Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 09.03.2018
by Daily end-of-shift report 09 Mar '18

09 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-03-2018 18:00 − Freitag 09-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ LLVM 6.0: Clang bekommt Maßnahme gegen Spectre-Angriff ∗∗∗ --------------------------------------------- Die neue Version der LLVM-Compiler wie Clang bringt mit Retpolines eine wichtige Maßnahme gegen Angriffe über Spectre. Davon profitieren auch künftige Windows-Versionen von Google Chrome. Optimierungen gibt es außerdem bei der Diagnose von Quelltexten. --------------------------------------------- https://www.golem.de/news/llvm-6-0-clang-bekommt-massnahme-gegen-spectre-an… ∗∗∗ Avast: CCleaner-Infektion enthielt Keylogger-Funktion ∗∗∗ --------------------------------------------- Die im vergangenen Jahr mit CCleaner verteilte Malware sollte Unternehmen wohl auch per Keylogger ausspionieren. Avast hat im eigenen Netzwerk die Shadowpad-Malware gefunden, geht aber davon aus, dass diese bei Kunden nicht installiert wurde. --------------------------------------------- https://www.golem.de/news/avast-ccleaner-infektion-enthielt-keylogger-funkt… ∗∗∗ Look-Alike Domains and Visual Confusion ∗∗∗ --------------------------------------------- How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well .. --------------------------------------------- https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/ ∗∗∗ Researchers Demonstrate Ransomware Attack on Robots ∗∗∗ --------------------------------------------- IOActive security researchers today revealed a ransomware attack on robots, demonstrating not only that such assaults are possible, but also their potential financial impact. read more --------------------------------------------- https://www.securityweek.com/researchers-demonstrate-ransomware-attack-robo… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module ∗∗∗ --------------------------------------------- This advisory includes mitigations for missing authentication for critical function, and inadequate encryption strength vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01 ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension ∗∗∗ --------------------------------------------- This advisory includes mitigation details for a missing authentication for critical function vulnerability in the Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Honor Smart Scale Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in eNSP Software ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ IBM Security Bulletin: IBM Notes Privilege Escalation in IBM Notes System Diagnostics service (CVE-2018-1437) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014201 ∗∗∗ IBM Security Bulletin: IBM Notes Remote Code Execution Vulnerability (CVE-2018-1435) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2018
by Daily end-of-shift report 08 Mar '18

08 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-03-2018 18:00 − Donnerstag 08-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours ∗∗∗ --------------------------------------------- Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-stops-malware-camp… ∗∗∗ Memcached Amplification: Neue Hacker-Tools verursachen Rekord-DDoS-Angriffe ∗∗∗ --------------------------------------------- DDoS-Angriffe per Memcached Amplification sind erst seit etwa einer Woche bekannt, nun existieren einfach zu bedienende Werkzeuge für solche Attacken. Unter anderem wurde auf diese Art GitHub mit einem Rekord-Angriff aus dem Internet geschwemmt. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Neue-Hacker-T… ∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗ --------------------------------------------- We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this .. --------------------------------------------- https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/07/Cisco-Releases-Sec… ∗∗∗ DFN-CERT-2018-0455/">Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0455/ ∗∗∗ rt-sa-2018-001 ∗∗∗ --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2018-001.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2018
by Daily end-of-shift report 07 Mar '18

07 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-03-2018 18:00 − Mittwoch 07-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Encryption 101: How to break encryption ∗∗∗ --------------------------------------------- Continuing on in our Encryption 101 series, where we gave a malware analyst’s primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some kind of secret flaw. That flaw is often a result of an error in implementation. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Releases Security Update for Chrome ∗∗∗ --------------------------------------------- Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/06/Google-Releases-Se… ∗∗∗ DFN-CERT-2018-0444/">Citrix NetScaler Application Delivery Controller, Citrix NetScaler Gateway: Mehrere Schwachstellen ermöglichen u.a. die Übernahme des Systems ∗∗∗ --------------------------------------------- Eine Schwachstelle in Citrix VPX ermöglicht einem entfernten, einfach authentisierten Angreifer die Ausführung beliebigen Programmcodes und damit letztlich die Übernahme des Systems. Weitere Schwachstellen ermöglichen einem entfernten, vermutlich nicht authentisierten Angreifer das Ausspähen beliebiger Dateien, die Eskalation von Privilegien sowie einen Cross-Site-Scripting (XSS)-Angriff. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0444/ ∗∗∗ FortiWebs cookie tampering protection can be bypassed by erasing the FortiWeb session cookie ∗∗∗ --------------------------------------------- FortiWeb 5.6.0 introduced a feature called "Signed Security Mode", which, when enabled, would prevent an attacker from tampering with "regular" cookies set by the web-sites protected by FortiWeb; in effect, access to the protected web-site can be blocked when cookie tampering is detected (depending on the "Action" selected by the FortiWeb admin).This protection can however be made inoperant if the attacker removes FortiWebs own session cookie. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-279 ∗∗∗ RSA Archer eGRC Bugs Let Remote Users Redirect Users to an Arbitrary Site and Let Remote Authenticated Users Obtain Username Information ∗∗∗ --------------------------------------------- A remote authenticated user can exploit an access control flaw in an API to determine valid usernames on the target system [CVE-2018-1219]. A remote user can exploit a flaw in the QuickLinks feature to redirect the target user to an arbitrary site [CVE-2018-1220]. --------------------------------------------- http://www.securitytracker.com/id/1040457 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (leptonlib), Fedora (bugzilla, cryptopp, electrum, firefox, freexl, glibc, jhead, libcdio, libsamplerate, libXcursor, libXfont, libXfont2, mingw-wavpack, nx-libs, php, python-crypto, quagga, sharutils, unzip, x2goserver, and xen), Gentoo (exim), openSUSE (cups, go1.8, ImageMagick, jgraphx, leptonica, openexr, tor, and wavpack), Red Hat (389-ds-base, java-1.7.1-ibm, kernel, kernel-rt, libreoffice, and --------------------------------------------- https://lwn.net/Articles/748741/ ∗∗∗ Hirschmann Automation and Control GmbH Classic Platform Switches ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01 ∗∗∗ Schneider Electric SoMove Software and DTM Software Components ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02 ∗∗∗ Eaton ELCSoft ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-03 ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Permission Control Vulnerability in Huawei Video Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012342 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014257 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2018
by Daily end-of-shift report 06 Mar '18

06 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-03-2018 18:00 − Dienstag 06-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ E-Mail-Clients für Android: Kennwörter werden an Entwickler der App übermittelt ∗∗∗ --------------------------------------------- Der E-Mail-Client sollte mit Bedacht gewählt werden. Zwei Apps für Android übermitteln die Kennwörter an den Anbieter der App. Der Entdecker des Sicherheitsrisikos rät zur Deinstallation der Apps und zur Zurücksetzung des E-Mail-Kennworts. --------------------------------------------- https://www.golem.de/news/e-mail-clients-fuer-android-kennwoerter-werden-im… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0432/">NetIQ Identiy Manager: Eine Schwachstelle ermöglicht das Ausspähen von Passwörtern ∗∗∗ --------------------------------------------- Ein vermutlich lokaler, einfach authentisierter Angreifer kann Passwörter ausspähen, welche unter Umständen in Logdateien gespeichert werden. NetIQ stellt den NetIQ Identiy Manager in der Version 4.6 zur Behebung der Schwachstelle bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0432/ ∗∗∗ DFN-CERT-2018-0431/">GitLab: Mehrere Schwachstellen ermöglichen u.a. einen kompletten Denial-of-Service (DoS)-Angriff ∗∗∗ --------------------------------------------- Zwei Schwachstellen betreffen GitLab Enterprise und ermöglichen einem vermutlich entfernten und einfach authentisierten Angreifer das Bewirken kompletter Denial-of-Service (DoS)-Zustände. Weitere Schwachstellen ermöglichen dem Angreifer das Umgehen von Sicherheitsvorkehrungen, das Ausspähen von Informationen und Darstellen falscher Informationen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0431/ ∗∗∗ Android: März-Update schließt Fülle an kritischen Lücken ∗∗∗ --------------------------------------------- Den ersten Montag des Monats nutzt Google üblicherweise, um Sicherheitslücken in Android zu bereinigen. Und so gibt es auch jetzt wieder ein neues Update, das sich vor allem der Bereinigung solcher Probleme bereinigt. --------------------------------------------- http://derstandard.at/2000075574454 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dhclient and dhcp), Debian (tomcat7 and xen), Fedora (dhcp), Mageia (glibc and xerces-c), SUSE (xen), and Ubuntu (irssi, memcached, postgresql-9.3, postgresql-9.5, postgresql-9.6, and twisted). --------------------------------------------- https://lwn.net/Articles/748625/ ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Product Attributes ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541839 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Downloadable Products ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541838 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541840 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541837 ∗∗∗ IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014161 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014160 ∗∗∗ IBM Security Bulletin: IBM Security Guardium has released patch in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013322 ∗∗∗ IBM Security Bulletin: Response Time Monitoring Agent is affected by a NoSQL Injection vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013500 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-14746, CVE-2017-15275) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012067 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013972 ∗∗∗ IBM Security Bulletin: Monitoring Agent for WebSphere Applications is affected by a potential for sensitive personal information to be visible when you use the diagnostics or transaction tracking capability of the agent ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014035 ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013974 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014235 ∗∗∗ IBM Security Bulletin: IBM’s Pulse App for QRadar is vulnerable to sensitive information exposure. (CVE-2017-1625) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014284 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2016-0706 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18174924 ∗∗∗ Apache Tomcat 6.x vulnerabilities CVE-2016-0714 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K58084500 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2015-5345 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34341852 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2018
by Daily end-of-shift report 05 Mar '18

05 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-03-2018 18:00 − Montag 05-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Spring break! Critical vuln in Pivotal frameworks Data parts plugged ∗∗∗ --------------------------------------------- Similar to Apache Struts flaw that stuffed Equifax Pivotals Spring Data REST project has a serious security hole that needs patching. --------------------------------------------- www.theregister.co.uk/2018/03/05/rest_vuln/ ∗∗∗ Bei 40 günstigen Android-Smartphones ist ein Trojaner ab Werk inklusive ∗∗∗ --------------------------------------------- Sicherheitsforscher listen über 40 Android-Smartphones auf, die einen von Angreifern modifizierbaren Trojaner an Bord haben. Dieser soll sich nicht ohne Weiteres entfernen lassen. --------------------------------------------- https://www.heise.de/meldung/Bei-40-guenstigen-Android-Smartphones-ist-ein-… ∗∗∗ Powerful New DDoS Method Adds Extortion ∗∗∗ --------------------------------------------- Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence .. --------------------------------------------- https://krebsonsecurity.com/2018/03/powerful-new-ddos-method-adds-extortion/ ∗∗∗ Gefälschte Klarna-Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine Rechnung mit dem Betreff „Automatische Konto-Lastschrift von Klarna Bank konnte nicht durchgeführt werden“. Sie fordern die Empfänger/innen der Nachricht dazu auf, dass sie weiterführende Informationen zur offenen Forderung einer ZIP-Datei entnehmen. Sie verbirgt Schadsoftware. Aus diesem Grund dürfen Adressat/innen die angebliche Rechnung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at//themen/e-mail/ ∗∗∗ LTE: Massive Lücke erlaubt SMS- und Standort-Spionage ∗∗∗ --------------------------------------------- Angreifer könnten auch gefälschte Katastrophenwarnungen an großen Zahl von Nutzern gleichzeitig verschicken --------------------------------------------- http://derstandard.at/2000075435289 ∗∗∗ 700 Gbit/s: Bislang größte DDoS-Attacke auf Österreich gemessen ∗∗∗ --------------------------------------------- Galt "internationalem Service-Provider" – Zeitgleich zu Angriff auf Github und andere Seiten --------------------------------------------- http://derstandard.at/2000075492832 ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2018-001 ∗∗∗ IBM Security Bulletin: IBM MessageSight V1.2 has released 1.2.0.3-IBM-IMA-IFIT24219 in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.03.2018
by Daily end-of-shift report 02 Mar '18

02 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-03-2018 18:00 − Freitag 02-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones ∗∗∗ --------------------------------------------- Over 40 models of low-cost Android smartphones are sold already infected with the Triada banking trojan, says Dr.Web, a Russia-based antivirus vendor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over… ∗∗∗ Chromes WebUSB Feature Leaves Some Yubikeys Vulnerable to Attack ∗∗∗ --------------------------------------------- While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome. --------------------------------------------- https://www.wired.com/story/chrome-yubikey-phishing-webusb ∗∗∗ Spectre-Lücke: Microcode-Updates nun doch als Windows Update ∗∗∗ --------------------------------------------- So wie einige Linux-Distributionen (re-)aktiviert Microsoft die Möglichkeit, Microcode-Updates mit IBC-Patches gegen Spectre als Update des Betriebssystems einzuspielen – vorerst nur für Core i-6000 (Skylake). --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Microcode-Updates-nun-doch-als-… ∗∗∗ Rekord-DDoS-Attacke mit 1,35 Terabit pro Sekunde gegen Github.com ∗∗∗ --------------------------------------------- Die Webseite von Github hat die bislang heftigste dokumentierte DDoS-Attacke überstanden. Die Angreifer setzten dabei auf einen erst kürzlich bekanntgewordenen Angriffsvektor. --------------------------------------------- https://www.heise.de/meldung/Rekord-DDoS-Attacke-mit-1-35-Terabit-pro-Sekun… ∗∗∗ Financial Cyber Threat Sharing Group Phished ∗∗∗ --------------------------------------------- The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected [...] --------------------------------------------- https://krebsonsecurity.com/2018/03/financial-cyber-threat-sharing-group-ph… ∗∗∗ Warnung vor gefälschter Raiffeisen Bank-Kundeninformation ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Raiffeisen Bank-Kundeninformation. Darin fordern sie Empfänger/innen dazu auf, dass sie eine angebliche Sicherheits-App für die weitere Nutzung ihres ELBA Internet-Kontos installieren. Die Anwendung ist Schadsoftware. Sie ermöglicht es den Kriminellen, auf das Konto ihrer Opfer zuzugreifen und Geld zu stehlen. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=6&tx_news_pi1[overwriteDemand… ∗∗∗ Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image ∗∗∗ --------------------------------------------- OverviewTalos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog and many Humble Bundle games. SDL officially supports Windows, --------------------------------------------- http://blog.talosintelligence.com/2018/03/vulnerability-spotlight-simple.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC, SIMOTION, and SINUMERIK ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and permissions, privileges, and access controls vulnerabilities in the Siemens SIMATIC, SIMOTION, and SINUMERIK Industrial PCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-01 ∗∗∗ Moxa OnCell G3100-HSPA Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for reliance on cookies without validation and integrity checking, improper handling of length parameter inconsistency, and NULL pointer dereference vulnerabilities in the Moxa OnCell G3100-HSPA Series IP gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02 ∗∗∗ Delta Electronics Delta Industrial Automation DOPSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation DOPSoft human machine interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-03 ∗∗∗ MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Operations Orchestration. The vulnerability could be remotely exploited to allow Denial of Service (DoS). --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freexl and simplesamlphp), Fedora (krb5, libvirt, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, and phpMyAdmin), Mageia (krb5, leptonica, and libvirt), Slackware (dhcp and ntp), and Ubuntu (isc-dhcp). --------------------------------------------- https://lwn.net/Articles/748422/ ∗∗∗ Vuln: Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.securityfocus.com/bid/103201 ∗∗∗ DFN-CERT-2018-0399: PHP: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0399/ ∗∗∗ DFN-CERT-2018-0418: SimpleSAMLphp: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0418/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.03.2018
by Daily end-of-shift report 01 Mar '18

01 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-02-2018 18:00 − Donnerstag 01-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DDoS-Reflection mit Memcached ∗∗∗ --------------------------------------------- Auf diesen Seiten war schon viel über DDoS zu lesen, insbesondere der Variante, bei der schlecht betriebene Services im Netz sich als Reflektoren/Verstärker missbrauchen lassen. Übliche Vektoren in den letzten Jahren waren DNS, NTP, SSDP, SNMP und auch LDAP. Jetzt ist hier was neues am Radar aufgetaucht: Memcached. --------------------------------------------- http://www.cert.at/services/blog/20180228181107-2150.html ∗∗∗ Trustico/Digicert: Chaos um 23.000 Zertifikate und private Schlüssel ∗∗∗ --------------------------------------------- Der Zertifikatsreseller Trustico bittet aus unklaren Gründen darum, dass 50.000 Zertifikate zurückgezogen werden. Zu knapp der Hälfte davon besaß Trustico offenbar die privaten Schlüssel - die ein Zertifikatshändler eigentlich nie haben sollte. --------------------------------------------- https://www.golem.de/news/trustico-digicert-chaos-um-23-000-zertifikate-und… ∗∗∗ Spectre-Attacken auch auf Sicherheitsfunktion Intel SGX möglich ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen zwei Szenarien auf, in denen sie Intels Software Guard Extensions (SGX) erfolgreich über die Spectre-Lücke angreifen. --------------------------------------------- https://heise.de/-3983848 ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0400/">ISC Bind Supported Preview Edition: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Die BIND Supported Preview Edition ist ein spezieller BIND Feature Preview Branch für ISC Support Kunden. Keine der allgemein veröffentlichten BIND Versionen ist von der jetzt behobenen Schwachstelle betroffen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0400/ ∗∗∗ DFN-CERT-2018-0401/">ISC DHCP: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann zwei Schwachstellen in ISC DHCP ausnutzen, um verschiedene Denial-of-Service (DoS)-Angriffe durchzuführen. Eine der Schwachstellen kann eventuell auch die Ausführung beliebigen Programmcodes ermöglichen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0401/ ∗∗∗ DFN-CERT-2018-0407/">Sophos UTM: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Verschiedene Schwachstellen in den Komponenten Exim und SSH Server von Sophos Unified Threat Management (UTM) ermöglichen unter anderem einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes und das Ausspähen von Informationen. Weitere Schwachstellen ermöglichen diese Angriffe auch einem lokalen einfach authentisierten Angreifer. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0407/ ∗∗∗ DFN-CERT-2018-0408/">NTP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in NTP ermöglichen einem entfernten, zumeist nicht authentisierten Angreifer das Ausführen beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe, das Fälschen von Zeitinformationen und das Ausspähen von Informationen. (Note: Remote Code Execution betrifft nur das ntpq Tool) --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0408/ ∗∗∗ DFN-CERT-2018-0409/">PostgreSQL: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in PostgreSQL ausnutzen, um die beabsichtigten Funktionen von PostgreSQL zu ändern. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0409/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (xmltooling), Fedora (mbedtls), openSUSE (freexl), Oracle (quagga and ruby), Red Hat (.NET Core, quagga, and ruby), Scientific Linux (quagga and ruby), SUSE (glibc), and Ubuntu (libreoffice). --------------------------------------------- https://lwn.net/Articles/748350/ ∗∗∗ IBM Security Bulletin: IBM Cloud Private has released a patch in response to the vulnerabilities known as Spectre and Meltdown(CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 and OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013398 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza SQL Extensions ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013399 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Information disclosure in WebSphere Application Server (CVE-2017-1681) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014125 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Open Source Apache Poi vulnerability (CVE-2017-5644) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014107 ∗∗∗ Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX232199 ∗∗∗ TMM vulnerability CVE-2018-5500 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33211839 ∗∗∗ DNS TCP virtual server vulnerability CVE-2018-5501 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44200194 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6150 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62712037 ∗∗∗ BIG-IP ASM data processing vulnerability CVE-2017-6154 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K38243073 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.02.2018
by Daily end-of-shift report 28 Feb '18

28 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 27-02-2018 18:00 − Mittwoch 28-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Free Decrypter Available for GandCrab Ransomware Victims ∗∗∗ --------------------------------------------- Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-decrypter-available-for… ∗∗∗ Dissecting Hancitor’s Latest 2018 Packer ∗∗∗ --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/02/unit42-dissecting-hanci… ∗∗∗ Sicherheits-Netzbetriebssystem: Fortinet präsentiert FortiOS 6.0 ∗∗∗ --------------------------------------------- Auf seiner Hausveranstaltung Accelerate 18 hat Fortinet Version 6.0 seines Security-Network-Betriebssystems FortiOS vorgestellt. Das Update umfasst über 200 Aktualisierungen. --------------------------------------------- https://www.heise.de/meldung/Sicherheits-Netzbetriebssystem-Fortinet-praese… ∗∗∗ Electra: Erster umfassender Jailbreak für iOS 11 erschienen ∗∗∗ --------------------------------------------- Ein neuer Jailbreak soll erstmals den alternativen App Store Cydia auf iOS 11 bringen. Dafür wird der Exploit eines Google-Sicherheitsforschers eingesetzt, der allerdings nur in älteren Versionen des Betriebssystems funktioniert. --------------------------------------------- https://www.heise.de/meldung/Electra-Erster-umfassender-Jailbreak-fuer-iOS-… ∗∗∗ Who Wasn’t Responsible for Olympic Destroyer? ∗∗∗ --------------------------------------------- This blog post is authored by Paul Rascagneres and Martin Lee.SummaryAbsent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The threat actor responsible for the attack has purposefully included .. --------------------------------------------- http://feedproxy.google.com/~r/feedburner/Talos/~3/VvKIOSM9n5Y/who-wasnt-re… ∗∗∗ First true native IPv6 DDoS attack spotted in wild ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/first-true-native-ipv6-ddos-attack-spotte… ===================== = Vulnerabilities = ===================== ∗∗∗ Emerson ControlWave Micro Process Automation Controller ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in the Emerson ControlWave Micro Process Automation Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-03 ∗∗∗ Delta Electronics WPLSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow, heap-based buffer overflow, out-of-bounds write vulnerabilities in the Delta Electronics WPLSoft PLC programming software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 ∗∗∗ Medtronic 2090 Carelink Programmer Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in Medtronic’s 2090 CareLink Programmer and its accompanying software deployment network. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01 ∗∗∗ Philips Intellispace Portal ISP Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for vulnerabilities in the Philips’ IntelliSpace Portal (ISP), an advanced visualization and image analysis system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 ∗∗∗ Siemens SIMATIC Industrial PCs ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013543 ∗∗∗ IBM Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013436 ∗∗∗ Insecure Direct Object Reference in TestLink Open Source Test Management ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/insecure-direct-object-refer… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.02.2018
by Daily end-of-shift report 27 Feb '18

27 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 26-02-2018 18:00 − Dienstag 27-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SAML Vulnerability Lets Attackers Log in as Other Users ∗∗∗ --------------------------------------------- Security researchers from Duo Labs and the US Computer Emergency Response Team (US-CERT) will release security advisories today detailing a new SAML vulnerability that allows malicious attackers to authenticate as legitimate users without knowledge of the victims password. --------------------------------------------- https://www.bleepingcomputer.com/news/security/saml-vulnerability-lets-atta… ∗∗∗ New Guide on How to Clean a Hacked Website ∗∗∗ --------------------------------------------- Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are eager to share with you some tips on how to clean your hacked website. We are happy to help the community learn the steps they can follow to get rid of a website hack. You can find all our guides to website security in a section of our website dedicated to providing concise and comprehensive tips on different areas of --------------------------------------------- https://blog.sucuri.net/2018/02/new-guide-clean-hacked-website.html ∗∗∗ Memcached Amplification Attack: Neuer DDoS-Angriffsvektor aufgetaucht ∗∗∗ --------------------------------------------- Öffentlich erreichbare Memcached-Installationen werden von Angreifern für mächtige DDoS-Attacken missbraucht. Die Besitzer dieser Server wissen oft nicht, dass sie dabei helfen, Webseiten aus dem Internet zu spülen. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Attack-Neuer-… ===================== = Vulnerabilities = ===================== ∗∗∗ OS command injection, arbitrary file upload & SQL injection in ClipBucket ∗∗∗ --------------------------------------------- Critical security issues such as OS command injection or arbitrary file upload allow an attacker to fully compromise the web server which has the video and media management solution “ClipBucket” installed. Potentially sensitive data might get exposed through this attack. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitra… ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (exim, irssi, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, phpMyAdmin, and seamonkey), Mageia (cups, flatpak, golang, jhead, and qpdf), Oracle (gcab, java-1.7.0-openjdk, and kernel), Red Hat (gcab, java-1.7.0-openjdk, and java-1.8.0-ibm), Scientific Linux (gcab and java-1.7.0-openjdk), and Ubuntu (sensible-utils). --------------------------------------------- https://lwn.net/Articles/748179/ ∗∗∗ DFN-CERT-2018-0389: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0389/ ∗∗∗ IBM Security Bulletin: Potential hard-coded password vulnerability affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013961 ∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements (CVE-2017-1654) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010869 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by a Public disclosed vulnerability from Apache Struts vulnerability (CVE-2017-15707) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013305 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012547 ∗∗∗ GNU C Library vulnerability CVE-2018-6551 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11274054 ∗∗∗ XSA-256 - x86 PVH guest without LAPIC may DoS the host ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-256.html ∗∗∗ XSA-255 - grant table v2 -> v1 transition may crash Xen ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-255.html ∗∗∗ XSA-252 - DoS via non-preemptable L3/L4 pagetable freeing ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-252.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.02.2018
by Daily end-of-shift report 26 Feb '18

26 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 23-02-2018 18:00 − Montag 26-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Incident Response: Social Engineering funktioniert als Angriffsvektor weiterhin ∗∗∗ --------------------------------------------- Was passiert, nachdem ein Unternehmen gehackt wurde - und welche Mechanismen werden dafür genutzt? Das Sicherheitsunternehmen F-Secure hat Zahlen des eigenen Incident-Response-Teams veröffentlicht und stellt fest: Besonders im Gaming-Sektor und bei Behörden gibt es gezielte Angriffe. --------------------------------------------- https://www.golem.de/news/incident-response-social-engineering-funktioniert… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0384/">Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht authentisierten Angreifer für verschiedene Denial-of-Service (DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen erfordert die Verarbeitung speziell präparierter Datenpakete oder Packet-Trace-Dateien. Der Hersteller stellt Wireshark 2.2.13 und 2.4.5 als Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0384/ ∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. ... Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-wavpack, phpmyadmin, unixodbc, and wavpack), Debian (drupal7, golang, imagemagick, libdatetime-timezone-perl, libvpx, and tzdata), Fedora (exim, irssi, kernel, milkytracker, qt5-qtwebengine, seamonkey, and suricata), Mageia (advancecomp, apache-commons-email, freetype2, ghostscript, glpi, jackson-databind, kernel, mariadb, and postgresql), openSUSE (dhcp, GraphicsMagick, lame, php5, phpMyAdmin, timidity, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/748073/ ∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1416) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013706 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013753 ∗∗∗ IBM Security Bulletin:IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities (CVE-2016-1000220, CVE-2017-11479) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013921 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Inadequate Encryption Strength vulnerability (CVE-2018-1425) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013751 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Weak password policy vulnerability (CVE-2018-1372) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013832 ∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013094 ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security is affected by a publicly disclosed vulnerability in BIND ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013558 ∗∗∗ IBM Security Bulletin: IBM Protector is affected by Open Source XMLsoft Libxml2 Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013890 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily