Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 03.08.2018
by Daily end-of-shift report 03 Aug '18

03 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-08-2018 18:00 − Freitag 03-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Cryptominers: Binary-Process-Cron Variants and Methods of Removal ∗∗∗ --------------------------------------------- This post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a web page, a binary server-level cryptominer abuses server resources without affecting the computers or mobile devices of site .. --------------------------------------------- https://blog.sucuri.net/2018/08/cryptominer-variants-removal.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (busybox, graphicsmagick, and libmspack), Fedora (pam_yubico), Scientific Linux (openslp), Slackware (lftp), SUSE (cups, libtirpc, and thunderbird), and Ubuntu (clamav). --------------------------------------------- https://lwn.net/Articles/761752/ ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API (CVE-2018-1528) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22017450 ∗∗∗ IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10716113 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2018-1422) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719817 ∗∗∗ IBM Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015283 ∗∗∗ HPESBHF03872 rev.1 - HPE Intelligent Management Center Platform (IMC PLAT), Remote Directory Traversal ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03841 rev.2 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.08.2018
by Daily end-of-shift report 02 Aug '18

02 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-08-2018 18:00 − Donnerstag 02-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Crime and Crypto: An Evolution in Cyber Threats ∗∗∗ --------------------------------------------- Cybercriminals are constantly experimenting with new ways to take money from their victims. Their tactics evolve quickly to maximize returns and minimize risk. The emergence of cryptocurrency has opened up new opportunities to do just that. To better understand today’s threat landscape, it’s worth exploring the origins of cryptocurrencies and the progress cybercriminals have made in using it to advance their own interests. --------------------------------------------- https://www.webroot.com/blog/2018/08/02/crime-crypto-evolution-cyber-threat… ∗∗∗ Save the Date: 4th e-Health Security Conference ∗∗∗ --------------------------------------------- ENISA is organising the 4th eHealth Security workshop in cooperation with the Dutch Ministry of Health, Welfare and Sport, on the 14th of November. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/save-the-date-4th-e-health-secu… ∗∗∗ Reddit Breach Highlights Limits of SMS-Based Authentication ∗∗∗ --------------------------------------------- Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesnt seem too severe. Whats interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. --------------------------------------------- https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-… ∗∗∗ The Year Targeted Phishing Went Mainstream ∗∗∗ --------------------------------------------- A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and --------------------------------------------- https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstr… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Core - 3rd-party libraries -SA-CORE-2018-005 ∗∗∗ --------------------------------------------- The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.The same vulnerability also exists in the Zend Feed and Diactoros libraries included in Drupal core; however, Drupal core does not use the vulnerable functionality. --------------------------------------------- https://www.drupal.org/SA-CORE-2018-005 ∗∗∗ Telegram: Passport-Dokumentenspeicher des Krypto-Messengers hat Schwachstellen ∗∗∗ --------------------------------------------- Geraten die von Telegram verwahrten Passwort-Hashes für Passport in falsche Hände, ließen sie sich leichter knacken, als man das eigentlich haben will. --------------------------------------------- http://heise.de/-4127755 ∗∗∗ Django Open Redirect Flaw in CommonMiddleware Lets Remote Users Redirect the Target Users Browser to an Arbitrary Site ∗∗∗ --------------------------------------------- On systems with django.middleware.common.CommonMiddleware and the APPEND_SLASH setting enabled and with a project that has a URL pattern that accepts any path ending in a slash, a remote user can create a URL that, when loaded by the target user, will redirect the target user's browser to an arbitrary site. --------------------------------------------- http://www.securitytracker.com/id/1041403 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (busybox and mutt), Fedora (bibutils and wireshark), openSUSE (glibc and rsyslog), Slackware (blueman), SUSE (cups, ovmf, and polkit), and Ubuntu (bouncycastle, libmspack, and python-django). --------------------------------------------- https://lwn.net/Articles/761625/ ∗∗∗ Vuln: Symfony CVE-2018-14773 Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104943 ∗∗∗ Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719413 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by multiple PHP vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10713449 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016803 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system.(CVE-2018-1524) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22017452 ∗∗∗ IBM Security Bulletin : Multiple vulnerabilities in IBM GSKit affect IBM Host On-Demand. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10716977 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2017-3737, CVE-2017-3738). ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717007 ∗∗∗ HPESBST03857 rev.1 - HPE XP7 Command View Advanced Edition Products using JDK, Local and Remote Authentication Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03859 rev.1 - HPE XP P9000 Command View Advanced Edition Software (CVAE) - Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03860 rev.1 - HPE XP P9000 Command View Advanced Edition (CVAE) Software, Local and Remote Unauthorized Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.08.2018
by Daily end-of-shift report 01 Aug '18

01 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-07-2018 18:00 − Mittwoch 01-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Facebook Phishing via SMS, (Wed, Aug 1st) ∗∗∗ --------------------------------------------- Facebook accounts are still a pretty hot commodity to spread malware. No ruse works better than having a "Friend" offer you some new software or browser extension. As a result, we keep seeing attempts to phish Facebook credentials. Late last week I came across a simple example of such an attempt that in particular targeted users of mobile .. --------------------------------------------- https://isc.sans.edu/diary/23940 ∗∗∗ When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869, (Wed, Aug 1st) ∗∗∗ --------------------------------------------- Universal Plug an Play (UPnP) is the gift that keeps on giving. One interesting issue with UPnP (aside from the fact that it never ever should be exposed to the Internet, but often is), is the .. --------------------------------------------- https://isc.sans.edu/diary/23942 ∗∗∗ Österreichischer Hoster: E-Mail-Addressen bei EDIS abhanden gekommen ∗∗∗ --------------------------------------------- Die E-Mail-Adressen zu Kundenkonten des Hosters EDIS sind bei Have I Been Pwned aufgetaucht. Kunden der Firma wurden per E-Mail vor einem Zwischenfall gewarnt. --------------------------------------------- http://heise.de/-4125214 ∗∗∗ Efail: HTML Mails have no Security Concept and are to blame ∗∗∗ --------------------------------------------- I recently wrote down my thoughts about why I think deprecated cryptographic standards are to blame for the Efail vulnerability in OpenPGP and S/MIME. However I promised that Ill also cover the other .. --------------------------------------------- https://blog.hboeck.de:443/archives/894-Efail-HTML-Mails-have-no-Security-C… ===================== = Vulnerabilities = ===================== ∗∗∗ Johnson Controls Metasys and BCPro ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for an information exposure through an error message vulnerability in Johnson Controls Metasys and BCPro products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02 ∗∗∗ WECON LeviStudioU ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities in WECONs LeviStudioU HMI editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 ∗∗∗ AVEVA InTouch Access Anywhere ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a cross-site scripting vulnerability in the outdated and insecure third-party jQuery library used in the AVEVA InTouch Access Anywhere remote access software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 ∗∗∗ AVEVA Wonderware License Server ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for an improper restriction of operations within the bounds of a memory buffer vulnerability in the Flexera lmgrd third-party component used by the AVEVA Wonderware License Server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05 ∗∗∗ Vuln: Apache Camel CVE-2018-8027 XML External Entity Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104933 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is affected by a cross-site scripting vulnerability. (CVE-2018-1554) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10713695 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717143 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717517 ∗∗∗ IBM Security Bulletin: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could affect IBM InfoSphere Optim Performance Manager. CVE-2018-2633 CVE-2018-2603 CVE-2018-2579 ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014113 ∗∗∗ July 31, 2018 TNS-2018-11 [R1] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.07.2018
by Daily end-of-shift report 31 Jul '18

31 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 30-07-2018 18:00 − Dienstag 31-07-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ "National CERT" vs. "National CSIRTs" ∗∗∗ --------------------------------------------- "National CERT" vs. "National CSIRTs"2018/07/31The NIS Directive built upon previous work in the space of network and information security and also tried to use the established language of the field. This worked - up to a point. Im trying to summarize the differences and pitfalls regarding the term "national CSIRT". --------------------------------------------- http://www.cert.at/services/blog/20180731155524-2252_en.html ∗∗∗ Betrug mit günstigen Wohnungen ∗∗∗ --------------------------------------------- Kriminelle inserieren günstige Wohnungen in guter Lage. Sie teilen Wohnungssuchenden mit, dass eine Besichtigung der Immobilie nur bei Bezahlung einer hohen Kaution möglich sei. Interessent/innen, die das Geld an das genannten Unternehmen bezahlen, verlieren es, denn es gibt die angebotene Wohnung nicht. --------------------------------------------- https://www.watchlist-internet.at/news/betrug-mit-guenstigen-wohnungen/ ∗∗∗ Update on the Distrust of Symantec TLS Certificates ∗∗∗ --------------------------------------------- Firefox 60 (the current release) displays an “untrusted connection” error for any website using a TLS/SSL certificate issued before June 1, 2016 that chains up to a Symantec root certificate. This is part of the consensus proposal for removing trust in Symantec TLS certificates that Mozilla adopted in 2017. This proposal was also adopted by the Google Chrome team, and more recently Apple announced their plan to distrust Symantec TLS certificates. --------------------------------------------- https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-syma… ===================== = Vulnerabilities = ===================== ∗∗∗ OTRS: Eine Schwachstelle ermöglicht das Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- Ein Agent kann in OTRS als entfernter, einfach authentifizierter Angreifer mit Hilfe einer speziell präparierten URL seine Privilegien eskalieren und beliebige Benutzerrechte erlangen. Dazu gehören auch Adminstratorrechte. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1499/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (network-manager-vpnc), Fedora (wireshark), Oracle (java-1.7.0-openjdk and yum-utils), Red Hat (chromium-browser, java-1.7.0-openjdk, memcached, qemu-kvm-rhev, and yum-utils), Scientific Linux (java-1.7.0-openjdk and yum-utils), Slackware (file and seamonkey), SUSE (gdk-pixbuf, libcgroup, libcgroup1, libvirt, and sssd), and Ubuntu (mysql-5.5 and mysql-5.5, mysql-5.7). --------------------------------------------- https://lwn.net/Articles/761375/ ∗∗∗ Drupal 8 release on August 1st, 2018 - DRUPAL-PSA-2018-07-30 ∗∗∗ --------------------------------------------- The Drupal Security Team will be coordinating a security release for Drupal 8 this week on Wednesday, August 1, 2018. (We are issuing this PSA in advance because the in the regular security release window schedule, August 1 would not typically be a core security window.)The Drupal 8 core release will be made between noon and 3pm EDT. It is rated as moderately critical and will be an update to a vendor library only.August 1 also remains a normal security release window for contributed projects. --------------------------------------------- https://www.drupal.org/psa-2018-07-30 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719211 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719209 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IPv6 and MQ affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717931 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717693 ∗∗∗ IBM Security Bulletin: RCE vulnerability (CVE-2018-1595) affects IBM Platform Symphony, IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=isg3T1027819 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in freetype2 (CVE-2016-10328) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719055 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in dhcp (CVE-2018-5732 CVE-2018-5733) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719059 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719203 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in GNU C Library ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719047 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM GSKit affect IBM Personal Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717437 ∗∗∗ Linux kernel vulnerability CVE-2016-8650 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K46394694 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.07.2018
by Daily end-of-shift report 30 Jul '18

30 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-07-2018 18:00 − Montag 30-07-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ An Introduction to the Xposed Framework for Android Penetration Testing ∗∗∗ --------------------------------------------- Introduction When it comes to the Pen Testing of Android-based applications, the main focus and attention of the Pen Tester is to live in the mindset of the Cyber attacker literally. The Pen Tester must then carry out an attack to see how the software code can be manipulated, what the weak spots of the […]The post An Introduction to the Xposed Framework for Android Penetration Testing appeared first on InfoSec Resources.An Introduction to the Xposed Framework for Android Penetration --------------------------------------------- https://resources.infosecinstitute.com/an-introduction-to-the-xposed-framew… ∗∗∗ Top 10 Free Threat-Hunting Tools ∗∗∗ --------------------------------------------- Threat hunting is an alternative approach to dealing with cyber-attacks, compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a system. While these common methods of defense generally investigate threats after they have occurred, the strategy of threat hunting involves searching through networks, detecting and isolating […]The post Top 10 Free Threat-Hunting Tools appeared first on InfoSec Resources.Top 10 Free --------------------------------------------- https://resources.infosecinstitute.com/top-10-free-threat-hunting-tools/ ∗∗∗ State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China ∗∗∗ --------------------------------------------- Heres a timely reminder that email isnt the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. --------------------------------------------- https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libextractor and wesnoth), Debian (ffmpeg, fuse, libidn, mercurial, openssl, policykit-1, tomcat7, tomcat8, wireshark, and wordpress), Fedora (java-1.8.0-openjdk, java-openjdk, libpng10, php, sox, and suricata), Gentoo (curl and znc), openSUSE (bouncycastle, Chromium, cinnamon, e2fsprogs, ImageMagick, kernel, libgcrypt, mercurial, openssh, openssl-1_0_0, openssl-1_1, python, qutebrowser, rubygem-sprockets, shadow, and xen), Slackware (kernel), ... --------------------------------------------- https://lwn.net/Articles/761324/ ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2016-0702). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718745 ∗∗∗ IBM Security Bulletin: Users of Helm with IBM Cloud Private can elevate their privileges (CVE-2018-1714) ∗∗∗ --------------------------------------------- https://www-prd-trops.events.ibm.com/node/718339 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22017447 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717895 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in GNU C Library (CVE-2017-12133) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718991 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in Freetype 2 (CVE-2016-10328) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718665 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in PHP (CVE-2018-7584) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718663 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilties in dhcp (CVE-2018-5732, CVE-2018-5733) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718661 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilties in GNU C Library ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718659 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerabilities in freetype2 (CVE-2016-10244 CVE-2017-8105 CVE-2017-8287) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718993 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in IPsec-Tools (CVE-2016-10396) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718657 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718381 ∗∗∗ IBM Security Bulletin: IBM Cloud Functions is affected by two function runtimevulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718977 ∗∗∗ HPESBHF03867 rev.1 - HPE Systems with Intel-based processors with SPI Flash Engine, Local Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.07.2018
by Daily end-of-shift report 27 Jul '18

27 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-07-2018 18:00 − Freitag 27-07-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Häftlinge erhacken sich Guthaben im Wert von 225.000 Dollar ∗∗∗ --------------------------------------------- Durch Austricksen eines Tablet-Systems haben sich US-Häftlinge Guthaben für Digitalkonsum verschafft. --------------------------------------------- https://futurezone.at/digital-life/haeftlinge-erhacken-sich-guthaben-im-wer… ∗∗∗ NetSpectre liest RAM via Netzwerk aus ∗∗∗ --------------------------------------------- NetSpectre greift ohne ausführbaren Schadcode an – zwar fließen nur wenige Bytes pro Stunde, aber ungeschützte Server und Storage-Systeme sind angreifbar. --------------------------------------------- http://heise.de/-4121831 ∗∗∗ State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China ∗∗∗ --------------------------------------------- Heres a timely reminder that email isnt the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity .. --------------------------------------------- https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [CORE-2018-0009] - SoftNAS Cloud OS Command Injection ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542187 ∗∗∗ Vuln: Apache Kafka CVE-2017-12610 User Impersonation Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104899 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2018
by Daily end-of-shift report 26 Jul '18

26 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-07-2018 18:00 − Donnerstag 26-07-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A mining multitool ∗∗∗ --------------------------------------------- Recently, an interesting miner implementation appeared on Kaspersky Lab’s radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers. --------------------------------------------- https://securelist.com/a-mining-multitool/86950/ ∗∗∗ Attack inception: Compromised supply chain within a supply chain poses new risks ∗∗∗ --------------------------------------------- A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a Read more --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inceptio… ∗∗∗ New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel ∗∗∗ --------------------------------------------- We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6eLtSVD7Bqc/ ∗∗∗ Zwei Jahre alter Mac-Trojaner kursiert wieder ∗∗∗ --------------------------------------------- Die Malware Calisto soll Vorläufer des Proton-Schädlings sein, der sich über gefälschte Apps verbreitete. --------------------------------------------- http://heise.de/-4120597 ===================== = Vulnerabilities = ===================== ∗∗∗ Xen Security Advisory 274 - Linux: Uninitialized state in PV syscall return path ∗∗∗ --------------------------------------------- A rogue user-space program could crash a guest kernel. Privilege escalation cannot be ruled out. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2018-07/msg00004.ht… ∗∗∗ Sicherheitslücken in ClamAV: Angreifer können Rechner lahmlegen ∗∗∗ --------------------------------------------- Der Open-Souce-Virenscanner ermöglicht Denial-of-Service-Angriffe aus der Ferne. Das BSI rät zum umgehenden Update. --------------------------------------------- http://heise.de/-4120917 ∗∗∗ Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub ∗∗∗ --------------------------------------------- Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung to ensure that these issues have been resolved and that a firmware update has been made available for affected customers. --------------------------------------------- https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (jenkins), CentOS (java-1.8.0-openjdk, openslp, and thunderbird), Fedora (dcraw and httpd), Oracle (java-1.8.0-openjdk and thunderbird), Red Hat (procps), Scientific Linux (thunderbird), SUSE (kernel), and Ubuntu (clamav and tomcat7, tomcat8). --------------------------------------------- https://lwn.net/Articles/760956/ ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by GNU C library (glibc) vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10716377 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718395 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in libidn2 (CVE-2017-14062) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718807 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in GNU C Library (CVE-2017-12133) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718801 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in NTP ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718877 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in freetype2 (CVE-2017-8287 CVE-2017-8105 CVE-2016-10244) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718879 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libxml2 (CVE-2017-5130 CVE-2017-15412 CVE-2016-5131) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718881 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in dhcp (CVE-2017-3144) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718803 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in ncurses (CVE-2017-13733) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718805 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014442 ∗∗∗ HPESBHF03836 rev.1 - HPE Routers and Switches running Linux-based Comware 5 and Comware 7 Software, Remote Unauthorized Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2018
by Daily end-of-shift report 25 Jul '18

25 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-07-2018 18:00 − Mittwoch 25-07-2018 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Bitdefender Releases Decryption Tool for Older Version of LockCrypt Ransomware ∗∗∗ --------------------------------------------- Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bitdefender-releases-decrypt… ∗∗∗ VB2017 paper and update: Browser attack points still abused by banking trojans ∗∗∗ --------------------------------------------- At VB2017, ESET researchers Peter Kálnai and Michal Poslušný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises the recent developments in this space. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/07/vb2017-paper-and-update-brow… ∗∗∗ Anmeldung auf Probenheld.de ist nicht empfehlenswert ∗∗∗ --------------------------------------------- Gehäuft gehen Beschwerden zu probenheld.de bei uns ein. Die betroffenen Personen berichten von nicht bestellten Produktzusendungen und Rechnungen für Produktproben, die als gratis ausgewiesen waren. Wir empfehlen InteressentInnen sich nicht bei probenheld.de anzumelden, denn der Anbieter verstößt gegen gesetzliche Vorgaben und ist nicht als vertrauenswürdig einzustufen. Erhaltene Rechnungen, Mahnungen oder Inkassoschreiben sollten nicht bezahlt werden. --------------------------------------------- https://www.watchlist-internet.at/news/anmeldung-auf-probenheldde-ist-nicht… ∗∗∗ DHS Warns of Impending Cyber-Attacks on ERP Systems ∗∗∗ --------------------------------------------- the US Department of Homeland Security (DHS) has issued an alert warning of increased activity from nation-state hackers, criminal groups, and hacktivists against Enterprise Resource Planning (ERP) systems. The warning is based on a joint report published two days ago by threat intelligence firms Digital Shadows and Onapsis. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dhs-warns-of-impending-cyber… ===================== = Vulnerabilities = ===================== ∗∗∗ Apache Tomcat: Wichtige Updates schließen Sicherheitslücken ∗∗∗ --------------------------------------------- Neue Versionen der 7er-, 8er- und 9er-Reihe des Anwendungsservers Apache Tomcat bringen unter anderem zwei dringliche Security-Fixes mit. --------------------------------------------- http://heise.de/-4119967 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ant, evolution-data-server, libarchive-zip-perl, mailman, resiprocate, slurm-llnl, and sympa), Mageia (firmware, kernel, microcode, and wesnoth), openSUSE (Chromium), Oracle (openslp and thunderbird), Red Hat (java-1.7.0-oracle, java-1.8.0-oracle, kernel, qemu-kvm-rhev, and thunderbird), SUSE (kernel, nautilus, and xen), and Ubuntu (ant and clamav). --------------------------------------------- https://lwn.net/Articles/760803/ ∗∗∗ Cisco CallManager Express Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Red Hat JBoss Data Virtualization: Eine Schwachstelle ermöglicht einen Clickjacking-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1457/ ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180725-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2® ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10713455 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-0739) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016251 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2017-10356). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016354 ∗∗∗ BIG-IP APM per-request policy object vulnerability CVE-2018-5536 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27391542 ∗∗∗ TMM vulnerability CVE-2018-5530 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45611803 ∗∗∗ BIG-IP ASM vulnerability CVE-2018-5539 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75432956 ∗∗∗ HTTPS monitor vulnerability CVE-2018-5542 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05112543 ∗∗∗ TMM vulnerability CVE-2018-5537 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94105051 ∗∗∗ DNS Express vulnerability CVE-2018-5538 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45435121 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2018
by Daily end-of-shift report 24 Jul '18

24 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 23-07-2018 18:00 − Dienstag 24-07-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Subdomain Takeover: Verwaiste Domains einfach übernehmen ∗∗∗ --------------------------------------------- Subdomain Takeover wird in der IT-Security- und Hacker-Szene immer beliebter. Denn mit der einfachen Übernahme einer verwaisten Subdomain lassen sich schöne Angriffe durchführen oder Bug Bountys von Unternehmen einstreichen. (Sicherheitslücke, Web Service) --------------------------------------------- https://www.golem.de/news/subdomain-takeover-verwaiste-domains-einfach-uebe… ∗∗∗ Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again ∗∗∗ --------------------------------------------- [...] It may therefore seem that looking for security issues in the Electron app will not differ from the web version. This is mostly true, with one important caveat. The web version, when displayed in a browser, contains an address bar. The address bar is in fact the only place where the user can tell if (s)he trusts the domain or not. --------------------------------------------- https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how… ∗∗∗ Förderprogramm der EU zur Stärkung der Cyber-Sicherheit bei KRITIS-Betreibern und Anbietern digitaler Dienste ∗∗∗ --------------------------------------------- Betreiber Kritischer Infrastrukturen (OES) und Anbieter digitaler Dienste (DSP) im Sinne der NIS-Richtlinie haben noch bis zum 22. November 2018 die Möglichkeit, sich um Fördermittel der Europäischen Union im Rahmen des "2018 CEF Telecom Call - Cyber Security" (CEF-TC-2018-3) zu bewerben. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/EU-Foerderung_KRI… ∗∗∗ Recent Emotet activity ∗∗∗ --------------------------------------------- So far in 2018, Ive seen a great deal of malicious spam (malspam) pushing Emotet malware. Its probably the most common malspam threat Ive seen so far in 2018. Within the past week, the some good posts about Emotet have been published: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ ∗∗∗ Bluetooth-Lücke in Millionen Geräten entdeckt ∗∗∗ --------------------------------------------- Eine Nachlässigkeit beim Pairing erlaubt es Angreifer, sich in die Verbindung einzuklinken. Betroffen sind etliche Hersteller, darunter Apple und Qualcomm. --------------------------------------------- http://heise.de/-4118968 ∗∗∗ CPU-Lücken ret2spec und SpectreRSB entdeckt ∗∗∗ --------------------------------------------- Forscher der Uni Saarland und der Uni Kalifornien enttarnen neue Sicherheitslücken, die zu bekannten und erwarteten Spectre- und Spectre-NG-Bugs hinzukommen. --------------------------------------------- http://heise.de/-4119197 ∗∗∗ Chinesische Domainregistrierung mit Unternehmensname ∗∗∗ --------------------------------------------- Unternehmen erhalten eine E-Mail, in der es heißt, dass Dritte ihren Unternehmensnamen für eine chinesische Domainregistrierung nutzen wollen. Aus diesem Grund macht ihnen chinaregistriy.net.cn das Angebot, sich die Domain rechtzeitig zu sichern. Die Preise dafür sind weit überhöht. Eine Notwendigkeit für die Registrierung gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/chinesische-domainregistrierung-mit-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (network-manager-vpnc), Fedora (haproxy, mailman, and NetworkManager-vpnc), Mageia (clamav, ffmpeg, rust, thunderbird, and wireshark), Oracle (java-1.8.0-openjdk and openslp), Red Hat (rh-ror42-rubygem-sprockets and rh-ror50-rubygem-sprockets), Scientific Linux (java-1.8.0-openjdk and openslp), SUSE (ImageMagick, libofx, php53, and python-dulwich), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-hwe, linux-azure, [...] --------------------------------------------- https://lwn.net/Articles/760685/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server in IBM Cloud April 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10718297 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717631 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016016 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716907 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718419 ∗∗∗ Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01152385 ∗∗∗ Binutils vulnerability CVE-2018-13033 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20503360 ∗∗∗ Multiple BinUtils vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52513065 ∗∗∗ BinUtils vulnerabilities CVE-2018-6759 and CVE-2018-6872 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52513065 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2018
by Daily end-of-shift report 23 Jul '18

23 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-07-2018 18:00 − Montag 23-07-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Half a Billion IoT Devices Vulnerable to DNS Rebinding Attacks ∗∗∗ --------------------------------------------- Armis, the cyber-security firm that discovered the BlueBorne vulnerabilities in the Bluetooth protocol, warns that nearly half a billion of todays "smart" devices are vulnerable to a decade-old attack known as DNS rebinding. --------------------------------------------- https://www.bleepingcomputer.com/news/security/half-a-billion-iot-devices-v… ∗∗∗ Academics Announce New Protections Against Spectre and Rowhammer Attacks ∗∗∗ --------------------------------------------- Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/academics-announce-new-prote… ∗∗∗ Weblogic Exploit Code Made Public (CVE-2018-2893), (Fri, Jul 20th) ∗∗∗ --------------------------------------------- [UPDATE] We do see first exploit attempts. The exploit attempts to download additional code from %%ip:185.159.128.200%% . We are still looking at details, but it looks like the code attempts to install a backdoor. The initial exploit came from %%ip:5.8.54.27%%. --------------------------------------------- https://isc.sans.edu/diary/rss/23896 ∗∗∗ Maldoc analysis with standard Linux tools, (Sun, Jul 22nd) ∗∗∗ --------------------------------------------- I received a malicious Word document (Richiesta.doc MD5 2f87105fea2d4bae72ebc00efc6ede56) with heavily obfuscated VBA code: just a few functional lines of code, the rest is junk code. --------------------------------------------- https://isc.sans.edu/diary/rss/23900 ∗∗∗ TA18-201A: Emotet Malware ∗∗∗ --------------------------------------------- Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-201A ∗∗∗ TeamViewer reagiert auf Passwort-Leck ∗∗∗ --------------------------------------------- Das Fernwartungs-Tool TeamViewer wird vergesslich: Künftig merkt es sich Passwörter nur noch fünf Minuten, um Angriffe zu erschweren. --------------------------------------------- http://heise.de/-4118201 ∗∗∗ Erpressung durch Passwortdiebstahl und Masturbationsvideo ∗∗∗ --------------------------------------------- InternetuserInnen erhalten momentan vermehrt E-Mails in denen sie dazu aufgefordert werden, Geld dafür zu bezahlen, dass ein heimlich per Webcam aufgenommenes Masturbationsvideo von ihnen nicht veröffentlicht wird. Um zu einer Zahlung zu bewegen, wird auch ein altes Passwort der betroffenen Personen in der Mail angegeben. EmpfängerInnen der Nachricht sollten ihre Passwörter ändern aber das Geld auf keinen Fall bezahlen, denn die Masturbationsvideos existieren nicht. --------------------------------------------- https://www.watchlist-internet.at/news/erpressung-durch-passwortdiebstahl-u… ∗∗∗ Nicht im Fake-Shop fitolino.net einkaufen ∗∗∗ --------------------------------------------- Der Online-Shop fitolino.net vertreibt günstige Produkte für den Haushalt und den Garten. Konsument/innen, die bei dem Anbieter einkaufen, verlieren ihr Geld, denn trotz Bezahlung gibt es keine Ware. Darüber hinaus verfügen Kriminelle über Daten ihrer Opfer, die sie für Verbrechen unter fremden Namen nützen können. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-im-fake-shop-fitolinonet-einka… ===================== = Vulnerabilities = ===================== ∗∗∗ National Instruments Linux Driver Remote Code Injection ∗∗∗ --------------------------------------------- Topic: National Instruments Linux Driver Remote Code Injection Risk: High Text:Hello folks, ive recently discovered a critical vulnerability in the National Instruments Linux driver package, which open [...] --------------------------------------------- https://cxsecurity.com/issue/WLB-2018070204 ∗∗∗ OpenSSL vulnerability CVE-2018-0732 ∗∗∗ --------------------------------------------- OpenSSL vulnerability CVE-2018-0732. Security Advisory. Security Advisory Description. During key agreement in a TLS [...] --------------------------------------------- https://support.f5.com/csp/article/K21665601 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache, networkmanager-vpnc, and znc), Debian (gosa, opencv, and slurm-llnl), Fedora (evolution, evolution-data-server, evolution-ews, gnome-bluetooth, libtomcrypt, podman, python-cryptography, and rust), Gentoo (passenger), Red Hat (java-1.8.0-openjdk and openslp), Slackware (php), SUSE (openssl-1_1, procps, python, rsyslog, rubygem-passenger, and xen), and Ubuntu (mutt). --------------------------------------------- https://lwn.net/Articles/760583/ ∗∗∗ Synology-SA-18:37 Photo Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to hijack web sessions via a susceptible version of Synology Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_37 ∗∗∗ VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/304725 ∗∗∗ Bugtraq: Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542174 ∗∗∗ Apache Tomcat: Mehrere Schwachstellen ermöglichen u. a. das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1443/ ∗∗∗ Apple macOS: Mehrere Schwachstellen ermöglichen u. a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1059/ ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716653 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (‪CVE-2018-8012)‬‬‬ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716659 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (‪CVE-2017-3738, CVE-2017-3736)‬‬‬ ∗∗∗ --------------------------------------------- https://www-prd-trops.events.ibm.com/node/716657 ∗∗∗ IBM Security Bulletin: Rational Software Architect Design Manager is vulnerable to cross-site scripting (CVE-2018-1400) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717617 ∗∗∗ RSA Archer Flaws Let Remote Authenticated Users Conduct Cross-Site Scripting Attacks and Gain Elevated Privileges via a REST API ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041359 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily