Daily

daily@lists.cert.at

3095 discussions

Tageszusammenfassung - 09.05.2018
by Daily end-of-shift report 09 May '18

09 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-05-2018 18:00 − Mittwoch 09-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ "Hide and Seek" Becomes First IoT Botnet Capable of Surviving Device Reboots ∗∗∗ --------------------------------------------- Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hide-and-seek-becomes-first-… ∗∗∗ PoC Developed for CoinHive Mining In Excel Using Custom JavaScript Functions ∗∗∗ --------------------------------------------- Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poc-developed-for-coinhive-m… ∗∗∗ Call for speakers One Conference ∗∗∗ --------------------------------------------- The international One Conference 2018 will take place on October 2 & 3 in The Hague. Overall theme of this edition is "Merging Worlds – Securing the connected future". --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/call-for-speakers-one-confe… ∗∗∗ Nice Phishing Sample Delivering Trickbot, (Wed, May 9th) ∗∗∗ --------------------------------------------- Users have to deal with phishing for a very long time. Today, most of them remain dumb messages quickly redacted with a simple attached file and a message like "Click on me, its urgent!". Yesterday, I put my hands on a very nice sample that deserve to be dissected to demonstrate that phishing campaigns remain an excellent way to infect a computer! --------------------------------------------- https://isc.sans.edu/diary/rss/23641 ∗∗∗ Massive localstorage[.]tk Drupal Infection ∗∗∗ --------------------------------------------- After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: [...] --------------------------------------------- https://blog.sucuri.net/2018/05/massive-localstorage-tk-drupal-infection.ht… ∗∗∗ Its 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V ∗∗∗ --------------------------------------------- Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon peoples personal information, and so on. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/09/microsoft_w… ∗∗∗ Introducing Orchestrator decryption tool ∗∗∗ --------------------------------------------- Researched and written by Donny Maasland and Rindert Kramer Introduction During penetration tests we sometimes encounter servers running software that use sensitive information as part of the underlying process, such as Microsoft’s System Center Orchestrator. According to Microsoft, Orchestrator is a workflow management solution for data centers and can be used to automate the creation, [...] --------------------------------------------- https://blog.fox-it.com/2018/05/09/introducing-orchestrator-decryption-tool/ ∗∗∗ Netzwerkfähige Medizinprodukte besser schützen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/sicherheits… ∗∗∗ Gandcrab Ransomware Walks its Way onto Compromised Sites ∗∗∗ --------------------------------------------- This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski.Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft. --------------------------------------------- https://blog.talosintelligence.com/2018/05/gandcrab-compromised-sites.html ∗∗∗ Google CTF 2018 is here ∗∗∗ --------------------------------------------- https://security.googleblog.com/2018/05/google-ctf-2018-is-here.html ∗∗∗ Gefälschte Mobilis GmbH-Bestellung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bestellung der Mobilis GmbH. In dem geschäftlichen Schreiben fordern sie von Unternehmen, dass diese den Dateianhang für weiterführende Informationen zum Einkauf öffnen. In Wahrheit verbirgt er Schadsoftware. Aus diesem Grund ist es wichtig, dass Empfänger/in die vermeintliche Bestellung nicht öffnen und die Nachricht in ihren Spam-Ordner verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-mobilis-gmbh-bestellung-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2018-8897 ∗∗∗ --------------------------------------------- Aktuell gehen Medienberichte über einen Bug im Umgang von Betriebssystemen mit Intel und AMD CPUs umher, dazu hatten wir die ersten Rückfragen bezüglich der Kritikalität. Wir sehen das nicht tragisch: der Bug ist nach momentanem Wissensstand weder remote noch via JavaScript etc. ausnutzbar, und daher "nur" eine klassische Privilege Escalation. --------------------------------------------- http://www.cert.at/services/blog/20180509142228-2199.html ∗∗∗ Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and OS command injection vulnerabilities in Silex Technology SX-500, SD-320AN, and GE Healthcare MobileLink devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01 ∗∗∗ Siemens Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation vulnerabilities in Siemens SINAMICS modular drive systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-01 ∗∗∗ Siemens Siveillance VMS ∗∗∗ --------------------------------------------- This advisory includes mitigations for a deserialization of untrusted data vulnerability in the Siemens Siveillance Video Management Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-02 ∗∗∗ Siemens Siveillance VMS Video Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper certificate validation vulnerability in the Siemens Siveillance VMS mobile app. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-03 ∗∗∗ May 2018 Office Update Release ∗∗∗ --------------------------------------------- The May 2018 Public Update releases for Office are now available! This month, there are 30 security updates and 22 non-security updates. All of the security and non-security updates are listed in KB article 4133083. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/05/08… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Gentoo (rsync), openSUSE (Chromium), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and php7), and Ubuntu (dpdk, libraw, linux, linux-lts-trusty, linux-snapdragon, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/754021/ ∗∗∗ Security Update Summary ∗∗∗ --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/summary ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ [R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-04 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01294982 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2796 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K71021401 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2798 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24593421 Next End-of-Day report: 2018-05-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.05.2018
by Daily end-of-shift report 08 May '18

08 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 07-05-2018 18:00 − Dienstag 08-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Office 365 Zero-Day Used in Real-World Phishing Campaigns ∗∗∗ --------------------------------------------- A new email attack known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/office-365-zero-day-used-in-… ∗∗∗ Don’t Share Email with Scripts and Macros ∗∗∗ --------------------------------------------- Sharing documents scripts and macros over email is a habit you want to break, says Broderick Aquilino, Senior Researcher at F-Secure. "Both scripts and macros are commonly used attack vectors," he told us. "Users practicing this increase their risk because it becomes harder for them to distinguish something malicious from what they are receiving day [...] --------------------------------------------- https://safeandsavvy.f-secure.com/2018/05/08/dont-share-email-with-scripts-… ∗∗∗ How to Protect Your Web Applications From XXE Attacks ∗∗∗ --------------------------------------------- XML External Entities (XXE) Attacks are now the 4th greatest risk to web applications as per OWAPS Top 10. --------------------------------------------- https://www.htbridge.com/blog/how-to-protect-your-web-applications-from-xxe… ∗∗∗ Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users ∗∗∗ --------------------------------------------- We discovered a malware family called Maikspy - a multi-platform spyware that can steal users' private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016. Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware… ∗∗∗ Drupal-Lücken: Lenovo versäumt Webseiten-Update und fängt sich Krypto-Miner ein ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher warnt, dass Angreifer gegenwärtig ungepatchte Drupal-Webseiten attackieren, um dort einen Kryptogeld-Miner zu platzieren. Sicherheitsupdates sind schon länger verfügbar. --------------------------------------------- https://www.heise.de/-4044683 ∗∗∗ Mobile Menace Monday: re-emergence of a fake Android AV ∗∗∗ --------------------------------------------- Way back in early 2013, a new antivirus (AV) company emerged into the mobile security software industry that had everyone perplexed. It seemed like a fake Android AV, but received certification by a reputable AV testing organization! Now, five years later, its back. Heres why you shouldnt trust it. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2018/05/mobile-menace-monda… ∗∗∗ 8 Tips to Harden Your Joomla Installation ∗∗∗ --------------------------------------------- Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla [...] --------------------------------------------- https://www.tripwire.com/state-of-security/featured/8-tips-harden-joomla-in… ∗∗∗ Hacking train passenger Wi-Fi ∗∗∗ --------------------------------------------- After speaking about Wi-Fi security at a rail industry conference last week, it struck me that very insecure passenger networks are making their way on to trains. So, here's a quick check list for making sure your pax Wi-Fi network is secure. Similar checks could be applied to your guest network in your office, Wi-Fi [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/hacking-train-passenger-wi-fi/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-12), Adobe Flash Player (APSB18-16), and Adobe Connect (APSB18-18). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1557 ∗∗∗ iPrint Appliance 2.1 Patch 7 ∗∗∗ --------------------------------------------- Abstract: iPrint Appliance 2.1 Patch 7 is a cumulative patch including fixes from all the previous 2.1 patches and hot fixes. Document ID: 5377430Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:iPrint-2.1.0.87.HP.zip (950.24 MB)Products:iPrint Appliance 2.1Superceded Patches:iPrint Appliance 2.1 --------------------------------------------- https://download.novell.com/Download?buildid=uKzGH3eCxf0~ ∗∗∗ SAP Security Patch Day - May 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape. --------------------------------------------- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ ∗∗∗ Android Security Bulletin - May 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-05-05 or later address all of these issues. To learn how to check a devices security patch level, see Check & update your Android version. --------------------------------------------- https://source.android.com/security/bulletin/2018-05-01 ∗∗∗ USN-3639-1: LibRaw vulnerabilities ∗∗∗ --------------------------------------------- libraw vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.04 LTSUbuntu 17.10Ubuntu 16.04 LTSSummarySeveral security issues were fixed in LibRaw.Software Descriptionlibraw - raw image decoder libraryDetailsIt was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to execute arbitrary code.(CVE-2018-10528)It was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to [...] --------------------------------------------- https://usn.ubuntu.com/3639-1/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (wget), SUSE (patch), and Ubuntu (qpdf). --------------------------------------------- https://lwn.net/Articles/753882/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0004 ∗∗∗ --------------------------------------------- Date Reported: May 07, 2018 Advisory ID: WSA-2018-0004 CVE identifiers: CVE-2018-4121, CVE-2018-4200,CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4121 Versions affected: WebKitGTK+ before 2.20.0. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Description: Multiple memory corruptionissues were addressed with improved memory handling. --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0004.html ∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011364 ∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15526101 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.05.2018
by Daily end-of-shift report 07 May '18

07 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-05-2018 18:00 − Montag 07-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Drupal Sites Fall Victims to Cryptojacking Campaigns ∗∗∗ --------------------------------------------- After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining. --------------------------------------------- https://www.bleepingcomputer.com/news/security/drupal-sites-fall-victims-to… ∗∗∗ SynAck Ransomware Uses Process Doppelgänging Technique ∗∗∗ --------------------------------------------- A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique. --------------------------------------------- https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-proce… ∗∗∗ How to Protect Yourself From GDPR-Related Phishing Scams ∗∗∗ --------------------------------------------- Fourteen emails. That’s the amount of GDPR policy notification emails I’ve received in the past few weeks. The EU’s General Data Protection Regulation (GDPR) compliance deadline is May 25, requiring companies around the world to notify their contacts about data privacy changes under this new rule. --------------------------------------------- http://resources.infosecinstitute.com/protect-gdpr-phishing-scams/ ∗∗∗ Lenovo Patches Arbitrary Code Execution Flaw ∗∗∗ --------------------------------------------- Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line. --------------------------------------------- https://threatpost.com/lenovo-patches-arbitrary-code-execution-flaw/131725/ ∗∗∗ Umsetzung NIS-Richtlinie abgeschlossen - neue Pflichten für Anbieter digitaler Dienste ∗∗∗ --------------------------------------------- Im Zuge der Umsetzung der EU-Richtlinie zur Netzwerk- und Informationssicherheit (NIS-Richtlinie) müssen Anbieter von Suchmaschinen, Cloud-Computing-Diensten und Online-Marktplätzen mit Sitz in Deutschland ab 10. Mai 2018 IT-Sicherheitsvorfälle mit erheblichen Auswirkungen auf den betriebenen Dienst an das Bundesamt für Sicherheit in der Informationstechnik (BSI) melden. Gleichzeitig gelten dann europaweit einheitliche Mindestanforderungen [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/NIS-Richtli… ∗∗∗ MassMiner: Kryptogeld-Miner hat es auf Web-Server abgesehen ∗∗∗ --------------------------------------------- Unbekannte Angreifer attackieren Sicherheitsforschern zufolge derzeit gezielt Server mit verwundbaren Versionen von Apache Struts, Oracle WebLogic und Windows SMB. Sicherheitspatches sind schon länger verfügbar. --------------------------------------------- https://heise.de/-4043366 ∗∗∗ Spectre-NG: Intel verschiebt die ersten Patches – koordinierte Veröffentlichung aufgeschoben ∗∗∗ --------------------------------------------- Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehensoll. --------------------------------------------- https://www.heise.de/-4043790 ∗∗∗ Windows Defender Exploit Guard – Attack Surface Reduction Rules aktivieren ∗∗∗ --------------------------------------------- Mit Windows 10 v1709 hat Microsoft der Defender-Plattform zusätzliche, interessante Features spendiert, die nun mit Win10-Release 1803 um weitere Möglichkeiten ergänzt wurden. So lassen sich zum Beispiel folgende Regeln aktivieren, welche das Risiko einer Malware-Infektion in einigen Szenarien deutlich reduzieren können: [...] --------------------------------------------- https://hitco.at/blog/windows-defender-exploit-guard-attack-surface-reducti… ===================== = Vulnerabilities = ===================== ∗∗∗ Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch") ∗∗∗ --------------------------------------------- Some platforms with integrated GPUs, such as smartphones, may allow both side-channel and rowhammer attacks via WebGL, which may allow a remote attacker to compromise the browser on an affected platform. An attack technique that leverages these vulnerabilities is called "GLitch." --------------------------------------------- https://www.kb.cert.org/vuls/id/283803 ∗∗∗ Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM (Multi-Master Replication Manager for MySQL) it ensures that only one node is writeable at a time. Using MySQL MMM an end user can also choose to move their Virtual IP addresses to different servers depending on their replication [...] --------------------------------------------- https://blog.talosintelligence.com/2018/05/vulnerability-spotlight-mysql-mm… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libdatetime-timezone-perl, libmad, lucene-solr, tzdata, and wordpress), Fedora (drupal7, scummvm, scummvm-tools, and zsh), Mageia (boost, ghostscript, gsoap, java-1.8.0-openjdk, links, and php), openSUSE (pam_kwallet), and Slackware (python). --------------------------------------------- https://lwn.net/Articles/753687/ ∗∗∗ Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208804 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016092 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015944 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016039 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011857 ∗∗∗ RSA Authentication Manager Bugs Let Remote Users Inject HTTP Headers and Remote Authenticated Users Conduct XML External Entity Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040835 ∗∗∗ Side-channel processor vulnerability CVE-2018-9056 (BranchScope) ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35135935 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.05.2018
by Daily end-of-shift report 04 May '18

04 May '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-05-2018 18:00 − Freitag 04-05-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Dateikompression: Bug in 7-Zip 18.01 ermöglicht Codeausführung beim Entpacken ∗∗∗ --------------------------------------------- Ein Bug macht sich uninitialisierten Speicher zunutze, um darüber beliebigen Code beim Entpacken von Dateiarchiven mit 7-Zip auszuführen. Ein Softwareentwickler hat die Lücke entdeckt und zu Demonstrationszwecken ausgenutzt. Statt dem Windows-Taschenrechner könnte darüber auch Schlimmeres ausgeführt werden. --------------------------------------------- https://www.golem.de/news/dateikompression-bug-in-7-zip-18-01-ermoeglicht-c… ∗∗∗ IMHO: Ein Lob für Twitter und Github ∗∗∗ --------------------------------------------- Bei Github wurden Passwörter versehentlich im Klartext gespeichert. Kurze Zeit später meldete Twitter ein ähnliches Problem. Es gibt keinen Hinweis darauf, dass dadurch Nutzer gefährdet wurden. Trotzdem gingen die Firmen damit transparent um - richtig so! --------------------------------------------- https://www.golem.de/news/imho-ein-lob-fuer-twitter-und-github-1805-134232.… ∗∗∗ Rooting a Logitech Harmony Hub: Improving Security in Todays IoT World ∗∗∗ --------------------------------------------- Introduction FireEye’s Mandiant Red Team recently discovered vulnerabilities present on the Logitech Harmony Hub Internet of Things (IoT) device that could potentially be exploited, resulting in root access to the device via SSH. The Harmony Hub is a home control system designed to connect to and control a variety of devices in the user’s .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/05/rooting-logitech-harmon… ∗∗∗ ICS-Systeme von Schneider Electric: Angreifer könnten Fabriken übernehmen ∗∗∗ --------------------------------------------- In den Industrie-Kontrollsystemen InduSoft Web Studio und InTouch Machine Edition von Schneider Electric klaffen kritische Sicherheitslücken. Patches sind verfügbar. --------------------------------------------- https://www.heise.de/meldung/ICS-Systeme-von-Schneider-Electric-Angreifer-k… ∗∗∗ Wie Google mit veralteten und unsicheren Android-Apps aufräumen will ∗∗∗ --------------------------------------------- Entwickler sehen sich künftig mit wesentlich härteren Vorschriften konfrontiert – Umstellung bringt Mehrarbeit --------------------------------------------- http://derstandard.at/2000078894766 ∗∗∗ Google rolls out .app domains with built-in HTTPS ∗∗∗ --------------------------------------------- The move is part of the company’s HTTPS-everywhere vision for the internet .. --------------------------------------------- https://www.welivesecurity.com/2018/05/04/google-rolls-app-domain-built-htt… ===================== = Vulnerabilities = ===================== ∗∗∗ Philips Brilliance Computed Tomography (CT) System ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for execution with unnecessary privileges, exposure of resource to wrong sphere, and use of hard-coded credentials vulnerabilities in Philips Brillance CT Scanners. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01 ∗∗∗ Lantech IDS 2102 ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation and stack-based buffer overflow vulnerabilities in the Lantech IDS 2102 Ethernet device server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01 ∗∗∗ DSA-4191 redmine - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4191 ∗∗∗ DSA-4189 quassel - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4189 ∗∗∗ Security Advisory 2018-01: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-01-security-update-for-ot… ∗∗∗ Use of hardcoded credentials for communication between Meru access points and FortiWLC ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-274 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.05.2018
by Daily end-of-shift report 03 May '18

03 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-05-2018 18:00 − Donnerstag 03-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Notfall-Hotline für von Cybercrime betroffene Unternehmen in Wien ∗∗∗ --------------------------------------------- Anzeigen wegen Cybercrime-Delikten sind im Vorjahr in Österreich um rund 28 Prozent gestiegen. ... Die WK Wien startete deshalb eine Notfall-Hotline für betroffene Unternehmen. --------------------------------------------- http://derstandard.at/2000079106868 ∗∗∗ Threat Roundup for April 20-27 ∗∗∗ --------------------------------------------- Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 20 and 27. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics, indicators of compromise... --------------------------------------------- http://blog.talosintelligence.com/2018/04 /threat-round-up-0420-0427.html ∗∗∗ Betrug mit gefälschter Microsoft-Warnung ∗∗∗ --------------------------------------------- Mit einer gefälschten Microsoft-Warnung fordern Kriminelle von Konsument/innen, dass sie telefonisch Kontakt mit einem Support-Center aufnehmen. Es teilt ihnen mit, dass ihr Computer mit Schadsoftware befallen sei. Aus diesem Grund sollen sie ein Programm herunterladen und für die Hilfestellung bezahlen. Kommen die Konsument/innen den Aufforderungen nach, verlieren sie Geld und infizieren ihr Endgerät mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news /betrug-mit-gefaelschter-microsoft-warnung/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: * WebEx Advanced Recording Format Remote Code Execution Vulnerability cisco-sa-20180502-war * Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability cisco-sa-20180502-prime-upload * Secure Access Control System Remote Code Execution Vulnerability cisco-sa-20180502-acs1 * Wireless LAN Controller 802.11 Management Frame Denial-of-Service Vulnerability cisco-sa-20180502-wlc-mfdos * Wireless LAN Controller IP Fragment Reassembly Denial-of-Service Vulnerability cisco-sa-20180502-wlc-ip * Meeting Server Remote Code Execution Vulnerability cisco-sa-20180502-cms-cx * Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial-of-Service Vulnerability cisco-sa-20180502-ap-ptp * Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability cisco-sa-20180502-aironet-ssh --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/05/02 /Cisco-Releases-Security-Updates ∗∗∗ Weitere Spectre-Lücken im Anflug ∗∗∗ --------------------------------------------- Ganze acht neue Sicherheitslücken in Intel-CPUs haben mehrere Forscher-Teams dem Hersteller bereits gemeldet, die aktuell noch geheimgehalten werden. ... Die konkrete Gefahr für Privatleute und Firmen-PCs ist hingegen eher gering, weil es dort in aller Regel andere, einfacher auszunutzende Schwachstellen gibt. Trotzdem sollte man sie ernst nehmen und die anstehenden Spectre-NG-Updates nach deren Erscheinen zügig einspielen. --------------------------------------------- https://heise.de/-4039134 ∗∗∗ Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar 3. Mai 2018 Beschreibung Das IT-Security Consulting Unternehmen SEC-Consult hat eine kritische Sicherheitslücke in der verbreiteten Software Oracle Access Manager (OAM) entdeckt, die in vielen Umgebungen für Single-Sign-On und andere Login-Szenarios verwendet wird. CVE-Nummer: CVE-2018-2879 Auswirkungen Angreifer können sich durch Ausnutzen der Lücke mit beliebigen Accounts (auch --------------------------------------------- http://www.cert.at/warnings/all/20180503.html ∗∗∗ Docker für Windows: Microsoft patcht Go-Bibliothek hcsshim ∗∗∗ --------------------------------------------- Wer Docker zur Containervirtualisierung unter Windows nutzt oder selbst Go-Programme entwickelt, sollte dringend die Aktualität des "Windows Host Compute Service Shim" (hcsshim)-Packages auf seinem System überprüfen. --------------------------------------------- https://heise.de/-4040139 ∗∗∗ SSA-546832 (Last Update: 2018-05-03): Vulnerabilities in Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf ∗∗∗ SSA-468514 (Last Update: 2018-05-03): Improper Certificate Validation Vulnerability in Siveillance VMS Video Mobile App for Android and iOS ∗∗∗ --------------------------------------------- The latest update for the Siveillance VMS Video mobile app for Android and iOS fixes a security vulnerability that could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. Precondition for this scenario is that an attacker is able to intercept the communication channel between the affected app and a server, and is also able to generate a certificate that results for the validation algorithm in --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf ∗∗∗ SSA-457058 (Last Update: 2018-05-03): .NET Security Vulnerability in Siveillance VMS ∗∗∗ --------------------------------------------- Siemens has released software updates for Siveillance VMS which fix a security vulnerability with the .NET Remoting deserialization that could allow elevation of privileges and/or causing a Denial-of-Service, if affected ports are exposed. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf ∗∗∗ HPESBHF03841 rev.1 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- Several HPE servers that use AMD processors are vulnerable to security defects (Fallout/Masterkey) which allow local unauthorized elevation of privilege, unauthorized modification of information, unauthorized disclosure of information, and Denial of Service. --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, librelp, patch, and python-paramiko), Debian (kernel and quassel), Gentoo (chromium, hesiod, and python), openSUSE (corosync, dovecot22, libraw, patch, and squid), Oracle (java-1.7.0-openjdk), Red Hat (go-toolset-7 and go-toolset-7-golang, java-1.7.0-openjdk, and rh-php70-php), and SUSE (corosync and patch). --------------------------------------------- https://lwn.net/Articles/753457/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK IBM Rational Software Architect and Rational Software Architect for WebSphere Software. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015990 ∗∗∗ IBM Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013601 ∗∗∗ IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012311 ∗∗∗ IBM Security Bulletin: ISC DHCP vulnerability affects TS4500 Tape Library (CVE-2018-5732) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012247 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.05.2018
by Daily end-of-shift report 02 May '18

02 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 30-04-2018 18:00 − Mittwoch 02-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Millionen Autos von Volkswagen und Audi können gehackt werden ∗∗∗ --------------------------------------------- Zwei Sicherheitsforscher haben eine Sicherheitslücke entdeckt, die zahlreiche populäre Fahrzeuge betrifft. --------------------------------------------- https://futurezone.at/digital-life/millionen-autos-von-volkswagen-und-audi-… ∗∗∗ Security baseline for Windows 10 “April 2018 Update” (v1803) – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 “April 2018 Update,” also known as version 1803, “Redstone 4,” or RS4. Download the .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-f… ∗∗∗ 7-Zip: From Uninitialized Memory to Remote Code Execution ∗∗∗ --------------------------------------------- After my previous post on the 7-Zip bugs CVE-2017-17969 and CVE-2018-5996, I continued to spend time on analyzing antivirus software. As it happens, I found a new bug that (as the last two bugs) .. --------------------------------------------- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-e… ∗∗∗ Jetzt absichern! Oracle WebLogic Server im Visier von Angreifern ∗∗∗ --------------------------------------------- Sicherheitsforscher beobachten vermehrt Scans nach verwundbaren WebLogic Servern. Updates stehen bereit – Angreifer sollen den Schutz jedoch umgehen können. --------------------------------------------- https://www.heise.de/meldung/Jetzt-absichern-Oracle-WebLogic-Server-im-Visi… ∗∗∗ Windows 10 1803 ohne Microcode-Updates gegen Spectre V2 ∗∗∗ --------------------------------------------- Die Installation des Windows 10 April 2018 Update verdrängt Microcode-Updates für Intel-Prozessoren aus dem Update KB4090007, die vor der Sicherheitslücke Spectre V2 schützen - man braucht also wieder BIOS-Updates. --------------------------------------------- https://www.heise.de/meldung/Windows-10-1803-ohne-Microcode-Updates-gegen-S… ∗∗∗ Spammer missbrauchen ungefilterte Redirects in Google Maps ∗∗∗ --------------------------------------------- Kriminelle nutzen Googles Online-Kartendienst Maps, um Opfer mittels offener Redirects auf gefährliche Irrwege zu führen. Das Unternehmen weiß um das Problem, scheint aber bislang keinen Handlungsbedarf zu sehen. --------------------------------------------- https://www.heise.de/meldung/Spammer-missbrauchen-ungefilterte-Redirects-in… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (cups-filters, ghostscript, glusterfs, PackageKit, qpdf, and xen), Mageia (anki, libofx, ming, sox, webkit2, and xdg-user-dirs), Oracle (corosync, java-1.7.0-openjdk, and pcs), Red Hat (java-1.7.0-openjdk), Scientific Linux (corosync, firefox, gcc, glibc, golang, java-1.7.0-openjdk, java-1.8.0-openjdk, .. --------------------------------------------- https://lwn.net/Articles/753257/ ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: CA20180501-01: Security Notice for CA Spectrum ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541977 ∗∗∗ Vuln: PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104020 ∗∗∗ Security Advisory - Two Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2018-1000005, CVE-2018-1000007) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014495 ∗∗∗ IBM Security Bulletin: API Connect is affected by an information leakage vulnerability (CVE-2018-1468) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015968 ∗∗∗ IBM SECURITY BULLETIN: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar SIEM. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015825 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.04.2018
by Daily end-of-shift report 30 Apr '18

30 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-04-2018 18:00 − Montag 30-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Issue with BitLocker/DMA setting in Windows 10 “Fall Creators Update” (v1709) ∗∗∗ --------------------------------------------- Update, 27 April 2018: The problem described in this post has been fixed in the April 2018 quality update. Customers that deployed Microsoft’s security baseline for Windows 10 v1709 might have experienced device and component failures. The .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/01/18/issue-with-bitlocke… ∗∗∗ FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation ∗∗∗ --------------------------------------------- Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targe… ∗∗∗ Please don’t buy this: smart toys ∗∗∗ --------------------------------------------- Smart toys attempt to offer what a lot of us imagined as kids—a toy that we can not only play with, but one that plays back. Many models offer voice recognition, facial expressions, hundreds of words and phrases, reaction to touch and impact, and even the ability to learn and retain new information. These .. --------------------------------------------- https://blog.malwarebytes.com/security-world/2018/04/please-dont-buy-smart-… ∗∗∗ Bundesheer-Hacker nahmen an Nato-Übung teil ∗∗∗ --------------------------------------------- In Tallinn wurde geprobt, wie Cyberangriffe abgewehrt werden können --------------------------------------------- http://derstandard.at/2000078919316 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4181 roundcube - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4181 ∗∗∗ DSA-4182 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4182 ∗∗∗ DSA-4186 gunicorn - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4186 ∗∗∗ DSA-4185 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4185 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.04.2018
by Daily end-of-shift report 27 Apr '18

27 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-04-2018 18:00 − Freitag 27-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ PyRoMine Uses NSA Exploit for Monero Mining and Backdoors ∗∗∗ --------------------------------------------- Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. --------------------------------------------- http://threatpost.com/pyromine-uses-nsa-exploit-for-monero-mining-and-backd… ∗∗∗ Analysis of a Malicious Blackhat SEO Script ∗∗∗ --------------------------------------------- An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+ websites and identified that 44% of all website infection cases were misused for SEO spam campaigns. Once a website has been compromised, attackers often use it to distribute malware, host phishing .. --------------------------------------------- https://blog.sucuri.net/2018/04/analysis-of-a-malicious-blackhat-seo-script… ∗∗∗ GravityRAT malware takes your systems temperature ∗∗∗ --------------------------------------------- The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/04/gravityrat-malware-takes-you… ∗∗∗ Phishing für Anspruchsvolle: [A]pache-Kit klont beliebte Online-Shops ∗∗∗ --------------------------------------------- Mitarbeiter des Sicherheitssoftware-Herstellers Check Point haben ein brasilianisches Phishing-Kit unter die Lupe genommen, das zum Abgreifen von Adress- und Kreditkartendaten voll funktionsfähige Marken-Shops imitiert. --------------------------------------------- https://www.heise.de/meldung/Phishing-fuer-Anspruchsvolle-A-pache-Kit-klont… ∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗ --------------------------------------------- Kleinanzeigenportale bieten eine hervorragende Möglichkeit Altes zu Geld zu machen oder das ein oder andere Schnäppchen abzustauben. Die Marktplätze erfreuen sich daher großer Beliebtheit, doch .. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3065&tx_… ===================== = Vulnerabilities = ===================== ∗∗∗ Delta Electronics PMSoft ∗∗∗ --------------------------------------------- This advisory includes mitigations for multiple stack-based overflow vulnerabilities in Delta Electronics PMSoft, a software development tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01 ∗∗∗ WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN08386386/ ∗∗∗ WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "WP Google Map Plugin" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN01040170/ ∗∗∗ WordPress plugin "Events Manager" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Events Manager" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN85531148/ ∗∗∗ Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.04.2018
by Daily end-of-shift report 26 Apr '18

26 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-04-2018 18:00 − Donnerstag 26-04-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Core-i-Prozessoren: Microsoft liefert Spectre-Schutz für Haswell und Broadwell ∗∗∗ --------------------------------------------- Microsoft erweitert die Auslieferung von Spectre-Updates auf Prozessoren der Haswell- und Broadwell-Serien. Das Update ist optional und muss manuell heruntergeladen werden. Viele Nutzer werden von ihren Mainboardherstellern keine Updates mehr bekommen. --------------------------------------------- https://www.golem.de/news/core-i-prozessoren-microsoft-liefert-spectre-schu… ∗∗∗ DDoS attacks in Q1 2018 ∗∗∗ --------------------------------------------- In Q1 2018, we observed a significant increase in both the total number and duration of DDoS attacks against Q4 2017. The new Linux-based botnets Darkai (a Mirai clone) and AESDDoS are largely responsible for this hike. --------------------------------------------- http://securelist.com/ddos-report-in-q1-2018/85373/ ∗∗∗ Mac-Malware will sich per Konfigurationsprofil einnisten ∗∗∗ --------------------------------------------- Eine neue Variante des Schädlings “Crossrider” manipuliert die Einstellungen, um auch eine manuelle Entfernung der Adware durch den Nutzer zu überdauern, warnt eine Sicherheitsfirma. --------------------------------------------- https://heise.de/-4034258 ∗∗∗ Server-Verwaltung: Erpressungstrojaner hat es auf HPE iLo abgesehen ∗∗∗ --------------------------------------------- Aufgrund von Attacken sollten Server-Admins, die auf die Management-Software Integrated Lights-out 4 (iLO 4) von HPE setzen, prüfen, ob ihre Geräte auf dem aktuellen Stand sind und ob der Fernzugriff aktiviert ist. --------------------------------------------- https://heise.de/-4035630 ∗∗∗ "Mılka" statt "Milka": Neue Fake-Gewinnspiele auf Whatsapp im Umlauf ∗∗∗ --------------------------------------------- Betrügerische Nachrichten enthalten täuschend echt wirkende Links --------------------------------------------- http://derstandard.at/2000078631245 ∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗ --------------------------------------------- Die Marktplätze erfreuen sich daher großer Beliebtheit, doch bei der Nutzung dieser Plattformen ist auch Vorsicht geboten. Kriminelle betreiben hier nämlich systematischen Daten- und Identitätsdiebstahl. Nutzer und Nutzerinnen müssen daher gut darüber nachdenken, welche Daten sie über das Internet an unbekannte Personen preisgeben und sollten keine Fotos diverser Ausweisdokumente versenden. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-vor-datendiebstahl-auf-klein… ===================== = Vulnerabilities = ===================== ∗∗∗ Hyperoptics ZTE-made 1Gbps routers had hyper-hardcoded hyper-root hyper-password ∗∗∗ --------------------------------------------- Firmware updates pushed out to up to 400,000 subscribers A security vulnerability has been found in Brit broadband biz Hyperoptics home routers that exposes tens of thousands of its subscribers to hackers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/04/26/hyperoptics… ∗∗∗ JSON API - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2018-021 ∗∗∗ --------------------------------------------- This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an attacker must be allowed to create or modify entities of a certain type, and a very specific and uncommon CORS configuration that allows all other pre-checks to be skipped. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-021 ∗∗∗ Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020 ∗∗∗ --------------------------------------------- The Media module provides an extensible framework for managing files and multimedia assets, regardless of whether they are hosted on your own site or a third party site. The module contained a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution (RCE) attack. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-020 ∗∗∗ PHP: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe. Eine dieser Schwachstellen ermöglicht dem Angreifer einen kompletten Denial-of-Service-Zustand zu bewirken. Eine weitere Schwachstelle ermöglicht dem Angreifer einen Cross-Site-Scripting (XSS)-Angriff. Die offiziellen Releases zur Behebung der Schwachstellen sind PHP 7.2.5, 7.1.17, 7.0.30 und vermutlich 5.6.36 (noch nicht verfügbar). Nähere Informationen zu den genannten Schwachstellen und weiteren Bugs finden sich in den zugehörigen ChangeLogs. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0789/ ∗∗∗ Kritische Sicherheitslücke in Drupal - aktiv ausgenützt - Updates verfügbar ∗∗∗ --------------------------------------------- In der verbreiteten CMS-Software Drupal ist eine kritische Sicherheitslücke entdeckt worden. Durch Ausnutzung dieses Fehlers kann auf betroffenen Systemen beliebiger Code (mit den Rechten des Webserver-Users) ausgeführt werden. CVE-Nummer: CVE-2018-7602 --------------------------------------------- http://www.cert.at/warnings/all/20180426.html ∗∗∗ IE Zero-Day “double kill” And Its First In-The-Wild Attack Found By 360 ∗∗∗ --------------------------------------------- Recently, 360 Security Center discovered an attack that used IE 0-day vulnerability. After analysis, we found that it is the first APT(Advanced Persistent Threat) campaign that forms its attack with an Office document embedding a newly discovered Internet Explorer 0-day exploit. As soon as anyone opens the malicious document, they get infected and give away control of their computers. --------------------------------------------- https://blog.360totalsecurity.com/en/ie-zero-day-double-kill-first-wild-att… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, gcc-4.9-backport, ghostscript, and openslp-dfsg), Fedora (anki, composer, perl, and perl-Module-CoreList), Red Hat (kernel and rh-mysql56-mysql), and SUSE (kernel, kvm, and zsh). --------------------------------------------- https://lwn.net/Articles/752860/ ∗∗∗ IBM Security Bulletin: IBM Campaign Contains Client-side Vulnerability (CVE-2017-1116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015569 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022561 ∗∗∗ IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-1471, CVE-2018-1473, CVE-2018-1479, CVE-2018-1475) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015754 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect eDiscovery Analyzer ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014443 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015258 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect eDiscovery Analyzer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012865 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSH vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011165 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects Rational Reporting for Development Intelligence (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015667 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM WebSphere Application Server affects Rational Insight (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015668 ∗∗∗ IBM Security Bulletin: Open Source XStream Vulnerabilities Impact on IBM Campaign (CVE-2017-7957) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015573 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.04.2018
by Daily end-of-shift report 25 Apr '18

25 Apr '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-04-2018 18:00 − Mittwoch 25-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ MikroTik Patches Zero-Day Flaw Under Attack in Record Time ∗∗∗ --------------------------------------------- MikroTik has released firmware patches for RouterOS, the operating system that ships with some of its routers. The patches fix a zero-day vulnerability exploited in the wild. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mikrotik-patches-zero-day-fl… ∗∗∗ Austria Cyber Security Challenge 2018 ∗∗∗ --------------------------------------------- Austria Cyber Security Challenge 201825. April 2018Auch heuer wieder gibt es eine Cyber Security Challenge. Wir von CERT.at halten das für eine gute Geschichte und daher auch von uns der Aufruf an Jung und (heuer neu!) Alt, hier mitzumachen.Es folgt der Meldung der Veranstalter:Die Besten Nachwuchs-Hacker Österreichs - und jene die es .. --------------------------------------------- http://www.cert.at/services/blog/20180425145422-2192.html ∗∗∗ BGP leaks and cryptocurrencies ∗∗∗ --------------------------------------------- Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak. --------------------------------------------- https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/ ∗∗∗ Ving Card: Sicherheitslücke in Millionen Hoteltüren gefunden ∗∗∗ --------------------------------------------- Sicherheitsforschern ist es gelungen, einen Generalschlüssel zu erstellen, mit dem alle Türen eines Hotels geöffnet werden können. Weltweit sollen über eine Million Türen betroffen sein, ein Patch steht beriet. --------------------------------------------- https://www.golem.de/news/ving-card-sicherheitsluecke-in-millionen-hoteltue… ∗∗∗ Separate ransomware attacks hit Ukraine and Canada ∗∗∗ --------------------------------------------- Two widely separated ransomware attacks against the Ukrainian energy ministry and the provincial government of Canadas Prince Edward Island (PEI) have knocked each agencies primary website offline. --------------------------------------------- https://www.scmagazine.com/separate-ransomware-attacks-hit-ukraine-and-cana… ∗∗∗ Steps to Keep Your Site Clean: Updates ∗∗∗ --------------------------------------------- This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates. Updates Repeatedly we see websites being infected or reinfected when important security updates are not taken seriously. Most software updates are created due to a security breach .. --------------------------------------------- https://blog.sucuri.net/2018/04/steps-to-keep-your-site-clean-updates.html ∗∗∗ Sicherheits- und Bugfix-Updates für iPhone, iPad und Mac ∗∗∗ --------------------------------------------- Apple hat am Dienstagabend iOS 11.3.1 und das Security Update 2018-001 für macOS High Sierra 10.13.4 veröffentlicht, die teils kritische Fehler beheben. Einen neuen Build von Safari 11.1 gibts obendrein. --------------------------------------------- https://www.heise.de/meldung/Sicherheits-und-Bugfix-Updates-fuer-iPhone-iPa… ∗∗∗ Angriffe auf Drupal-Webseiten: Erneut äußerst wichtige Sicherheitsupdates im Anflug ∗∗∗ --------------------------------------------- Admins von Drupal-Webseiten müssen erneut Hand anlegen: Die Entwickler haben Updates angekündigt, um eine kritische Sicherheitslücke zu schließen. --------------------------------------------- https://www.heise.de/meldung/Angriffe-auf-Drupal-Webseiten-Erneut-aeusserst… ∗∗∗ Europol: Weltweit größter Marktplatz für DDoS-Attacken vom Netz genommen ∗∗∗ --------------------------------------------- Europäischen Strafverfolgern ist es in einer koordinierten Aktion gelungen, die Drahtzieher des angeblich größten Onlinemarkts für DDoS-Attacken festzunehmen. Der Marktplatz selbst wurde vom Netz genommen. Infrastruktur fand sich auch in Deutschland. --------------------------------------------- https://www.heise.de/meldung/Europol-Weltweit-groesster-Marktplatz-fuer-DDo… ∗∗∗ Vier von fünf heimischen Online-Shops von Betrug betroffen ∗∗∗ --------------------------------------------- Identitätsdiebstahl und Zahlungsunfähigkeit als häufigste Betrugsform in Österreich --------------------------------------------- http://derstandard.at/2000078615586 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4179 linux-tools - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4179 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily