Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 24.05.2018
by Daily end-of-shift report 24 May '18

24 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-05-2018 18:00 − Donnerstag 24-05-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ===================== = Vulnerabilities = ===================== ∗∗∗ Schneider Electric Patches XXE Vulnerability In Software ∗∗∗ --------------------------------------------- Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data. --------------------------------------------- https://threatpost.com/schneider-electric-patches-xxe-vulnerability-in-plcs… ∗∗∗ Bugtraq: [security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Universal CMDB/CMS and Micro Focus UCMDB Browser. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). References: CVE-2018-6495 - Corss-Site Scripting (XSS) --------------------------------------------- http://www.securityfocus.com/archive/1/542037 ∗∗∗ Vuln: Apache Batik CVE-2018-8013 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Apache Batik is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Batik 1.9.1 and prior versions are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/104252 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (imagemagick), Fedora (curl, glibc, kernel, and thunderbird-enigmail), openSUSE (enigmail, knot, and python), Oracle (procps-ng), Red Hat (librelp, procps-ng, redhat-virtualization-host, rhev-hypervisor7, and unboundid-ldapsdk), Scientific Linux (procps-ng), SUSE (bash, ceph, icu, kvm, and qemu), and Ubuntu (procps and spice, spice-protocol). --------------------------------------------- https://lwn.net/Articles/755540/ ∗∗∗ IBM Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022433&myns=ibmi&mynp=O… ∗∗∗ IBM Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027700 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099807 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module (IMM) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099806 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect db2exmig and db2exfmt tools shipped with IBM® Db2® (CVE-2018-1544, CVE-2018-1565) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016143 ∗∗∗ IBM Security Bulletin: Buffer overflow in the db2convert tool shipped with IBM® Db2® (CVE-2018-1515). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016140 ∗∗∗ IBM Security Bulletin: Buffer overflow in IBM® Db2® tool db2licm (CVE-2018-1488). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016141 ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to buffer overflow (CVE-2018-1459). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016142 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by multiple file overwrite vulnerabilities (CVE-2018-1450, CVE-2018-1449, CVE-2018-1451, CVE-2018-1452) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016181 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015656 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016278 ∗∗∗ IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by OpenSLP vulnerability (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099809 ∗∗∗ IBM Security Bulletin: IBM Chassis Management Module (CMM) is affected by OpenSLP vulnerability (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099808 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016282 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.05.2018
by Daily end-of-shift report 23 May '18

23 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-05-2018 18:00 − Mittwoch 23-05-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Backdoor Account Found in D-Link DIR-620 Routers ∗∗∗ --------------------------------------------- Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet. --------------------------------------------- https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-… ∗∗∗ Six Vulnerabilities Found in Dell EMC's Disaster Recovery System, One Critical ∗∗∗ --------------------------------------------- A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise. --------------------------------------------- https://threatpost.com/six-vulnerabilities-found-in-dell-emcs-disaster-reco… ∗∗∗ VPNFilter – is a malware timebomb lurking on your router? ∗∗∗ --------------------------------------------- A Cisco paper reports on zombie malware that has apparently infected more than 500,000 home routers. --------------------------------------------- https://nakedsecurity.sophos.com/2018/05/23/vpnfilter-is-a-malware-timebomb… ∗∗∗ An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners ∗∗∗ --------------------------------------------- As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the ease of mining at the expense of system administrators, website owners, and their visitors. Another Way Hackers are Tricking Website Visitors into Stealth Cryptomining [...] --------------------------------------------- https://blog.sucuri.net/2018/05/cryptomining-through-disguised-url-shortene… ∗∗∗ CPU-Sicherheitslücken Spectre-NG: Updates und Info-Links ∗∗∗ --------------------------------------------- Hersteller von Hardware, Betriebssystemen und Software stellen Webseiten mit Informationen und Sicherheitsupdates für die neuen Spectre-Lücken Spectre V3a und Spectre V4 bereit: Ein Überblick. --------------------------------------------- https://www.heise.de/ct/artikel/CPU-Sicherheitsluecken-Spectre-NG-Updates-u… ∗∗∗ Angreifer könnten aktuelle BMW-Modelle über Mobilfunk kapern ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Sicherheitslücken im Infotainment-System von verschiedenen BMW-Modellen ausgenutzt und so die Kontrolle übernommen. Ein Angriff aus der Ferne ist aber ziemlich aufwendig. --------------------------------------------- https://www.heise.de/security/meldung/Angreifer-koennten-aktuelle-BMW-Model… ∗∗∗ Efail: Welche E-Mail-Clients sind wie sicher? ∗∗∗ --------------------------------------------- Nach Veröffentlichung der Efail-Lücken in PGP und S/MIME herrscht unter Anwendern, die ihre E-Mails verschlüsseln viel Verunsicherung. Wir haben uns im Detail angeschaut, welche E-Mail-Programme bisher wie abgesichert wurden. --------------------------------------------- https://www.heise.de/security/meldung/Efail-Welche-E-Mail-Clients-sind-wie-… ∗∗∗ Angebliche Lilihill DevCon GmbH versendet Schadsoftware ∗∗∗ --------------------------------------------- Betrüger versenden als angebliche Lilihill DevCon GmbH massenhaft Schadsoftware an Unternehmen. EmpfängerInnen finden eine E-Mail von sales(a)european-gmbh.pw mit dem Betreff "AW: Zahlung – EWT" in ihrem Posteingang. Darin werden Betroffene dazu aufgefordert eine ZIP-Datei aus dem Anhang der Mail zu öffnen. Doch Vorsicht! Die Datei enthält Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/news/angebliche-lilihill-devcon-gmbh-vers… ===================== = Vulnerabilities = ===================== ∗∗∗ VMware Workstation und Fusion: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- Die Virtualisierungssoftware von VMware ermöglicht die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/05/warn… ∗∗∗ [20180505] - Core - XSS Vulnerabilities & additional hardening ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Versions: 3.0.0 through 3.8.7 --------------------------------------------- https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerab… ∗∗∗ Synology-SA-18:25 SRM ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM). --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_25 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Debian (procps), Fedora (curl, mariadb, and procps-ng), Gentoo (samba, shadow, and virtualbox), openSUSE (opencv, openjpeg2, pdns, qemu, and wget), Oracle (java-1.8.0-openjdk and kernel), Red Hat (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, redhat-virtualization-host, and vdsm), Scientific Linux (java-1.7.0-openjdk, [...] --------------------------------------------- https://lwn.net/Articles/755386/ ∗∗∗ Vuln: Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104239 ∗∗∗ Security Advisory - Three JSON Injection Vulnerabilities in Huawei Some Products ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ Security Advisory - Information Exposure Vulnerability in Some Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ Security Advisory - Numeric Errors Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/hua… ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Netezza Firmware Diagnostics. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012498 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015655 ∗∗∗ IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15706) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012273 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012293 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012274 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential spoofing attack in IBM WebSphere Application Server vulnerability (CVE-2017-1788) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016546 ∗∗∗ IBM Security Bulletin: Multiple Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15275, CVE-2017-14746 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012289 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential denial of service used by IBM WebSphere Application Server vulnerability (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016545 ∗∗∗ IBM Security Bulletin: Authenticated Users in IBM UrbanCode Deploy can Obtain Secure Properties (CVE-2017-1752) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000376 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016488 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.05.2018
by Daily end-of-shift report 22 May '18

22 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-05-2018 18:00 − Dienstag 22-05-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitsupdates: Attacken auf DrayTek-Router ∗∗∗ --------------------------------------------- Unbekannte Angreifer haben es derzeit auf verschiedene Router von DrayTek abgesehen. Ist ein Übergriff erfolgreich, verbiegen sie die DNS-Einstellungen. --------------------------------------------- https://heise.de/-4053059 ===================== = Vulnerabilities = ===================== ∗∗∗ VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks ∗∗∗ --------------------------------------------- CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Also known as "Variant 4" or "SpectreNG". --------------------------------------------- http://www.kb.cert.org/vuls/id/180049 ∗∗∗ Firewall information leak to regular SSL VPN web portal users ∗∗∗ --------------------------------------------- A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically crafted URLs. --------------------------------------------- https://fortiguard.com/psirt/FG-IR-17-231 ∗∗∗ Xen Security Advisory CVE-2018-3639 / XSA-263 ∗∗∗ --------------------------------------------- However, in most configurations, within-guest information leak is possible. Mitigation for this generally depends on guest changes (for which you must consult your OS vendor) *and* on hypervisor support, provided in this advisory. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-263.html ∗∗∗ HPSBHF02981 rev.3 - HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC. The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information. --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/755076/ ∗∗∗ Security vulnerabilities fixed in Thunderbird 52.8 ∗∗∗ --------------------------------------------- * CVE-2018-5183: Backport critical security fixes in Skia * CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack * CVE-2018-5154: Use-after-free with SVG animations and clip paths * CVE-2018-5155: Use-after-free with SVG animations and text paths ... --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ ∗∗∗ Security Notice -Statement on the Side-Channel Vulnerability Variants 3a and 4 ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-notices/2018/huawei… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2017/hua… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027633 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21974627 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012415 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016122 ∗∗∗ IBM Security Bulletin: Atlas eDiscovery Process Management is affected by Apache Open Source Commons FileUpload Vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014477 ∗∗∗ IBM Security Bulletin: Open Source Commons FileUpload Apache Vulnerabilities (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016234 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects the IBM Performance Management product (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015310 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012317 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016185 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012291 ∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012292 ∗∗∗ Java Bouncy Castle vulnerability CVE-2015-7940 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K10105323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.05.2018
by Daily end-of-shift report 18 May '18

18 May '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-05-2018 18:00 − Freitag 18-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ DrayTek Router Zero-Day Under Attack ∗∗∗ --------------------------------------------- DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/draytek-router-zero-day-unde… ∗∗∗ Business Email Compromise incidents, (Fri, May 18th) ∗∗∗ --------------------------------------------- Over the past 12 months we have seen a sharp increase in the number of incidents relating to the compromise of business emails. Often O365, but also some Gmail and on premise systems with webmail access. --------------------------------------------- https://isc.sans.edu/diary/rss/23669 ∗∗∗ MEWKit phishing campaign steals MyEtherWallet credentials to perform automated fund transfers ∗∗∗ --------------------------------------------- The cybercriminals who last April executed a man-in-the-middle attack on a Amazon DNS server to steal $152,000 in Ethereum cryptocurrency from MyEtherWallet.com pulled off their heist using a newly discovered phishing kit that includes an automated transfer system (ATS) malware component. --------------------------------------------- https://www.scmagazine.com/mewkit-phishing-campaign-steals-myetherwallet-cr… ∗∗∗ WordPress 4.9.6 Privacy and Maintenance Release ∗∗∗ --------------------------------------------- WordPress 4.9.6 is now available. This is a privacy and maintenance release. We encourage you to update your sites to take advantage of the new privacy features. --------------------------------------------- https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-… ∗∗∗ Spectre-NG: Patches für Pfingstmontag erwartet ∗∗∗ --------------------------------------------- Achtung bei der Urlaubsplanung: Intel bereitet für den 21. Mai Updates gegen die ersten Spectre-Next-Generation-Lücken vor. Parallel dazu wird es dazu dann wohl auch endlich konkrete Informationen zu den Lücken geben. --------------------------------------------- https://www.heise.de/-4051247 ∗∗∗ Updates fixen böses Loch in Signals Desktop-App ∗∗∗ --------------------------------------------- Mit einfachen Nachrichten konnte ein Angreifer HTML-Code in die Desktop-App des verschlüsselnden Messengers einschleusen und damit sogar alle Nachrichten seines Opfers auslesen. Die aktuelle Version 1.11 beseitigt diese Lücken. --------------------------------------------- https://www.heise.de/-4052040 ∗∗∗ WhatsApp wird nicht kostenpflichtig ∗∗∗ --------------------------------------------- Aktuell kursiert auf WhatsApp die Nachricht, dass der Messenger-Dienst in Zukunft kostenpflichtig werde. Die angeblichen Kosten dafür können Nutzer/innen vermeiden, wenn sie den Hinweis darüber an zehn ihrer Kontakte weiterleiten. Diese Behauptungen sind falsch, denn bei dem Schreiben handelt es sich um einen erfundenen Kettenbrief. Er kann bedenkenlos gelöscht werden. --------------------------------------------- https://www.watchlist-internet.at/news/whatsapp-wird-nicht-kostenpflichtig/ ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic NVision Clinician Programmer ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for a missing encryption of sensitive data vulnerability in Medtronics NVision Clinician Programmer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01 ∗∗∗ GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper input validation vulnerability in the GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi industrial Internet controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01 ∗∗∗ PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series ∗∗∗ --------------------------------------------- This advisory includes mitigations for command injection, information exposure, and stack-based buffer overflow vulnerabilities in the PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02 ∗∗∗ Delta Electronics Delta Industrial Automation TPEditor ∗∗∗ --------------------------------------------- This advisory includes mitigations for a heap-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation TPEditor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04 ∗∗∗ Client for Open Enterprise Server 2 SP4 (IR8a) ∗∗∗ --------------------------------------------- Abstract: This is interim release (IR8a) of Client for Open Enterprise Server 2 SP4 (formerly "Novell Client 2 SP4 for Windows"). It includes fixes for problems found after Client for Open Enterprise Server 2 SP4 was released. It also includes support for Microsoft Windows Server 2016. --------------------------------------------- https://download.novell.com/Download?buildid=wdhtRhxCLdg~ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (curl and zathura-pdf-mupdf), Debian (libmad and vlc), openSUSE (enigmail), Red Hat (collectd, Red Hat OpenStack Platform director, and sensu), and SUSE (firefox, ghostscript, and mysql). --------------------------------------------- https://lwn.net/Articles/754854/ ∗∗∗ Red Hat JBoss Enterprise Application Platform: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0955/ ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a privilege escalation vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016465 ∗∗∗ IBM Security Bulletin: IBM BigFix Platform is affected by multiple vulnerabities (CVE-2017-3735, CVE-2017-1000100, CVE-2017-1000254) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011879 Next End-of-Day report: 2018-05-22 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.05.2018
by Daily end-of-shift report 17 May '18

17 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-05-2018 18:00 − Donnerstag 17-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Oh, great, now theres a SECOND remote Rowhammer exploit ∗∗∗ --------------------------------------------- Send enough crafted packets to a NIC to put nasties into RAM, then the fun really starts Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/17/nethammer_s… ∗∗∗ The Rowhammer: the Evolution of a Dangerous Attack ∗∗∗ --------------------------------------------- The Rowhammer Attack Back in 2015, security researchers at Google's Project Zero team demonstrated how to hijack an Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips. The attack technique devised by the experts was dubbed "Rowhammer" [...] --------------------------------------------- http://resources.infosecinstitute.com/rowhammer-evolution-dangerous-attack-… ∗∗∗ TeleGrab - Grizzly Attacks on Secure Messaging ∗∗∗ --------------------------------------------- This post was written by Vitor Ventura with contributions from Azim KhodjibaevIntroductionOver the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. This malware was first seen on April 4, 2018, with a second variant emerging on April 10. --------------------------------------------- https://blog.talosintelligence.com/2018/05/telegrab.html ∗∗∗ Mahnungen über 479,16 Euro der DEBTSOLUTIONS LTD ignorieren! ∗∗∗ --------------------------------------------- Betroffene Internetnutzer/innen finden eine angebliche letzte Zahlungsaufforderung vor einem Mahnverfahren von der Debtsolutions LTD in Ihrem Posteingang. Als Begründung wird genannt, dass eine betrügerische Rechnung der MOVIES DARLING LTD nicht bezahlt wurde. Aus diesem Grund sollen die Empfänger/innen 479,16 Euro an die Debtsolutions LTD überweisen. Doch Vorsicht! Auch dieses Schreiben ist betrügerisch und der Geldbetrag sollte auf keinen Fall bezahlt werden. --------------------------------------------- https://www.watchlist-internet.at/news/mahnungen-ueber-47916-euro-der-debts… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdates: Cisco vergisst mal wieder Standard-Passwort in Netzwerk-Software ∗∗∗ --------------------------------------------- Cisco hat wichtige Patches veröffentlicht und stopft damit Sicherheitslücken in seinem Produktportfolio. Drei Lücken gelten als äußerst kritisch. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Cisco-vergisst-mal-wieder-S… ∗∗∗ SECURITY BULLETIN: Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Trend Micro has released a new critical patch (CP) for Trend Micro Endpoint Application Control 2.0 SP1. This CP resolves a FileDrop directory traversal remote code execution (RCE) vulnerability. --------------------------------------------- https://success.trendmicro.com/solution/1119811 ∗∗∗ [R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- Industrial Security leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. --------------------------------------------- https://www.tenable.com/security/tns-2018-06 ∗∗∗ [R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability ∗∗∗ --------------------------------------------- Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. --------------------------------------------- https://www.tenable.com/security/tns-2018-07 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (runc), Debian (curl), Fedora (xdg-utils), Mageia (firefox), openSUSE (libreoffice, librsvg, and php5), Slackware (curl and php), SUSE (curl, firefox, kernel, kvm, libapr1, libvorbis, and memcached), and Ubuntu (curl, dpdk, php5, and qemu). --------------------------------------------- https://lwn.net/Articles/754773/ ∗∗∗ Vuln: Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104164 ∗∗∗ Vuln: Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104163 ∗∗∗ 2018-05-15: Vulnerability in Welcome IP-Gateway - Command Injection, Missing Session Management, Clear Text Passwords in Cookies ∗∗∗ --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=ABB-VU-EPBP-R-2505&L… ∗∗∗ FortiWeb Recursive URL Decoding is not enabled by default ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-18-058 ∗∗∗ FortiOS SSL Deep-Inspection badssl.com Compliance ∗∗∗ --------------------------------------------- https://fortiguard.com/psirt/FG-IR-17-160 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Linux Kernel affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099805 ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099804 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015305 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016198 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015347 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016159 ∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014553 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016029 ∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000380 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.05.2018
by Daily end-of-shift report 16 May '18

16 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 15-05-2018 18:00 − Mittwoch 16-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers ∗∗∗ --------------------------------------------- An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when theyve uploaded a weaponized PDF file to a public malware scanning engine. --------------------------------------------- https://www.bleepingcomputer.com/news/security/shadowy-hackers-accidentally… ∗∗∗ UPnP joins the just turn it off on consumer devices, already club ∗∗∗ --------------------------------------------- Before it amplifies DDoS attacks Universal Plug n Play, that eternal feast of the black-hat, has been identified as helping to amplify denial-of-service attacks. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/16/upnp_amplif… ∗∗∗ CPU-Lücke Spectre V2: Microcode-Updates jetzt unter Windows 10 1803, unter Linux lückenhaft ∗∗∗ --------------------------------------------- Microcode-Updates für Intel-Prozessoren, die unter Windows zum Schutz vor der Sicherheitslücke Spectre V2 nötig sind, kommen nun auch per Windows Update für aktuelle Installationen; bei Linux gibt es aber noch Probleme. --------------------------------------------- https://www.heise.de/-4050379 ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory includes mitigations for numerous vulnerabilities in Advantechs WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 ∗∗∗ Red Hat Addresses DHCP Client Vulnerability ∗∗∗ --------------------------------------------- Original release date: May 16, 2018 Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol (DHCP) client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/05/16/Red-Hat-Addresses-… ∗∗∗ XXE & XSS vulnerabilities in RSA Authentication Manager ∗∗∗ --------------------------------------------- RSA Authentication Manager is affected by several security vulnerabilities which can be exploited by an attacker to read arbitrary files, cause denial of service or attack other users of the web application with JavaScript code, browser exploits or Trojan horses. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/xxe-xss-vulnerabilities-in-r… ∗∗∗ CVE-2018-8176 | Microsoft PowerPoint Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- Affected Products: Microsoft Office 2016 for Mac Microsoft recommends that customers running Microsoft Office 2016 for Mac install the update to be protected from this vulnerability. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (dhcp), Debian (xen), Fedora (dhcp, flac, kubernetes, leptonica, libgxps, LibRaw, matrix-synapse, mingw-LibRaw, mysql-mmm, patch, seamonkey, webkitgtk4, and xen), Mageia (389-ds-base, exempi, golang, graphite2, libpam4j, libraw, libsndfile, libtiff, perl, quassel, spring-ldap, util-linux, and wget), Oracle (dhcp and kernel), Red Hat (389-ds-base, chromium-browser, dhcp, docker-latest, firefox, kernel-alt, libvirt, qemu-kvm, redhat-vertualization-host, [...] --------------------------------------------- https://lwn.net/Articles/754653/ ∗∗∗ ZDI-18-468: (0Day) Delta Industrial Automation TPEditor TPE File Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-468/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015806 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016091 ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-15698, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015795 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates Jan 2018 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015927 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015591 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2017-16931, CVE-2017-16932) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099803 ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by an OPENSSL vulnerability (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015811 ∗∗∗ [R1] Nessus 7.1.0 Fixes Multiple Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-05 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2799 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33924005 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.05.2018
by Daily end-of-shift report 15 May '18

15 May '18

===================== = End-of-Day report = ===================== Timeframe: Montag 14-05-2018 18:00 − Dienstag 15-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Containers are here. What about container security? ∗∗∗ --------------------------------------------- The industry is gaga for container technologies like Docker and for good reason. According to ESG research, containers make up about 19 percent of hybrid cloud production workloads today, but in just two years’ time, containers will make up one-third of hybrid cloud production workloads. (Note: I am an ESG employee.) Container security issuesNot surprisingly, cybersecurity professionals say rapid growth and proliferation of application containers have led to several security issues:35 --------------------------------------------- https://www.csoonline.com/article/3273347/security/containers-are-here-what… ∗∗∗ IDG Contributor Network: Fact vs. fiction: 6 myths about container security ∗∗∗ --------------------------------------------- DevOps, containers and microservices are eating software development just as software is eating the world. But with the explosive growth of these technologies and methodologies, it’s becoming increasingly difficult to separate fact from fiction. This is particularly the case when talking container security. In this article, we take a look specifically at the myths surrounding container security [...] --------------------------------------------- https://www.csoonline.com/article/3272830/containers/fact-vs-fiction-6-myth… ∗∗∗ Code-Injection: Sicherheitslücke in Signals Desktop-Client ∗∗∗ --------------------------------------------- Eine Code-Injection-Lücke in Signals Desktop-Client ermöglicht es, aus der Ferne JavaScript auszuführen. Ein Update für die Electron-App steht bereit. (Signal, Sicherheitslücke) --------------------------------------------- https://www.golem.de/news/code-injection-sicherheitsluecke-in-signals-deskt… ∗∗∗ Warnung vor CryptoCode ∗∗∗ --------------------------------------------- Konsument/innen erhalten eine E-Mail von Bitcoin Austria. Bei dem Schreiben handelt es sich um Werbung für CryptoCode. Ein Link in der Nachricht führt auf cryptocode.online. Auf der Plattform sollen Besucher/innen Geld einzahlen, damit sie jeden Tag "$15.000" verdienen können. Das einbezahlte Geld ist verloren, denn eine Gewinnausschüttung gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-cryptocode/ ∗∗∗ NIS Update ∗∗∗ --------------------------------------------- Am 9. Mai hätte Österreich die NIS-Direktive umgesetzt haben sollen. Das haben wir verpasst. Wir haben noch immer kein NIS-Gesetz, und leider auch noch keinen Entwurf dazu in Begutachtung. Aber: ein Teil der NIS-Thematik (Anbieter digitaler Dienste) fällt unter die Vollharmonisierung und wird daher direkt aus Brüssel heraus gültig. Die entsprechende Verordnung wurde im Jänner veröffentlicht und ist seit 10. Mai in Kraft. Will man wissen, [...] --------------------------------------------- http://www.cert.at/services/blog/20180515161108-2242.html ===================== = Vulnerabilities = ===================== ∗∗∗ SSA-914382 (Last Update: 2018-05-15): Denial-of-Service Vulnerability in SIMATIC S7-400 ∗∗∗ --------------------------------------------- SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed.The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a new version or implementing specific countermeasures. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf ∗∗∗ VMSA-2018-0011 ∗∗∗ --------------------------------------------- Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0011.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, llpp, and webkit2gtk), Debian (kwallet-pam), Fedora (kernel and pam-kwallet), Gentoo (mpv), Oracle (389-ds-base, firefox, libvirt, and qemu-kvm), and Ubuntu (php5 and php5, php7.0, php7.1, php7.2). --------------------------------------------- https://lwn.net/Articles/754495/ ∗∗∗ BlackBerry powered by Android Security Bulletin - May 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-0922/ ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015829 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2018-1512) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012325 ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012281 ∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012280 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012283 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012282 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012263 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015254 ∗∗∗ IBM Security Bulletin: IBM Data Risk Manager has released VM v2.0.1 in response to the vulnerability known as Spectre. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013157 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016207 ∗∗∗ Linux kernel vulnerability CVE-2018-8897 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K17403481 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.05.2018
by Daily end-of-shift report 14 May '18

14 May '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-05-2018 18:00 − Montag 14-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ #efail #fail ∗∗∗ --------------------------------------------- Aktuell gehen Berichte um (Twitter, ars technica, EFF, ...), die vor einem Sicherheitsproblem mit verschlüsselten Mails berichten. Die EFF geht soweit, eine Deinstallation diverser Tools zu empfehlen. Während ich diesen Blogpost schreibe, gingen die Researcher mit ihren Ergebnissen online: https://efail.de/ Yay! Eine Vuln mit coolem Namen und Logo. Hier die wichtigsten Punkte: Das Problem ist nicht die Verschlüsselung, sondern liegt im automatischen [...] --------------------------------------------- http://www.cert.at/services/blog/20180514123156-2221.html ∗∗∗ Mit Electron entwickelte Cross-Plattform-Apps angreifbar ∗∗∗ --------------------------------------------- Cross-Plattform Desktop-Apps, die mit dem Electron Framework erstellt werden, können eine gefährliche Sicherheitslücke aufweisen, durch die ein Cross-Site Scripting Angriff auf sie denkbar ist. Das Electron-Team stellt ein Update zur Verfügung. --------------------------------------------- https://www.heise.de/-4048915 ∗∗∗ Some notes on eFail ∗∗∗ --------------------------------------------- Ive been busy trying to replicate the "eFail" PGP/SMIME bug. I thought Id write up some notes.PGP and S/MIME encrypt emails, so that eavesdroppers cant read them. The bugs potentially allow eavesdroppers to take the encrypted emails theyve captured and resend them to you, reformatted in a way that allows them to decrypt the messages. Disable remote/external content in email The most important defense is to disable "external" or "remote" content from being [...] --------------------------------------------- https://blog.erratasec.com/2018/05/some-notes-on-efail.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-09) and AdobePhotoshop CC (APSB18-17). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1553 ∗∗∗ Rockwell Automation FactoryTalk Activation Manager ∗∗∗ --------------------------------------------- This advisory was posted originally to the HSIN ICS-CERT library on April 12, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory contains mitigations for cross-site scripting, and improper restriction of operations within the bounds of a memory buffer vulnerabilities in Rockwell Automation's FactoryTalk Activation Manager products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02 ∗∗∗ Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet ∗∗∗ --------------------------------------------- MyBiz MyProcureNet is affected by a critical arbitrary file upload vulnerability allowing an attacker to compromise the server by uploading a web shell for issuing OS commands. Furthermore it is affected by cross site scripting issues. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (tiff and tiff3), Fedora (glusterfs, kernel, libgxps, LibRaw, postgresql, seamonkey, webkit2gtk3, wget, and xen), Mageia (afflib, flash-player-plugin, imagemagick, qpdf, and transmission), openSUSE (Chromium, opencv, and xen), SUSE (kernel), and Ubuntu (firefox). --------------------------------------------- https://lwn.net/Articles/754430/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.05.2018
by Daily end-of-shift report 11 May '18

11 May '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-05-2018 18:00 − Freitag 11-05-2018 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-09) ∗∗∗ --------------------------------------------- A prenotification Security Advisory (APSB18-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Monday, May 14, 2018. We will continue to provide updates on the upcoming release via the Security Advisory as well as the Adobe … Continue [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1553 ∗∗∗ Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets ∗∗∗ --------------------------------------------- Five academics from the Vrije University in Amsterdam and one from the University of Cyprus have discovered a way for launching Rowhammer attacks via network packets and network cards. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-come-up-with-a-w… ∗∗∗ Lücke in Windows, Linux, macOS: Entwickler missverstehen Intel-Dokumentation ∗∗∗ --------------------------------------------- Weil ihre Entwickler die Dokumentation einer CPU-Funktion missverstanden haben, sind nun fast alle Betriebssysteme anfällig für Manipulationen des Kernel-Speichers. Updates für die Lücke wurden bereits verteilt. --------------------------------------------- https://www.heise.de/security/meldung/Luecke-in-Windows-Linux-macOS-Entwick… ∗∗∗ ATM attacks: How hackers are going for gold ∗∗∗ --------------------------------------------- Imagine winning the lottery and having an ATM spit huge amounts of cash at you. That's exactly what some cyber criminals are after. They're targeting ATMs and launching "jackpotting" attacks, forcing them to dispense bills like a winning slot machine. --------------------------------------------- https://www.helpnetsecurity.com/2018/05/11/atm-attacks/ ∗∗∗ Sicherheitslücke bei "Signal"-App für Mac ∗∗∗ --------------------------------------------- Nachrichten, die verschwinden sollen, leben in der Benachrichtigungsleiste weiter --------------------------------------------- http://derstandard.at/2000079519326 ∗∗∗ One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak ∗∗∗ --------------------------------------------- The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems --------------------------------------------- https://www.welivesecurity.com/2018/05/10/one-year-later-eternalblue-exploi… ∗∗∗ LG patches RCE bug in smartphone keyboards ∗∗∗ --------------------------------------------- LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models. --------------------------------------------- https://www.scmagazineuk.com/news/lg-patches-rce-bug-in-smartphone-keyboard… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (freetype2, libraw, and powerdns), CentOS (389-ds-base and kernel), Debian (php5, prosody, and wavpack), Fedora (ckeditor, fftw, flac, knot-resolver, patch, perl, and perl-Dancer2), Mageia (cups, flac, graphicsmagick, libcdio, libid3tag, and nextcloud), openSUSE (apache2), Oracle (389-ds-base and kernel), Red Hat (389-ds-base and flash-plugin), Scientific Linux (389-ds-base), Slackware (firefox and wget), SUSE (xen), and Ubuntu (wget). --------------------------------------------- https://lwn.net/Articles/754145/ ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libmupdf, mupdf, mupdf-gl, and mupdf-tools), Debian (firebird2.5, firefox-esr, and wget), Fedora (ckeditor, drupal7, firefox, kubernetes, papi, perl-Dancer2, and quassel), openSUSE (cairo, firefox, ImageMagick, libapr1, nodejs6, php7, and tiff), Red Hat (qemu-kvm-rhev), Slackware (mariadb), SUSE (xen), and Ubuntu (openjdk-8). --------------------------------------------- https://lwn.net/Articles/754257/ ∗∗∗ Oracle Java SE vulnerability CVE-2018-2783 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44923228 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.05.2018
by Daily end-of-shift report 09 May '18

09 May '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-05-2018 18:00 − Mittwoch 09-05-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ "Hide and Seek" Becomes First IoT Botnet Capable of Surviving Device Reboots ∗∗∗ --------------------------------------------- Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hide-and-seek-becomes-first-… ∗∗∗ PoC Developed for CoinHive Mining In Excel Using Custom JavaScript Functions ∗∗∗ --------------------------------------------- Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel. --------------------------------------------- https://www.bleepingcomputer.com/news/security/poc-developed-for-coinhive-m… ∗∗∗ Call for speakers One Conference ∗∗∗ --------------------------------------------- The international One Conference 2018 will take place on October 2 & 3 in The Hague. Overall theme of this edition is "Merging Worlds – Securing the connected future". --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/call-for-speakers-one-confe… ∗∗∗ Nice Phishing Sample Delivering Trickbot, (Wed, May 9th) ∗∗∗ --------------------------------------------- Users have to deal with phishing for a very long time. Today, most of them remain dumb messages quickly redacted with a simple attached file and a message like "Click on me, its urgent!". Yesterday, I put my hands on a very nice sample that deserve to be dissected to demonstrate that phishing campaigns remain an excellent way to infect a computer! --------------------------------------------- https://isc.sans.edu/diary/rss/23641 ∗∗∗ Massive localstorage[.]tk Drupal Infection ∗∗∗ --------------------------------------------- After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: [...] --------------------------------------------- https://blog.sucuri.net/2018/05/massive-localstorage-tk-drupal-infection.ht… ∗∗∗ Its 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V ∗∗∗ --------------------------------------------- Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon peoples personal information, and so on. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/05/09/microsoft_w… ∗∗∗ Introducing Orchestrator decryption tool ∗∗∗ --------------------------------------------- Researched and written by Donny Maasland and Rindert Kramer Introduction During penetration tests we sometimes encounter servers running software that use sensitive information as part of the underlying process, such as Microsoft’s System Center Orchestrator. According to Microsoft, Orchestrator is a workflow management solution for data centers and can be used to automate the creation, [...] --------------------------------------------- https://blog.fox-it.com/2018/05/09/introducing-orchestrator-decryption-tool/ ∗∗∗ Netzwerkfähige Medizinprodukte besser schützen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/sicherheits… ∗∗∗ Gandcrab Ransomware Walks its Way onto Compromised Sites ∗∗∗ --------------------------------------------- This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski.Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both traditional spam campaigns, as well as multiple exploit kits, including Rig and Grandsoft. --------------------------------------------- https://blog.talosintelligence.com/2018/05/gandcrab-compromised-sites.html ∗∗∗ Google CTF 2018 is here ∗∗∗ --------------------------------------------- https://security.googleblog.com/2018/05/google-ctf-2018-is-here.html ∗∗∗ Gefälschte Mobilis GmbH-Bestellung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bestellung der Mobilis GmbH. In dem geschäftlichen Schreiben fordern sie von Unternehmen, dass diese den Dateianhang für weiterführende Informationen zum Einkauf öffnen. In Wahrheit verbirgt er Schadsoftware. Aus diesem Grund ist es wichtig, dass Empfänger/in die vermeintliche Bestellung nicht öffnen und die Nachricht in ihren Spam-Ordner verschieben. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-mobilis-gmbh-bestellung-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2018-8897 ∗∗∗ --------------------------------------------- Aktuell gehen Medienberichte über einen Bug im Umgang von Betriebssystemen mit Intel und AMD CPUs umher, dazu hatten wir die ersten Rückfragen bezüglich der Kritikalität. Wir sehen das nicht tragisch: der Bug ist nach momentanem Wissensstand weder remote noch via JavaScript etc. ausnutzbar, und daher "nur" eine klassische Privilege Escalation. --------------------------------------------- http://www.cert.at/services/blog/20180509142228-2199.html ∗∗∗ Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper authentication and OS command injection vulnerabilities in Silex Technology SX-500, SD-320AN, and GE Healthcare MobileLink devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01 ∗∗∗ Siemens Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper input validation vulnerabilities in Siemens SINAMICS modular drive systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-01 ∗∗∗ Siemens Siveillance VMS ∗∗∗ --------------------------------------------- This advisory includes mitigations for a deserialization of untrusted data vulnerability in the Siemens Siveillance Video Management Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-02 ∗∗∗ Siemens Siveillance VMS Video Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper certificate validation vulnerability in the Siemens Siveillance VMS mobile app. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-128-03 ∗∗∗ May 2018 Office Update Release ∗∗∗ --------------------------------------------- The May 2018 Public Update releases for Office are now available! This month, there are 30 security updates and 22 non-security updates. All of the security and non-security updates are listed in KB article 4133083. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/05/08… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel), Gentoo (rsync), openSUSE (Chromium), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and php7), and Ubuntu (dpdk, libraw, linux, linux-lts-trusty, linux-snapdragon, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/754021/ ∗∗∗ Security Update Summary ∗∗∗ --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/summary ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180509-… ∗∗∗ [R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-04 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2811 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01294982 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2796 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K71021401 ∗∗∗ Oracle Java SE vulnerability CVE-2018-2798 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K24593421 Next End-of-Day report: 2018-05-11 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily