Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 12.01.2018
by Daily end-of-shift report 12 Jan '18

12 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 11-01-2018 18:00 − Freitag 12-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ AMD Will Release CPU Microcode Updates for Spectre Flaw This Week ∗∗∗ --------------------------------------------- AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw. --------------------------------------------- https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microco… ∗∗∗ PowerStager Analysis ∗∗∗ --------------------------------------------- Unit 42 analyzes PowerStager and the unique obfuscation technique it was employing for its PowerShell segments --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-anal… ∗∗∗ Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search ∗∗∗ --------------------------------------------- In this part we will demonstrate that sometimes traditional approach does not work. If SAP pentesters know a number of SAP vulnerabilities and downloaded free tools from the Internet, they won’t be able to hack a system because some companies have applied the latest patches and they don’t have at least the most common issues (e.g. Gateway bypass, Verb Tampering, or default passwords). [...] This article will show what we did to break the walls. --------------------------------------------- https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-… ∗∗∗ Vorsicht vor Fake-Mails vom BSI mit angeblichen Meltdown-/Spectre-Patches ∗∗∗ --------------------------------------------- Betrügerische Mails im Namen des Bundesamt für Sicherheit in der Informationstechnik wollen Opfern einen als Meltdown-/Spectre-Patch getarnten Trojaner unterjubeln. --------------------------------------------- https://www.heise.de/security/meldung/Vorsicht-vor-Fake-Mails-vom-BSI-mit-a… ===================== = Vulnerabilities = ===================== ∗∗∗ Meltdown and Spectre Vulnerabilities ∗∗∗ --------------------------------------------- NCCIC/ICS-CERT is referencing CERT/CC’s vulnerability note VU#584653 CPU hardware vulnerable to side-channel attacks to enhance the awareness of critical infrastructure asset owners/operators and to identify affected product vendors that have contacted ICS-CERT for help disseminating customer notifications/recommendations to mitigate the risk associated with cache side-channel attacks known as Meltdown and Spectre. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01 ∗∗∗ Advantech WebAccess (Update A) ∗∗∗ --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, improper input validation, unrestricted upload of file with dangerous type, and use after free vulnerabilities in Advantech’s WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based and heap-based buffer overflow vulnerabilities in the WECON LeviStudio HMI Editor software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01 ∗∗∗ Moxa MXview ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unquoted search path or element vulnerability in the Moxa MXview network management software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02 ∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authorization and information exposure vulnerabilities in the PHOENIX CONTACT FL SWITCH. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-011-03 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (intel-ucode), Debian (gifsicle), Fedora (awstats and kernel), Gentoo (icoutils, pysaml2, and tigervnc), Mageia (dokuwiki and poppler), Oracle (kernel), SUSE (glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu (intel-microcode). --------------------------------------------- https://lwn.net/Articles/744175/rss ∗∗∗ DFN-CERT-2018-0080: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0080/ ∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012454 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012458 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012358 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012355 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012406 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008807 ∗∗∗ Critical Patch Update - January 2018 - Pre-Release Announcement ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ∗∗∗ SSB-068644 (Last Update 2018-01-11): General Customer Information for Spectre and Meltdown ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-068644… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.01.2018
by Daily end-of-shift report 11 Jan '18

11 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 10-01-2018 18:00 − Donnerstag 11-01-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ mitm6 – compromising IPv4 networks via IPv6 ∗∗∗ --------------------------------------------- ... most companies are unaware that while IPv6 might not be actively in use, all Windows versions since Windows Vista (including server variants) have IPv6 enabled and prefer it over IPv4. In this blog, an attack is presented that abuses the default IPv6 configuration in Windows networks to spoof DNS replies by acting as a malicious DNS servers and redirect traffic to an attacker specified endpoint. --------------------------------------------- https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv… ===================== = Vulnerabilities = ===================== ∗∗∗ SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software ∗∗∗ --------------------------------------------- The Simple Network Management Protocol(SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0073/">Juniper Networks ScreenOS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann die Schwachstelle in ScreenOS, die auch unter dem Namen 'Etherleak' geführt wird, ausnutzen, um Informationen auszuspähen. Der Hersteller veröffentlicht die ScreenOS Version 6.3.0r25 zur Behebung der Schwachstelle. Alle nachfolgenden ScreenOS Versionen sind über diese Schwachstelle ebenfalls nicht mehr verwundbar. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0073/ ∗∗∗ DFN-CERT-2018-0077/">Juniper Junos Space: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- Es existieren mehrere Schwachstellen im Junos Space Security Director and Log Collector, in Junos Space sowie den enthaltenen Komponenten Apache Commons Collections, Apache HTTP-Server (httpd), Apache Log4, Apache Tomcat, JBoss Enterprise Application Platform (EAP), dessen Webkonsole, dem JGroups Framework, dem Linux-Kernel, OpenSSH und rpcbind. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0077/ ∗∗∗ DFN-CERT-2018-0071/">Juniper Junos OS: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Für einige der genannten Schwachstellen stehen Workarounds zur Mitigation zur Verfügung. Die Hinweise dazu finden sich in den einzelnen Security Bulletins. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0071/ ∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0001 ∗∗∗ --------------------------------------------- Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the speculative execution by utilizing branch target injection. Description: Security improvements are included to mitigate the effects. --------------------------------------------- https://www.securityfocus.com/archive/1/541659 ∗∗∗ Spectre-Lücke: Auch Server mit IBM POWER, Fujitsu SPARC und ARMv8 betroffen ∗∗∗ --------------------------------------------- IBM stellt Firmware-Updates für Server mit POWER7+, POWER8 und POWER9 bereit, Fujitsu will einige SPARC-M10- und -M12-Server patchen; zu ARM-SoCs für Server fehlen Infos. --------------------------------------------- https://heise.de/-3938749 ∗∗∗ VMSA-2018-0005 ∗∗∗ --------------------------------------------- VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0005.html ∗∗∗ January 2018 Office Update Release ∗∗∗ --------------------------------------------- The January 2018 Public Update releases for Office are now available! This month, there are 36 security updates and 25 non-security updates. All of the security and non-security updates are listed in KB article 4058103. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/01/09… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (glibc and lib32-glibc), Debian (ming and poco), Fedora (electron-cash, electrum, firefox, heketi, microcode_ctl, and python-jsonrpclib), openSUSE (clamav-database and ucode-intel), Red Hat (flash-plugin), SUSE (OBS toolchain), and Ubuntu (webkit2gtk). --------------------------------------------- https://lwn.net/Articles/744075/rss ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011739 ∗∗∗ IBM Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009368 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.01.2018
by Daily end-of-shift report 10 Jan '18

10 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 09-01-2018 18:00 − Mittwoch 10-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Let’s Encrypt: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure ∗∗∗ --------------------------------------------- At approximately 5 p.m. Pacific time on January 9, 2018, we received a report from Frans Rosén of Detectify outlining a method of exploiting some shared hosting infrastructures to obtain certificates for domains he did not control, by making use of the ACME TLS-SNI-01 challenge type. We quickly confirmed the issue and mitigated it by entirely disabling TLS-SNI-01 validation in Let’s Encrypt --------------------------------------------- https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-sh… ===================== = Vulnerabilities = ===================== ∗∗∗ January 2018 security update release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this months security updates can be found in the Security Update Guide. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/01/09/january-2018-security-u… ∗∗∗ Bugtraq: [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. ∗∗∗ --------------------------------------------- On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. --------------------------------------------- http://www.securityfocus.com/archive/1/541654 ∗∗∗ DFN-CERT-2018-0065/">Irssi: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Irssi ermöglichen auch einem entfernten, einfach authentisierten Angreifer verschiedene Denial-of-Service (DoS)-Angriffe. Das Irssi-Projekt stellt die Version 1.0.6 von Irssi im Quellcode zur Verfügung, um die Schwachstellen zu schließen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0065/ ∗∗∗ Blue Coat ProxySG Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks and Obtain Authentication Information ∗∗∗ --------------------------------------------- Several vulnerabilities were reported in Blue Coat ProxySG. A remote user can redirect the target user's browser to an arbitrary site. A remote user can obtain authentication information on the target system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1040138 ∗∗∗ VMSA-2018-0004 ∗∗∗ --------------------------------------------- VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0004.html ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (awstats, gdk-pixbuf, plexus-utils, and plexus-utils2), Fedora (asterisk, gimp, heimdal, libexif, linux-firmware, mupdf, poppler, thunderbird, webkitgtk4, wireshark, and xrdp), openSUSE (diffoscope, irssi, and qemu), SUSE (java-1_7_0-ibm, kernel-firmware, and qemu), and Ubuntu (irssi, kernel, linux, linux-aws, linux-euclid, linux-kvm, linux-hwe, linux-azure, linux-gcp, linux-oem, linux-lts-trusty, linux-lts-xenial, linux-lts-xenial, linux-aws, --------------------------------------------- https://lwn.net/Articles/743903/rss ∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1361) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22012409 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012420 ∗∗∗ IBM Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012366 ∗∗∗ IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012372 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012374 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1478) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012323 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.01.2018
by Daily end-of-shift report 09 Jan '18

09 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Montag 08-01-2018 18:00 − Dienstag 09-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ VirusTotal Graph ∗∗∗ --------------------------------------------- [...] It is a visualization tool built on top of VirusTotals data set. It understands the relationship between files, URLs, domains and IP addresses and it provides an easy interface to pivot and navigate over them. --------------------------------------------- http://blog.virustotal.com/2018/01/virustotal-graph.html ∗∗∗ Bitcoin- und Litecoin-Klau bei Electrum, Electron Cash und Electrum-LTC möglich ∗∗∗ --------------------------------------------- Eine von außen ausnutzbare Sicherheitslücke gefährdet Nutzer der Wallet-Programme Electrum (Bitcoin), Electron Cash (Bitcoin Cash) und Electrum-LTC (Litecoin). Angreifer könnten den Anwender deanonymisieren und im Extremfall das Guthaben stehlen. --------------------------------------------- https://heise.de/-3936813 ∗∗∗ Amazon-Händler/innen erhalten Phishingmails ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Amazon Seller Center-Nachrichten. Darin fordern sie Händler/innen dazu auf, eine Website aufzurufen und ihre persönlichen Daten zu aktualisieren. Verkäufer/innen, die das tun, übermitteln ihr Passwort an Betrüger/innen. Dadurch können diese auf das fremde Shop-Konto zugreifen und es für Verbrechen nutzen. --------------------------------------------- https://www.watchlist-internet.at/phishing/amazon-haendlerinnen-erhalten-ph… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Flash Player (APSB18-01) ∗∗∗ --------------------------------------------- A Security Bulletin (APSB18-01) has been published regarding security updates for Adobe Flash Player. These updates address an important out-of-bounds read vulnerability that could lead to information disclosure, and Adobe recommends users update their product installations to the latest versions --------------------------------------------- https://blogs.adobe.com/psirt/?p=1517 ∗∗∗ DSA-4081 php5 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language: --------------------------------------------- https://www.debian.org/security/2018/dsa-4081 ∗∗∗ DSA-4080 php7.0 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language: --------------------------------------------- https://www.debian.org/security/2018/dsa-4080 ∗∗∗ First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services ∗∗∗ --------------------------------------------- We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has 1,000-5,000 installs as of writing, is capable of remote command execution, information theft, SMS sending, URL forwarding, and click ad --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/COv5LfcpYs8/ ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: January 08, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:macOS High Sierra 10.13.2OS X El Capitan 10.11.6 and macOS Sierra 10.12.6iPhone 5s and later, iPad Air and later, and iPod touch 6th generation --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/01/08/Apple-Releases-Mul… ∗∗∗ Patch gegen Spectre: Aktualisierte Nvidia-Grafiktreiber für GeForce und Quadro, Tesla-Treiber später ∗∗∗ --------------------------------------------- Nutzer von Nvidia-Grafikkarten sollten die neuen Grafiktreiber schnellstmöglich installieren. Sie enthalten Patches, die die Anfälligkeit für erfolgreiche Spectre-Attacken senken. --------------------------------------------- https://heise.de/-3937247 ∗∗∗ SAP Security Patch Day - January 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that --------------------------------------------- https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (graphicsmagick and linux-lts), CentOS (thunderbird), Debian (kernel, opencv, php5, and php7.0), Fedora (electrum), Gentoo (libXfont), openSUSE (gimp, java-1_7_0-openjdk, and libvorbis), Oracle (thunderbird), Slackware (irssi), SUSE (kernel, kernel-firmware, and kvm), and Ubuntu (awstats, nvidia-graphics-drivers-384, python-pysaml2, and tomcat7, tomcat8). --------------------------------------------- https://lwn.net/Articles/743700/rss ∗∗∗ IBM Security Bulletin: Information disclosure in Liberty for Java for IBM Bluemix (CVE-2017-1681, CVE-2013-6440) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011863 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by GnuTLS vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012330 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011802 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011803 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem models 840 and 900 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011804 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem model V840 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011805 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.01.2018
by Daily end-of-shift report 08 Jan '18

08 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 05-01-2018 18:00 − Montag 08-01-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Meltdown and Spectre: clearing up the confusion, (Mon, Jan 8th) ∗∗∗ --------------------------------------------- Unless youve been living under a rock (or on a remote island, with no Internet connection), youve heard about the latest vulnerabilities that impact modern processors. Im sure that most of our readers are scrambling in order to assess the risk, patch systems and what not, so we have decided to write a diary that will clear the confusion a bit and point out some important things that people might not be aware of. --------------------------------------------- https://isc.sans.edu/diary/rss/23197 ∗∗∗ Meltdown und Spectre: Die Sicherheitshinweise und Updates von Hardware- und Software-Herstellern ∗∗∗ --------------------------------------------- Hersteller von Hard- und Software sind von den Sicherheitslücken Meltdown und Spectre gleichermaßen betroffen. Eine Linkübersicht zu Stellungnahmen, weiterführenden Informationen und Update-Hinweisen. --------------------------------------------- https://heise.de/-3936141 ===================== = Vulnerabilities = ===================== ∗∗∗ Backdoor Account Removed from Western Digital NAS Hard Drives ∗∗∗ --------------------------------------------- A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/backdoor-account-removed-fro… ∗∗∗ AMD PSP fTPM Remote Code Execution ∗∗∗ --------------------------------------------- Topic: AMD PSP fTPM Remote Code Execution Risk: High Text:Introduction AMD PSP [1] is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isola... --------------------------------------------- https://cxsecurity.com/issue/WLB-2018010061 ∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗ --------------------------------------------- Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products, including the Cisco bug ID for each affected product. ----- Vulnerable Products Cisco 800 Industrial Integrated Services Routers Cisco UCS B-Series M2 Blade Servers Cisco UCS B-Series M3 Blade Servers Cisco UCS B-Series M4 Blade Servers (except B260, B460) Cisco UCS B-Series M5 Blade Servers Cisco UCS B260 M4 Blade Server Cisco UCS B460 M4 Blade Server Cisco UCS C-Series M2 Rack Servers Cisco UCS C-Series M3 Rack Servers Cisco UCS C-Series M4 Rack Servers Cisco UCS C-Series M5 Rack Servers Cisco UCS C460 M4 Rack Server --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Juniper: Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method ∗∗∗ --------------------------------------------- The following products may be impacted if deployed in a way that allows unsigned code execution: Junos OS based platforms Junos Space appliance Qfabric Director CTP Series NSMXpress/NSM3000/NSM4000 appliances STRM/Juniper Secure Analytics (JSA) appliances SRC/C Series The following products are not impacted: ScreenOS / Netscreen platforms JUNOSe / E Series platforms BTI platforms --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=RSS ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware, --------------------------------------------- https://lwn.net/Articles/743575/rss ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting. (CVE-2017-1623) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012344 ∗∗∗ IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to sensitive information leakage. (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012301 ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2016-9722) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012293 ∗∗∗ IBM Security Bulletin: Vulnerability in NSS affects Power Hardware Management Console (CVE-2017-7805) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022320 ∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022321 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1459) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012331 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an open redirect vulnerability (CVE-2017-1534) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008936 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site scripting vulnerability (CVE-2017-1533) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012327 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011534 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.01.2018
by Daily end-of-shift report 05 Jan '18

05 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 04-01-2018 18:00 − Freitag 05-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Google Unveils New Retpoline Coding Technique for Mitigating Spectre Attacks ∗∗∗ --------------------------------------------- Google has published details about a new coding technique created by the companys engineers that any developer can deploy and prevent Spectre attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/google/google-unveils-new-retpoline-c… ∗∗∗ Microsoft could soon be “password free” ∗∗∗ --------------------------------------------- Is it the beginning of the end for passwords? --------------------------------------------- https://nakedsecurity.sophos.com/2018/01/05/microsoft-could-soon-be-passwor… ∗∗∗ How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws ∗∗∗ --------------------------------------------- [...] An editorial-form article is probably not the best format to give advice, so were going to present a simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsofts overly complicated announcement. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-win… ∗∗∗ How a researcher hacked his own computer and found worst chip flaw ∗∗∗ --------------------------------------------- FRANKFURT (Reuters) - Daniel Gruss didn’t sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel Corp (INTC.O). --------------------------------------------- https://www.reuters.com/article/us-cyber-intel-researcher/how-a-researcher-… ∗∗∗ Meltdown und Spectre: Alle Macs und iOS-Geräte betroffen ∗∗∗ --------------------------------------------- Apple hat sich endlich zu der Chiplücke in ARM- und Intel-Prozessoren geäußert. Demnach sind alle aktuellen Produkte des Konzerns angreifebar – die Apple Watch nicht mit Meltdown. Erste Bugfixes existieren. --------------------------------------------- https://heise.de/-3934477 ∗∗∗ XeroxDay: Zero-Day-Schwachstelle bei Xerox Alto gefunden!!!1elf ∗∗∗ --------------------------------------------- Der Passwortschutz der 14-Zoll-Disketten für Xerox Alto lässt sich im Handumdrehen aushebeln. Ein Fix ist nicht in Sicht. Vom Produktiveinsatz mit sensiblen Daten sollte daher Abstand genommen werden. --------------------------------------------- https://heise.de/-3934443 ∗∗∗ Prozessor-Lücken Meltdown und Spectre: Intel und ARM führen betroffene Prozessoren auf, Nvidia analysiert noch ∗∗∗ --------------------------------------------- Betroffen sind unter anderem sämtliche Intel-Core-Prozessoren bis zurück zum Jahr 2008 sowie eine Vielzahl von ARM-Cortex-CPUs. Nvidia glaubt, dass die CUDA-GPUs nicht anfällig sind und analysiert noch seine Tegra-Prozessoren. --------------------------------------------- https://heise.de/-3934667 ∗∗∗ Trackmageddon: GPS-Tracking-Services ermöglichen unbefugten Zugriff ∗∗∗ --------------------------------------------- Sicherheitsforscher haben Schwachstellen in zahlreichen Online-Tracking-Services entdeckt, die Angreifern unter anderem das Abrufen von GPS-Daten ermöglichen. Eine Liste der verwundbaren Services ist online verfügbar. --------------------------------------------- https://heise.de/-3934328 ∗∗∗ Jetzt patchen: Kritische Lücken in Dell EMC Data Protection Suite ∗∗∗ --------------------------------------------- Einige Dell-EMC-Produkte sind anfällig für Angriffe, die im schlimmsten Fall die vollständige Systemkompromittierung ermöglichen. Patches stehen bereit. --------------------------------------------- https://heise.de/-3935063 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4078 linux - security update ∗∗∗ --------------------------------------------- Multiple researchers have discovered a vulnerability in Intel processors,enabling an attacker controlling an unprivileged process to read memory fromarbitrary addresses, including from the kernel and all other processes runningon the system. --------------------------------------------- https://www.debian.org/security/2018/dsa-4078 ∗∗∗ Delta Electronics Delta Industrial Automation Screen Editor ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow, use-after-free, out-of-bounds write, and type confusion vulnerabilities in the Delta Electronics Delta Industrial Automation Screen Editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-01 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, and improper input validation vulnerabilities in Advantech’s WebAccess products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 ∗∗∗ Intel-SA-00086 Security Review Cumulative Update ∗∗∗ --------------------------------------------- Intel recently released a security update (Intel-SA-00086), regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products.The following Firmware are impacted:Intel Management Engine (ME) Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20Intel Server Platform Services (SPS) Firmware version 4.0Intel Trusted Execution Engine (TXE) version 3.0And the following Intel products are affected:6th, 7th & 8th Generation Intel Core Processor FamilyIntel Xeon Processor E3-1200 v5 & v6 Product --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-271 ∗∗∗ VMSA-2018-0003 ∗∗∗ --------------------------------------------- vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0003.html ∗∗∗ Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 ∗∗∗ --------------------------------------------- A new class of issues has been identified in common CPU architectures. The presently known issues could allow unprivileged [...] --------------------------------------------- https://support.citrix.com/article/CTX231399 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (kernel), CentOS (kernel, libvirt, microcode_ctl, and qemu-kvm), Debian (kernel and xen), Fedora (kernel), Mageia (backintime, erlang, and wildmidi), openSUSE (kernel and ucode-intel), Oracle (kernel, libvirt, microcode_ctl, and qemu-kvm), Red Hat (kernel, kernel-rt, libvirt, microcode_ctl, qemu-kvm, and qemu-kvm-rhev), Scientific Linux (libvirt and qemu-kvm), SUSE (kvm and qemu), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/743242/rss ∗∗∗ Three new stable kernels ∗∗∗ --------------------------------------------- Greg Kroah-Hartman has announced the release of the 4.14.12, 4.9.75, and 4.4.110 stable kernels. The bulk of thechanges are either to fix the mitigations for Meltdown/Spectre (in 4.14.12) or to backportthose mitigations (in the two older kernels). There are apparently known (orsuspected) problems with each of the releases, which Kroah-Hartman is hoping to get shaken out inthe near term. For example, the 4.4.110 announcement warns: "But becareful, there have been some reports of problems [...] --------------------------------------------- https://lwn.net/Articles/743246/rss ∗∗∗ Bugtraq: SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541633 ∗∗∗ DFN-CERT-2018-0035: Ruby: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0035/ ∗∗∗ DFN-CERT-2018-0029: Mozilla Firefox, Spectre: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0029/ ∗∗∗ HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011668 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010680 ∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011978 ∗∗∗ IBM Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling File Gateway ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012006 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by XML External Entity Injection (XXE) attack (CVE-2017-1666) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011970 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by SQL injection (CVE-2017-1670 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012009 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Spoofing through URL Redirection (CVE-2017-1668) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012010 ∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Path Traversal vulnerability (CVE-2017-1671) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011967 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012324 ∗∗∗ IBM Security Bulletin: Authenticated Users Can Gain Privilege in IBM UrbanCode Deploy (CVE-2017-1493) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000367 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.01.2018
by Daily end-of-shift report 04 Jan '18

04 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 03-01-2018 18:00 − Donnerstag 04-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates ∗∗∗ --------------------------------------------- This article contains an continuously updated list of advisories, bulletins, and software updates related to the Meltdown and Spectre vulnerabilities discovered in modern processors. The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre… ∗∗∗ BeA: Noch mehr Sicherheitslücken im Anwaltspostfach ∗∗∗ --------------------------------------------- Das besondere elektronische Anwaltspostfach hat mehr als nur eine Sicherheitslücke. Die Probleme reichen von einer falschen Ende-zu-Ende-Verschlüsselung über Cross Site Scripting bis hin zu ROBOT und veralteten Java-Libraries. Dabei hat die Firma SEC Consult einen Sicherheitsaudit durchgeführt. --------------------------------------------- https://www.golem.de/news/bea-noch-mehr-sicherheitsluecken-im-anwaltspostfa… ∗∗∗ SWIFT framework took effect Jan. 1 ∗∗∗ --------------------------------------------- While organizations often drag their feet in adopting new cyber requirements, playing the odds that either they wont be breached or found out by regulators, a banks compliance with the SWIFT framework is transparent to other members of the global messaging platform. --------------------------------------------- https://www.scmagazine.com/swift-framework-took-effect-jan-1/article/734615/ ∗∗∗ TU Graz-Forscher entdecken schwere IT-Sicherheitslücke ∗∗∗ --------------------------------------------- Mit "Meltdown" und "Spectre" deckte ein internationales Team - darunter Forscher der TU Graz – schwere Sicherheitslücken in Computer-Prozessoren auf. Betroffen sind PCs, Server und Cloud-Dienste. Ein Patch soll helfen. --------------------------------------------- https://www.tugraz.at/tu-graz/services/news-stories/tu-graz-news/einzelansi… ∗∗∗ Android-Patchday: Google schließt 38 Sicherheitslücken ∗∗∗ --------------------------------------------- Im Rahmen seiner monatlichen Update-Routine schließt Google im Januar 38 Android-Lücken, von denen fünf als kritisch gelten. Für Pixel- und Nexus-Geräte gibt es wieder zusätzliche Sicherheitspatches. --------------------------------------------- https://heise.de/-3933932 ∗∗∗ WordPress Supply Chain Attacks: An Emerging Threat ∗∗∗ --------------------------------------------- In the last few months, we have discovered a number of supply chain attacks targeting WordPress plugins. In this post, we explain what a supply chain attack is, why WordPress is an attractive target for them, and what you can do to protect your site. What Is a Supply Chain Attack? In the software industry, [...] --------------------------------------------- https://www.wordfence.com/blog/2018/01/wordpress-supply-chain-attacks/ ∗∗∗ Wartungsarbeiten Dienstag, 9.1.2018 ∗∗∗ --------------------------------------------- Am Dienstag, 9. Jänner 2018, ab etwa 18:00, werden wir Wartungsarbeiten (ausserhalb des regulären Wartungsfensters, vgl. https://www.cert.at/services/blog/20170609114214-2029.html) an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (z.B. Mail, Webserver, Mailinglisten) führen, diese können jeweils mehrere Minuten andauern. Es gehen dabei keine Daten (z.B. Emails) [...] --------------------------------------------- http://www.cert.at/services/blog/20180104144006-2108.html ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541628 ∗∗∗ DFN-CERT-2018-0023: Microsoft Internet Explorer: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0023/ ∗∗∗ DFN-CERT-2018-0021: Microsoft Edge: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0021/ ∗∗∗ IBM Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011428 ∗∗∗ IBM Security Bulletin: IBM WebSphere MQ is affected by a privilege escalation vulnerability (CVE-2017-1612) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009918 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ (CVE-2017-3735 CVE-2017-3736) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22009850 ∗∗∗ VMSA-2018-0002 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0002.html ∗∗∗ Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91229003 ∗∗∗ XSA-254 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-254.html ∗∗∗ XSA-253 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-253.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.01.2018
by Daily end-of-shift report 03 Jan '18

03 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 02-01-2018 18:00 − Mittwoch 03-01-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 9% of Popular Websites Use Anti-Adblock Scripts ∗∗∗ --------------------------------------------- Around 9% of todays most popular websites deployed or are deploying anti-adblock scripts in an effort to maintain advertising revenues and fight off the rise in the adoption of ad-blocking extensions. --------------------------------------------- https://www.bleepingcomputer.com/news/technology/9-percent-of-popular-websi… ∗∗∗ VMware Issues 3 Critical Patches for vSphere Data Protection ∗∗∗ --------------------------------------------- VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. --------------------------------------------- http://threatpost.com/vmware-issues-3-critical-patches-for-vsphere-data-pro… ∗∗∗ Massive Lücke in Intel-CPUs erfordert umfassende Patches ∗∗∗ --------------------------------------------- Derzeit arbeiten Linux- und Windows-Entwickler mit Hochdruck an umfangreichen Sicherheits-Patches, die Angriffe auf Kernel-Schwachstellen verhindern sollen. Grund für die Eile: eine Intel-spezifische Sicherheitslücke. --------------------------------------------- https://heise.de/-3931562 ∗∗∗ Serial Swatter “SWAuTistic” Bragged He Hit 100 Schools, 10 Homes ∗∗∗ --------------------------------------------- The individual who allegedly made a fake emergency call to Kansas police last week that summoned them to shoot and kill an unarmed local man has claimed credit for raising dozens of these dangerous false .. --------------------------------------------- https://krebsonsecurity.com/2018/01/serial-swatter-swautistic-bragged-he-hi… ∗∗∗ Android-Update: Google räumt zahlreiche Sicherheitslücken aus ∗∗∗ --------------------------------------------- Media Framework bleibt problematischster Bereich – Update für Pixel- und Nexus-Devices begonnen --------------------------------------------- http://derstandard.at/2000071414985 ∗∗∗ Cybersecurity stand im Fokus eines Sicherheitsgipfels in St. Pölten ∗∗∗ --------------------------------------------- Behördliches Krisen- und Katastrophenmanagement soll u.a. weiter ausgebaut werden – Nächstes Treffen im Herbst --------------------------------------------- http://derstandard.at/2000071416550 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ PMASA-2017-9 ∗∗∗ --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2017-9/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.01.2018
by Daily end-of-shift report 02 Jan '18

02 Jan '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-12-2017 18:00 − Dienstag 02-01-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ I Am Dave ∗∗∗ --------------------------------------------- This cartoon has been making the rounds on the internet for a long time. It depicts how all security technologies and efforts can be undone by "Dave" the 'stupid user'. I can't think of many (well no) real industries that treat their users, peers, and customers with the same level of disdain. Imagine the automotive industry pushing a similar message. 'On one hand we have seatbelts, ABS, airbags, five star safety features... and on the other hand we [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/i-am-dave ∗∗∗ Scripts spionieren im Browser gespeicherte Login-Daten aus ∗∗∗ --------------------------------------------- Wer Nutzernamen und Passwörter direkt im Browser abspeichert, könnte dadurch ausspioniert werden, wie Sicherheitsforscher warnen. --------------------------------------------- https://futurezone.at/digital-life/scripts-spionieren-im-browser-gespeicher… ∗∗∗ The mysterious case of the Linux Page Table Isolation patches ∗∗∗ --------------------------------------------- tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. --------------------------------------------- http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-… ∗∗∗ IOHIDeous: Zero-Day-Exploit für macOS veröffentlicht ∗∗∗ --------------------------------------------- Eine seit wohl 15 Jahren bestehende Schwachstelle kann es einem Angreifer ermöglichen, die Kontrolle über den Mac zu übernehmen. Der nun veröffentlichte Kernel-Exploit funktioniert in macOS bis hin zu 10.13 High Sierra. --------------------------------------------- https://heise.de/-3929556 ∗∗∗ Gefälschte Raiffeisenbank-Sicherheits-App im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Raiffeisenbank-Nachricht. Darin behaupten sie, dass Kund/innen eine Sicherheits-App installieren müssen. Sie sei notwendig dafür, dass diese weiterhin ihr ELBA-Internet nützen können. In Wahrheit ist die Anwendung Schadsoftware. Sie ermöglicht es Datendieb/innen, dass Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-raiffeisenbank-siche… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0003: Asterisk: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0003/ ∗∗∗ DFN-CERT-2018-0004: GIMP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung von Denial-of-Service-Angriffen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0004/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.12.2017
by Daily end-of-shift report 29 Dec '17

29 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-12-2017 18:00 − Freitag 29-12-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Twenty-plus years on, SMTP callbacks are still pointless and need to die ∗∗∗ --------------------------------------------- A rarely used legacy misfeature of the main Internet email protocol creeps back from irrelevance as a minor annoyance. You should ask your mail and antispam provider about their approach to SMTP callbacks. Be wary of any assertion that is not backed by evidence.Even if you are an IT professional and run an email system, you could be forgiven for not being immediately aware that there is such a thing as SMTP callbacks, also referred to as callback verification. As you will see from the Wikipedia [...] --------------------------------------------- http://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.h… ∗∗∗ Magento Sites Hacked via Helpdesk Widget ∗∗∗ --------------------------------------------- Hackers are actively targeting Magento sites running a popular helpdesk extension, Dutch security researcher Willem de Groot has discovered. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/magento-sites-hacked-via-hel… ∗∗∗ Hacker zeigen Lücken bei Tor-Funksteuerung auf ∗∗∗ --------------------------------------------- Wiener Sicherheitsforscher der Firma Trustworks zeigten am Chaos Communication Congress, wie sie eine Funkfernsteuerung des deutschen Herstellers Hörmann geknackt haben. --------------------------------------------- https://futurezone.at/digital-life/hacker-zeigen-luecken-bei-tor-funksteuer… ∗∗∗ Code Used in Zero Day Huawei Router Attack Made Public ∗∗∗ --------------------------------------------- Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public. --------------------------------------------- http://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-publi… ∗∗∗ Reverse Javascript Injection Redirects to Support Scam on WordPress ∗∗∗ --------------------------------------------- Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note. The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with 'riskware' and will be disabled unless they call what is an obviously bogus support hotline. Google and several other web security vendors are currently blacklisting the domain; fortunately, most [...] --------------------------------------------- https://blog.sucuri.net/2017/12/reverse-javascript-injection-redirects-to-s… ∗∗∗ 34C3: Auch 4G-Mobilfunk ist einfach abzuhören und zu überwachen ∗∗∗ --------------------------------------------- GSM war sehr einfach zu knacken, 3G stand über das SS7-Protokoll offen wie ein Scheunentor. Bei 4G sollte mit dem neuen Roaming- und Abrechnungsprotokoll Diameter alles besser werden, doch viele Angriffsflächen sind geblieben. --------------------------------------------- https://heise.de/-3928496 ∗∗∗ The State of Security in Industrial Control Systems ∗∗∗ --------------------------------------------- The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect [...] --------------------------------------------- https://www.tripwire.com/state-of-security/ics-security/state-security-indu… ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4074 imagemagick - security update ∗∗∗ --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitising mayresult in denial of service, memory disclosure or the execution ofarbitrary code if malformed image files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-4074 Next End-of-Day report: 2018-01-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily