Daily

daily@lists.cert.at

1 participants
3189 discussions

Tageszusammenfassung - 10.08.2018
by Daily end-of-shift report 10 Aug '18

10 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-08-2018 18:00 − Freitag 10-08-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Neue Macs können beim ersten Kontakt mit WLAN gehackt werden ∗∗∗ --------------------------------------------- Betroffen sind Firmenkunden von Apple. Die Schwachstelle wurde auf der Black Hat Konferenz präsentiert. --------------------------------------------- https://futurezone.at/digital-life/neue-macs-koennen-beim-ersten-kontakt-mi… ∗∗∗ The 10 Best Practices for Identifying and Mitigating Phishing ∗∗∗ --------------------------------------------- Phishing (a form of social engineering) is escalating in both frequency and sophistication; consequently, it is even more challenging to defend against cyber-related attacks. These days, any industry, any workplace, any work role can be targeted by a phishing scam that is spreading beyond simple malicious email attachments and link manipulation techniques (i.e., phishers may [...] --------------------------------------------- https://resources.infosecinstitute.com/the-10-best-practices-for-identifyin… ∗∗∗ Practical Web Cache Poisoning ∗∗∗ --------------------------------------------- Web cache poisoning has long been an elusive vulnerability, a theoretical threat used mostly to scare developers into obediently patching issues that nobody could actually exploit. In this paper Ill show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage. --------------------------------------------- https://portswigger.net/blog/practical-web-cache-poisoning ∗∗∗ VIA C3: "God Mode"-Sicherheitslücke in Prozessoren entdeckt ∗∗∗ --------------------------------------------- Ein IT-Experte hat einen schwerwiegenden Bug in alten CPUs von VIA Technologies aufgespürt und auch gleich eine Gegenmaßnahme programmiert. --------------------------------------------- http://heise.de/-4133425 ∗∗∗ Vulnerabilities in mPOS devices could lead to fraud and theft ∗∗∗ --------------------------------------------- Vulnerabilities in mPOS (mobile point-of-sale) machines could allow malicious merchants to defraud customers and attackers to steal payment card data, Positive Technologies researchers have found. The use of mPOS devices has seen huge growth over the last few years as the barriers to entry to be provided a device and start accepting card payments are effectively zero. --------------------------------------------- https://www.helpnetsecurity.com/2018/08/10/mpos-vulnerabilities/ ∗∗∗ Nicht bei shop-and-smile.com einkaufen ∗∗∗ --------------------------------------------- Auf shop-and-smile.com finden Konsument/innen Elektroartikel. Die angebotenen Produkte sind gebraucht und nicht neu. Das ist im Rahmen eines Einkaufs nicht offensichtlich. Eine Bezahlung der Ware ist entgegen anderer Aussagen nur im Voraus möglich. Die Watchlist Internet rät von einem Einkauf bei shop-and-smile.com ab. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-bei-shop-and-smilecom-einkaufe… ===================== = Vulnerabilities = ===================== ∗∗∗ Crestron TSW-X60 and MC3 ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for OS command injection, improper access control, and insufficiently protected credentials vulnerabilities in Crestrons TSW-X60 and MC3 devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 ∗∗∗ NetComm Wireless 4G LTE Light Industrial M2M Router ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for information exposure, cross-site forgery, cross-site scripting, and information exposure through directory listing vulnerabilities in NetComm Wireless 4G LTE Light Industrial M2M Router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02 ∗∗∗ PostgreSQL 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24, and 11 Beta 3 Released! ∗∗∗ --------------------------------------------- Two security vulnerabilities have been closed by this release: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses CVE-2018-10925: Memory disclosure and missing authorization in INSERT ... ON CONFLICT DO UPDATE --------------------------------------------- https://www.postgresql.org/about/news/1878/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (exiv2, kernel-headers, kernel-tools, libgit2, and thunderbird-enigmail), openSUSE (blueman, cups, gdk-pixbuf, libcdio, libraw, libsoup, libtirpc, mysql-community-server, python-mitmproxy, sssd, and virtualbox), Red Hat (cobbler), SUSE (ceph, firefox, NetworkManager-vpnc, openssh, and wireshark), and Ubuntu (openjdk-7 and openjdk-8). --------------------------------------------- https://lwn.net/Articles/762337/ ∗∗∗ wpa_supplicant: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1564/ ∗∗∗ Red Hat Certification: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1571/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10720235 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718367 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-2633, CVE-2018-2603, CVE-2018-2579, CVE-2018-2602, CVE-2018-2794, & CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717207 ∗∗∗ IBM Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718373 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717211 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012479 ∗∗∗ IBM Security Bulletin: A security vulnerability in IBM Rational ClearQuest with SSL/TLS communications (CVE-2016-2922) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718377 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.08.2018
by Daily end-of-shift report 09 Aug '18

09 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-08-2018 18:00 − Donnerstag 09-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Warnung vor Bewerbung bei webex-solutions.at ∗∗∗ --------------------------------------------- Webex Solutions ist eine betrügerische Scheinfirma. Sie sucht Mitarbeiter/innen. Auf ihrer Website webex-solutions.at fragt sie persönliche Daten von Interessent/innen ab. In Wahrheit gibt es keine zu besetzende Stelle. Kriminelle nutzen die Angaben ihrer Opfer, damit sie mit diesen ein Konto eröffnen und darüber Geldwäscherei betreiben können. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-bewerbung-bei-webex-solu… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-29) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-29) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, August 14, 2018. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1591 ∗∗∗ [Drupal] PHP Configuration - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-055 ∗∗∗ --------------------------------------------- This module enables you to add or overwrite PHP configuration on a drupal website. The module doesnt sufficiently allow access to set these configurations, leading to arbitrary PHP configuration execution by an attacker.This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer phpconfig". --------------------------------------------- https://www.drupal.org/sa-contrib-2018-055 ∗∗∗ RSYSLOG: Eine Schwachstelle ermöglicht u. a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle in RSYSLOG ausnutzen, um einen Denial-of-Service (DoS)-Angriff durchzuführen oder möglicherweise auch beliebigen Programmcode zur Ausführung zu bringen. Der Hersteller hat RSYSLOG 8.37.0 (v8-stable) zur Verfügung gestellt. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1558/ https://www.adiscon.com/news/news-release/rsyslog-8-37-0-v8-stable-released/ ∗∗∗ Vulnerabilities in multiple third party TYPO3 CMS extensions ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: * "Heise Shariff" (rx_shariff) * "Register to tt_address" (registeraddress) * "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3) * "Powermail" (powermail) * "AWS SDK for PHP" (aws_sdk_php) * "Front End User Registration" (sr_feuser_register) * "Amazon Web Services SDK " (aws_sdk) * "Frontend Treeview" (mh_treeview) * "TemplaVoilà! Plus" (templavoilaplus) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2018/000429.html ∗∗∗ Black Hat: Windows-10-Assistent Cortana reißt Sicherheitslücken auf ∗∗∗ --------------------------------------------- Auf der Black Hat in Las Vegas haben Forscher mehrere Lücken in Cortana aufgedeckt. So lässt sich zum Beispiel Schadcode über den Sprachassistenten ausführen. --------------------------------------------- http://heise.de/-4132425 ∗∗∗ BIND deny-answer-aliases Bug Lets Remote Users Cause the Target named Service to Crash ∗∗∗ --------------------------------------------- A remote user can trigger an INSIST assertion failure in 'name.c', causing the 'named' service to stop processing. Systems that use the "deny-answer-aliases" feature are affected. --------------------------------------------- http://www.securitytracker.com/id/1041436 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel, linux-hardened, linux-lts, and linux-zen), Debian (kamailio and wpa), Fedora (kernel-headers, kernel-tools, moodle, and vim-syntastic), and openSUSE (clamav, enigmail, and java-11-openjdk). --------------------------------------------- https://lwn.net/Articles/762205/ ∗∗∗ IBM Security Bulletin: IBM UrbanCode Deploy diagnostics files may contain confidential data (CVE-2017-1286) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg2C1000377 ∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-1333 and CVE-2018-8011 in the IBM i HTTP Server affect IBM i. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720141 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719933 ∗∗∗ IBM Security Bulletin: Plugins can be uploaded to IBM UrbanCode Deploy without Authentication (CVE-2017-1749) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg2C1000374 ∗∗∗ HPESBHF03805 rev.23 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.08.2018
by Daily end-of-shift report 08 Aug '18

08 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-08-2018 18:00 − Mittwoch 08-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Update Mechanism Flaws Allow Remote Attacks on UEFI Firmware ∗∗∗ --------------------------------------------- The glitch stems from a functionality intended to allow updates to the UEFI firmware. --------------------------------------------- https://threatpost.com/update-mechanism-flaws-allow-remote-attacks-on-uefi-… ∗∗∗ Cookie Consent Script Used to Distribute Malware ∗∗∗ --------------------------------------------- Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU General Data Protection Regulation (GDPR). Even though cookie usage is mentioned only once in GDPR, any organization utilizing them to track users' browsing activity have had to add a warning about how they are using them and ask for the user consent. --------------------------------------------- https://blog.sucuri.net/2018/08/cookie-consent-script-used-to-distribute-ma… ∗∗∗ IT-Grundschutz: Neuer Online-Kurs veröffentlicht ∗∗∗ --------------------------------------------- Ein neues Online-Angebot für den modernisierten IT-Grundschutz erleichtert Anwendern den Einstieg in die Umsetzung der IT-Grundschutz-Methodik. Basierend auf dem IT-Grundschutz-Kompendium und den BSI-Standards 200-1,-2 und -3 führt die vom Bundesamt für Sicherheit in der Informationstechnik (BSI) entwickelte und veröffentlichte Web-Schulung die Anwender in unterschiedlichen Lektionen durch die IT-Grundschutz-Vorgehensweise. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/IT-Grundsch… ∗∗∗ PayPal-Betrug mit eigener E-Mailadrese ∗∗∗ --------------------------------------------- Konsument/innen erhalten von PayPal eine Benachrichtigung darüber, dass sie ihre E-Mailadresse für die Eröffnung eines Kontos bestätigen sollen. Das Konto haben Kriminelle eröffnet. Sie kaufen mit der fremden E-Mailadresse und erfundenen Daten ein. Die Rechnungen und Mahnungen dafür erhalten die Opfer. Diese müssen die offenen PayPal-Forderungen nicht bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/paypal-betrug-mit-eigener-e-mailadre… ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic MyCareLink 24950 Patient Monitor ∗∗∗ --------------------------------------------- This medical device advisory includes mitigation recommendations for insufficient verification of data authenticity and storing passwords in a recoverable format vulnerabilities in the Medtronic MyCareLink 24950 Patient Monitor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01 ∗∗∗ Medtronic MiniMed 508 Insulin Pump ∗∗∗ --------------------------------------------- This medical device advisory includes mitigation recommendations for cleartext transmission of sensitive information and authentication bypass by capture-replay vulnerabilities in the Medtronic MiniMed 508 Insulin Pump. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 ∗∗∗ Delta Electronics CNCSoft and ScreenEditor ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics CNCSoft and ScreenEditor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 ∗∗∗ What Do I Need To Know about "SegmentSmack", (Wed, Aug 8th) ∗∗∗ --------------------------------------------- "SegmentSmack" is yet another branded vulnerability, also known as CVE-2018-5390. It hit the "news" yesterday. Succesful exploitation may lead to a denial of service against a targeted system. At this point, not a lot is known about this vulnerability. But here are some highlights: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/What+Do+I+Need+To+Know+about+SegmentSmack… ∗∗∗ HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution ∗∗∗ --------------------------------------------- Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. --------------------------------------------- https://support.hp.com/us-en/document/c06097712 ∗∗∗ Android Security Bulletin - August 2018 ∗∗∗ --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-08-05 or later address all of these issues. [...] The most severe of these issues is a critical vulnerability that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2018-08-01 ∗∗∗ 2018-08 Out of Cycle Security Bulletin: Junos platforms vulnerable to SegmentSmack attack [VU#962459] ∗∗∗ --------------------------------------------- [...] Crafted sequences of TCP/IP packets may allow a remote attacker to create a denial of service (DoS) condition on routing engines (REs) running Junos OS. The attack requires a successfully established two-way TCP connection to an open port. The rate of attack traffic is lower than typical thresholds for built-in Junos OS distributed denial-of-service (DDoS) protection, so additional configuration is required to defend against these issues on affected platforms. --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10876 ∗∗∗ VMSA-2018-0019 ∗∗∗ --------------------------------------------- Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0019.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Fedora (ceph, exiv2, myrepos, and seamonkey), openSUSE (libofx and znc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (clamav, kernel, and rubygem-sprockets-2_12), and Ubuntu (gnupg, lftp, libxcursor, linux-hwe, linux-azure, linux-gcp, linux-raspi2, and lxc). --------------------------------------------- https://lwn.net/Articles/762022/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (slurm-llnl), Fedora (libmspack), openSUSE (cups, kernel, kernel-firmware, libcgroup, and ovmf), Oracle (kernel), and SUSE (cups, enigmail, libcdio, and pidgin). --------------------------------------------- https://lwn.net/Articles/762098/ ∗∗∗ eDirectory 9.1.1 Hot Patch 1 ∗∗∗ --------------------------------------------- https://download.novell.com/Download?buildid=vP3nS-Hctkk~ ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM® SDK for Node.js™ affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011860 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718421 ∗∗∗ HPESBHF03850 rev.3 - HPE ProLiant, Synergy, and Moonshot Systems: Local Disclosure of Information, CVE-2018-3639 – Speculative Store Bypass and CVE-2018-3640 – Rogue System Register Read ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 ∗∗∗ --------------------------------------------- https://webkitgtk.org/security/WSA-2018-0006.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2018
by Daily end-of-shift report 07 Aug '18

07 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Montag 06-08-2018 18:00 − Dienstag 07-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Lets Encrypt Is Now Officially Trusted by All Major Root Certificates ∗∗∗ --------------------------------------------- Lets Encrypt announced yesterday that they are now directly trusted by all major root certificates including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Lets Encrypt is now directly trusted by all major browsers and operating systems. --------------------------------------------- https://www.bleepingcomputer.com/news/security/lets-encrypt-is-now-official… ∗∗∗ DoS-Schwachstelle im Kernel - keine Panik! ∗∗∗ --------------------------------------------- In der Nacht auf heute wurde eine Schwachstelle im Linux Kernel bekannt, die einen DoS-Angriff durch spezielle TCP-Pakete ermöglicht ... Auf den ersten Blick klingt das hochkritisch und stellt eine enorme Gefahr für Unternehmen dar, die Webauftritte und Mailserver auf Linux-Servern betreiben. Auf den zweiten Blick gibt es jedoch einige wichtige Einschränkungen, die das Risiko minimieren. --------------------------------------------- https://www.cert.at/services/blog/20180807131134-2285.html ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple vulnerabilities in multiple I-O DATA network camera products ∗∗∗ --------------------------------------------- Overview: Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities. Products Affected: TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier --------------------------------------------- https://jvn.jp/en/jp/JVN83701666/ ∗∗∗ FreeBSD: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann die Schwachstelle durch den Versand von TCP-Paketen an ein betroffenes System ausnutzen und einen Denial-of-Service (DoS)-Zustand bewirken. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1548/ ∗∗∗ [openssl-announce] Forthcoming OpenSSL releases ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0i and 1.0.2p. These releases will be made available on 14th August 2018 between approximately 1200-1600 UTC. These are bug-fix releases. They also contain the fixes for two LOW severity security issues (CVE-2018-0732 and CVE-2018-0737) --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2018-August/000129.html ∗∗∗ Android Patchday: Monatliches Update beseitigt zahlreiche Schwachstellen ∗∗∗ --------------------------------------------- Wie bereits im Vormonat hat Google auch beim aktuellen Patchday durchweg Sicherheitslücken mit hohem bis kritischem Schweregrad beseitigt. --------------------------------------------- http://heise.de/-4130865 ∗∗∗ Manueller Umstieg nötig: Mozilla Thunderbird 60 mit wichtigen Security-Updates ∗∗∗ --------------------------------------------- Sieht schöner aus – und ist obendrein sicherer: Thunderbird-User sollten auf Version 60 umsteigen. Dazu ist ein manuelles Update erforderlich. --------------------------------------------- http://heise.de/-4131114 ∗∗∗ IBM Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via https-proxy-agent/newrelic(a)3.1.0 (CVE-2018-3739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718999 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717301 ∗∗∗ IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in Brocade Fabric OS (CVE-2017-6225 CVE-2017-6227) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720085 ∗∗∗ JSA10876 - 2018-08 Out of Cycle Security Bulletin: Junos platforms vulnerable to SegmentSmack attack [VU#962459] ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10876&actp=RSS ∗∗∗ SSA-179516 (Last Update: 2018-08-07): OpenSSL Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf ∗∗∗ SSA-979106 (Last Update: 2018-08-07): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf ∗∗∗ SSA-920962 (Last Update: 2018-08-07): Vulnerabilities in Automation License Manager ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf ∗∗∗ HPESBHF03835 rev.1 - HPE Integrated Lights-Out 3, 4, 5 (iLO 3, 4, 5), Moonshot Chassis Manager, and Moonshot Component Pack, Remote Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.08.2018
by Daily end-of-shift report 06 Aug '18

06 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-08-2018 18:00 − Montag 06-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks ∗∗∗ --------------------------------------------- It should be noted that this method does not make it easier to crack the password for a wireless network. It instead makes the process of acquiring a hash that can can be attacked to get the wireless password much easier. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-method-simplifies-cracki… ∗∗∗ DDoS-Angriffe: Die Bedrohung stabilisiert sich ∗∗∗ --------------------------------------------- Durch den Schlag gegen Webstresser.org haben DDoS-Angriffe im deutschsprachigen Raum klar nachgelassen. Grund zur Entwarnung ist das aber nicht. --------------------------------------------- http://heise.de/-4128961 ∗∗∗ Abmahnung der Anwalt AG wegen Urheberrechtsverletzung ∗∗∗ --------------------------------------------- Die ANWALT AG, vertreten durch Dr. Rene De La Porte, versendet eine Abmahnung wegen Urheberrechtsverletzung. Empfänger/innen sollen 426,55 Euro wegen eines Rechtsverstoßes auf kinox.to bezahlen. Das Schreiben ist betrügerisch. Konsument/innen müssen den Geldbetrag nicht bezahlen. --------------------------------------------- https://www.watchlist-internet.at/news/abmahnung-der-anwalt-ag-wegen-urhebe… ===================== = Vulnerabilities = ===================== ∗∗∗ Enigmail 2.0.8 released ∗∗∗ --------------------------------------------- A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like its signed and/or encrypted. --------------------------------------------- https://www.enigmail.net/index.php/en/download/changelog ∗∗∗ EMC Data Protection Advisor XML External Entity Processing Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information ∗∗∗ --------------------------------------------- A remote authenticated user can supply specially crafted XML External Entity (XXE) data to the target REST API to read files on the target system with the privileges of the target service or cause denial of service conditions on the target system. --------------------------------------------- http://www.securitytracker.com/id/1041417 ∗∗∗ CA API Developer Portal Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- The developer portal does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. --------------------------------------------- http://www.securitytracker.com/id/1041416 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (cgit, python-django, and python2-django), Debian (ant, cgit, libmspack, python-django, symfony, vim-syntastic, and xml-security-c), Fedora (kernel-headers, libao, libvorbis, mingw-gdal, mingw-xerces-c, and python-XStatic-jquery-ui), openSUSE (bouncycastle, java-10-openjdk, libgcrypt, libsndfile, mutt, nautilus, ovmf, python-dulwich, rpm, util-linux, wireshark, and xen), Oracle (kernel), Red Hat (kernel, openslp, rhvm-setup-plugins, and xmlrpc), --------------------------------------------- https://lwn.net/Articles/761923/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Rhapsody Model Manager with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718345 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.08.2018
by Daily end-of-shift report 03 Aug '18

03 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-08-2018 18:00 − Freitag 03-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Cryptominers: Binary-Process-Cron Variants and Methods of Removal ∗∗∗ --------------------------------------------- This post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a web page, a binary server-level cryptominer abuses server resources without affecting the computers or mobile devices of site .. --------------------------------------------- https://blog.sucuri.net/2018/08/cryptominer-variants-removal.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (busybox, graphicsmagick, and libmspack), Fedora (pam_yubico), Scientific Linux (openslp), Slackware (lftp), SUSE (cups, libtirpc, and thunderbird), and Ubuntu (clamav). --------------------------------------------- https://lwn.net/Articles/761752/ ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API (CVE-2018-1528) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22017450 ∗∗∗ IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10716113 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2018-1422) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719817 ∗∗∗ IBM Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015283 ∗∗∗ HPESBHF03872 rev.1 - HPE Intelligent Management Center Platform (IMC PLAT), Remote Directory Traversal ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBHF03841 rev.2 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.08.2018
by Daily end-of-shift report 02 Aug '18

02 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 01-08-2018 18:00 − Donnerstag 02-08-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Crime and Crypto: An Evolution in Cyber Threats ∗∗∗ --------------------------------------------- Cybercriminals are constantly experimenting with new ways to take money from their victims. Their tactics evolve quickly to maximize returns and minimize risk. The emergence of cryptocurrency has opened up new opportunities to do just that. To better understand today’s threat landscape, it’s worth exploring the origins of cryptocurrencies and the progress cybercriminals have made in using it to advance their own interests. --------------------------------------------- https://www.webroot.com/blog/2018/08/02/crime-crypto-evolution-cyber-threat… ∗∗∗ Save the Date: 4th e-Health Security Conference ∗∗∗ --------------------------------------------- ENISA is organising the 4th eHealth Security workshop in cooperation with the Dutch Ministry of Health, Welfare and Sport, on the 14th of November. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/save-the-date-4th-e-health-secu… ∗∗∗ Reddit Breach Highlights Limits of SMS-Based Authentication ∗∗∗ --------------------------------------------- Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesnt seem too severe. Whats interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. --------------------------------------------- https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-… ∗∗∗ The Year Targeted Phishing Went Mainstream ∗∗∗ --------------------------------------------- A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and --------------------------------------------- https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstr… ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal Core - 3rd-party libraries -SA-CORE-2018-005 ∗∗∗ --------------------------------------------- The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.The same vulnerability also exists in the Zend Feed and Diactoros libraries included in Drupal core; however, Drupal core does not use the vulnerable functionality. --------------------------------------------- https://www.drupal.org/SA-CORE-2018-005 ∗∗∗ Telegram: Passport-Dokumentenspeicher des Krypto-Messengers hat Schwachstellen ∗∗∗ --------------------------------------------- Geraten die von Telegram verwahrten Passwort-Hashes für Passport in falsche Hände, ließen sie sich leichter knacken, als man das eigentlich haben will. --------------------------------------------- http://heise.de/-4127755 ∗∗∗ Django Open Redirect Flaw in CommonMiddleware Lets Remote Users Redirect the Target Users Browser to an Arbitrary Site ∗∗∗ --------------------------------------------- On systems with django.middleware.common.CommonMiddleware and the APPEND_SLASH setting enabled and with a project that has a URL pattern that accepts any path ending in a slash, a remote user can create a URL that, when loaded by the target user, will redirect the target user's browser to an arbitrary site. --------------------------------------------- http://www.securitytracker.com/id/1041403 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (busybox and mutt), Fedora (bibutils and wireshark), openSUSE (glibc and rsyslog), Slackware (blueman), SUSE (cups, ovmf, and polkit), and Ubuntu (bouncycastle, libmspack, and python-django). --------------------------------------------- https://lwn.net/Articles/761625/ ∗∗∗ Vuln: Symfony CVE-2018-14773 Security Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104943 ∗∗∗ Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719413 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by multiple PHP vulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10713449 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22016803 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system.(CVE-2018-1524) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22017452 ∗∗∗ IBM Security Bulletin : Multiple vulnerabilities in IBM GSKit affect IBM Host On-Demand. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10716977 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2017-3737, CVE-2017-3738). ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717007 ∗∗∗ HPESBST03857 rev.1 - HPE XP7 Command View Advanced Edition Products using JDK, Local and Remote Authentication Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03859 rev.1 - HPE XP P9000 Command View Advanced Edition Software (CVAE) - Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03860 rev.1 - HPE XP P9000 Command View Advanced Edition (CVAE) Software, Local and Remote Unauthorized Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.08.2018
by Daily end-of-shift report 01 Aug '18

01 Aug '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-07-2018 18:00 − Mittwoch 01-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Facebook Phishing via SMS, (Wed, Aug 1st) ∗∗∗ --------------------------------------------- Facebook accounts are still a pretty hot commodity to spread malware. No ruse works better than having a "Friend" offer you some new software or browser extension. As a result, we keep seeing attempts to phish Facebook credentials. Late last week I came across a simple example of such an attempt that in particular targeted users of mobile .. --------------------------------------------- https://isc.sans.edu/diary/23940 ∗∗∗ When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869, (Wed, Aug 1st) ∗∗∗ --------------------------------------------- Universal Plug an Play (UPnP) is the gift that keeps on giving. One interesting issue with UPnP (aside from the fact that it never ever should be exposed to the Internet, but often is), is the .. --------------------------------------------- https://isc.sans.edu/diary/23942 ∗∗∗ Österreichischer Hoster: E-Mail-Addressen bei EDIS abhanden gekommen ∗∗∗ --------------------------------------------- Die E-Mail-Adressen zu Kundenkonten des Hosters EDIS sind bei Have I Been Pwned aufgetaucht. Kunden der Firma wurden per E-Mail vor einem Zwischenfall gewarnt. --------------------------------------------- http://heise.de/-4125214 ∗∗∗ Efail: HTML Mails have no Security Concept and are to blame ∗∗∗ --------------------------------------------- I recently wrote down my thoughts about why I think deprecated cryptographic standards are to blame for the Efail vulnerability in OpenPGP and S/MIME. However I promised that Ill also cover the other .. --------------------------------------------- https://blog.hboeck.de:443/archives/894-Efail-HTML-Mails-have-no-Security-C… ===================== = Vulnerabilities = ===================== ∗∗∗ Johnson Controls Metasys and BCPro ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for an information exposure through an error message vulnerability in Johnson Controls Metasys and BCPro products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02 ∗∗∗ WECON LeviStudioU ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities in WECONs LeviStudioU HMI editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03 ∗∗∗ AVEVA InTouch Access Anywhere ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a cross-site scripting vulnerability in the outdated and insecure third-party jQuery library used in the AVEVA InTouch Access Anywhere remote access software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 ∗∗∗ AVEVA Wonderware License Server ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for an improper restriction of operations within the bounds of a memory buffer vulnerability in the Flexera lmgrd third-party component used by the AVEVA Wonderware License Server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05 ∗∗∗ Vuln: Apache Camel CVE-2018-8027 XML External Entity Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104933 ∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is affected by a cross-site scripting vulnerability. (CVE-2018-1554) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10713695 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717143 ∗∗∗ IBM Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717517 ∗∗∗ IBM Security Bulletin: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could affect IBM InfoSphere Optim Performance Manager. CVE-2018-2633 CVE-2018-2603 CVE-2018-2579 ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014113 ∗∗∗ July 31, 2018 TNS-2018-11 [R1] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.07.2018
by Daily end-of-shift report 31 Jul '18

31 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 30-07-2018 18:00 − Dienstag 31-07-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ "National CERT" vs. "National CSIRTs" ∗∗∗ --------------------------------------------- "National CERT" vs. "National CSIRTs"2018/07/31The NIS Directive built upon previous work in the space of network and information security and also tried to use the established language of the field. This worked - up to a point. Im trying to summarize the differences and pitfalls regarding the term "national CSIRT". --------------------------------------------- http://www.cert.at/services/blog/20180731155524-2252_en.html ∗∗∗ Betrug mit günstigen Wohnungen ∗∗∗ --------------------------------------------- Kriminelle inserieren günstige Wohnungen in guter Lage. Sie teilen Wohnungssuchenden mit, dass eine Besichtigung der Immobilie nur bei Bezahlung einer hohen Kaution möglich sei. Interessent/innen, die das Geld an das genannten Unternehmen bezahlen, verlieren es, denn es gibt die angebotene Wohnung nicht. --------------------------------------------- https://www.watchlist-internet.at/news/betrug-mit-guenstigen-wohnungen/ ∗∗∗ Update on the Distrust of Symantec TLS Certificates ∗∗∗ --------------------------------------------- Firefox 60 (the current release) displays an “untrusted connection” error for any website using a TLS/SSL certificate issued before June 1, 2016 that chains up to a Symantec root certificate. This is part of the consensus proposal for removing trust in Symantec TLS certificates that Mozilla adopted in 2017. This proposal was also adopted by the Google Chrome team, and more recently Apple announced their plan to distrust Symantec TLS certificates. --------------------------------------------- https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-syma… ===================== = Vulnerabilities = ===================== ∗∗∗ OTRS: Eine Schwachstelle ermöglicht das Erlangen von Administratorrechten ∗∗∗ --------------------------------------------- Ein Agent kann in OTRS als entfernter, einfach authentifizierter Angreifer mit Hilfe einer speziell präparierten URL seine Privilegien eskalieren und beliebige Benutzerrechte erlangen. Dazu gehören auch Adminstratorrechte. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1499/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (network-manager-vpnc), Fedora (wireshark), Oracle (java-1.7.0-openjdk and yum-utils), Red Hat (chromium-browser, java-1.7.0-openjdk, memcached, qemu-kvm-rhev, and yum-utils), Scientific Linux (java-1.7.0-openjdk and yum-utils), Slackware (file and seamonkey), SUSE (gdk-pixbuf, libcgroup, libcgroup1, libvirt, and sssd), and Ubuntu (mysql-5.5 and mysql-5.5, mysql-5.7). --------------------------------------------- https://lwn.net/Articles/761375/ ∗∗∗ Drupal 8 release on August 1st, 2018 - DRUPAL-PSA-2018-07-30 ∗∗∗ --------------------------------------------- The Drupal Security Team will be coordinating a security release for Drupal 8 this week on Wednesday, August 1, 2018. (We are issuing this PSA in advance because the in the regular security release window schedule, August 1 would not typically be a core security window.)The Drupal 8 core release will be made between noon and 3pm EDT. It is rated as moderately critical and will be an update to a vendor library only.August 1 also remains a normal security release window for contributed projects. --------------------------------------------- https://www.drupal.org/psa-2018-07-30 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719211 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719209 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IPv6 and MQ affect IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10717931 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717693 ∗∗∗ IBM Security Bulletin: RCE vulnerability (CVE-2018-1595) affects IBM Platform Symphony, IBM Spectrum Symphony ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=isg3T1027819 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in freetype2 (CVE-2016-10328) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719055 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in dhcp (CVE-2018-5732 CVE-2018-5733) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719059 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719203 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in GNU C Library ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719047 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM GSKit affect IBM Personal Communications ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717437 ∗∗∗ Linux kernel vulnerability CVE-2016-8650 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K46394694 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.07.2018
by Daily end-of-shift report 30 Jul '18

30 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-07-2018 18:00 − Montag 30-07-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ An Introduction to the Xposed Framework for Android Penetration Testing ∗∗∗ --------------------------------------------- Introduction When it comes to the Pen Testing of Android-based applications, the main focus and attention of the Pen Tester is to live in the mindset of the Cyber attacker literally. The Pen Tester must then carry out an attack to see how the software code can be manipulated, what the weak spots of the […]The post An Introduction to the Xposed Framework for Android Penetration Testing appeared first on InfoSec Resources.An Introduction to the Xposed Framework for Android Penetration --------------------------------------------- https://resources.infosecinstitute.com/an-introduction-to-the-xposed-framew… ∗∗∗ Top 10 Free Threat-Hunting Tools ∗∗∗ --------------------------------------------- Threat hunting is an alternative approach to dealing with cyber-attacks, compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a system. While these common methods of defense generally investigate threats after they have occurred, the strategy of threat hunting involves searching through networks, detecting and isolating […]The post Top 10 Free Threat-Hunting Tools appeared first on InfoSec Resources.Top 10 Free --------------------------------------------- https://resources.infosecinstitute.com/top-10-free-threat-hunting-tools/ ∗∗∗ State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China ∗∗∗ --------------------------------------------- Heres a timely reminder that email isnt the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. --------------------------------------------- https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libextractor and wesnoth), Debian (ffmpeg, fuse, libidn, mercurial, openssl, policykit-1, tomcat7, tomcat8, wireshark, and wordpress), Fedora (java-1.8.0-openjdk, java-openjdk, libpng10, php, sox, and suricata), Gentoo (curl and znc), openSUSE (bouncycastle, Chromium, cinnamon, e2fsprogs, ImageMagick, kernel, libgcrypt, mercurial, openssh, openssl-1_0_0, openssl-1_1, python, qutebrowser, rubygem-sprockets, shadow, and xen), Slackware (kernel), ... --------------------------------------------- https://lwn.net/Articles/761324/ ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2016-0702). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718745 ∗∗∗ IBM Security Bulletin: Users of Helm with IBM Cloud Private can elevate their privileges (CVE-2018-1714) ∗∗∗ --------------------------------------------- https://www-prd-trops.events.ibm.com/node/718339 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22017447 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717895 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in GNU C Library (CVE-2017-12133) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718991 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in Freetype 2 (CVE-2016-10328) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718665 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in PHP (CVE-2018-7584) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718663 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilties in dhcp (CVE-2018-5732, CVE-2018-5733) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718661 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilties in GNU C Library ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718659 ∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerabilities in freetype2 (CVE-2016-10244 CVE-2017-8105 CVE-2017-8287) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718993 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in IPsec-Tools (CVE-2016-10396) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718657 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718381 ∗∗∗ IBM Security Bulletin: IBM Cloud Functions is affected by two function runtimevulnerabilities ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718977 ∗∗∗ HPESBHF03867 rev.1 - HPE Systems with Intel-based processors with SPI Flash Engine, Local Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily