Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 13.11.2017
by Daily end-of-shift report 13 Nov '17

13 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-11-2017 18:00 − Montag 13-11-2017 18:00 Handler: Stephan Richter Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Detecting reflective DLL loading with Windows Defender ATP ∗∗∗ --------------------------------------------- Todays attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In recent blogs we described how attackers use basic... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/11/13/detecting-reflective-dl… ∗∗∗ Keep An Eye on your Root Certificates, (Sat, Nov 11th) ∗∗∗ --------------------------------------------- A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers which silently installs a root certificate[1]. The risks associated with this kind of behaviour are multiple, the most important remains performing MitM attacks. New root certificates are not always the result of an attack or infection by a malware. Corporate end-points might also get new root certificates. --------------------------------------------- https://isc.sans.edu/diary/rss/23030 ∗∗∗ Sicherheitsupdate: VMware AirWatch Launcher for Android als Sprungbrett für Angreifer ∗∗∗ --------------------------------------------- VMware schließt mehrere Sicherheitslücken in AirWatch Launcher und AirWatch Console for Android. Davon gilt keine als kritisch. --------------------------------------------- https://heise.de/-3888725 ∗∗∗ Hintergrund: Cardiac Scan: Herzbewegung als biometrisches Authentifizierungsmerkmal ∗∗∗ --------------------------------------------- Zu den gängigen biometrischen Identifikationsmerkmalen wie Fingerabdrücken, Iris-Scans oder Gesichtserkennung könnte sich bald auch das menschliche Herz gesellen. Denn keines bewegt sich wie das andere. --------------------------------------------- https://heise.de/-3842874 ∗∗∗ Ordinypt: Vermeintlicher Erpressungstrojaner-Ausbruch in Deutschland gibt Rätsel auf ∗∗∗ --------------------------------------------- Die vor kurzem aufgetauchte Ransomware Ordinypt löscht Dateien, statt sie zu verschlüsseln und hat es mit Fake-PDF-Dateien auf deutsche Personalabteilungen abgesehen. Allerdings gibt es bisher kaum Anzeichen auf Infektionen in freier Wildbahn. --------------------------------------------- https://heise.de/-3889143 ∗∗∗ Keine Bank Austria-Kundendaten aktualisieren ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bank Austria-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie eine Website aufrufen und auf dieser ihre persönlichen Kund/innendaten aktualisieren. Wer der Aufforderung nachkommt, übermittelt OnlineBanking-Zugangsdaten an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-bank-austria-kundendaten-a… ∗∗∗ Fighting persistent malware with a UEFI scanner, or ‘What’s it all about UEFI?” ∗∗∗ --------------------------------------------- The biggest news in malware so far this year has been WannaCryptor a.k.a. WannaCry, and one reason that particular ransomware spread so fast was because it used a "top secret" exploit developed by the NSA, an agency known to have dabbled in UEFI compromise. --------------------------------------------- https://www.welivesecurity.com/2017/11/10/uefi-scanner-fighting-persistent-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras ∗∗∗ --------------------------------------------- These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryThe Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identified several vulnerabilities present in these devices, and worked with Foscam to develop fixes for them, which we published the details for in a blog post here. --------------------------------------------- http://blog.talosintelligence.com/2017/11/foscam-multiple-vulns.html ∗∗∗ DSA-4031 ruby2.3 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4031 ∗∗∗ DSA-4032 imagemagick - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4032 ∗∗∗ Vuln: ManageEngine ServiceDesk CVE-2017-11511 Arbitrary File Download Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101788 ∗∗∗ WP Support Plus Responsive Ticket System <= 8.0.7 - Remote Code Execution (RCE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8949 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.11.2017
by Daily end-of-shift report 10 Nov '17

10 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-11-2017 18:00 − Freitag 10-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ "Eavesdropper" Vulnerability Exposes Millions of Private Conversations ∗∗∗ --------------------------------------------- Security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service. --------------------------------------------- https://www.bleepingcomputer.com/news/security/-eavesdropper-vulnerability-… ∗∗∗ Google Ranks Phishing Above Keyloggers & Password Reuse as Bigger Threat to Users ∗∗∗ --------------------------------------------- Research carried out by Google engineers and academics from the University of California, Berkeley and the International Computer Science Institute has revealed that phishing attacks pose a more significant threat to users losing access to their Google accounts when compared to keyloggers or password reuse. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-ranks-phishing-above-… ∗∗∗ First Android Malware Detected Using New "Toast Overlay" Attack ∗∗∗ --------------------------------------------- A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-android-malware-detect… ∗∗∗ Ordinypt: Erpressungstrojaner bedroht deutsche Firmen ∗∗∗ --------------------------------------------- Allem Anschein nach geht in Deutschland ein neuer Trojaner um, der auf Personalabteilungen zielt und Lösegeld erpresst. Der in Delphi verfasste Trojaner lässt Opfern allerdings keine Chance, ihre Daten wiederzubekommen. --------------------------------------------- https://heise.de/-3887249 ∗∗∗ Achtung: Abzocker-Version des Windows Movie Maker ist Nummer Eins bei Google ∗∗∗ --------------------------------------------- Eine gefälschte Version des nicht mehr von Microsoft angebotenen Windows Movie Maker verführt Opfer zum Download und bittet sie dann zur Kasse. Die Betrüger-Webseite hat es sogar ganz vorne in die Ergebnisse vieler Suchmaschinen geschafft. --------------------------------------------- https://heise.de/-3887323 ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-36) ∗∗∗ --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, November 14, 2017. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1508 ∗∗∗ AutomationDirect CLICK, C-More, C-More Micro, GS Drives, and SL-Soft SOLO ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-01 ∗∗∗ Schneider Electric InduSoft Web Studio and InTouch Machine Edition ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-02 ∗∗∗ iOS 11.1.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208255 ∗∗∗ DFN-CERT-2017-1998/">PostgreSQL: Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1998/ ∗∗∗ DFN-CERT-2017-1995/">GitLab: Mehrere Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1995/ ∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by a Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010229 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar Network Security Manager component of IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007568 ∗∗∗ SSA-901333 (Last Update 2017-11-09): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-901333… ∗∗∗ VMSA-2017-0017 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0017.html ∗∗∗ VMSA-2017-0016 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0016.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2017
by Daily end-of-shift report 09 Nov '17

09 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-11-2017 18:00 − Donnerstag 09-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Evil pixels: researcher demos data-theft over screen-share protocols ∗∗∗ --------------------------------------------- Users see white noise, attackers see whatever they just stole from you Its the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/09/evil_pixels… ∗∗∗ Tausende Cisco-Switches offen im Internet – Angriffe laufen bereits ∗∗∗ --------------------------------------------- Über 200.000 Cisco Switches sind übers Internet erreichbar und lassen sich umkonfigurieren oder komplett übernehmen; mehrere tausend davon allein in Deutschland. Die Systeme werden bereits angegriffen, doch der Hersteller sieht keine Schwachstelle. --------------------------------------------- https://heise.de/-3882810 ∗∗∗ Hacker dringt weiter in Intels Management Engine vor ∗∗∗ --------------------------------------------- Maxim Goryachy von der Beratungsfirma Positive Technologies konnte eine Programmierschnittstelle zu Intels Managemet Engine öffnen, während Google-Experten die Firmware-Alternative NERF entwickeln. --------------------------------------------- https://heise.de/-3884928 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4022 libreoffice - security update ∗∗∗ --------------------------------------------- Marcin Noga discovered two vulnerabilities in LibreOffice, which couldresult in the execution of arbitrary code if a malformed PPT or DOCdocument is opened. --------------------------------------------- https://www.debian.org/security/2017/dsa-4022 ∗∗∗ BlackBerry powered by Android Security Bulletin – November 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ VU#739007: IEEE P1735 implementations may have weak cryptographic protections ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/739007 ∗∗∗ 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0 ∗∗∗ --------------------------------------------- https://technet.microsoft.com/en-us/library/security/4053440 ∗∗∗ Vuln: Multiple Asterisk Products CDR Remote Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101760 ∗∗∗ DFN-CERT-2017-1987: Jenkins: Zwei Schwachstellen ermöglichen u.a. Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1987/ ∗∗∗ DFN-CERT-2017-1991: Roundcube Webmail: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1991/ ∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant GUI affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-1710) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010788 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in libtasn1 (CVE-2015-2806, CVE-2015-3622) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010224 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007609 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000357 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10115, CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009304 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010191 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2017
by Daily end-of-shift report 08 Nov '17

08 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-11-2017 18:00 − Mittwoch 08-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSH Server "Time to Live"? Less than a cup of coffee!, (Wed, Nov 8th) ∗∗∗ --------------------------------------------- After the stories I posted last week on SSH, I had some folks ask me about putting an SSH server on the public internet - apparently lots of lots of folks still think that's a safe thing to do. --------------------------------------------- https://isc.sans.edu/diary/rss/23020 ∗∗∗ BSI veröffentlicht Bericht zur Lage der IT-Sicherheit in Deutschland 2017 ∗∗∗ --------------------------------------------- Der Lagebericht der nationalen Cyber-Sicherheitsbehörde beschreibt und analysiert die aktuelle IT-Sicherheitslage, die Ursachen von Cyber-Angriffen sowie die verwendeten Angriffsmittel und -methoden. Daraus abgeleitet zeigt das BSI Lösungsansätze zur Verbesserung der IT-Sicherheit in Deutschland auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Bericht_zur… ∗∗∗ Amazon Updates AWS Dashboard to Warn Admins When Theyre Exposing S3 Buckets ∗∗∗ --------------------------------------------- Following a long string of data leaks caused by misconfigured S3 servers, Amazon has decided to add a visible warning to the AWS backend dashboard panel that will let server admins know if one of their buckets (storage environments) is publicly accessible and exposing potentially sensitive data on the Internet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-updates-aws-dashboard… ∗∗∗ Windows 10: Microsoft stellt Sicherheitsrichtlinien für Windows-PCs auf ∗∗∗ --------------------------------------------- Ein aktueller Prozessor, UEFI 2.4 und am besten ein TPM-Chip: Neue Sicherheitsrichtlinien machen Systeme mit Fall Creators Update laut Microsoft erst sicher. Die 8-GByte-RAM-Regel kann jedoch etwa das eigene Surface Pro teils nicht einhalten. (Windows 10, Microsoft) --------------------------------------------- https://www.golem.de/news/windows-10-microsoft-stellt-sicherheitsrichtlinie… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory - Denial of Service Vulnerability on Huawei Smartphones ∗∗∗ --------------------------------------------- There is a denial of service vulnerability on Huawei Smartphones. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. (Vulnerability ID: HWPSIRT-2017-09085) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15345. Huawei has released software updates to fix this vulnerability. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei FusionSphere OpenStack ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Three Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Command Injection Vulnerability in OpsMonitor ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact affected by IBM® SDK Java™ Technology Edition Quarterly CPU – Jul 2017 – Includes Oracle Jul 2017 CPU vulnerabilities in IBM WebSphere Application Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010162 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Guardium Data Redaction (multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008888 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010223 ∗∗∗ Kernel vulnerabilities CVE-2017-12192 and CVE-2017-15274 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33567812 ∗∗∗ Java vulnerability CVE-2017-10118 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42185012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2017
by Daily end-of-shift report 07 Nov '17

07 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 06-11-2017 18:00 − Dienstag 07-11-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Security: Malware mit legitimen Zertifikaten weit verbreitet ∗∗∗ --------------------------------------------- Aktuelle Forschungen werfen erneut ein schlechtes Licht auf den Umgang mit Zertifikaten. Fast 200 Malware-Proben sind mit legitimen digitalen Unterschriften ausgestattet gewesen. Damit kann die Schadsoftware Prüfungen durch Sicherheitssoftware bestehen. (Security, Virus) --------------------------------------------- https://www.golem.de/news/security-malware-mit-legitimen-zertifikaten-weit-… ∗∗∗ NCSC publishes factsheet Post-quantum cryptography ∗∗∗ --------------------------------------------- The emergence of quantum computers can have major implications for organizations that process sensitive information. Using a future quantum computer, one can decrypt data that is encrypted with popular cryptographic algorithms. The consequences are, however, even more serious. Encrypted data may already be intercepted, awaiting the possibility to decrypt the data with a future quantum computer. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-po… ∗∗∗ The Apple iOS 11 Privacy and Security Settings You Should Check ∗∗∗ --------------------------------------------- Heads up, iPhone owners. iOS 11 comes with a batch of security features that merit your attention. --------------------------------------------- https://www.wired.com/story/ios-11-privacy-security-settings ∗∗∗ Warnung vor gefälschter Bank Austria-Sicherheits-App ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht fordern Kriminelle Empfänger/innen dazu auf, dass sie eine Sicherheits-App installieren. Die Installation der Anwendung sei erforderlich, damit Kund/innen weiterhin das OnlineBanking ihrer Bank nützen können. In Wahrheit ist die Sicherheits-App Schadsoftware. Sie hilft den Betrüger/innen dabei, das Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/warnung-vor-gefaelschter-bank-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Oh Brother: Hackers can crash your unpatched printers – researchers ∗∗∗ --------------------------------------------- DoSsing for fun and profit not just a nuisance, they warn Security researchers have said theyve uncovered a new way for hackers to crash Brother printers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/07/brother_pri… ∗∗∗ DFN-CERT-2017-1975/">Chrome OS: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung betroffener Systeme ∗∗∗ --------------------------------------------- Betroffene Software: Chrome OS < 62.0.3202.74 Betroffene Plattformen: Chrome OS Lösung: Patch; Chrome Stable Channel Update for Chrome OS, 27.10.2017 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1975/ ∗∗∗ DFN-CERT-2017-1972/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Betroffene Software * Google Android Operating System < 5.0.2 2017-11-06 * Google Android Operating System < 5.1.1 2017-11-06 * Google Android Operating System < 6.0 2017-11-06 * Google Android Operating System < 6.0.1 2017-11-06 * Google Android Operating System < 7.0 2017-11-06 * Google Android Operating System < 7.1.1 2017-11-06 * Google Android Operating System < 7.1.2 2017-11-06 * Google Android Operating System < 8.0 2017-11-06 * LG Mobile Android < SMR-NOV-2017 * Samsung Mobile Android < SMR-NOV-2017 Betroffene Plattformen * Google Nexus * Google Pixel * Google Android Operating System * LG Mobile Android * Samsung Mobile Android --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1972/ ∗∗∗ Vulnerabilities in multiple third party TYPO3 CMS extensions ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: * "File manager" (ameos_filemanager) * "T3Blog Extbase" (t3extblog) * "Recommend page " (pb_recommend_page) * "Formhandler" (formhandler) * "restler" (restler) * "CAB FAL search" (falsearch) * "Multishop" (multishop) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2017/000413.html ∗∗∗ [20171103] - Core - Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/ZBmazG0EZeU/715-20171103-c… ∗∗∗ [20171102] - Core - 2-factor-authentication bypass ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/KWysQZRrTWQ/713-20171102-c… ∗∗∗ [20171101] - Core - LDAP Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_Ud0fZdMIyg/714-20171101-c… ∗∗∗ DFN-CERT-2017-1973/">Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen u.a. die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1973/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008552 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2017 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010650 ∗∗∗ IBM Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007610 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004827 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010154 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008814 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.11.2017
by Daily end-of-shift report 06 Nov '17

06 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-11-2017 18:00 − Montag 06-11-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-1961/">Tor Browser: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten URL, die von einem Benutzer des Tor Browsers aufgerufen wird, eine direkte Verbindung des Systems zu entfernten Hosts erzwingen und dadurch die echte IP-Adresse des betroffenen Systems ausspähen. Das Tor Projekt informiert über die Schwachstelle im Tor Browser auf Linux- und macOS-Systemen und stellt die Versionen 7.0.7 und 7.5a7 als Sicherheitsupdates zur Verfügung. Benutzer von Tails und dem vom Tor Projekt veröffentlichten Sandboxed Tor Browser sind nicht betroffen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1961/ ∗∗∗ Bugtraq: Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec) ∗∗∗ --------------------------------------------- The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 ... XSS vulnerability that leads to Remote Code Execution CSRF Schedule arbitrary commands Server Side Request Forgery --------------------------------------------- http://www.securityfocus.com/archive/1/541481 ∗∗∗ Vuln: Avaya IP Office Contact Center CVE-2017-12969 Remote Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- Avaya IP Office Contact Center is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the user. Failed attempts will likely cause a denial-of-service condition. Avaya IP Office (IPO) versions 9.1.0 through 10.1 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/101667 ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is affected by an Apache Commons FileUpload vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010215 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009870 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009242 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009240 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009591 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM Business Process Manager affects IBM Cloud Orchestrator (CVE-2017-1140) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000354 ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2017-1137) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000349 ∗∗∗ BIG-IP FastL4 TMM vulnerability CVE-2017-6166 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65615624 ∗∗∗ PHP vulnerability CVE-2017-11628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75543432 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.11.2017
by Daily end-of-shift report 03 Nov '17

03 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-11-2017 18:00 − Freitag 03-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ E-Government: Estland blockiert 760.000 eID-Zertifikate ∗∗∗ --------------------------------------------- Die von einer Sicherheitslücke betroffenen Zertifikate der estnischen eID-Karte werden nun doch zurückgezogen, nachdem der RSA-Bug von Infineon öffentlich ist. Estland will die Zertifikate updaten und künftig auf elliptische Kurven setzen. --------------------------------------------- https://www.golem.de/news/e-government-estland-blockiert-760-000-eid-zertif… ∗∗∗ Savitech: USB-Audiotreiber installiert Root-Zertifikat ∗∗∗ --------------------------------------------- Ein Treiber von Savitech installiert Root-Zertifikate in Windows, mit denen theoretisch HTTPS-Verbindungen angegriffen werden können. Genutzt wird der USB-Audiotreiber in Geräten von Asus, Dell oder auch Audio-Technica. Die Zertifikate waren für Windows XP gedacht und wurden vergessen. --------------------------------------------- https://www.golem.de/news/savitech-usb-audiotreiber-installiert-root-zertif… ∗∗∗ Attacking SSH Over the Wire - Go Red Team!, (Thu, Nov 2nd) ∗∗∗ --------------------------------------------- So, now that we've talked about securing SSH and auditing SSH over the last few days, how about attacking SSH? --------------------------------------------- https://isc.sans.edu/diary/rss/23000 ∗∗∗ QtBot downloader discovered in geo-based Locky-Trickbot campaign ∗∗∗ --------------------------------------------- Researchers from Palo Alto Networks have uncovered QtBot, an intermediate-stage downloader that helps to deliver the final payload in geography-based Locky-Trickbot malspam campaigns. --------------------------------------------- https://www.scmagazine.com/qtbot-downloader-discovered-in-geo-based-locky-t… ∗∗∗ Call for Speakers - 30th Annual FIRST Conference ∗∗∗ --------------------------------------------- The 30th Annual FIRST Conference is coming back to Asia next June 24-29, 2018 and we are looking for engaging speakers to present on relevant incident response and information security topics. FIRST brings together a wide variety of security and incident response professionals from public, private and academic sectors around the world in an information exchange and co-operation of trust on issues of mutual interest. --------------------------------------------- https://www.first.org/conference/2018/cfp ∗∗∗ Sicherheitsupdates: Cisco schützt unter anderem Firewalls vor feindlicher Übernahme ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco schließt mehrere Sicherheitslücken in zum Beispiel der Aironet-Serie, Firepower-Reihe und im WebEx Meetings Server. --------------------------------------------- https://heise.de/-3878040 ∗∗∗ Mobile Pwn2Own: Hacker knacken Samsung S8 mittels beachtlicher Sicherheitslücken-Combo ∗∗∗ --------------------------------------------- Auf dem Mobile-Pwn2Own-Wettbewerb haben Hacker zwei Tage lang mobile Geräte von Apple, Huawei und Samsung erfolgreich attackiert. Der Veranstalter schüttete dafür in der Summe 515.000 US-Dollar aus. --------------------------------------------- https://heise.de/-3878099 ∗∗∗ BEC scammers are robbing art galleries and collectors ∗∗∗ --------------------------------------------- BEC scammers are targeting art galleries, collectors and artists, swindling them out of money and, on occasion, ruining their businesses. According to The Art Newspaper, nine art galleries in the UK and the US have been hit, some of them successfully. Insurance broker Adam Prideaux told the publication, the actual number of targets is likely considerably higher. The scammers’ MO The scammers start by finding a way to compromise an art dealer’s email account, and [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/11/03/bec-scammers-robbing-art-galleri… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DSA-4015 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4015 ∗∗∗ DFN-CERT-2017-1954: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1954/ ∗∗∗ DFN-CERT-2017-1955: Red Hat JBoss Fuse, Red Hat JBoss A-MQ: Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Daten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1955/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory - Seven vulnerabilities in Google Dnsmasq ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171103-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2017
by Daily end-of-shift report 02 Nov '17

02 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-10-2017 18:00 − Donnerstag 02-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Bericht: Log-in-Daten in iOS-Apps können ausgespäht werden ∗∗∗ --------------------------------------------- Die Log-in-Daten können bei 111 der 200 populärsten iOS-Apps einfach ausgelesen werden. Möglich wird das durch eine unsaubere Implementierung von HTTPs. --------------------------------------------- https://futurezone.at/digital-life/bericht-log-in-daten-in-ios-apps-koennen… ∗∗∗ CLDAP is Now the No.3 Reflection Amplified DDoS Attack Vector, Surpassing SSDP and CharGen ∗∗∗ --------------------------------------------- With our DDoSMon, we are able to perform continuous and near real-time monitoring on global DDoS attacks. For quite a long time, DNS, NTP, CharGen and SSDP have been the most frequently abused services in DDoS reflection amplification attacks. They rank respectively 1st, 2nd, 3rd and [...] --------------------------------------------- http://blog.netlab.360.com/cldap-is-now-the-3rd-reflection-amplified-ddos-a… ∗∗∗ ENGELSYSTEM - User notification ∗∗∗ --------------------------------------------- [...] ab dem 12. Dezember 2015 wurden zwei professionelle Phishingdomains fuer das engelsystem, engelsystem.com und engelsystem.net, eingerichtet. Diese wurden erst jetzt von uns gefunden und danach zeitnah, nach einer Abuse-Meldung von uns, vom Hoster offline genommen. --------------------------------------------- https://engelsystem.de/usernotification.html ∗∗∗ Goodbye, login. Hello, heart scan. ∗∗∗ --------------------------------------------- A new non-contact, remote biometric tool could be the next advance in computer security. --------------------------------------------- http://www.buffalo.edu/news/releases/2017/09/034.html ∗∗∗ macOS 10.12 und 10.11: KRACK-Lücke gestopft, Loch im Schlüsselbund bleibt ∗∗∗ --------------------------------------------- Apple hat ein Sicherheitsupdate für Sierra und El Capitan veröffentlicht, in dem ein vieldiskutiertes WLAN-Problem behoben wurde. Ein anderer schwerwiegender Fehler wurde hingegen offenbar nicht angegangen. --------------------------------------------- https://heise.de/-3876491 ∗∗∗ Jetzt patchen! SQL-Injection-Lücke bedroht WordPress ∗∗∗ --------------------------------------------- Die abgesicherte WordPress-Version 4.8.3 ist erschienen. Nutzer sollten diese zügig installieren, da Angreifer Webseiten via SQL-Injection-Attacke übernehmen könnten. --------------------------------------------- https://heise.de/-3876623 ∗∗∗ Misconfigured Amazon S3 Buckets allowing man-in-the-middle attacks ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/misconfigured-amazon-s3-buckets-allowing-… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and untrusted pointer dereference vulnerabilities in Advantechs WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: October 31, 2017 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates: Cloud for Windows 7.1 iOS 11.1 iTunes 12.7.1 for Windows macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/10/31/Apple-Releases-Mul… ∗∗∗ OpenSSL Security Advisory [02 Nov 2017] ∗∗∗ --------------------------------------------- bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) --------------------------------------------- https://www.openssl.org/news/secadv/20171102.txt ∗∗∗ Vuln: EMC AppSync CVE-2017-14376 Local Hardcoded Credentials Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101626 ∗∗∗ DFN-CERT-2017-1928: FortiClient: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1928/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ HPESBHF03787 rev.1 - Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en… ∗∗∗ Security Advisory - Three Out-of-bounds Read Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171101-… ∗∗∗ Security Notice - Statement on a Security Vulnerability of Huawei Mate9 Pro Demonstrated at the Mobile Pwn20wn Contest in the PacSec Conference ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171101-01-… ∗∗∗ EMC Unisphere for VMAX Virtual Appliance Authentication Bypass Lets Remote Users Access the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039704 ∗∗∗ Java SE vulnerability CVE-2017-10116 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35104614 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.10.2017
by Daily end-of-shift report 31 Oct '17

31 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 30-10-2017 18:00 − Dienstag 31-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Flaws in Googles Bug Tracker Exposed Companys Vulnerability Database ∗∗∗ --------------------------------------------- A Romanian bug hunter has found three flaws in Googles official bug tracker, one of which could have been used to exposed sensitive vulnerabilities to unauthorized intruders. --------------------------------------------- https://www.bleepingcomputer.com/news/security/flaws-in-googles-bug-tracker… ∗∗∗ New VibWrite System Uses Finger Vibrations to Authenticate Users ∗∗∗ --------------------------------------------- Rutgers engineers have created a new type of user authentication system that relies on transmitting vibrations through a surface and having the user touch the surface to generate a unique signature. This signature is then used to approve or deny a user access to an app, room, or building. --------------------------------------------- https://www.bleepingcomputer.com/news/technology/new-vibwrite-system-uses-f… ∗∗∗ Tales from the blockchain ∗∗∗ --------------------------------------------- We will tell you two unusual success stories that happened on the "miner front". The first story echoes the TinyNuke event and, in many respects gives an idea of the situation with miners. The second one proves that to get crypto-currency, you don’t need to "burn" the processor. --------------------------------------------- http://securelist.com/tales-from-the-blockchain/82971/ ∗∗∗ Engineers at Work: Automatic Static Detection of Malicious JavaScript ∗∗∗ --------------------------------------------- Our engineers at work examine the automatic static detection of malicious JavaScript. --------------------------------------------- https://researchcenter.paloaltonetworks.com/2017/10/engineers-work-automati… ∗∗∗ Say what? Another reCaptcha attack, now against audio challenges ∗∗∗ --------------------------------------------- unCaptcha is the sound of security crumbling Whatever Google has in mind to replace its reCaptcha had better be ready soon: another research group has found a way to defeat it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/31/uncaptcha_r… ∗∗∗ Ebury and Mayhem server malware families still active ∗∗∗ --------------------------------------------- Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/10/ebury-and-mayhem-server-malw… ∗∗∗ [SANS ISC] Some Powershell Malicious Code ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.org: "Some Powershell Malicious Code". Powershell is a great language that can interact at a low-level with Microsoft Windows. While hunting, I found a nice piece of Powershell code. After some deeper checks, it appeared that the code was not brand new [...] --------------------------------------------- https://blog.rootshell.be/2017/10/31/sans-isc-powershell-malicious-code/ ∗∗∗ WordPress 4.8.3 Security Release ∗∗∗ --------------------------------------------- WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. --------------------------------------------- https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ ∗∗∗ IoT-Botnetz ist wohl kleiner als angenommen ∗∗∗ --------------------------------------------- Aktuellen Analysen zufolge soll das Reaper-Botnetz mit 10.000 bis 20.000 IoT-Geräten wesentlich kleiner sein als zuvor angenommen. Der zugrunde liegende optimierte Mirai-Quellcode birgt aber viel Potenzial für erfolgreiche (DDoS-)Angriffe. --------------------------------------------- https://heise.de/-3876165 ∗∗∗ WhatsApp Messenger-Konto läuft nicht ab ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte WhatsApp-E-Mail. Darin behaupten sie, dass das Konto von Nutzer/innen ablaufe. Das Konto müssen Kund/innen für die weitere Verwendung des Programms verlängern. Dafür ist die Bekanntgabe von Kreditkartendaten notwendig. Wer der betrügerischen Aufforderung nachkommt, wird Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/phishing/whatsapp-messenger-konto-laeuft-… ∗∗∗ Antimalware Day: Genesis of viruses… and computer defense techniques ∗∗∗ --------------------------------------------- To honor the work of Dr. Fred Cohen and Professor Len Adleman, and the foundation they laid for research of computer threats, we decided to declare November 3 as the first ever Antimalware Day. --------------------------------------------- https://www.welivesecurity.com/2017/10/31/antimalware-day-genesis-viruses/ ===================== = Vulnerabilities = ===================== ∗∗∗ ABB FOX515T ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in ABBs FOX515T communication interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-304-01 ∗∗∗ Trihedral Engineering Limited VTScada ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper access control and uncontrolled search path element vulnerabilities in Trihedral Engineering Limiteds VTScada software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 ∗∗∗ NetIQ Access Manager 4.2 Support Pack 5 4.2.5.0-17 ∗∗∗ --------------------------------------------- Abstract: NetIQ Access Manager 4.2 Support Pack 5 build (version 4.2.5.0-17). This file contains updates for services contained in the NetIQ Access Manager 4.2 product. NetIQ recommends that all customers running Access Manager 4.2 release code apply this patch. The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.2 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, [...] --------------------------------------------- https://download.novell.com/Download?buildid=HcH_x-A_kgo~ ∗∗∗ Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017100212 ∗∗∗ DSA-4011 quagga - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4011 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ HPESBHF03788 rev.1 - Hewlett Packard Enterprise Intelligent Management Center flexFileUpload Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03788en_us ∗∗∗ RPC portmapper vulnerability CVE-1999-0632 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62832776 ∗∗∗ Apache OpenOffice patches four vulnerabilities in 4.1.4 update ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/apache-openoffice-patches-four-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.10.2017
by Daily end-of-shift report 30 Oct '17

30 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-10-2017 18:00 − Montag 30-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Cybercrime-Report 2016: Zahl der Anzeigen 2016 fast um ein Drittel gestiegen ∗∗∗ --------------------------------------------- Das Bundeskriminalamt präsentierte am 30. Oktober 2017 den Cybercrime-Report 2016. Demnach ist die Zahl der Cybercrime-Anzeigen 2016 im Vergleich zum Jahr davor um fast ein Drittel gestiegen. --------------------------------------------- http://www.bmi.gv.at/news.aspx?id=5062565A4F35476A2B38453D ∗∗∗ Matrix Ransomware Being Distributed by the RIG Exploit Kit ∗∗∗ --------------------------------------------- The Matrix Ransomware has started to be distributed through the RIG exploit kit. This article will provide information on what vulnerabilities are being targeted and how to protect yourself. --------------------------------------------- https://www.bleepingcomputer.com/news/security/matrix-ransomware-being-dist… ∗∗∗ Firefox to Get a Better Password Manager ∗∗∗ --------------------------------------------- Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefoxs built-in password management." --------------------------------------------- https://www.bleepingcomputer.com/news/software/firefox-to-get-a-better-pass… ∗∗∗ Pharmahersteller: Merck musste wegen NotPetya-Angriff Medikamente leihen ∗∗∗ --------------------------------------------- Auch das Pharmaunternehmen Merck Sharp und Dohme merkt den NotPetya-Angriff in seiner Bilanz: Rund 375 Millionen US-Dollar Ausfall gibt das Unternehmen durch die Ransomware an. Um den Betrieb trotz Produktionsausfällen aufrechtzuerhalten, hat sich die Firma sogar Medikamente bei den US-Behörden geliehen. --------------------------------------------- https://www.golem.de/news/pharmahersteller-merck-musste-wegen-notpetya-angr… ∗∗∗ Freie Linux-Firmware: Google will Server ohne Intel ME und UEFI ∗∗∗ --------------------------------------------- Nach dem Motto "Habt ihr Angst? Wir schon!" arbeitet ein Team von Googles Coreboot-Entwicklern mit Kollegen daran, Intels ME und das proprietäre UEFI auch in Servern unschädlich zu machen. Und das wohl mit Erfolg. --------------------------------------------- https://www.golem.de/news/freie-linux-firmware-google-will-server-ohne-inte… ∗∗∗ "Catch-All" Google Chrome Malicious Extension Steals All Posted Data, (Fri, Oct 27th) ∗∗∗ --------------------------------------------- It seems that malicious Google Chrome extensions are on the rise. A couple of months ago, I posted here about two of them which stole user credentials posted on banking websites and alike. Now, while analyzing a phishing e-mail, I went through a new malware with a slight different approach: instead of monitoring specific URLs and focusing .. --------------------------------------------- https://isc.sans.edu/diary/rss/22976 ∗∗∗ IOActive disclosed 2 critical flaws in global satellite telecommunications Inmarsat’s SATCOM systems ∗∗∗ --------------------------------------------- Flaws in Stratos Global AmosConnect 8 PC-based SATCOM service impact thousands of customers worldwide running the newest version of the platform that is used in vessels. Security researchers at IOActive have disclosed critical security vulnerabilities in the maritime Stratos Global’s AmosConnect 8.4.0 satellite-based shipboard communication .. --------------------------------------------- http://securityaffairs.co/wordpress/64902/breaking-news/satcom-amosconnect-… ∗∗∗ Hackers Can Steal Windows Login Credentials Without User Interaction ∗∗∗ --------------------------------------------- Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction. The hack is easy to carry out and doesn't involve advanced technical skills to pull off. All the attacker needs to do is to place a malicious SCF file inside publicly accessible Windows folders. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-can-steal-windows-lo… ∗∗∗ McAfee stoppt Einblick in den Quellcode ∗∗∗ --------------------------------------------- Der amerikanische Antivirenspezialist gibt im Rahmen eines grundsätzlichen Strategiewechsels seit einiger Zeit fremden Regierungen keinen Zugang mehr zum Quellcode. --------------------------------------------- https://heise.de/-3875393 ∗∗∗ HTTPS-Verschlüsselung: Google verabschiedet sich vom Pinning ∗∗∗ --------------------------------------------- Das Festnageln von Zertifikaten sollte gegen Missbrauch schützen. In der Praxis wurde es jedoch selten eingesetzt. Zu kompliziert und zu fehlerträchtig lautet nun das Verdikt; demnächst soll die Unterstützung aus Chrome wieder entfernt werden. --------------------------------------------- https://heise.de/-3876078 ∗∗∗ Windigo Still not Windigone: An Ebury Update ∗∗∗ --------------------------------------------- In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury .. --------------------------------------------- https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4008 wget - security update ∗∗∗ --------------------------------------------- Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server. --------------------------------------------- https://www.debian.org/security/2017/dsa-4008 ∗∗∗ DSA-4010 git-annex - security update ∗∗∗ --------------------------------------------- It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. --------------------------------------------- https://www.debian.org/security/2017/dsa-4010 ∗∗∗ Oracle Security Alert Advisory - CVE-2017-10151 ∗∗∗ --------------------------------------------- This Security Alert addresses CVE-2017-10151, a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability, and will be updated when patches in addition to the workaround are available. --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-40… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ F5 Security Advisories ∗∗∗ --------------------------------------------- https://support.f5.com/csp/new-updated-articles ∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171030-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily