Is Awaiting Fix for Critical Remote Code Execution Bug ∗∗∗ --------------------------------------------- The current version of the popular NumPy library relies on unsafe default usage of a Python module that could lead to remote code execution in the context of the affected application. --------------------------------------------- https://www.bleepingcomputer.com/news/security/numpy-is-awaiting-fix-for-cr… ∗∗∗ Jetzt patchen! Angreifer machen Jagd auf Cisco-Router ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrte Scans nach verwundbaren Routern von Cisco. Patches stehen zum Download bereit. --------------------------------------------- http://heise.de/-4289149 ∗∗∗ Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities ∗∗∗ --------------------------------------------- Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as its located in the network [...] --------------------------------------------- https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabili… ∗∗∗ Warnung vor software-outlet24.de ∗∗∗ --------------------------------------------- Auf software-outlet24.de werden Microsoft Office Pakete sowie Windows 10 und Windows 7 Produkt-Keys angeboten. Die Preise sind sehr günstig und laden zu einem schnellen Kauf ein. Zahlreiche Konsument/innen berichten uns von ausbleibenden Lieferungen und fehlender Rückerstattung. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-software-outlet24de/ ∗∗∗ WordPress sites under attack via zero-day in abandoned plugin ∗∗∗ --------------------------------------------- Developers of Total Donations plugin have gone missing, leaving former customers open to attacks. --------------------------------------------- https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-… ===================== = Vulnerabilities = ===================== ∗∗∗ Symantec Ghost Solution Suite DLL Hijack ∗∗∗ --------------------------------------------- Symantec Ghost Solution Suite (GSS) may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. --------------------------------------------- https://support.symantec.com/en_US/article.SYMSA1474.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache, go, haproxy, matrix-synapse, nasm, and powerdns-recursor), Debian (coturn, ghostscript, krb5, policykit-1, and qtbase-opensource-src), Fedora (wireshark), openSUSE (nodejs4, nodejs8, openssh, PackageKit, and wireshark), Oracle (qemu and thunderbird), Scientific Linux (thunderbird), and SUSE (avahi, krb5, and python-paramiko). --------------------------------------------- https://lwn.net/Articles/777688/ ∗∗∗ Security Advisory - Memory Double Free Vulnerability in Image Processing Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190128-… ∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-imp… ∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-vul… ∗∗∗ phpMyAdmin: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0089 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.01.2019
by Daily end-of-shift report 25 Jan '19

25 Jan '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-01-2019 18:00 − Freitag 25-01-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Fighting Emotet: lessons from the front line ∗∗∗ --------------------------------------------- Emotet is moving, shape-shifting target for admins and their security software. Heres what weve learned from dealing with outbreaks. --------------------------------------------- https://nakedsecurity.sophos.com/2019/01/25/fighting-emotet-lessons-from-th… ∗∗∗ Youre an admin! Youre an admin! Youre all admins, thanks to this Microsoft Exchange zero-day and exploit ∗∗∗ --------------------------------------------- Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/01/25/microsoft_e… ∗∗∗ Magento – RCE & Local File Read with low privilege admin rights ∗∗∗ --------------------------------------------- These vulnerabilities have been responsibly disclosed to Magento team, and received patches in Magento versions 2.3.0, 2.2.7 and 2.1.16 which were released in November 2018. --------------------------------------------- https://blog.scrt.ch/2019/01/24/magento-rce-local-file-read-with-low-privil… ∗∗∗ Mac-Trojaner versteckt sich in Werbebannern ∗∗∗ --------------------------------------------- Die auf macOS abzielende Malware wird in großem Stil per Banner-Werbung ausgeliefert und steganographisch versteckt, warnt eine Sicherheitsfirma. --------------------------------------------- http://heise.de/-4287382 ∗∗∗ Neue Passwort-Leaks: Insgesamt 2,2 Milliarden Accounts betroffen ∗∗∗ --------------------------------------------- Nach der Passwort-Sammlung Collection #1 kursieren nun auch die riesigen Collections #2-5 im Netz. So überprüfen Sie, ob Ihre Accounts betroffen sind. --------------------------------------------- http://heise.de/-4287538 ∗∗∗ Diverse Sicherheitslücken in iTunes für Windows ∗∗∗ --------------------------------------------- Apple hat seiner Mediathek-App auf dem PC ein Update spendiert, das mehr als ein halbes Dutzend Bugs fixt – darunter auch kritische. --------------------------------------------- http://heise.de/-4287940 ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess/SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper authentication, authentication bypass, and SQL injection vulnerabilities in the WebAccess/SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for cross-site request forgery, improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities reported in Phoenix Contacts FL SWITCH ethernet hardware. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mxml, postgresql-9.4, and tmpreaper), Fedora (haproxy and runc), openSUSE (krb5, soundtouch, virtualbox, and zeromq), Oracle (thunderbird), Red Hat (thunderbird), and Ubuntu (subversion and thunderbird). --------------------------------------------- https://lwn.net/Articles/777549/ ∗∗∗ Cross-site scripting in CA Automic Workload Automation Web Interface (formerly Automic Automation Engine) ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-ca-a… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by vulnerabilities in VMWare component (CVE-2018-6981 CVE-2018-6982) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: OpenSSL vunerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vunerability/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (July and October 2018 updates) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: Multiple Foreshadow Spectre Variant vulnerabilities affect IBM OS Image for Red Hat Linux Systems in IBM PureApplication System (CVE-2018-3615 CVE-2018-3620 CVE-2018-3646) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-foreshadow-s… ∗∗∗ IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… ∗∗∗ IBM Security Bulletin: IBM DataPower Gateway appliances are affected by a vulnerability in IPMI (CVE-2018-1668) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway… ∗∗∗ IBM Security Bulletin: IBM PureApplication System is affected by a vulnerability (CVE-2018-3639) pertaining third-party CPU hardware ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-s… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily