Daily

daily@lists.cert.at

1 participants
3249 discussions

Tageszusammenfassung - 04.12.2018
by Daily end-of-shift report 04 Dec '18

04 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Montag 03-12-2018 18:00 − Dienstag 04-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KoffeyMaker: notebook vs. ATM ∗∗∗ --------------------------------------------- Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack. --------------------------------------------- https://securelist.com/koffeymaker-notebook-vs-atm/89161/ ∗∗∗ SamSam Ransomware ∗∗∗ --------------------------------------------- Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide.NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information. This product is provided subject to this --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/12/03/SamSam-Ransomware ∗∗∗ App-Store-Betrug mit Touch-ID-Geräten ∗∗∗ --------------------------------------------- Verschiedene Entwickler versuchen, Nutzer zum Kauf teurer In-App-Angebote zu bringen – mittels "Fingerabdruckklau". Apple reagiert. --------------------------------------------- http://heise.de/-4239342 ∗∗∗ Kubernetes: Kritisches Update für Container-Verwaltung ∗∗∗ --------------------------------------------- In Kubernetes steckt eine gefährliche Sicherheitslücke, über die unangemeldete Angreifer Code mit Admin-Rechten im Cluster ausführen können. --------------------------------------------- http://heise.de/-4240804 ∗∗∗ Gebietskörperschaften erhalten gefälschte Geschäftskorrespondenz ∗∗∗ --------------------------------------------- Betrüger/innen schreiben Gebietskörperschaften an und geben sich als Geschäftspartner/innen des Bundes, der Länder oder der Gemeinden aus. Sie erfinden einen Grund, der es angeblich notwendig macht, dass sie die Vertragskopie für ein Rechtsgeschäft erhalten. In diese fügen sie neue Bankdaten ein und fordern die Geldüberweisung auf ein neues Konto. Beamt/innen und Vertragsbedienstete, die die Transaktion durchführen, überweisen Geld an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gebietskoerperschaften-erhalten-gefa… ∗∗∗ In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct ∗∗∗ --------------------------------------------- Since we began reporting on online card skimming, we have noted consistent evolutions in modus operandi of the various Magecart groups, and even the Magecart phenomenon itself. The web-skimming ecosystem has exploded, spawning multiple groups that want a piece of the action, many of which we reported on in our recent report “Inside Magecart.” […]The post In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct appeared first on RiskIQ. --------------------------------------------- https://www.riskiq.com/blog/labs/magecart-vision-direct/ ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - December 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-12-05 or later address all of these issues. --------------------------------------------- https://source.android.com/security/bulletin/2018-12-01.html ∗∗∗ Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability ∗∗∗ --------------------------------------------- Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is [...] --------------------------------------------- https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injectio… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, [...] --------------------------------------------- https://lwn.net/Articles/773826/ ∗∗∗ Cisco Energy Management Suite Default PostgreSQL Password Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ TMM vulnerability CVE-2018-5535 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K19634255 ∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technolo… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM WebSphere Portal ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-15/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Transparent Cloud Tiering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-14/ ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: QRadar Advisor with Watson ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-13/ ∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used… ∗∗∗ IBM Security Bulletin: Apache PDFBox as used in IBM QRadar Incident Forensics is vulnerable to Publicly disclosed vulnerability. (CVE-2018-8036) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-as-used… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.12.2018
by Stephan Richter 03 Dec '18

03 Dec '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗ --------------------------------------------- Industrial Control Systems (ICS) are expected to be installed and left isolated for a long time. Technical changes and the necessity of reducing operating costs led to this equipment being left in operation longer than expected, exposing it to a broad range of cyber-threats. Malware designed to compromise [...] --------------------------------------------- https://resources.infosecinstitute.com/who-is-targeting-industrial-faciliti… ∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗ --------------------------------------------- I’m writing this quick wrap-up in Vienna, Austria where I attended my first DeepSec conference. This event was already on my schedule for a while but I never had a chance to come. This year, I submitted a training and I was accepted! Good opportunity to visit the beautiful city [...] --------------------------------------------- https://blog.rootshell.be/2018/11/30/deepsec-2018-wrap-up/ ∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS Implementations ∗∗∗ --------------------------------------------- In this whitepaper*, nine different implementations of TLS were tested against cache attacks and seven were found to be vulnerable: [...] --------------------------------------------- https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-c… ∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗ --------------------------------------------- In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes (PP) for a few different reasons. This blog seeks to remedy this omission and provide details of how I was able to also hijack a full PP-WindowsTCB process without requiring administrator privileges. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-… ∗∗∗ What the Marriott Breach Says About Security ∗∗∗ --------------------------------------------- We dont yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. --------------------------------------------- https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-sec… ∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗ --------------------------------------------- Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben, denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird nie verschickt! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-iphone-gewinn-sms-von-bi… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope ∗∗∗ --------------------------------------------- A digital oscilloscope by Siglent Technologies is affected by multiple vulnerabilities such as hardcoded backdoor accounts or missing authentication. The vendor was unresponsive and did not provide a patch. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libarchive, perl, and qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle (ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws). --------------------------------------------- https://lwn.net/Articles/773437/ ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/773650/ ∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106059 ∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in [...] ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-there-are-multiple-vu… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1138

1 0

Tageszusammenfassung - 03.12.2018
by Daily end-of-shift report 03 Dec '18

03 Dec '18

1 0

Tageszusammenfassung - 30.11.2018
by Daily end-of-shift report 30 Nov '18

30 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 29-11-2018 18:00 − Freitag 30-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Here are another 45,000 reasons to patch Windows systems against old NSA exploits ∗∗∗ --------------------------------------------- Its 2018 and UPnP is still opening up networks - this time to leaked SMB cyber-weapons Earlier this year, Akamai warned that vulnerabilities in Universal PlugNPlay (UPnP) had been exploited by scumbags to hijack 65,000 home routers. In follow-up research released this week, it revealed little has changed.… --------------------------------------------- https://www.theregister.co.uk/2018/11/30/akamai_routerwreckers_active/ ∗∗∗ Good practices for identifying and assessing cybersecurity interdependencies ∗∗∗ --------------------------------------------- A glance at the interdependency landscape reveals several emerging interdependencies between operators of essential services (OES) and digital service providers (DSP), at both system and service level. Due to these interdependencies, there is an increasing number of cybersecurity incidents that either propagated across organisations (often across borders), or had a cascading effect at the level of essential services. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/good-practices-for-identifying-… ∗∗∗ Gezielte Angriffe gegen Firmen mit Trojaner in AutoCAD-Dateien ∗∗∗ --------------------------------------------- Echte CAD-Pläne mit beigefügten Skripten kopieren unbemerkt Firmengeheimnisse, warnen Sicherheitsforscher. --------------------------------------------- http://heise.de/-4236488 ∗∗∗ Hackers in Hot Water. Pwning smart hot tubs, yes really ∗∗∗ --------------------------------------------- We were given a tip by the awesome Ceri Coburn that something was amiss with the Balboa Water App, a mobile app used for controlling >30,000 hot tubs. You can remotely control your tub, so you can heat it up for when you’re ready, saving […] --------------------------------------------- https://www.pentestpartners.com/security-blog/hackers-in-hot-water-pwning-s… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Zoom Flaw Lets Hackers Hijack Conference Meetings ∗∗∗ --------------------------------------------- Hackers can spoof messages, hijack screen controls and kick others out of meetings. --------------------------------------------- https://threatpost.com/critical-zoom-flaw-lets-hackers-hijack-conference-me… ∗∗∗ GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075 ∗∗∗ --------------------------------------------- Project: GatherContent Date: 2018-November-28 Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All Vulnerability: Access bypass Description: This module enables you to import and export data from the GatherContent service.The module didnt properly protect its administrative paths. Solution: Install the latest version:If you use the gathercontent module for Drupal 7.x, upgrade to gathercontent 7.x-3.5Also see the GatherContent project page. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-075 ∗∗∗ DSA-4347 perl - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4347 ∗∗∗ INVT Electric VT-Designer ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01 ∗∗∗ IBM Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-e… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K49711130 ∗∗∗ USN-3833-1: Linux kernel (AWS) vulnerabilities ∗∗∗ --------------------------------------------- https://usn.ubuntu.com/3833-1/ ∗∗∗ USN-3832-1: Linux kernel (AWS) vulnerabilities ∗∗∗ --------------------------------------------- https://usn.ubuntu.com/3832-1/ ∗∗∗ HPESBHF03906 rev.1 - HPE Intelligent Management Center (IMC), Remote Buffer Overflow, Code Execution, Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2018
by Daily end-of-shift report 29 Nov '18

29 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-11-2018 18:00 − Donnerstag 29-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsvorfall: Dell setzt Kennwörter von Kunden zurück ∗∗∗ --------------------------------------------- Unbekannte hatten Zugriff auf Dell.com und waren auf der Suche nach Kundendaten. --------------------------------------------- http://heise.de/-4235101 ∗∗∗ PayPal-Käuferschutz-Falle bei Kleinanzeigenkauf ∗∗∗ --------------------------------------------- PayPal genießt hohes Vertrauen bei seinen Nutzer/innen aufgrund des angebotenen Käuferschutzes. Dennoch ist hier Vorsicht geboten, denn nicht immer kommt der Käuferschutz zum Tragen. Nutzen Sie beim Einkauf über Willhaben, Ebay, Geizhals und Co nicht die Funktion "Geld an Freunde oder Familie senden" bei PayPal. Der Käuferschutz gilt nicht und Ihr Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/paypal-kaeuferschutz-falle-bei-klein… ∗∗∗ Achtung bei Anrufen von Microsoft ∗∗∗ --------------------------------------------- Aktuell häufen sich wieder betrügerische Anrufe von angeblichen Microsoft-Mitarbeiter/innen, die Sie auf Probleme mit Ihrem Computer aufmerksam machen. Im Zuge eine Fernwartung übernehmen Kriminelle Ihren Computer und fangen sensible Daten ab. Es handelt sich um eine Betrugsmasche. Legen Sie gleich auf! --------------------------------------------- https://www.watchlist-internet.at/news/achtung-bei-anrufen-von-microsoft/ ∗∗∗ Fake-Shop-Alarm bei modchips24.com ∗∗∗ --------------------------------------------- Modchips24.com bietet neben R4-Karten für diverse Konsolen, wie die Nintendo 3DS oder die Nintendo Switch, auch Playstations, Xboxen und unterschiedlichstes Zubehör an. Sie sollten hier auf keinen Fall bestellen, denn uns erreichen zahlreiche Meldungen über ausbleibende Lieferungen. Bezahlen müssen Sie per Vorkasse, Ihr Geld wäre also verloren. --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-alarm-bei-modchips24com/ ∗∗∗ Not A Security Boundary: Breaking Forest Trusts ∗∗∗ --------------------------------------------- For years Microsoft has stated that the forest was the security boundary in Active Directory. For example, Microsoft's "What Are Domains and Forests?" document (last updated in 2014) has a "Forests as Security Boundaries" section which states (emphasis added): --------------------------------------------- https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bootstrap - Moderately critical - Cross site scripting - SA-CONTRIB-2018-074 ∗∗∗ --------------------------------------------- Project: BootstrapVersion: 7.x-3.228.x-3.14Date: 2018-November-28Security risk: Moderately critical 11∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross site scriptingDescription: This base theme bridges the gap between Drupal and the Bootstrap Framework.The theme doesnt sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. --------------------------------------------- https://www.drupal.org/sa-contrib-2018-074 ∗∗∗ Norton and SEP Multiple Issues ∗∗∗ --------------------------------------------- Symantec has released updates to address issues that were discovered in the Norton, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Small Business Edition (SEP SBE) and Symantec Endpoint Protection Cloud (SEP Cloud) products. --------------------------------------------- https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Gentoo (openssl and rpm), Mageia (icecast and yaml-cpp), Oracle (kernel and sos-collector), Red Hat (rh-ruby23-ruby, rh-ruby24-ruby, and rh-ruby25-ruby), Slackware (samba), SUSE (tomcat6), and Ubuntu (ghostscript). --------------------------------------------- https://lwn.net/Articles/773296/ ∗∗∗ 2018-11-26: Vulnerability in CP400 Panel Builder TextEditor 2.0 - Improper Input Validation Vulnerability ∗∗∗ --------------------------------------------- https://search.abb.com/library/Download.aspx?DocumentID=3BSE091042&Language… ∗∗∗ jQuery vulnerability CVE-2012-6708 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62532311 ∗∗∗ SNMPv2 vulnerability CVE-1999-0517 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04463175 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2018
by Daily end-of-shift report 28 Nov '18

28 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-11-2018 18:00 − Mittwoch 28-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Nature of Mass Exploitation Campaigns ∗∗∗ --------------------------------------------- Examples of how attackers carry out mass exploitation campaigns and how to defend against them. --------------------------------------------- https://threatpost.com/the-nature-of-mass-exploitation-campaigns/139428/ ∗∗∗ TA18-331A: 3ve – Major Online Ad Fraud Operation ∗∗∗ --------------------------------------------- This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-331A ∗∗∗ Windows 10 1809: Update gegen Spectre-NG-Lücken ∗∗∗ --------------------------------------------- Mit dem Update KB4465065 liefert Microsoft Microcode-Updates für einige Intel-Prozessortypen zum Schutz gegen L1TF sowie Spectre V3a und V4. --------------------------------------------- http://heise.de/-4234362 ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA Vijeo Citect and Citect SCADA ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element vulnerability in Schneider Electrics Software Update utility affecting AVEVAs Vijeo Citect and Citect SCADA products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-331-01 ∗∗∗ Cisco Prime License Manager SQL Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework code of Cisco Prime License Manager(PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ FreeBSD: Multiple vulnerabilities in NFS server code ∗∗∗ --------------------------------------------- Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. --------------------------------------------- https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns-recursor and samba), Debian (ghostscript), Fedora (community-mysql, flatpak, gettext, git, php-PHPMailer, php-phpmailer6, and wireshark), Oracle (kernel and NetworkManager), Scientific Linux (ghostscript, kernel, NetworkManager, and sos-collector), SUSE (dpdk, java-1_7_1-ibm, kernel, python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, [...] --------------------------------------------- https://lwn.net/Articles/773179/ ∗∗∗ Synology-SA-18:60 Samba AD DC ∗∗∗ --------------------------------------------- CVE-2018-16841 and CVE-2018-16851 allow remote authenticated users to conduct denial-of-service attacks via a susceptible version of Synology Active Directory Server.None of Synology products are affected by CVE-2018-14629, CVE-2018-16852, CVE-2018-16853, and CVE-2018-16857 as these vulnerabilities only affect Samba 4.9.0 and later. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_60 ∗∗∗ Microsoft Windows: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1128 ∗∗∗ Security Advisory - Out-of-bounds Write Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181128-… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM SONAS (CVE-2016-0705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-s… ∗∗∗ IBM Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1782) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-elastic-storage-s… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1723). CVE-2018-1723, gpfs, spectrum scale Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-luw-on-aix-an… ∗∗∗ IBM Security Bulletin: This Power System firmware update is being released to address DHCP issue number CVE-2018-5732 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-fir… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2018
by Daily end-of-shift report 27 Nov '18

27 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-11-2018 18:00 − Dienstag 27-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor ∗∗∗ --------------------------------------------- BLADABINDI, also known as njRAT/Njw0rm, is a remote access tool (RAT) with a myriad of backdoor capabilities - from keylogging to carrying out distributed denial of service (DDoS) — and has been rehashed and reused in various cyberespionage campaigns since it first emerged. Indeed, BLADABINDI's customizability and seeming availability in the underground make it a prevalent threat. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled… ∗∗∗ NPM-Paket EventStream mit Bitcoin-Miner infiziert ∗∗∗ --------------------------------------------- In die Code-Bibliothek EventStream hat sich Schadcode eingeschlichen, der das Bitcoin Wallet Copay für Angreifer öffnet. --------------------------------------------- http://heise.de/-4233171 ∗∗∗ Lux-Codex nicht bestellen! ∗∗∗ --------------------------------------------- Auf lux-codex.com und wideally.com wird Ihnen der Lux-Codex - eine LED-Lampe in ausgefallenem Design - angeboten. Sie sollten hier nicht bestellen, denn Konsument/innen berichten uns von ausbleibender Lieferung trotz erfolgter Bezahlung! --------------------------------------------- https://www.watchlist-internet.at/news/lux-codex-nicht-bestellen/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗ --------------------------------------------- Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the current firmware version V2.6.0 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP. These GNU/Linux vulnerabilities have been externally identified and will be fixed with the next firmware version. --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnuplot and samba), Fedora (flatpak, kernel-headers, kernel-tools, mariadb-connector-c, php-PHPMailer, php-phpmailer6, and xml-security-c), Gentoo (binutils, libav, mupdf, spice-gtk, strongswan, and tablib), Mageia (libpng(12), mariadb, and openssl), Oracle (ghostscript), Red Hat (.NET Core, ghostscript, java-1.7.1-ibm, kernel, kernel-alt, kernel-rt, NetworkManager, rh-nginx112-nginx, rh-nginx114-nginx, and sos-collector), Scientific Linux [...] --------------------------------------------- https://lwn.net/Articles/773100/ ∗∗∗ Vuln: Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106019 ∗∗∗ Vuln: TIBCO Statistica Server CVE-2018-18807 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/106021 ∗∗∗ ZDI-18-1362: (ODay) Juuko DATA Packet Command Injection Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1362/ ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-3139 and CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-ident… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux – July 2018 Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-fo… ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross site scripting (CVE-2018-1584) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-mana… ∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1123 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.11.2018
by Daily end-of-shift report 26 Nov '18

26 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-11-2018 18:00 − Montag 26-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ His phone went dark, then $1m was sucked out in SIM-swap crypto-heist ∗∗∗ --------------------------------------------- A 21-year-old allegedly SIM-swapped Silicon Valley execs' phones to steal cryptocurrency, including one mans $1m tuition fund for his kids. --------------------------------------------- https://nakedsecurity.sophos.com/2018/11/26/his-phone-went-dark-then-1m-was… ∗∗∗ Unseriöse Handwerker aus dem Internet ∗∗∗ --------------------------------------------- Konsument/innen, die in der Nacht Probleme mit ihren Heizkörpern, ihrem Schloss oder ihrer Elektronik haben, können über das Internet unseriöse Installateur/innen, Schlosser/innen oder Elektriker/innen finden. Sie werben auf Websites mit günstigen Angeboten. Vor Ort verlangen die Unternehmen jedoch ein Vielfaches des vereinbarten Preises. Nachträgliche Beanstandungen sind nicht möglich, weil sie Kund/innen erfundene Daten nennen. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-handwerker-aus-dem-intern… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (gnuplot5, icecast2, liblivemedia, otrs2, phpbb3, roundcube, squid3, and xml-security-c), Fedora (kio-extras, tmux, and xen), Gentoo (asterisk, chromium, exiv2, ghostscript-gpl, and thunderbird), openSUSE (libwpd, openssl, openssl-1_1, postgresql10, and SDL2_image), Red Hat (chromium-browser, rh-mysql57-mysql, rh-nginx110-nginx, and rh-nginx18-nginx), SUSE (exiv2, libgcrypt, rpm, and tiff), and Ubuntu (firefox and qemu). --------------------------------------------- https://lwn.net/Articles/772954/ ∗∗∗ ZDI-18-1361: (0Day) INVT Electric VT-Designer PM3 File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1361/ ∗∗∗ ZDI-18-1360: (0Day) INVT Electric VT-Designer File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1360/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2016-0705) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by spoofing attack vulnerability in WAS Logout Form ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by java deserialization vulnerability resulting in execution of untrusted data via the application server’s SOAP port ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Snapshot for VMware (CVE-2018-1553) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ git: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1120 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2018
by Daily end-of-shift report 23 Nov '18

23 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 22-11-2018 18:00 − Freitag 23-11-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Aurora / Zorro Ransomware Actively Being Distributed ∗∗∗ --------------------------------------------- A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past. --------------------------------------------- https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-acti… ∗∗∗ Old Printer Vulnerabilities Die Hard ∗∗∗ --------------------------------------------- New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. --------------------------------------------- https://threatpost.com/old-printer-vulnerabilities-die-hard/139318/ ∗∗∗ Sicherheitsupdate: VMware Fusion und Workstation anfällig für Schadcode ∗∗∗ --------------------------------------------- Aktualisierte Versionen von Fusion und Workstation schließen eine kritische Sicherheitslücke. --------------------------------------------- http://heise.de/-4231452 ∗∗∗ l+f: Hacker ärgern Hacker ∗∗∗ --------------------------------------------- Online-Kreditkarten-Skimmer fechten Revierkämpfe aus. --------------------------------------------- http://heise.de/-4231527 ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java SDK (April 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2018-2783) ∗∗∗ --------------------------------------------- A vulnerability is identified in IBM® SDK Java Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence V5.0.4 and V5.0.5 respectively. This issue was disclosed as part of the IBM Java SDK updates in April 2018.CVE(s): CVE-2018-2783Affected product(s) and affected version(s):IBM Application Delivery Intelligence V5.0.4IBM Application Delivery Intelligence V5.0.5Refer to the following reference URLs for remediation and additional vulnerability [...] --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ VMSA-2018-0030 ∗∗∗ --------------------------------------------- VMware Workstation and Fusion updates address an integer overflow issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0030.html ∗∗∗ Security updates for (US) Thanksgiving Day ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ceph, openssl, and pixman), Fedora (kernel-headers, kernel-tools, libconfuse, python-urllib3, and xen), Mageia (gettext and roundcubemail), openSUSE (GraphicsMagick and libwpd), Oracle (thunderbird), Slackware (openssl), and Ubuntu (libapache2-mod-perl2). --------------------------------------------- https://lwn.net/Articles/772811/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (flashplugin, lib32-libtiff, and webkit2gtk), Debian (libphp-phpmailer and openjdk-7), Mageia (flash-player-plugin, Ghostscript, and poppler), openSUSE (chromium and virtualbox), and SUSE (java-1_8_0-ibm, libwpd, openssl, openssl-1_1, realtime-kernel, salt, and SDL_image). --------------------------------------------- https://lwn.net/Articles/772851/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2018
by Daily end-of-shift report 22 Nov '18

22 Nov '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 21-11-2018 18:00 − Donnerstag 22-11-2018 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ New mining Trojan for Linux removes anti-viruses ∗∗∗ --------------------------------------------- November 20, 2018 One of today’s most common ways of obtaining illegal earnings is to mine cryptocurrency covertly, using the resources of a computer without the owner’s consent. Doctor Web recently discovered a .. --------------------------------------------- https://news.drweb.com/show/?i=12942&lng=en&c=9 ∗∗∗ ECCploit: Rowhammer-Angriff funktioniert auch mit ECC ∗∗∗ --------------------------------------------- Ein Forscherteam konnte zeigen, dass Angriffe mit Bitflips im Arbeitsspeicher auch dann möglich sind, wenn man Speichermodule mit Fehlerkorrektur verwendet. --------------------------------------------- https://www.golem.de/news/eccploit-rowhammer-angriff-funktioniert-auch-mit-… ∗∗∗ Malware scum want to build a Linux botnet using Mirai ∗∗∗ --------------------------------------------- Hadoop YARN is the attack vector, so lock it away Diligent hackers .. --------------------------------------------- www.theregister.co.uk/2018/11/22/mirai_for_linux_on_x86/ ∗∗∗ Markenfälschungen auf rmc-bad-grosspertholz.at ∗∗∗ --------------------------------------------- Bei rmc-bad-grosspertholz.at finden Sie Markenkleidung, Schuhe und Accessoires zu sagenhaften Preisen. Erwarten Sie sich jedoch nicht viel von Ihrer Bestellung, Sie werden – falls überhaupt – minderwertige Waren .. --------------------------------------------- https://www.watchlist-internet.at/news/markenfaelschungen-auf-rmc-bad-gross… ∗∗∗ Achtung: Betrug über den Amazon Marketplace ∗∗∗ --------------------------------------------- Kriminelle übernehmen Amazon-Händlerkonten und bieten günstige Waren an. Ihre Bestellung wird zunächst angenommen, dann aber grundlos storniert. Kontaktieren Sie die Anbieter per E-Mail, erhalten Sie .. --------------------------------------------- https://www.watchlist-internet.at/news/achtung-betrug-ueber-den-amazon-mark… ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1656) ∗∗∗ --------------------------------------------- There is a vulnerability in IBM® Runtime Environment Java Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat, Open SSL, and Apache HTTPD affects Rational Build Forge ∗∗∗ --------------------------------------------- Apache Tomcat, Open SSL, and Apache Tomcat have multiple security vulnerabilities that could allow a remote attacker to exploit the Rational Build Forge application. Respective security vulnerabilities are discussed in .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732 ∗∗∗ --------------------------------------------- Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0732CVE(s): CVE-2018-0732Affected product(s) and affected version(s):WebSphere .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗ --------------------------------------------- Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 8.0.5.5 & 8.0.5.15 and IBM® Runtime Environment Java Versions 7.0.10.15 & 7.0.10.25 used by IBM Integration .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0737 ∗∗∗ --------------------------------------------- WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) has addressed the following vulnerability: CVE-2018-0737 CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVE(s): CVE-2018-0737Affected .. --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-websphere-mq-v5-3-for… ∗∗∗ Download WP-DBManager <= 2.79.1 - Arbitrary File Delete ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/9151 ∗∗∗ Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-… ∗∗∗ Moodle Login Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042154 ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0008.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily