Daily

daily@lists.cert.at

1 participants
3137 discussions

Tageszusammenfassung - 13.06.2018
by Daily end-of-shift report 13 Jun '18

13 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-06-2018 18:00 − Mittwoch 13-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ June 2018 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/06/12/june-2018-security-upda… ∗∗∗ Windows NTFS Tricks von und für Pentester ∗∗∗ --------------------------------------------- Das SEC Consult Vulnerability Lab hat einen neuen Blogeintrag veröffentlicht, in welchem verschiedene NTFS-Dateisystemtricks aufgezeigt werden. Diese wurden in den letzten Jahren aus verschiedenen Quellen zusammengetragen bzw. vom SEC Consult Vulnerability Lab entdeckt sowie weiterentwickelt. Die Tricks führen .. --------------------------------------------- https://www.sec-consult.com/blog/2018/06/windows-ntfs-tricks-von-und-fuer-p… ∗∗∗ Subtle change could see a reduction in installation of malicious Chrome extensions ∗∗∗ --------------------------------------------- Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/06/subtle-change-could-see-redu… ∗∗∗ Feds Bust Dozens of Nigerian Email Scammers, but Your Inbox Still Isn’t Safe ∗∗∗ --------------------------------------------- The arrest of dozens of alleged Nigerian email scammers and their associates is a small, but important, .. --------------------------------------------- https://www.wired.com/story/feds-bust-nigerian-email-scammers ∗∗∗ Patchday: Microsoft verarztet 50 Sicherheitslücken ∗∗∗ --------------------------------------------- In vielen Windows-Versionen klafft unter anderem eine kritische Lücke in der DNS-Programmierschnittstelle. Sicherheitsupdates stehen bereit. --------------------------------------------- http://heise.de/-4077270 ∗∗∗ Botnetz "Trik": C&C-Server leakt Millionen von E-Mail-Adressen ∗∗∗ --------------------------------------------- Ein Forscher ist auf eine Spammer-Datenbank mit mehr als 43 Millionen Mail-Adressen gestoßen. Noch ist unklar, wie viele von ihnen schon zuvor geleakt wurden. --------------------------------------------- http://heise.de/-4077371 ∗∗∗ Exploit kits: Spring 2018 review ∗∗∗ --------------------------------------------- In this Spring 2018 snapshot, we review the top exploit kits .. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-r… ∗∗∗ June 2018 Office Update Release ∗∗∗ --------------------------------------------- The June 2018 Public Update releases for Office are now available! This month, there .. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/06/12… ===================== = Vulnerabilities = ===================== ∗∗∗ HPESBHF03850 rev.1 - HPE ProLiant, Synergy, and Moonshot Systems: Local Disclosure of Information, CVE-2018-3639 – Speculative Store Bypass and CVE-2018-3640 – Rogue System Register Read ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Schneider Electric U.motion Builder ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-163-01 ∗∗∗ Siemens SCALANCE X Switches ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-163-02 ∗∗∗ Local File Inclusion vulnerability in Zenphoto ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN33124193/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2018
by Daily end-of-shift report 12 Jun '18

12 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Montag 11-06-2018 18:00 − Dienstag 12-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unprotected Server Exposes Weight Watchers Internal IT Infrastructure ∗∗∗ --------------------------------------------- Researchers found that a critical Weight Watchers server revealed its IT internal infrastructure. --------------------------------------------- https://threatpost.com/unprotected-server-exposes-weight-watchers-internal-… ∗∗∗ Hacker überfällt Linuxforums.org und erbeutet Daten von 276.000 Accounts ∗∗∗ --------------------------------------------- Ein Unbekannter hat Zugriff auf Interna von Linuxforums.org bekommen und dabei Nutzerdaten inklusive Passwörtern kopiert. --------------------------------------------- http://heise.de/-4076540 ∗∗∗ Android-Malware schürft Kryptogeld auf Fire-TV-Geräten ∗∗∗ --------------------------------------------- Ruckelnde Video-Streams und seltsame weiße Pop-Ups können Anzeichen für eine Schadcode-Infektion auf Fire TV und Fire TV Sticks sein. --------------------------------------------- http://heise.de/-4076706 ∗∗∗ IT-Security - Security-Fail: OnePlus 6 nicht gegen modifizierte Firmware abgesichert ∗∗∗ --------------------------------------------- Auch bei gesperrtem Bootloader kann ein beliebiges Image übertragen werden – Hersteller kündigt Patch an --------------------------------------------- https://derstandard.at/2000081439178/Security-Fail-OnePlus-6-nicht-gegen-mo… ∗∗∗ IT-Security - Bei Trump-Kim-Gipfel verteilt: Spionagebedenken um USB-Ventilatoren ∗∗∗ --------------------------------------------- Aufgrund der Hitze wurden Sackerl mit USB-Ventilatoren und Wasser verteilt – die könnten mit Malware infiziert sein --------------------------------------------- https://derstandard.at/2000081443928/Bei-Trump-Kim-Gipfel-verteilt-Bedenken… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework of the https://try.webex.com page of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2018-0015 - VMware AirWatch Agent updates resolve remote code execution vulnerability. ∗∗∗ --------------------------------------------- The VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of .. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0015.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.06.2018
by Daily end-of-shift report 11 Jun '18

11 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-06-2018 18:00 − Montag 11-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Chile: Swift-Angriff hinter Wiper-Malware versteckt ∗∗∗ --------------------------------------------- Wenn ein Unternehmen mit Ransomware attackiert wird, geht es nicht immer um Erpressung. Bei einem Angriff auf die Banco de Chile soll die Software vor allem als Ablenkung eingesetzt worden sein. --------------------------------------------- https://www.golem.de/news/chile-swift-angriff-hinter-wiper-malware-versteck… ∗∗∗ Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets ∗∗∗ --------------------------------------------- Lenovo patches several popular tablet models to protect against BlueBorne vulnerabilities first identified in September 2017. --------------------------------------------- https://threatpost.com/lenovo-finally-patches-ancient-blueborne-bugs-in-tab… ∗∗∗ Paper: EternalBlue: a prominent threat actor of 2017–2018 ∗∗∗ --------------------------------------------- We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/06/paper-eternalblue-prominent-… ∗∗∗ Verschlüsselung: GnuPG verschärft Integritäts-Checks ∗∗∗ --------------------------------------------- Als Folge der Efail-Probleme erzwingt GnuPG 2.2.8 jetzt die Verwendung von Prüfcodes. Außerdem beseitigt das Update ein neu entdecktes Sicherheitsproblem. --------------------------------------------- http://heise.de/-4075908 ∗∗∗ Magento CC stealer reinfector ∗∗∗ --------------------------------------------- We have seen many times in the past few months how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials, but we haven’t .. --------------------------------------------- http://labs.sucuri.net/?note=2018-06-08 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4225 openjdk-7 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4225 ∗∗∗ DSA-4220 firefox-esr - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4220 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.06.2018
by Daily end-of-shift report 08 Jun '18

08 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-06-2018 18:00 − Freitag 08-06-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Gitea: Account von Github-Alternative kurzzeitig übernommen ∗∗∗ --------------------------------------------- Das Projekt Gitea erstellt eine leichtgewichtige Open-Source-Alternative zu Github. Ein Bot-Account des Projekts auf Github ist nun offenbar kurzzeitig übernommen worden, um Cryptominer zu verbreiten. Quellcode und Infrastruktur sollen nicht betroffen sein. --------------------------------------------- https://www.golem.de/news/gitea-account-von-github-alternative-kurzzeitig-u… ∗∗∗ Adobe: Flash-Exploit wird über Office-Dokumente verteilt ∗∗∗ --------------------------------------------- Flash-Exploits werden mittlerweile immer häufiger über Office-Dokumente verteilt, weil Browser die Inhalte kaum noch anzeigen. In einem aktuellen Fall werden Nutzer im arabischen Raum angegriffen. --------------------------------------------- https://www.golem.de/news/adobe-flash-exploit-wird-ueber-office-dokumente-v… ∗∗∗ Combo aus drei Sicherheitslücken bricht IP-Kameras von Foscam ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für verschiedene IP-Kameras von Foscam. --------------------------------------------- http://heise.de/-4074308 ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway ∗∗∗ --------------------------------------------- This advisory contains mitigation recommendations for an unquoted search path or element vulnerability in the Rockwell Automation RSLinix Classic software platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01 ∗∗∗ Update: "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar ∗∗∗ --------------------------------------------- Update: "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar 7. Juni 2018 Update: 8. Juni 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-5002 Update: 8. Juni 2018 CVE-Nummern: CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002 Adobe hat ein entsprechendes Update [...] --------------------------------------------- http://www.cert.at/warnings/all/20180607.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (radare2), Debian (jruby), Fedora (elfutils and wireless-tools), openSUSE (glibc, mariadb, and xdg-utils), Oracle (kernel), Red Hat (chromium-browser and java-1.7.1-ibm), SUSE (ceph, icu, kernel-firmware, memcached, and xen), and Ubuntu (unbound). --------------------------------------------- https://lwn.net/Articles/756950/ ∗∗∗ Security vulnerabilities fixed in Firefox 60.0.2, ESR 60.0.2, and ESR 52.8.1 ∗∗∗ --------------------------------------------- critical - CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ ∗∗∗ Synology-SA-17:79 SRM ∗∗∗ --------------------------------------------- This vulnerability allows remote authenticated users to execute arbitrary code via a susceptible version of Synology Router Manager --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_17_79 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.06.2018
by Daily end-of-shift report 07 Jun '18

07 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-06-2018 18:00 − Donnerstag 07-06-2018 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Prowli Malware Targeting Servers, Routers, and IoT Devices ∗∗∗ --------------------------------------------- After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli, the campaign has been spreading malware and injecting malicious code ... --------------------------------------------- https://thehackernews.com/2018/06/prowli-malware-botnet.html ∗∗∗ Crappy IoT on the high seas: Holes punched in hull of maritime security ∗∗∗ --------------------------------------------- Researchers: We can nudge ships off course Infosec Europe Years-old security issues mostly stamped out in enterprise technology remain in maritime environments, leaving ships vulnerable to hacking, tracking, and worse. --------------------------------------------- https://www.theregister.co.uk/2018/06/06/infosec_europe_maritime_security/ ∗∗∗ Cyber Europe 2018 – Get prepared for the next cyber crisis ∗∗∗ --------------------------------------------- EU Cybersecurity Agency ENISA organised an international cybersecurity exercise --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2018-get-prepared-… ∗∗∗ Retefe check ∗∗∗ --------------------------------------------- Check if your computer is infected with the Retefe banking trojan. --------------------------------------------- http://retefe-check.ch/ ∗∗∗ A Totally Tubular Treatise on TRITON and TriStation ∗∗∗ --------------------------------------------- Introduction In December 2017, FireEyes Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For both INDUSTROYER and TRITON, the attackers moved from the IT network to the OT (operational technology) network through systems that were accessible to both environments. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatis… ∗∗∗ Sicherheitsupdates: Kritische Lücken in Cisco IOS und Prime ∗∗∗ --------------------------------------------- In verschiedenen Netzwerkgeräten und -Software von Cisco klaffen teils kritische Lücken. Betroffene Admins sollten die verfügbaren Patches zügig installieren. --------------------------------------------- http://heise.de/-4072861 ===================== = Vulnerabilities = ===================== ∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar ∗∗∗ --------------------------------------------- "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar 7. Juni 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-5002 Adobe hat ein entsprechendes Update veröffentlicht, die Details befinden sich unter https://helpx.adobe.com/security/products/flash-player/apsb18-19.html. --------------------------------------------- http://www.cert.at/warnings/all/20180607.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (memcached), Fedora (java-1.8.0-openjdk-aarch32, sqlite, and xen), Mageia (corosync, gimp, qtpass, and SDL_image), openSUSE (zziplib), Slackware (mozilla), SUSE (git and libvorbis), and Ubuntu (liblouis). --------------------------------------------- https://lwn.net/Articles/756853/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633, CVE-2018-2783) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016041 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016028 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities have been fixed in IBM Security Identity Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013617 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015304 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.06.2018
by Daily end-of-shift report 06 Jun '18

06 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-06-2018 18:00 − Mittwoch 06-06-2018 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sofacy Group’s Parallel Attacks ∗∗∗ --------------------------------------------- Unit 42’s continued look at the Sofacy Group’s activity reveals the persistent targeting of government, diplomatic and other strategic organizations across North America and Europe.The post Sofacy Group’s Parallel Attacks appeared first on Palo Alto Networks Blog. --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-pa… ∗∗∗ Converting PCAP Web Traffic to Apache Log ∗∗∗ --------------------------------------------- PCAP data can be really useful when you must investigate an incident but when the amount of PCAP files to analyse is counted in gigabytes, it may quickly become tricky to handle. Often, the first protocol to be analysed is HTTP because it remains a classic infection or communication vector used by malware. What if you could analyze HTTP connections like an Apache access log? This kind of log can be easily indexed/processed by many tools. --------------------------------------------- https://isc.sans.edu/diary/rss/23739 ∗∗∗ Researchers warn widespread Google Group misconfigurations are exposing sensitive data ∗∗∗ --------------------------------------------- A survey of 2.5 million domains looked for configurations publicly exposed, found 9,637 exposed organizations, then used a random sample of 171 public organizations to determine nearly 3,000 domains were leaking sensitive data. --------------------------------------------- https://www.scmagazine.com/researchers-find-widespread-google-group-misconf… ∗∗∗ VPNFilter Update - VPNFilter exploits endpoints, targets new devices ∗∗∗ --------------------------------------------- Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints. --------------------------------------------- https://blog.talosintelligence.com/2018/06/vpnfilter-update.html ∗∗∗ Schwachstelle Zip Slip: Beim Entpacken ist Schadcode inklusive ∗∗∗ --------------------------------------------- Viele Coding-Bibliotheken sind beim Entpacken von Archiven angreifbar. Ist eine Attacke erfolgreich, könnte Schadcode auf Computer gelangen. --------------------------------------------- http://heise.de/-4070792 ∗∗∗ Warnung vor anenberg.store ∗∗∗ --------------------------------------------- Auf anenberg.store finden Konsument/innen Grafikkarten und Krypto-Miner. Wir raten von einem Einkauf bei dem Anbieter ab, denn er zeigt Auffälligkeiten. Internet-Nutzer/innen warnen vor einer Bestellung, die Preise sind teilweise sehr niedrig und die Bezahlung der Ware ist nur im Voraus möglich. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-anenbergstore/ ∗∗∗ Markenfälscher-Alarm auf backpacks.at! ∗∗∗ --------------------------------------------- Auf backpacks.at finden KonsumentInnen Schuhe und Taschen von Marken wie Michael Kors, Tamaris, Buffalo oder Ralph Lauren. Die Preise sind extrem niedrig und sollen zu einem schnellen Kauf verlocken. Die .at-Domain lässt zwar ein österreichisches Unternehmen vermuten, doch eigentlich wird der Shop aus Asien betrieben, gelieferte Ware entspricht nicht der Bestellten und ein Widerruf ist aussichtslos. --------------------------------------------- https://www.watchlist-internet.at/news/markenfaelscher-alarm-auf-backpacksa… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (git), Fedora (php-symfony, php-symfony4, and thunderbird-enigmail), Mageia (glpi and libreoffice), openSUSE (dpdk-thunderxdpdk, git, and ocaml), SUSE (glibc, libvorbis, and zziplib), and Ubuntu (elfutils, git, and procps). --------------------------------------------- https://lwn.net/Articles/756761/ ∗∗∗ Philips IntelliVue Patient and Avalon Fetal Monitors ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 ∗∗∗ ABB IP Gateway ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-156-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016280 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-2602) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016679 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect (Tivoli Storage Manager) Windows and Macintosh Client (CVE-2018-2603, CVE-2018-2633) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016042 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Spectrum Protect Plus (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016826 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability ( CVE-2017-3736) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016116 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.06.2018
by Daily end-of-shift report 05 Jun '18

05 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Montag 04-06-2018 18:00 − Dienstag 05-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit ∗∗∗ --------------------------------------------- Hundreds of thousands of websites running on the Drupal CMS—including those of major educational institutions and government organizations around the world—have been found vulnerable to a highly critical flaw for which security .. --------------------------------------------- https://thehackernews.com/2018/06/drupalgeddon2-exploit.html ∗∗∗ IoT Botnets Found Using Default Credentials for C&C Server Databases ∗∗∗ --------------------------------------------- Not following cybersecurity best practices could not only cost online users but also cost cybercriminals. Yes, sometimes hackers dont take best security measures to keep their infrastructure safe. A variant of IoT botnet, called Owari, that relies on default or weak credentials to hack insecure IoT devices was found itself using default credentials in its MySQL server integrated with command --------------------------------------------- https://thehackernews.com/2018/06/iot-botnet-password.html ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗ --------------------------------------------- Für unsere täglichen Routineaufgaben suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich auf unserer Jobs-Seite. https://cert.at/about/jobs/jobs.html --------------------------------------------- https://www.cert.at/services/blog/20180605165955-2249.html ∗∗∗ Sicherheitsupdates: Mehrere AV-Anwendungen von F-Secure sind löchrig ∗∗∗ --------------------------------------------- In verschiedenen Endpoint-Protection-Produkten von F-Secure für Windows klaffen kritische Sicherheitslücken. --------------------------------------------- http://heise.de/-4068340 ∗∗∗ Vulnerability Spotlight: TALOS-2018-0535 - Ocularis Recorder VMS_VA Denial of Service Vulnerability ∗∗∗ --------------------------------------------- Vulnerabilities discovered by Carlos Pacho from TalosOverviewTalos is disclosing a denial-of-service vulnerability in the Ocularis Recorder. Ocularis is a video management software (VMS) platform used in a variety of .. --------------------------------------------- https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-20… ∗∗∗ Hacking, tracking, stealing and sinking ships ∗∗∗ --------------------------------------------- At Infosecurity Europe this year, we demonstrated multiple methods to interrupt the shipping industry, several of which haven’t been demonstrated in public before, to our knowledge. Some of these issues were simply through .. --------------------------------------------- https://www.pentestpartners.com/security-blog/hacking-tracking-stealing-and… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability exists in Cisco Access Point (AP) platforms when processing Address Resolution Protocol (ARP) packets that could allow an unauthenticated, adjacent attacker to inject crafted entries into the ARP .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ FortiSwitch rest_admin account exposed under specific conditions ∗∗∗ --------------------------------------------- During an upgrade to version 3.4.1, a FortiSwitch device may let an attackerlog in the rest_admin account without a password, if all the conditions beloware met: * The FortiSwitch device .. --------------------------------------------- http://fortiguard.com/advisory/FG-IR-16-011 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.06.2018
by Daily end-of-shift report 04 Jun '18

04 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-06-2018 18:00 − Montag 04-06-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Mobile Devs Making the Same Security Mistakes Web Devs Made in the Early 2000s ∗∗∗ --------------------------------------------- Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mobile-devs-making-the-same-… ∗∗∗ SMiShing with Punycode ∗∗∗ --------------------------------------------- Cybercriminals keep coming up with new ways to steal and profit from personal user data. Because mobile devices are so prevalent, and so capable, they are becoming the targets of a variety of cyberattacks that were previously limited to computers. One such attack technique is SMS phishing—SMiShing—in which attacks are delivered via text messages. --------------------------------------------- https://www.zscaler.com/blogs/research/smishing-punycode ∗∗∗ Scammers Targeting Booking.com Users with Phishing Messages ∗∗∗ --------------------------------------------- Scammers recently targeted Booking.com customers with phishing messages designed to steal their sensitive financial information. According to The Sun, criminals sent out WhatsApp messages and text messages to customers claiming that a security breach had occurred and that recipients needed to change their passwords. The attack correspondence came with a link that, when clicked, gave [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/cyber-s… ∗∗∗ Warnung vor SEPA-Lastschriftbetrug bei Unternehmen ∗∗∗ --------------------------------------------- Unternehmen, die ihre Bankdaten öffentlich haben, werden Opfer eines Betrugs, bei dem Kriminelle ihre Bankverbindung für Verbrechen nutzen. Die Täter/innen greifen auf das SEPA-Lastschriftverfahren zurück und täuschen einen Einzugsermächtigung oder einen Abbuchungsauftrag vor. In anderen Fällen nennen sie bei betrügerischen Einkäufen die Bankdaten des Unternehmens. Es droht ein hoher Geldverlust. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-sepa-lastschriftbetrug-b… ∗∗∗ Zahlen - Visa-Kreditkarten aufgrund Hardware-Fehlers unbenutzbar ∗∗∗ --------------------------------------------- Der Betrieb laufe nun wieder wie normal – es gebe keinen Hinweis auf einen kriminellen Angriff --------------------------------------------- https://derstandard.at/2000080869035/Visa-Kreditkarten-aufgrund-Hardware-Fe… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple Security Updates, (Sun, Jun 3rd) ∗∗∗ --------------------------------------------- Summary (MacOS, iOS, tvOS, watchOS) --------------------------------------------- https://isc.sans.edu/diary/rss/23727 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (procps, xmlrpc, and xmlrpc3), Debian (batik, prosody, redmine, wireshark, and zookeeper), Fedora (jasper, kernel, poppler, and xmlrpc), Mageia (git and wireshark), Red Hat (rh-java-common-xmlrpc), Slackware (git), SUSE (bzr, dpdk-thunderxdpdk, and ocaml), and Ubuntu (exempi). --------------------------------------------- https://lwn.net/Articles/756489/ ∗∗∗ Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1064/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security AppScan Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016709 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.06.2018
by Daily end-of-shift report 01 Jun '18

01 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-05-2018 18:00 − Freitag 01-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ May 2018 mobile malware review from Doctor Web ∗∗∗ --------------------------------------------- May 31, 2018 In May 2018 Doctor Web specialists found several Google Play applications containing the Trojan Android.Click.248.origin. It loaded fraudulent websites on which users subscribed to expensive mobile services. Also .. --------------------------------------------- https://news.drweb.com/show/?i=12618&lng=en&c=9 ∗∗∗ Shell Logins as a Magento Reinfection Vector ∗∗∗ --------------------------------------------- Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files: app/Mage.php; lib/Varien/Autoload.php; index.php; app/code/core/Mage/Core/functions.php; These are .. --------------------------------------------- https://blog.sucuri.net/2018/05/shell-logins-as-a-magento-reinfection-vecto… ∗∗∗ Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner ∗∗∗ --------------------------------------------- An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page. Sometime around .. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/rig-exploit-kit… ∗∗∗ Expired domain led to SpamCannibals blacklist eating the whole world ∗∗∗ --------------------------------------------- The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/05/expired-domain-led-spamcanni… ∗∗∗ Sicherheitslücke gefährdete zehn Jahre lang Millionen Steam-Client-Nutzer ∗∗∗ --------------------------------------------- Der Steam-Client war verwundbar und Angreifer hätten mit vergleichsweise wenig Aufwand Schadcode auf Computer schmuggeln können. --------------------------------------------- http://heise.de/-4061777 ∗∗∗ Browser - WebAuthn: Bei Chrome kann man sich vielerorts nun ohne Passwort anmelden ∗∗∗ --------------------------------------------- Fingerabdruckscanner oder spezielle USB-Sticks können stattdessen verwendet werden --------------------------------------------- https://derstandard.at/2000080745632/WebAuthn-Bei-Chrome-kann-man-sich-viel… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco TelePresence TX9000 Series Cross-Frame Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web UI of Cisco TelePresence TX9000 Series Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Synology-SA-18:30 SSL VPN Client ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to conduct man-in-the-middle attacks via a susceptible version of SSL VPN Client. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_30 ∗∗∗ HPESBUX03818 rev.1 - HP-UX Secure Shell, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.05.2018
by Daily end-of-shift report 30 May '18

30 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-05-2018 18:00 − Mittwoch 30-05-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Ultraschallangriffe bringen Festplatten zum Absturz ∗∗∗ --------------------------------------------- Sicherheitsforscher haben mit Schall- und Ultraschallattacken Videoüberwachungssyteme, aber auch PCs und Laptops außer Gefecht gesetzt. --------------------------------------------- https://futurezone.at/science/ultraschallangriffe-bringen-festplatten-zum-a… ∗∗∗ Yahoo-Hack: Kanadier zu fünf Jahren Gefängnis verurteilt ∗∗∗ --------------------------------------------- Für den russischen Geheimdienst beschaffte ein Hacker den Zugang zu 80 Webmail-Konten durch Eindringen in das Yahoo-System. Jetzt muss er ins Gefängnis. --------------------------------------------- http://heise.de/-4060708 ∗∗∗ Roboter Pepper kämpft mit massiven Sicherheitsproblemen ∗∗∗ --------------------------------------------- Die "feindliche" Übernahme von einem Roboter ist ein Horrorszenario. Beim Service-Roboter Pepper ist das möglich, wie Wissenschaftler herausgefunden haben. --------------------------------------------- http://heise.de/-4060743 ∗∗∗ Will the Real Joker’s Stash Come Forward? ∗∗∗ --------------------------------------------- For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known "carding" markets, or online stores that sell stolen credit cards. --------------------------------------------- https://krebsonsecurity.com/2018/05/will-the-real-jokers-stash-come-forward/ ∗∗∗ 0patching Foxit Reader Buffer... Oops... Integer Overflow (CVE-2017-17557) ∗∗∗ --------------------------------------------- In April, Steven Seeley of Source Incite published a report of a vulnerability in Foxit Reader and PhantomPDF versions up to 9.0.1 that could allow for remote code execution on a target system. Public release of this report was coordinated with an official vendor fix included in the Aprils Foxit Reader and PhantomPDF 9.1. release.According to our analysis the PoC attached to the report triggers a heap-based buffer overflow in a Bitmap image data copy operation .. --------------------------------------------- http://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html ∗∗∗ Cookie consent script used to distribute malware ∗∗∗ --------------------------------------------- Since the new website cookie usage regulations in the EU have come into place, many websites have added a warning on their website about how they use cookies on it and as well, ask for your consent. ]]> --------------------------------------------- http://labs.sucuri.net/?note=2018-05-29 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4212 git - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4212 ∗∗∗ DSA-4213 qemu - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4213 ∗∗∗ Potential XSS in "CSRF validation failure" page due to lack of referer sanitization ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-059 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily