Daily

daily@lists.cert.at

1 participants
3189 discussions

Tageszusammenfassung - 16.02.2018
by Daily end-of-shift report 16 Feb '18

16 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 15-02-2018 18:00 − Freitag 16-02-2018 18:00 Handler: n/a Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ New Saturn Ransomware Actively Infecting Victims ∗∗∗ --------------------------------------------- A new ransomware was discovered this week by MalwareHunterTeam called Saturn. This ransomware will encrypt the files on a computer and then append the .saturn extension to the files name. At this time it is not known how Saturn Ransomware is being distributed. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-saturn-ransomware-active… ∗∗∗ Using the Chrome Task Manager to Find In-Browser Miners ∗∗∗ --------------------------------------------- The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager. --------------------------------------------- https://www.bleepingcomputer.com/news/security/using-the-chrome-task-manage… ∗∗∗ Behörden ignorieren Sicherheitsbedenken gegenüber Windows 10 ∗∗∗ --------------------------------------------- Deutsche Behörden kaufen fleißig Software bei Microsoft. Dabei gibt es erhebliche Sicherheitsbedenken, die das US-Unternehmen wohl immer noch nicht ausräumen konnte. Unklar ist etwa, welche Daten an den Konzern fließen. --------------------------------------------- https://www.heise.de/newsticker/meldung/Behoerden-ignorieren-Sicherheitsbed… ∗∗∗ Infizierte Heimrouter: Satori-Botnetz legt stark zu ∗∗∗ --------------------------------------------- Der Mirai-Nachfolger Satori infiziert immer mehr Heimrouter und IoT-Geräte. Die zugrundeliegenden Sicherheitslücken werden von den Herstellern oft ignoriert. In der Zwischenzeit schürfen die Angreifer munter Kryptogeld. --------------------------------------------- https://www.heise.de/meldung/Infizierte-Heimrouter-Satori-Botnetz-legt-star… ∗∗∗ Oracle WebLogic Server Flaw Exploited to Deliver Crypto-Miners ∗∗∗ --------------------------------------------- Threat actors are exploiting a recently patched vulnerability in Oracle WebLogic Server to infect systems with crypto-currency mining malware, FireEye reports. --------------------------------------------- https://www.securityweek.com/oracle-weblogic-server-flaw-exploited-deliver-… ===================== = Vulnerabilities = ===================== ∗∗∗ Nortek Linear eMerge E3 Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a command injection vulnerability in the Nortek Linear eMerge E3 Series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-01 ∗∗∗ GE D60 Line Distance Relay ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and improper restriction of operations within the bounds of a memory buffer vulnerabilities in GE’s D60 Line Distance Relay. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02 ∗∗∗ Schneider Electric IGSS Mobile ∗∗∗ --------------------------------------------- This advisory contains mitigation details for Improper certificate validation and plaintext storage of a password vulnerabilities in the Schneider Electric IGSS Mobile products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03 ∗∗∗ Schneider Electric StruxureOn Gateway ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an unrestricted upload of file with dangerous type vulnerability in Schneider Electrics StruxureOn Gateway software management platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-04 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (quagga), Mageia (freetype2, kernel-linus, and kernel-tmb), openSUSE (chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware (irssi), SUSE (glibc and quagga), and Ubuntu (quagga). --------------------------------------------- https://lwn.net/Articles/747439/rss ∗∗∗ 2018-01-06 (updated 2018-02-16): Cyber Security Notification - Meltdown & Spectre ∗∗∗ --------------------------------------------- http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A8219&… ∗∗∗ DFN-CERT-2018-0320: Quagga: Mehrere Schwachstellen ermöglichen u.a. einen Distributed-Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0320/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027118 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013416 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Host On-Demand ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012447 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008816 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.02.2018
by Daily end-of-shift report 15 Feb '18

15 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 14-02-2018 18:00 − Donnerstag 15-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Spam and phishing in 2017 ∗∗∗ --------------------------------------------- The share of spam in email traffic in 2017 fell by 1.68% to 56.63%. The lowest share (52.67%) was recorded in December 2017. The highest (59.56%) belonged to September. In 2017, the Anti-Phishing system was triggered 246,231,645 times on computers of Kaspersky Lab users as a result of phishing redirection attempts. --------------------------------------------- http://securelist.com/spam-and-phishing-in-2017/83833/ ∗∗∗ Inside the MSRC– The Monthly Security Update Releases ∗∗∗ --------------------------------------------- For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence. October 2003 ushered in .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/02/14/inside-the-msrc-the-mon… ∗∗∗ Multi-Stage Email Word Attack without Macros ∗∗∗ --------------------------------------------- Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Multi-Stage-Email-Word-… ∗∗∗ Besser vernetzt - besser geschützt ∗∗∗ --------------------------------------------- Zweitägiger Workshop im BRZ ermöglicht raschere Reaktion auf Malware und andere Bedrohungen. 70 Teilnehmer/innen von österreichischen und internationalen CERTs waren dabei. --------------------------------------------- https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html ∗∗∗ MeltdownPrime & SpectrePrime: Neue Software automatisiert CPU-Angriffe ∗∗∗ --------------------------------------------- Nach Meltdown und Spectre hatten Experten prognostiziert, dass das Zuschneiden auf spezifische Chips eine Weile dauern würde. Dieser Prozess lässt sich nun durch Automatisierung beschleunigen. Dabei wurden auch neue Variationen der Angriffe gefunden. --------------------------------------------- https://www.heise.de/meldung/MeltdownPrime-SpectrePrime-Neue-Software-autom… ∗∗∗ Cryptojacking: Hacker infiltrieren 5.000 Websites, verdienen nur 23 Euro ∗∗∗ --------------------------------------------- Laut Angaben von Skript-Entwickler Coinhive – Angreifer schleusten Code in Vorlese-Plugin .. --------------------------------------------- http://derstandard.at/2000074318850 ∗∗∗ COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style ∗∗∗ --------------------------------------------- This post is authored by Jeremiah OConnor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. Executive SummaryCisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign .. --------------------------------------------- http://blog.talosintelligence.com/2018/02/coinhoarder.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4112 xen - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4112 ∗∗∗ Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-013 ∗∗∗ Entity Backup - Critical - Module Unsupported - SA-CONTRIB-2018-012 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.02.2018
by Daily end-of-shift report 14 Feb '18

14 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-02-2018 18:00 − Mittwoch 14-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File ∗∗∗ --------------------------------------------- Returning to this particular flavor of malware, we see a rather simple way to bypass the detection products: it simply copies kernel32.dll. The copied version is identical and serves to relay requests from Word in to the kernel in precisely the same way; however, the copy name is subtly different. Therefore, some products fail to detect the malware activity as it passes from Word to the kernel. --------------------------------------------- https://blogs.bromium.com/malware-copies-file-evades-detection/ ∗∗∗ DoubleDoor Botnet Chains Exploits to Bypass Firewalls ∗∗∗ --------------------------------------------- Anubhav says DoubleDoor attackers are using the first exploit to bypass Juniper Netscreen firewalls and then scan internal networks for ZyXEL routers to exploit with the second exploit. ... But the botnet is not a major danger just yet. Anubhav says DoubleDoor looks like a work in progress and still under heavy development. --------------------------------------------- https://www.bleepingcomputer.com/news/security /doubledoor-botnet-chains-exploits-to-bypass-firewalls/ ===================== = Vulnerabilities = ===================== ∗∗∗ Microsoft - February 2018 Security Updates ∗∗∗ --------------------------------------------- The February security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance /releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573 ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-02) and Adobe Experience Manager (APSB18-04). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1530 ∗∗∗ Zu aufwendig: Microsoft will schwere Skype-Lücke nicht beheben ∗∗∗ --------------------------------------------- Leck erlaubt Übernahme von Windows-System – Kein Patch geplant, Fehler soll erst in neuer Version entfernt werden --------------------------------------------- http://derstandard.at/2000074186504 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (exim and mpv), Debian (advancecomp and graphicsmagick), Red Hat (collectd, erlang, httpd24-apr, openstack-aodh, and openstack-nova), SUSE (kernel and xen), and Ubuntu (libvorbis). --------------------------------------------- https://lwn.net/Articles/747244/rss ∗∗∗ SAP Resolves High Risk Flaws with February 2018 Patches ∗∗∗ --------------------------------------------- SAP this week released its monthly set of security updates for its products, addressing a total of 11 new vulnerabilities, including two considered high severity. --------------------------------------------- https://www.securityweek.com /sap-resolves-high-risk-flaws-february-2018-patches ∗∗∗ WAGO PFC200 Series ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01 ∗∗∗ Schneider Electric IGSS SCADA Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-02 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010883 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1681, CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013359 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013041 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5647) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010892 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.02.2018
by Daily end-of-shift report 13 Feb '18

13 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-02-2018 18:00 − Dienstag 13-02-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ If You Thought Ransomware was Big, Illegal Crypto-Mining May be Bigger ∗∗∗ --------------------------------------------- There has been an interesting trend if you follow the daily barrage of security breaches, malware, and other .. --------------------------------------------- https://www.beyondtrust.com/blog/thought-ransomware-big-illegal-crypto-mini… ∗∗∗ Cybersecurity-Experten warnen for Valentinstags-Angeboten ∗∗∗ --------------------------------------------- Der Valentinstag am 14. Februar wird von Cyber-Kriminellen zum Versand von E-Mails mit gefährlichen Sonderangeboten genutzt. --------------------------------------------- https://futurezone.at/digital-life/cybersecurity-experten-warnen-for-valent… ∗∗∗ Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Microsoft Office Professional Plus 2016 and Office 365 ProPlus 2016 apps. There are no changes from the draft .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2018/02/13/security-baseline-f… ∗∗∗ Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins ∗∗∗ --------------------------------------------- On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks .. --------------------------------------------- https://blog.sucuri.net/2018/02/unwanted-popups-caused-injectbody-injectscr… ∗∗∗ Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1 ∗∗∗ --------------------------------------------- Redmond extends ATP to older builds, adds third-party links Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) antivirus tool from Windows 10 to Windows 7 and 8.1. --------------------------------------------- www.theregister.co.uk/2018/02/12/microsoft_windows_atp/ ∗∗∗ Sicherheitsupdates: Gefährliche Lücken in IBM AIX und Notes ∗∗∗ --------------------------------------------- In AIX von IBM klafft eine kritische Sicherheitslücke. Darüber hinaus stopft ein Update eine Schwachstelle in Notes. --------------------------------------------- https://www.heise.de/meldung/Sicherheitsupdates-Gefaehrliche-Luecken-in-IBM… ∗∗∗ Chrome-Security-Chefin: "Wenn Flash entfernt wird, feiern wir eine Party" ∗∗∗ --------------------------------------------- Parisa Tabriz leitet die Elite-Hacker Gruppe Project Zero – sie sagt, dass Phishing eine größere Gefahr für die breite Masse als die Lücken "Meltdown" und Spectre ist --------------------------------------------- http://derstandard.at/2000073871421 ∗∗∗ Olympic Destroyer Takes Aim At Winter Olympics ∗∗∗ --------------------------------------------- This blog post is authored by Warren Mercer and Paul Rascagneres.Update 2/13 08:30 We have updated the information regarding the use of stolen credentialsUpdate 2/12 12:00: We have updated the destructor section with action taken .. --------------------------------------------- blog.talosintelligence.com/2018/02/olympic-destroyer.html ∗∗∗ Zero-Day in Telegrams Windows Client Exploited for Months ∗∗∗ --------------------------------------------- A zero-day vulnerability impacting Telegram Messenger’s Windows client had been exploited in malicious attacks for months before being discovered and addressed. read more --------------------------------------------- https://www.securityweek.com/zero-day-telegrams-windows-client-exploited-mo… ===================== = Vulnerabilities = ===================== ∗∗∗ [KDE] Plasma Desktop: Arbitrary command execution in the removable device notifier ∗∗∗ --------------------------------------------- When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, its interpreted as a shell command, leaving a possibility of arbitrary commands execution. --------------------------------------------- https://www.kde.org/info/security/advisory-20180208-2.txt ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1530 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.02.2018
by Daily end-of-shift report 12 Feb '18

12 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-02-2018 18:00 − Montag 12-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Vor allem Porno-Seiten spannen Nutzer zum Krypto-Mining ein ∗∗∗ --------------------------------------------- Laut einer aktuellen Studie enthalten mehr als 240 der beliebtesten Websites Code, der die Rechner ihre Besucher zum "Schürfen" von Kryptowährungen nutzt. --------------------------------------------- https://futurezone.at/digital-life/vor-allem-porno-seiten-spannen-nutzer-zu… ∗∗∗ Cisco Confirms Critical Firewall Software Bug Is Under Attack ∗∗∗ --------------------------------------------- Cisco has issued patches for the vulnerability, which could be up to seven years old. --------------------------------------------- http://threatpost.com/cisco-confirms-critical-firewall-software-bug-is-unde… ∗∗∗ Cryakl ransomware keys made public ∗∗∗ --------------------------------------------- The Belgian Federal Police are releasing free decryption keys for Cryakl ransomware and have become a partner with the No More Ransom Project. --------------------------------------------- https://www.scmagazine.com/cryakl-ransomware-keys-made-public/article/74332… ∗∗∗ GitHub-Account-Zombies erregen die Gemüter ∗∗∗ --------------------------------------------- Löscht ein Nutzer seinen Account bei GitHub, wird der Name sofort wieder für neue Nutzer frei. Das können Kriminelle missbrauchen, um über die Entwicklerseite Malware zu verteilen. Entwickler sollten Accounts daher lieber downgraden statt löschen. --------------------------------------------- https://www.heise.de/security/meldung/GitHub-Account-Zombies-erregen-die-Ge… ∗∗∗ Equifax-Hack betrifft noch mehr Daten als bisher bekannt ∗∗∗ --------------------------------------------- In einem Papier an den Bankenausschuss des US-Senats räumt Equifax ein, dass bei dem spektakulären Hack im September 2017 noch mehr Daten abgegriffen wurden als bisher zugegeben. Zusätzlich betroffen waren Steuernummern und Angaben im Führerschein. --------------------------------------------- https://www.heise.de/security/meldung/Equifax-Hack-betrifft-noch-mehr-Daten… ∗∗∗ Italienische Kryptobörse ausgeraubt: BitGrail fehlen 140 Millionen Euro ∗∗∗ --------------------------------------------- Diebe erbeuteten 17 Millionen sogenannte "Nano". BitGrail setzte den Handel vorerst aus. Die Polizei ermittelt. --------------------------------------------- https://www.heise.de/security/meldung/Italienische-Kryptoboerse-ausgeraubt-… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (go, go-pie, and plasma-workspace), Debian (audacity, exim4, libreoffice, librsvg, ruby-omniauth, tomcat-native, and uwsgi), Fedora (tomcat-native), Gentoo (virtualbox), Mageia (kernel), openSUSE (freetype2, ghostscript, jhead, and libxml2), and SUSE (freetype2 and kernel). --------------------------------------------- https://lwn.net/Articles/747120/rss ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the diagnostic shell for Cisco IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell.The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ BlackBerry powered by Android Security Bulletin - February 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ DSA-4110 exim4 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4110 ∗∗∗ DSA-4111 libreoffice - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4111 ∗∗∗ DFN-CERT-2018-0286: Oracle MySQL Community Server: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0286/ ∗∗∗ IBM Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012395 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013351 ∗∗∗ VMSA-2018-0007 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0007.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.02.2018
by Daily end-of-shift report 09 Feb '18

09 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-02-2018 18:00 − Freitag 09-02-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Free Decryption Tool Released for Cryakl Ransomware ∗∗∗ --------------------------------------------- Belgian Federal Police together with Kaspersky Lab have released a free decryption tool for some versions of the Cryakl ransomware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/free-decryption-tool-release… ∗∗∗ X.509 Certificates Can Be Abused for Data Exfiltration ∗∗∗ --------------------------------------------- Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected. --------------------------------------------- https://www.bleepingcomputer.com/news/security/x-509-certificates-can-be-ab… ∗∗∗ Verschlüsselung: Github testet Abschaltung alter Krypto ∗∗∗ --------------------------------------------- Github-Nutzer sollten ihre Clients auf Kompatibilität prüfen: Ab dem 22. Februar werden alte TLS-Versionen und einige Diffie-Hellman-Gruppen deaktiviert. Am Donnerstagabend wurde die Abschaltung schon einmal getestet. --------------------------------------------- https://www.golem.de/news/verschluesselung-github-testet-abschaltung-alter-… ∗∗∗ Living in a Smart Home ∗∗∗ --------------------------------------------- In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results. --------------------------------------------- https://www.schneier.com/blog/archives/2018/02/living_in_a_sma.html ∗∗∗ WannaMine: Cryptocurrency Mining Malware That Uses An NSA Exploit ∗∗∗ --------------------------------------------- The recent months have seen an increase in cyberattacks using cryptocurrency-mining tools, which has now become one of the main security threats. --------------------------------------------- https://www.techworm.net/2018/02/wannamine-cryptocurrency-mining-malware-us… ∗∗∗ Einige Netgear-Router lassen sich mit simplem URL-Trick übernehmen ∗∗∗ --------------------------------------------- In vielen Routern von Netgear klaffen Sicherheitslücken, die Angreifern mitunter Tür und Tor öffnen können. Updates schaffen Abhilfe. --------------------------------------------- https://www.heise.de/security/meldung/Einige-Netgear-Router-lassen-sich-mit… ∗∗∗ WordPress 4.9.3 schießt automatische Update-Funktion ab ∗∗∗ --------------------------------------------- Die WordPress-Ausgabe 4.9.3 hat zwar in erster Linie Bugs gefixt, aber auch einen neuen mitgebracht: Die automatische Aktualisierung funktioniert nicht mehr. Eine neue Version löst das Problem. --------------------------------------------- https://www.heise.de/security/meldung/WordPress-4-9-3-schiesst-automatische… ∗∗∗ Spectre-2-Lücke: Intel verspricht Updates auch für ältere Prozessoren ∗∗∗ --------------------------------------------- Für Skylake-Prozessoren, zahlreiche Atoms und damit verwandte Celerons gibt es nun wieder Microcode-Updates – zunächst nur für OEM-Partner; doch Intel will auch ältere Prozessoren patchen. --------------------------------------------- https://www.heise.de/security/meldung/Spectre-2-Luecke-Intel-verspricht-Upd… ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-02) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 13, 2018. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1527 ∗∗∗ DSA-4108 mailman - security update ∗∗∗ --------------------------------------------- Calum Hutton and the Mailman team discovered a cross site scripting andinformation leak vulnerability in the user options page. A remoteattacker could use a crafted URL to steal cookie information or tofish for whether a user is subscribed to a list with a private roster. --------------------------------------------- https://www.debian.org/security/2018/dsa-4108 ∗∗∗ Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro ∗∗∗ --------------------------------------------- Sonatype Nexus Repository Manager OSS/Pro is affected by multiple cross-site scripting vulnerabilities (both reflected and stored) in both version 2 and 3 of the product which could be used by an attacker to execute JavaScript code in the user’s browser. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scriptin… ∗∗∗ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗ --------------------------------------------- Abstract: NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. This release does not contain any new features. --------------------------------------------- https://download.novell.com/Download?buildid=MtsbTyzebZw~ ∗∗∗ JRE vulnerability CVE-2012-5081 ∗∗∗ --------------------------------------------- JRE vulnerability CVE-2012-5081. Security Advisory. Security Advisory Description. Unspecified vulnerability in the Java ... --------------------------------------------- https://support.f5.com/csp/article/K21018505 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (clamav), Debian (mailman, mpv, and simplesamlphp), Fedora (tomcat-native), openSUSE (docker, docker-runc, containerd,, kernel, mupdf, and python-mistune), Red Hat (kernel), and Ubuntu (mailman and postgresql-9.3, postgresql-9.5, postgresql-9.6). --------------------------------------------- https://lwn.net/Articles/746988/rss ∗∗∗ DFN-CERT-2018-0278: Nextcloud Server: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0278/ ∗∗∗ IBM Security Bulletin: IBM i is affected by GSKIT vulnerability CVE-2018-1388 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022451 ∗∗∗ IBM Security Bulletin: Vulnerability impacts AIX and VIOS (CVE-2018-1383) ∗∗∗ --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc ∗∗∗ IBM Security Bulletin: Open Source Apache CXF Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12624) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013336 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.02.2018
by Daily end-of-shift report 08 Feb '18

08 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-02-2018 18:00 − Donnerstag 08-02-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ HTTPS: Viele Webseiten nutzen alte Symantec-Zertifikate ∗∗∗ --------------------------------------------- In Kürze wird Chrome vielen alten Symantec-Zertifikaten nicht mehr trauen, eine Testversion zeigt schon jetzt Warnmeldungen. Doch viele Seiten haben noch nicht umgestellt - darunter auch prominente Seiten wie Wechat oder Spiegel Online. --------------------------------------------- https://www.golem.de/news/https-viele-webseiten-nutzen-alte-symantec-zertif… ∗∗∗ Gefälschte card complete-Sicherheitsmitteilung ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte card complete-Sicherheitsmitteilung. Darin behaupten sie, dass das Unternehmen "einige Informationen von Ihnen (braucht) , Einloggen und aktualisieren Sie Ihr Konto". Empfänger/innen dürfen der Aufforderung nicht nachkommen, denn andernfalls übermitteln sie ihre Kreditkartendaten an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1%5bnews%5d=301… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (django-anymail, libtasn1-6, and postgresql-9.1), Fedora (w3m), Mageia (389-ds-base, gcc, libtasn1, and p7zip), openSUSE (flatpak, ImageMagick, libjpeg-turbo, libsndfile, mariadb, plasma5-workspace, pound, and spice-vdagent), Oracle (kernel), Red Hat (flash-plugin), SUSE (docker, docker-runc, containerd, golang-github-docker-libnetwork and kernel), and Ubuntu (libvirt, miniupnpc, and QEMU). --------------------------------------------- https://lwn.net/Articles/746915/rss ===================== = Vulnerabilities = ===================== ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1761) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012416 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012829 ∗∗∗ IBM Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013053 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.02.2018
by Daily end-of-shift report 07 Feb '18

07 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-02-2018 18:00 − Mittwoch 07-02-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A Flaw In Hotspot Shield Can Expose VPN Users, Locations ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from ZDNet: A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy. Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/zRG3hEa7Tro/a-flaw-in-hotsp… ===================== = Vulnerabilities = ===================== ∗∗∗ Update: "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches nun verfügbar ∗∗∗ --------------------------------------------- Update: 7. Februar 2018 Adobe hat nun ein entsprechendes Update veröffentlicht, die Details finden sich unter https://helpx.adobe.com/security/products/flash-player/apsb18-03.html --------------------------------------------- http://www.cert.at/warnings/all/20180201.html ∗∗∗ Vyaire Medical CareFusion Upgrade Utility Vulnerability ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for an uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01 ∗∗∗ Bugtraq: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip ∗∗∗ --------------------------------------------- Business recommendation: InfoZip Unzip should be updated to the latest available version. --------------------------------------------- http://www.securityfocus.com/archive/1/541753 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (mpv), Fedora (jackson-databind), Mageia (flash-player-plugin), Slackware (kernel), and Ubuntu (python-django). --------------------------------------------- https://lwn.net/Articles/746787/rss ∗∗∗ Cisco Enterprise License Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco UCS Central Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Spark Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Firepower System Software BitTorrent File Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite RADIUS Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Network TCP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Six Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Two Vulnerabilities in the SIP Module of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Two Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the GPU Driver of Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-… ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1401) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22013097 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008892 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Server Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012410 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Struts Affect IBM Emptoris Contract Management and IBM Emptoris Spend (CVE-2016-1181,CVE-2016-1182) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013334 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012609 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Insufficient Authorization Checks vulnerability (CVE-2018-1368 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013302 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012605 ∗∗∗ IBM Security Bulletin:Vulnerability in Apache Poi Affects IBM Emptoris Sourcing and IBM Emptoris Contract Management (CVE-2017-5644) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012515 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.02.2018
by Daily end-of-shift report 06 Feb '18

06 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-02-2018 18:00 − Dienstag 06-02-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Research papers and Youtube videos from BlueHat Israel 2018 ∗∗∗ --------------------------------------------- http://www.bluehatil.com/abstracts.html ∗∗∗ European Cyber Security Month ECSM 2017 deployment report ∗∗∗ --------------------------------------------- ENISA is today pleased to publish the ‘European Cyber Security Month deployment report’, a summary of the activities carried out throughout ECSM 2017 by the Agency and participating Member States. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/european-cyber-security-month-e… ∗∗∗ Strong cybersecurity culture as efficient firewall for organisations ∗∗∗ --------------------------------------------- ENISA’s Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/strong-cybersecurity-culture-as… ∗∗∗ Krypto-Miner schlich über Download-Verzeichnis MacUpdate auf Macs ∗∗∗ --------------------------------------------- Mac-Nutzer, die beliebte Software wie etwa den Browser Firefox über MacUpdate heruntergeladen haben, handelten sich dadurch unter Umständen Malware ein. --------------------------------------------- https://www.heise.de/meldung/Krypto-Miner-schlich-ueber-Download-Verzeichni… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available for Adobe Flash Player (APSB18-03) ∗∗∗ --------------------------------------------- https://blogs.adobe.com/psirt/?p=1522 ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a common separated value (CSV) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012674 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM JRE affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013271 ∗∗∗ February 2018 ∗∗∗ --------------------------------------------- https://source.android.com/security/bulletin/2018-02-01.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.02.2018
by Daily end-of-shift report 05 Feb '18

05 Feb '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-02-2018 18:00 − Montag 05-02-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Safer Internet Day ∗∗∗ --------------------------------------------- February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/02/05/Safer-Internet-Day ===================== = Vulnerabilities = ===================== ∗∗∗ New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices ∗∗∗ --------------------------------------------- Two new WD My Cloud vulnerabilities have been identified, adding to last month’s bevy of security bugs. --------------------------------------------- http://threatpost.com/new-western-digital-my-cloud-bugs-give-local-attacker… ∗∗∗ NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗ --------------------------------------------- NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3). The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. --------------------------------------------- https://download.novell.com/Download?buildid=MtsbTyzebZw~ ∗∗∗ Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2018-0235/">Django: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Eine Schwachstelle in Django ermöglicht einem entfernten, nicht authentisierten Angreifer Informationen zu berechtigten Benutzern auszuspähen. Der Hersteller hat Django 2.0.2 und 1.11.10 als Security Releases veröffentlicht und stellt Patches für den Master Branch und die Releases Branches 2.0 und 1.11 zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0235/ ∗∗∗ DFN-CERT-2018-0234/">7-Zip: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Angriff durchzuführen (Out-of-bounds Write) oder möglicherweise mit Hilfe eines präparierten ZIP-Archivs beliebigen Programmcode zur Ausführung bringen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0234/ ∗∗∗ Update: Kritische Sicherheitslücke in Cisco ASA Software - Patches verfügbar ∗∗∗ --------------------------------------------- Update: 5. Februar 2018 Cisco hat bekanntgegeben, dass im Zuge interner Untersuchungen noch weitere Lücken gefunden wurden, sowie dass die bisher veröffentlichten gefixten Versionen Fehler enthalten. --------------------------------------------- http://www.cert.at/warnings/all/20180130.html ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dokuwiki and p7zip), Fedora (kernel, pdns, rsync, and webkitgtk4), openSUSE (chromium and translate-toolkit), Red Hat (jboss-ec2-eap and Red Hat Satellite 6), Slackware (php), and SUSE (bind and firefox). --------------------------------------------- https://lwn.net/Articles/746568/rss ∗∗∗ IBM Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013054 ∗∗∗ IBM Security Bulletin: API Connect Developer Portal is affected by authenticated user access to sensitive information vulnerability (CVE-2017-1785) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013061 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013153 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1026841 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025910 ∗∗∗ IBM Security Bulletin: October 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011818 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily