Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 27.11.2017
by Daily end-of-shift report 27 Nov '17

27 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-11-2017 18:00 − Montag 27-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Mobile Menace Monday: Chrome declares war on unwanted redirects ∗∗∗ --------------------------------------------- Google is initiating their plan to implement a few new changes in Chrome to defend against unwanted web redirects. A redirect happens when a different website from the URL that was entered opens in the browser. Sometimes redirects are intentional, as in when an organization/website is bought out by another entity and their traffic is redirected to the new owner. However, sometimes redirects are malicious and unwanted. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/11/chrome-declares-war-unwant… ===================== = Vulnerabilities = ===================== ∗∗∗ [Pdns-announce] PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 Available ∗∗∗ --------------------------------------------- We're happy to release PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 which contain a lot of backports from the 4.1.x branch. These releases also drop support for Botan 1.10 in favor of Botan 2.x. More importantly there are fixes for the following security advisories: - Authoritative Server - PowerDNS Security Advisory 2017-04[1]: Missing check on API operations (CVE-2017-15091) - Recursor - PowerDNS Security Advisory 2017-03[2]: Insufficient validation of DNSSEC signatures (CVE-2017-15090) - PowerDNS Security Advisory 2017-05[3]: Cross-Site Scripting in the web interface (CVE-2017-15092) - PowerDNS Security Advisory 2017-06[4]: Configuration file injection in the API (CVE-2017-15093) - PowerDNS Security Advisory 2017-07[5]: Memory leak in DNSSEC parsing (CVE-2017-15094) --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2017-November/001077.h… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Mailserver-Software Exim - Workaround verfügbar ∗∗∗ --------------------------------------------- Das Exim-Projekt hat am 25. 11. 2017 Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Details: Durch Ausnutzen eines Use-after-free Fehlers können Angreifer potentiell beliebigen Code auf betroffenen Mailservern ausführen. CVE-Nummern dazu: CVE-2017-16943, CVE-2017-16944 --------------------------------------------- http://www.cert.at/warnings/all/20171127.html ∗∗∗ Security Advisory - Improper Access Control Vulnerability in Some Huawei OceanStor products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171122-… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-… ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Samba vulnerability affects IBM SONAS (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010656 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-15906 in OpenSSH affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022349 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-14919 in Node.js affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022348 ∗∗∗ IBM Security Bulletin: Vulnerability in curl affects IBM Chassis Management Module (CVE-2017-7407) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099640 ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP affect IBM Chassis Management Module ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099639 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.11.2017
by Daily end-of-shift report 24 Nov '17

24 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-11-2017 18:00 − Freitag 24-11-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Treat infosec fails like plane crashes – but hopefully with less death and twisted metal ∗∗∗ --------------------------------------------- We never learn from incidents, says Europol security adviser The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/24/infosec_dis… ∗∗∗ VB2017 video: FinFisher: New techniques and infection vectors revealed ∗∗∗ --------------------------------------------- Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/11/vb2017-video-finfisher-new-t… ∗∗∗ 31 lückenhafte Banking-Apps: Forscher entlarven App-TAN-Verfahren abermals als unsicher ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen eine nicht ganz triviale Methode auf, über die Angreifer Online-Banking-Apps manipulieren könnten. Auch in Deutschland sind Banken betroffen. --------------------------------------------- https://heise.de/-3900945 ∗∗∗ Gefälschte BAWAG PSK-Sicherheits-App im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte BAWAG PSK-E-Mail. Darin fordern sie von Kund/innen, dass diese eine Sicherheits-App installieren. Sie ist Schadsoftware und ermöglicht es den Betrüger/innen, Zugriff auf das OnlineBanking-Konto ihrer Opfer zu erlangen. Kund/innen dürfen die angebliche Sicherheits-App nicht installieren. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-bawag-psk-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Lancom: Wichtiges LCOS-Update stopft Sicherheitslücke ∗∗∗ --------------------------------------------- Die aktuelle Version von Lancoms Betriebssoftware für Router, Access Points und Switches beseitigt eine Sicherheitslücke, die Angreifern bei bestimmten Firmware-Versionen Zugriff auf Verwaltungsfunktionen ermöglicht. --------------------------------------------- https://www.heise.de/newsticker/meldung/Lancom-Wichtiges-LCOS-Update-stopft… ∗∗∗ FortiOS: Updates schützen unter anderem vor Cross-Site-Scripting ∗∗∗ --------------------------------------------- Fortinet warnt vor einer Lücke in seinem Betriebssystem FortiOS für FortiGate-Produkte. Einige Updates stehen schon bereit; weitere folgen in Kürze. --------------------------------------------- https://heise.de/-3901201 ∗∗∗ DFN-CERT-2017-2115/">OTRS: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebiger Kommandozeilenbefehle ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2115/ ∗∗∗ DFN-CERT-2017-2119/">FortiGate: Eine Schwachstelle ermöglicht u.a. einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2119/ ∗∗∗ IBM Security Bulletin: OpenSSL command line utility in IBM Workload Scheduler can run with elevated priviliges (CVE-2017-1716) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010947 ∗∗∗ SSA-346262 (Last Update 2017-11-23): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2017
by Daily end-of-shift report 23 Nov '17

23 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-11-2017 18:00 − Donnerstag 23-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Amazon Key Bug Lets Rogue Deliverymen Re-Enter Homes Without Being Recorded ∗∗∗ --------------------------------------------- A month after Amazon launched Amazon Key, security experts have already identified a flaw in the devices mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded. --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-key-bug-lets-rogue-de… ∗∗∗ Firefox Nightly Build 58: Firefox warnt künftig vor Webseiten mit Datenlecks ∗∗∗ --------------------------------------------- Im Nightly Build 58 testet Mozillaeinige neue Funktionen: So sollen Nutzer bald personalisierte Artikelvorschläge von Pocket bekommen. Außerdem werden Nutzer womöglich bald vor Webseiten gewarnt, die im großen Stil Nutzerdaten verloren haben. --------------------------------------------- https://www.golem.de/news/firefox-nightly-build-58-firefox-warnt-kuenftig-v… ∗∗∗ systemd Vulnerability Leads to Denial of Service on Linux ∗∗∗ --------------------------------------------- Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a DNS server controlled by the attackers. The DNS server would then return a specially crafted .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerab… ∗∗∗ Advisory: Turla group malware ∗∗∗ --------------------------------------------- This report provides new intelligence derived from NCSC investigations into two tools used by the Turla group to target the UK, known as Neuron and Nautilus. --------------------------------------------- https://www.ncsc.gov.uk/alerts/turla-group-malware ∗∗∗ Erpressungstrojaner qkG manipuliert Word-Template zur weiteren Verbreitung ∗∗∗ --------------------------------------------- Sicherheitsforscher sind auf eine neue Ransomware gestoßen, die es vorrangig auf Word-Nutzer abgesehen hat. --------------------------------------------- https://heise.de/-3899132 ∗∗∗ Mac-Malware Proton gibt sich als "Symantec Malware Detector" aus ∗∗∗ --------------------------------------------- Getarnt als Malware-Erkennung wurde der Mac-Trojaner über ein vermeintliches Symantec-Blog vertrieben. Eine über soziale Netze verbreitete Falschmeldung soll Nutzer zur Installation bringen. --------------------------------------------- https://heise.de/-3900056 ∗∗∗ Schwerer Bug erlaubt, macOS via USB-Stick zu knacken ∗∗∗ --------------------------------------------- Apple hat Fehler bereits geschlossen – Reparaturwerkzeug als Angriffspunkt --------------------------------------------- http://derstandard.at/2000068349782 ===================== = Vulnerabilities = ===================== ∗∗∗ FortiWebManager 5.8.0 improperly handles admin login access ∗∗∗ --------------------------------------------- FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-248 ∗∗∗ TablePress <= 1.8 - Authenticated XML External Entity (XXE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8963 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in sudo. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099647 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099663 ∗∗∗ IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099674 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2017
by Daily end-of-shift report 22 Nov '17

22 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-11-2017 18:00 − Mittwoch 22-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verbraucherschutz: Sportuhr-Hersteller gehen unsportlich mit Daten um ∗∗∗ --------------------------------------------- Herzfrequenz und Schlafphasen: Apple, Garmin und andere Hersteller von Sportuhren und Fitnesstrackern speichern auf ihren Portalen sehr persönliche Nutzerdaten. Bei einem Praxistest sind nur zwei Hersteller korrekt mit dem Auskunftsrecht des Kunden umgegangen. --------------------------------------------- https://www.golem.de/news/verbraucherschutz-sportuhr-hersteller-gehen-unspo… ∗∗∗ Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability ∗∗∗ --------------------------------------------- Intel recently released a security advisory detailing several security flaws in its Management Engine (ME). The advisory provides critical ME, Trusted Execution Technology (TXT), and Server Platform Services (SPS) firmware .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-cve-2… ∗∗∗ Sicherheitslücke in HP-Druckern – Firmware-Updates stehen bereit ∗∗∗ --------------------------------------------- Unter Verwendung spezieller Malware können Angreifer aus der Ferne auf Drucker von HP zugreifen und dort unter anderem gerätespezifische Befehle ausführen. Der Hersteller hat Updates bereitgestellt und empfiehlt die umgehende Aktualisierung. --------------------------------------------- https://heise.de/-3897679 ∗∗∗ Deutsche Behörde: Staat muss digital zurückschlagen können ∗∗∗ --------------------------------------------- In der Schweiz erlaubte "Hackbacks" als Beispiel genannt --------------------------------------------- http://derstandard.at/2000068302436 ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-17-927: Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-927/ ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009782 ∗∗∗ RSA Authentication Manager Input Validation Flaw in Security Console Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039853 ∗∗∗ USN-3489-2: Berkeley DB vulnerability ∗∗∗ --------------------------------------------- http://www.ubuntu.com/usn/usn-3489-2/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2017
by Daily end-of-shift report 21 Nov '17

21 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 20-11-2017 18:00 − Dienstag 21-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSL Certificate Provider StartCom Shuts Down After Browser Ban ∗∗∗ --------------------------------------------- Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ssl-certificate-provider-sta… ∗∗∗ Factsheet Building a SOC: start small ∗∗∗ --------------------------------------------- An increasingly common way to achieve visibility and control of information security is to implement a Security Operations Centre (SOC). In order for a SOC to function successfully, it must be tied in with the business processes. This makes building a SOC .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/factsheets/factsheet-building-a-… ∗∗∗ The Art of Fuzzing – Slides and Demos ∗∗∗ --------------------------------------------- Over the last weeks I presented talks on the topic of fuzzing at conferences such as DefCamp, Heise Dev Sec, IT-SeCX and BSides Vienna. As promised, I make my slides and demos available to the public with this blog post . --------------------------------------------- https://www.sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-d… ∗∗∗ Kritische Sicherheitslücke: Traffic von F5 BIG-IP-Appliances lässt sich entschlüsseln ∗∗∗ --------------------------------------------- Firewalls, Load-Balancer und andere BIG-IP-Systeme sind anfällig für einen Angriff, bei dem dritte den verschlüsselten SSL-Traffic zwischen Client und Appliance abhören können. Admins, die solche Systeme im Einsatz haben .. --------------------------------------------- https://heise.de/-3895060 ∗∗∗ Intel stopft neue Sicherheitslücken der Management Engine (SA-00086) ∗∗∗ --------------------------------------------- Intels Security Advisory SA-00086 beschreibt mehrere Fehler in der Firmware der Management Engine (ME 11.0 bis 11.7), in Trusted Execution Engine 3.0 und in den Server Platform Services (SPS 4.0). --------------------------------------------- https://heise.de/-3895175 ∗∗∗ OSX.Proton spreading through fake Symantec blog ∗∗∗ --------------------------------------------- A new variant of the OSX.Proton malware is being promoted via a fake Symantec blog site. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/o… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren ∗∗∗ --------------------------------------------- Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren 21. November 2017 Beschreibung Wie Intel meldet (INTEL-SA-00086), gibt es aktuell mehrere Schwachstellen in Systemen mit .. --------------------------------------------- http://www.cert.at/warnings/all/20171121.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-07: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities .. --------------------------------------------- https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framewo… ∗∗∗ Samba: Use-after-free vulnerability ∗∗∗ --------------------------------------------- All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-14746.html ∗∗∗ Samba: Server heap memory information leak ∗∗∗ --------------------------------------------- All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-15275.html ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009696 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010685 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2017
by Daily end-of-shift report 20 Nov '17

20 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-11-2017 18:00 − Montag 20-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Defining and securing the Internet of Things: ENISA publishes a study on how to face cyber threats in critical information infrastructures ∗∗∗ --------------------------------------------- The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments. The ENISA report was developed in cooperation with the ENISA IoT Security Experts Group and additional key stakeholders. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/defining-and-securing-the-inter… ∗∗∗ New Open-Source IDS Tools ∗∗∗ --------------------------------------------- On November 16, 2017, [Dell] Secureworks released two open-source tools: Flowsynth and Dalton. These tools allow analysts to easily create and test network packet captures against IDS engines such as Suricata and Snort. --------------------------------------------- https://www.secureworks.com/blog/new-open-source-ids-tools ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2081/">Procmail: Eine Schwachstelle ermöglicht u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Eine Schwachstelle in 'procmail' ermöglicht einem entfernten, nicht authentisierten Angreifer die Durchführung eines Denial-of-Service (DoS)-Angriffes oder möglicherweise die Ausführung beliebigen Programmcodes. Voraussetzung ist, dass das Opfer eine schädlich präparierte Email-Nachricht des Angreifers öffnet. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2081/ ∗∗∗ DFN-CERT-2017-2085/">Moodle: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer kann eine Schwachstelle in Moodle ausnutzen, um Informationen über Kursteilnehmer auszuspähen oder zu erraten. Moodle stellt die Versionen 3.1.9, 3.2.6, 3.3.3 und 3.4 als Sicherheitsupdates zur Behebung der Schwachstelle zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2085/ ∗∗∗ Helping to Secure your PostgreSQL Database ∗∗∗ --------------------------------------------- But what about properly securing your PostgreSQL database? There are many ways you can go about securing a PostgreSQL database. Im going to highlight a few tips that I feel are important and essential to preventing unauthorized access into your data environment. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Helping-to-Secure-your-… ∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗ --------------------------------------------- On October 16, 2017, an article titled "Key Reinstallation Attacks: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was released, which mentioned multiple security vulnerabilities in protocols Wi-Fi Protected Access (WPA) and WPA2. The researcher had reported some of these vulnerabilities to Huawei before disclosing them. Huawei immediately launched investigation and carried out technical communication with the researcher. At present, the products that are affected by vulnerabilities include Android-based Huawei smart phone and Huawei smart home products (Huawei smart router, Honor smart router and Honor TV Box). --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-… ∗∗∗ SSA-689071 (Last Update 2017-11-17): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M800 and SCALANCE S615 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-689071… ∗∗∗ OpenSSH vulnerability CVE-2017-15906 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K89621551 ∗∗∗ Vuln: Varnish Cache CVE-2017-8807 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101886 ∗∗∗ Symantec Management Console Directory Traversal ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ FortiWeb Stored XSS vulnerability on webUI certificate view page ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-131 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008478 ∗∗∗ IBM Security Bulletin: IBM Tivoli Monitoring is affected by a vulnerability in its internal web server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010554 ∗∗∗ IBM Security Bulletin: An unspecified vulnerability in Oracle Java SE affects IBM Algo One Algo Risk Application (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009930 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Algo One – Core (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009138 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Modeler ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010687 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5664) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009583 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5648) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004763 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-12163) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010785 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010746 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010740 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010745 ∗∗∗ IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Storwize V7000 Unified (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010731 ∗∗∗ IBM Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22006357 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2017-15906) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.11.2017
by Daily end-of-shift report 17 Nov '17

17 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-11-2017 18:00 − Freitag 17-11-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Projekthoster: Github zeigt Sicherheitswarnungen für Projektabhängigkeiten ∗∗∗ --------------------------------------------- Vor wenigen Wochen hat der Projekthoster Github ein Werkzeug vorgestellt, das die Abhängigkeiten eines Projekts besser darstellen soll. Das Konzept wird nun um Sicherheitshinweise und Warnungen erweitert, was die Pflege deutlich erleichtern sollte. --------------------------------------------- https://www.golem.de/news/projekthoster-github-zeigt-sicherheitswarnungen-f… ∗∗∗ Here’s How To Get Solid Browser Security [Update 2017] ∗∗∗ --------------------------------------------- Of all the threats out there, browser security is often forgotten. This is tragic because browsers are a favorite target for malicious hackers. They’re the main way you interact with the Internet. You Google things, you visit blogs, buy online, pay your bills or browse Facebook. If a malicious hacker breaks in, he will find everything about [...] --------------------------------------------- https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/ ∗∗∗ Terdot banking trojan targets social media and email in addition to financial services ∗∗∗ --------------------------------------------- The Terdot banking trojan not only steals credit card information and login credentials for online financial services, but it also intercepts and modifies traffic on social media and email platforms, according to Bitdefender. --------------------------------------------- https://www.scmagazine.com/terdot-banking-trojan-targets-social-media-and-e… ∗∗∗ New White House Announcement on the Vulnerability Equities Process ∗∗∗ --------------------------------------------- The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet, but the best place to start is Cybersecurity Coordinator Rob Joyces blog post. --------------------------------------------- https://www.schneier.com/blog/archives/2017/11/new_white_house_1.html ∗∗∗ Oracle scrambles to sew up horrid security holes in PeopleSofts Tuxedo ∗∗∗ --------------------------------------------- Nothing like unauthd hijacking, Heartbleed-style bugs to patch ASAP Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/16/oracle_peop… ∗∗∗ US-CERT: Security Tip (ST17-001) Securing the Internet of Things ∗∗∗ --------------------------------------------- The Internet of Things is becoming an important part of everyday life. Being aware of the associated risks is a key part of keeping your information and devices secure. --------------------------------------------- https://www.us-cert.gov/ncas/tips/ST17-001 ∗∗∗ Over 530 cyber-activities during fifth edition of European Cyber Security Month ∗∗∗ --------------------------------------------- The 2017 European Cyber Security Month (ECSM) has ended. This was the fifth consecutive edition of the awareness campaign put together by the EU Cybersecurity Agency ENISA, the EU Commission’s DG CONNECT and their partners. ... During the month of October, some 530 activities such as conferences, workshops, seminars and online courses took place across Europe, --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/over-530-cyber-activities-durin… ∗∗∗ Supplementing Windows Audit, Alerting, and Remediation with PowerShell [PDF] ∗∗∗ --------------------------------------------- This paper outlines the use of PowerShell to supplement audit, alerting, and remediation platform for Windows environments. This answers the question of why use PowerShell for these purposes. Several examples of using PowerShell are included to start the thought process on why PowerShell should be the security multi-tool of first resort. Coverage includes how to implement these checks in a secure, automatable way. --------------------------------------------- https://www.sans.org/reading-room/whitepapers/assurance/supplementing-windo… ∗∗∗ Beware Catphishing attacks targeting the hearts of security pros ∗∗∗ --------------------------------------------- Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated. --------------------------------------------- https://www.scmagazineuk.com/beware-catphishing-attacks-targeting-the-heart… ∗∗∗ Zehn Sicherheitslücken in Wiki-Software MediaWiki ∗∗∗ --------------------------------------------- Neue MediaWiki-Versionen schützen darauf aufsetzende Wikis unter anderem effektiver vor Brute-Force-Attacken. --------------------------------------------- https://heise.de/-3892250 ===================== = Vulnerabilities = ===================== ∗∗∗ BIG-IP SSL vulnerability CVE-2017-6168 ∗∗∗ --------------------------------------------- A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. --------------------------------------------- https://support.f5.com/csp/article/K21905460 ∗∗∗ Moxa NPort 5110, 5130, and 5150 ∗∗∗ --------------------------------------------- This advisory contains mitigation details for injection, information exposure, and resource exhaustion vulnerabilities in Moxa's NPort 5110, 5130, and 5150. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01 ∗∗∗ Siemens SICAM ∗∗∗ --------------------------------------------- This advisory contains mitigation details for missing authentication for critical function, cross-site scripting, and code injection vulnerabilities in the Siemens SICAM products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-02 ∗∗∗ VMSA-2017-0019 ∗∗∗ --------------------------------------------- NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0019.html ∗∗∗ VMSA-2017-0018 ∗∗∗ --------------------------------------------- VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0018.html ∗∗∗ VU#817544: Windows 8.0 and later fail to properly randomize all applications if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/817544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541543 ∗∗∗ DFN-CERT-2017-2068: Jenkins Plugin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2068/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009204 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010329 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010744 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010742 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SONAS (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010747 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010321 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data. (CVE-2017-1484) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010103 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010671 ∗∗∗ IBM Security Bulletin: IBM DataQuant is affected by an Open Source Apache Poi vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010565 ∗∗∗ IBM Security Bulletin: Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-2619) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010689 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2017
by Daily end-of-shift report 16 Nov '17

16 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-11-2017 18:00 − Donnerstag 16-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Suspicious Domains Tracking Dashboard, (Thu, Nov 16th) ∗∗∗ --------------------------------------------- Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how can we detect potentially malicious DNS activity if domains are not (yet) present in a blacklist? The typical case is DGAs of Domain Generation Algorithm used by some malware families. --------------------------------------------- https://isc.sans.edu/diary/rss/23046 ∗∗∗ Microsoft DDE protocol based malware attacks ∗∗∗ --------------------------------------------- Introduction: Over the past few weeks, there have been several reports about the Microsoft Dynamic Data Exchange (DDE) vulnerability. To no ones surprise, hackers have been quick to exploit this vulnerability to spread malware through rigged Microsoft Word documents. In this same timeframe, the Zscaler ThreatLabZ team has seen a number of these malicious documents using the DDE vulnerability to download and execute malware. Most of the payloads we saw were Remote Access Trojans (RATs) [...] --------------------------------------------- https://www.zscaler.com/blogs/research/microsoft-dde-protocol-based-malware… ∗∗∗ Quad9: Datenschutzfreundliche Alternative zum Google-DNS ∗∗∗ --------------------------------------------- Wer Google nicht wesentliche Teile seines Surfverhaltens anvertrauen möchte, kann ab sofort auf einen alternativen DNS-Dienst ausweichen: 9.9.9.9 statt 8.8.8.8. Doch auch dort gibt es Besonderheiten. --------------------------------------------- https://www.heise.de/newsticker/meldung/Quad9-Datenschutzfreundliche-Altern… ∗∗∗ Ciscos Voice Operating System ist empfänglich für Angreifer ∗∗∗ --------------------------------------------- Angreifer könnten die Kontrolle über Cisco-Geräte mit Voice Operating System an sich reißen. Sicherheitsupdates schließen diese und weitere Lücken in anderen Produkten. --------------------------------------------- https://heise.de/-3891402 ∗∗∗ Sharp rise in fileless attacks evading endpoint security ∗∗∗ --------------------------------------------- A new Ponemon Institute survey of 665 IT and security leaders finds that over-reliance on traditional endpoint security is leaving organizations exposed to significant risk. 54 percent of respondents said their company experienced a successful attack. Of those respondents, 77 percent were victim to fileless attack or exploit. "This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations." said Dr. Larry Ponemon [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/11/16/fileless-attacks-evading-endpoin… ===================== = Vulnerabilities = ===================== ∗∗∗ Update: Kritische Lücke in Microsoft Office ermöglicht Remote Code Execution ∗∗∗ --------------------------------------------- Researcher haben eine schwerwiegende Sicherheitslücke in Microsoft Office entdeckt. Beschreibung Wenn ein Benutzer eine speziell präparierte Datei im Microsoft Excel-Format oder Microsoft Word-Format öffnet, kann in Folge ein Angreifer beliebigen Code, mit den Rechten des angemeldeten Benutzers, auf dem System ausführen. Die Schwachstelle basiert auf der Verwendung von [...] --------------------------------------------- http://www.cert.at/warnings/all/20171011.html ∗∗∗ Security Patch Compliance does not take effect on an activated Android device ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Bugtraq: CA20171114-01: Security Notice for CA Identity Governance ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541530 ∗∗∗ Yoast SEO <= 5.7.1 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8960 ∗∗∗ DFN-CERT-2017-2056: FreeBSD: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2056/ ∗∗∗ DFN-CERT-2017-2046: MongoDB: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2046/ ∗∗∗ DFN-CERT-2017-2066: Webkit2GTK: Mehrere Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2066/ ∗∗∗ Security Advisory - SQL Injection Vulnerabilities in Huawei UMA Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-… ∗∗∗ IBM Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010512 ∗∗∗ IBM Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005401 ∗∗∗ Broken access control & LINQ injection in Progress Sitefinity ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/broken-access-control-linq-i… ∗∗∗ Shibboleth Service Provider Error in Dynamic MetadataProvider Plugin Lets Remote Users Bypass Security Restrictions on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039808 ∗∗∗ MediaWiki Multiple Flaws Let Remote Users Modify Data, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Passwords ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039812 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2017
by Daily end-of-shift report 15 Nov '17

15 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-11-2017 18:00 − Mittwoch 15-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsrisiko: Oneplus-Smartphones kommen mit eingebautem Root-Zugang ∗∗∗ --------------------------------------------- Oneplus verkauft offenbar seit Jahren seine Smartphones mit einem vorinstallierten Entwicklertool von Qualcomm, das Zugriff auf zahlreiche Systemressourcen erlaubt. Per ADB ist ein Root-Zugriff auf das jeweilige Gerät möglich. Der Hersteller will die Anwendung herauspatchen. --------------------------------------------- https://www.golem.de/news/sicherheitsrisiko-oneplus-smartphones-kommen-mit-… ∗∗∗ Privater Schlüssel: DXC veröffentlicht AWS-Key und muss 64.000 US-Dollar zahlen ∗∗∗ --------------------------------------------- Private Schlüssel in freier Wildbahn sind ein verbreitetes Problem. Zuletzt traf es das Sicherheitsunternehmen DXC, das den AWS-Schlüssel versehentlich bei Github hochlud - und dann die Rechnung dafür bekam. --------------------------------------------- https://www.golem.de/news/privater-schluessel-dxc-veroeffentlicht-aws-key-u… ∗∗∗ These Campaigns Explain Why AV Detection for New Malware Remains Low ∗∗∗ --------------------------------------------- This year we saw massive spam campaigns like NonPetya or Locky fly below the radar of antivirus software and went undetected during the first hours or even days. Some of them actually went undetected even for months. Second-generation malware usually has the ability to evade detection and bypass antivirus programs users have installed on their computers to [...] --------------------------------------------- https://heimdalsecurity.com/blog/campaigns-av-detection-new-malware-low/ ∗∗∗ Confusion reigns over crypto vuln in Spanish electronic ID smartcards ∗∗∗ --------------------------------------------- Certs revoked, but where are the updates? The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/15/spanish_id_… ∗∗∗ TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318A ∗∗∗ TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 | Last revised: November 15, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318B ∗∗∗ Secure Engineering Guidelines ∗∗∗ --------------------------------------------- Some best practices for building and trusting software. --------------------------------------------- https://medium.com/@HockeyInJune/secure-engineering-guidelines-3b8845ac3265 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available in Foxit MobilePDF for iOS 6.1 ∗∗∗ --------------------------------------------- Foxit has released Foxit MobilePDF for iOS 6.1, which addresses potential security and stability issues. --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php ∗∗∗ Microsoft Security Updates ∗∗∗ --------------------------------------------- MS17-023 Security Update for Adobe Flash Player MS17-022 Security Update for Microsoft XML Core Services MS17-021 Security Update for Windows DirectShow MS17-020 Security Update for Windows DVD Maker MS17-019 Security Update for Active Directory Federation Services MS17-018 Security Update for Windows Kernel-Mode Drivers MS17-017 Security Update for Windows Kernel MS17-016 Security Update for Windows IIS MS17-015 Security Update for Microsoft Exchange Server MS17-014 Security Update for [...] --------------------------------------------- https://technet.microsoft.com/en-us/security/bulletins ∗∗∗ QNX-2017-001 Multiple vulnerabilities impact BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01 ∗∗∗ ABB TropOS ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-02 ∗∗∗ Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01 ∗∗∗ Cisco Security Advisories and Alerts ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ DFN-CERT-2017-2041: Oracle Fusion Middleware, Oracle Tuxedo: Mehrere Schwachstellen ermöglichen u.a. eine vollständige Komprommittierung ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2041/ ∗∗∗ Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in MTK Platform ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Java vulnerability CVE-2017-10176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05911127 ∗∗∗ Linux kernel vulnerability CVE-2017-11176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K56450659 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2017
by Daily end-of-shift report 14 Nov '17

14 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 13-11-2017 18:00 − Dienstag 14-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Breaking security controls using subdomain hijacking ∗∗∗ --------------------------------------------- Users obtain a domain name to establish a unique identity on the Internet. Domain names are not only used to serve names and addresses of computers and services but also to store security controls, such as SPF or CAA records. --------------------------------------------- https://securityblog.switch.ch/2017/11/14/subdomain-hijacking/ ∗∗∗ Investigating Command and Control Infrastructure (Emotet) ∗∗∗ --------------------------------------------- Although the majority of botnets still use a basic client-server model, with most relying on HTTP servers to receive commands, many prominent threats now use more advanced infrastructure to evade endpoint blacklisting and be resilient to take-down. In this article I will go through and explain my process of identifying Command and Control (C2) servers and understanding their topology, using Emotet as an example. --------------------------------------------- https://www.malwaretech.com/2017/11/investigating-command-and-control-infra… ∗∗∗ XZZX Cryptomix Ransomware Variant Released ∗∗∗ --------------------------------------------- A new CryptoMix Ransomware variant has been discovered that appends the .XZZX extension to encrypted files. This article will discuss the changes found in this new variant. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-va… ===================== = Vulnerabilities = ===================== ∗∗∗ SQL Injection in bbPress ∗∗∗ --------------------------------------------- During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug --------------------------------------------- https://blog.sucuri.net/2017/11/sql-injection-bbpress.html ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Flash Player (APSB17-33), Photoshop CC (APSB17-34), Connect (APSB17-35), Acrobat and Reader (APSB17-36), DNG Converter (APSB17-37), InDesign CC (APSB17-38), Digital Editions (APSB17-39), Shockwave Player (APSB17-40) and Adobe Experience Manager (APSB17-41). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1510 ∗∗∗ #AVGater: Systemübernahme via Quarantäne-Ordner ∗∗∗ --------------------------------------------- Eine neue Angriffstechnik nutzt die Wiederherstellungs-Funktion der Anti-Viren-Quarantäne, um Systeme via Malware zu kapern. Bislang reagierten sechs Software-Hersteller mit Updates. --------------------------------------------- https://heise.de/-3889107 ∗∗∗ Authentication bypass, cross-site scripting & code execution in Siemens SICAM RTU SM-2556 ∗∗∗ --------------------------------------------- The Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00) are affected by an authentication bypass vulnerability as the authentication checks are only performed client-side (JavaScript). Furthermore, the device is affected by cross site scripting vulnerabilities and outdated webserver software which allows code execution. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/authentication-bypass-cross-… ∗∗∗ Vulnerability in windows antivirus products (IK-SA-2017-0002) ∗∗∗ --------------------------------------------- A privilege escalation and arbitrary write vulnerability was found in all our windows antivirus products. [...] Successful exploitation of this issue would allow an attacker to overwrite any memory region (including kernel) in the client machine with elevated privileges. --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-w… ∗∗∗ SAP Security Patch Day - November 2017 ∗∗∗ --------------------------------------------- On 14th of November 2017, SAP Security Patch Day saw the release of 13 Security Notes. Additionally, there were 9 updates to previously released security notes. --------------------------------------------- https://blogs.sap.com/2017/11/14/sap-security-patch-day-november-2017/ ∗∗∗ DFN-CERT-2017-2025/">OTRS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2025/ ∗∗∗ DFN-CERT-2017-2024/">Symantec Endpoint Encryption: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2024/ ∗∗∗ IBM Security Bulletin: Vulnerability may affect IBM® SDK for Node.js™ (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009851 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by vulnerabilities in the IBM® SDK, Java Technology Edition Quarterly Critical Patch Updates (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010282 ∗∗∗ IBM Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009145 ∗∗∗ Cacti Input Validation Flaw in Page Refresh Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039774 ∗∗∗ jQuery vulnerability CVE-2016-7103 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95208524 ∗∗∗ Java vulnerability CVE-2017-10135 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23489380 ∗∗∗ Java vulnerability CVE-2017-10198 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04734043 ∗∗∗ Java SE and JRockit vulnerability CVE-2017-10243 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54747614 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily