=====================
= End-of-Day report =
=====================
Timeframe: Montag 18-12-2017 18:00 − Dienstag 19-12-2017 18:00
Handler: Nina Bieringer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Dual EC: Wie Cisco, Avast und die NSA TLS 1.3 behindern ∗∗∗
---------------------------------------------
Auch der jüngste Entwurf des TLS-1.3-Protokolls führt zu Verbindungsabbrüchen. Google nennt jetzt einige Schuldige, darunter ein Gerät von Cisco, ein Virenscanner - und eine Spur zur NSA-Hintertüre Dual EC in der RSA-BSAFE-Bibliothek.
---------------------------------------------
https://www.golem.de/news/dual-ec-wie-cisco-avast-und-die-nsa-tls-1-3-behin…
∗∗∗ aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript ∗∗∗
---------------------------------------------
Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-win…
∗∗∗ Multifunktionstrojaner Loapi kann Android-Smartphones physisch beschädigen ∗∗∗
---------------------------------------------
Loapi ist die eierlegende Wollmilchsau unter den Android-Trojanern und geht so hart zu Werk, dass Smartphones aufplatzen können.
---------------------------------------------
https://heise.de/-3921651
∗∗∗ The Market for Stolen Account Credentials ∗∗∗
---------------------------------------------
Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Todays post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online ..
---------------------------------------------
https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentia…
∗∗∗ Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC ∗∗∗
---------------------------------------------
A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive ..
---------------------------------------------
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-att…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Advisory 2017-10: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framewo…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 15-12-2017 18:00 − Montag 18-12-2017 18:00
Handler: Nina Bieringer
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Windows 10: Kritische Lücke in vorinstalliertem Passwortmanager ∗∗∗
---------------------------------------------
Keeper-Nutzer sollten unbedingt die gepatchte Version installieren. Der aktuell in Windows 10 vorinstallierte Passwortmanager Keeper hatte bis Version 11.3 einen Fehler, der es bösartigen Webseiten ermöglichte, über Clickjacking beliebige Passwörter auszulesen.
---------------------------------------------
https://www.golem.de/news/windows-10-kritische-luecke-in-vorinstalliertem-p…
∗∗∗ BGP-Hijacking: IP-Verkehr der Großen Vier nach Russland umgeleitet ∗∗∗
---------------------------------------------
Weil etliche Netzbetreiber immer noch ein Routing-Protokoll ohne Sicherheitsvorkehrungen nutzen, gelang es wieder einmal Angreifern, IP-Verkehr von Google, Facebook, Apple und Microsoft umzuleiten. Das Zwischenziel: Russland.
---------------------------------------------
https://heise.de/-3919524
∗∗∗ Kritische und bislang ungepatchte Lücken in Forensoftware vBulletin ∗∗∗
---------------------------------------------
In der aktuellen Version von vBulletin klaffen zwei Schwachstellen – davon ist mindestens eine als kritisch einzustufen. Angreifer könnten Schadcode ausführen.
---------------------------------------------
https://heise.de/-3920375
∗∗∗ Gesichtserkennung von Windows 10 mit Papierausdruck reingelegt ∗∗∗
---------------------------------------------
Sicherheitsforscher haben Windows Hello erfolgreich ausgetrickst und sich an damit gesicherten Computern angemeldet. Das funktioniert aber nur mit bestimmten Hard- und Softwarekonstellationen.
---------------------------------------------
https://heise.de/-3920864
∗∗∗ Hacker zeigte Probleme bei Ladekarten für Stromtankstellen auf ∗∗∗
---------------------------------------------
"Ich brauche nur diese Nummer, um auf fremde Kosten Strom zu laden"
---------------------------------------------
http://derstandard.at/2000070592621
∗∗∗ Über 10.000 Seiten schürfen mit PC-Leistung der Nutzer nach Kryptogeld ∗∗∗
---------------------------------------------
Sicherheitsexperten registrieren rasanten Anstieg seit Bitcoin-Hype
---------------------------------------------
http://derstandard.at/2000070618982
=====================
= Vulnerabilities =
=====================
∗∗∗ BlackBerry Powered by Android Security Bulletin – December 2017 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber…
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-…
∗∗∗ Security Advisory - Multiple Vulnerabilities in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-…
∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-…
∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1423) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22011400
∗∗∗ IBM Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010601
∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008673
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 14-12-2017 18:00 − Freitag 15-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft Considers Adding Python as an Official Scripting Language to Excel ∗∗∗
---------------------------------------------
Microsoft is considering adding Python as one of the official Excel scripting languages, according to ..
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-…
∗∗∗ Vigilante Removes Malware from Netgear Site After Company Fails to Do So for 2 Years ∗∗∗
---------------------------------------------
An anonymous vigilante has taken matters into his own hands and removed malware from a Netgear site after the ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vigilante-removes-malware-fr…
∗∗∗ The spy under your christmas tree ∗∗∗
---------------------------------------------
In the past few years, makers of internet-enabled toys have made the headlines multiple times, but not in a good way. Privacy and data protection clearly is not the highest priority in this sector. In Germany, the sale of some of those toys has already been banned after they were classified as concealed surveillance ..
---------------------------------------------
https://www.gdatasoftware.com/blog/2017/12/30277-the-spy-under-your-christm…
∗∗∗ Joanna Rutkowska: Qubes OS soll "einfach wie Ubuntu" werden ∗∗∗
---------------------------------------------
Die Gründerin von Qubes OS, Joanna Rutkowska, erklärt die grundlegenden Ideen und Konzepte des auf Sicherheit fokussierten Projektes. Außerdem verrät die Entwicklerin im Gespräch mit Golem.de weiter ..
---------------------------------------------
https://www.golem.de/news/joanna-rutkowska-qubes-os-soll-einfach-wie-ubuntu…
∗∗∗ Determining your risk ∗∗∗
---------------------------------------------
Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2998921
∗∗∗ Javascript Injection Creates Rogue WordPress Admin User ∗∗∗
---------------------------------------------
Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement ..
---------------------------------------------
https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpres…
∗∗∗ Root-Lücke in Firewalls von Palo Alto Networks ∗∗∗
---------------------------------------------
Kombinieren Angreifer drei Sicherheitslücken, könnten sie Firewalls von Palo Alto Networks kompromittieren, warnt ein Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3918909
=====================
= Vulnerabilities =
=====================
∗∗∗ Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake ∗∗∗
---------------------------------------------
A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could ..
---------------------------------------------
https://support.citrix.com/article/CTX230612
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 13-12-2017 18:00 − Donnerstag 14-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ The Intel ME vulnerabilities are a big deal for some people, harmless for most ∗∗∗
---------------------------------------------
(Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and its not absolutely the worst case scenario but its still ..
---------------------------------------------
https://mjg59.dreamwidth.org/49788.html
∗∗∗ Sneaky *.BAT File Leads to Spoofed Banking Page ∗∗∗
---------------------------------------------
If you thought using BAT files was old hat, think again. While monitoring our Secure Email Gateway Cloud service, we came across several suspect spam emails targeting Brazilian users. The figure ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Sneaky--BAT-File-Leads-to-Sp…
∗∗∗ Attack on Fox-IT shows how a DNS hijack can break multiple layers of security ∗∗∗
---------------------------------------------
Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS ..
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/12/attack-fox-it-shows-how-dns-…
∗∗∗ Triton Malware Targets Industrial Safety Systems In the Middle East ∗∗∗
---------------------------------------------
A rare and dangerous new form of malware targets the industrial safety control systems that protect human life.
---------------------------------------------
https://www.wired.com/story/triton-malware-targets-industrial-safety-system…
∗∗∗ Dezember-Patchday bei SAP ∗∗∗
---------------------------------------------
Es stehen Sicherheitsupdates für verschiedene SAP-Produkte bereit. Zwei Lücken sind mit dem Bedrohungsgrad "hoch" eingestuft.
---------------------------------------------
https://heise.de/-3918036
∗∗∗ Mirai: Wie Minecraft-Betrug das ganze Internet in die Knie zwang ∗∗∗
---------------------------------------------
Drei US-amerikanische Studenten gestehen Urheberschaft – Wollten eigentlich nur mit Angriffen gegen Spieleserver Geld machen
---------------------------------------------
http://derstandard.at/2000070340698
∗∗∗ 34C3: Das Programm für den Hacker-Kongress steht ∗∗∗
---------------------------------------------
Keynote von Science-Fiction-Autor Charles Stross – Findet heuer erstmals in Leipzig statt
---------------------------------------------
http://derstandard.at/2000070364235
∗∗∗ New MacOS malware steals bank log-in details and intellectual property ∗∗∗
---------------------------------------------
https://www.scmagazineuk.com/news/new-macos-malware-steals-bank-log-in-deta…
=====================
= Vulnerabilities =
=====================
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 12-12-2017 18:00 − Mittwoch 13-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Argy-bargy Argies barge into Starbucks Wi-Fi with alt-coin discharges ∗∗∗
---------------------------------------------
Venti vanilla skinny latte with sprinkles of JavaScript and a side of Monero mining, please Starbucks has joined the long growing list of organizations that have inadvertently and silently mined alt-coins on customers computers for mystery miscreants.…
---------------------------------------------
www.theregister.co.uk/2017/12/12/starbucks_wifi_crypto_mining/
∗∗∗ Apple Security Flaws Give Some Researchers Concern About Deeper Issues ∗∗∗
---------------------------------------------
Apples had some prominent security lapses lately. But is it just a rough patch, or something deeper?
---------------------------------------------
https://www.wired.com/story/apples-security-macos-high-sierra-ios-11
∗∗∗ ROBOT-Attacke: TLS-Angriff von 1998 funktioniert immer noch ∗∗∗
---------------------------------------------
Sicherheitsforscher haben eine neue Variante der Bleichenbacher-Attacke zum Entschlüsseln von Internettraffic vorgestellt. Davon sind unter anderem Facebook und PayPal betroffen.
---------------------------------------------
https://heise.de/-3916994
∗∗∗ KRACK- und Broadpwn-Schwachstelle: Apple flickt AirPort-WLAN-Basisstationen erst jetzt ∗∗∗
---------------------------------------------
Ein Firmware-Update soll Apples WLAN-Basisstationen vor gravierenden Schwachstellen schützen – es deckt AirPort Express, AirPort Extreme und Time Capsule ab.
---------------------------------------------
https://heise.de/-3916951
=====================
= Vulnerabilities =
=====================
∗∗∗ Gain Windows privileges with FortiClient vpn before logon and untrusted certificate ∗∗∗
---------------------------------------------
When the "VPN before logon" feature of FortiClient Windows is enabled (disabled by default), and when the server certificate is not valid, it is possible for an attacker without a user account on the targeted Windows workstation to obtain SYSTEM level privileges, via ..
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-070
∗∗∗ VPN credentials disclosure in Fortinet FortiClient ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-i…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 11-12-2017 18:00 − Dienstag 12-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Security update available for Adobe Flash Player (APSB17-42) ∗∗∗
---------------------------------------------
A Security Bulletin (APSB17-42) has been published regarding a security update for Adobe Flash Player. This update addresses a regression that could lead to the unintended reset of the global settings preference file. Adobe ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1514
∗∗∗ Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses ∗∗∗
---------------------------------------------
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/12/11/detonating-a-bad-rabbit…
∗∗∗ December 2017 security update release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/12/12/december-2017-security-…
∗∗∗ New Ruski hacker clan exposed: Theyre called MoneyTaker, and theyre gonna take your money ∗∗∗
---------------------------------------------
Subtly named group has gone largely unnoticed until now Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker.
---------------------------------------------
www.theregister.co.uk/2017/12/11/russian_bank_hackers_moneytaker/
∗∗∗ Googles Project Zero reveals Apple jailbreak exploit ∗∗∗
---------------------------------------------
Holy Moley! iOS and MacOS were wholly holey Ian Beer of Googles Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability.
---------------------------------------------
www.theregister.co.uk/2017/12/12/apple_jailbreak_exploit/
∗∗∗ Hintergrund: Malware-Analyse - Do-It-Yourself ∗∗∗
---------------------------------------------
Bauen Sie Ihre eigene Schadsoftware-Analyse-Sandbox, um schnell das Verhalten von unbekannten Dateien zu überprüfen. Dieser Artikel zeigt, wie das mit der kostenlosen Open-Source-Sandbox Cuckoo funktioniert.
---------------------------------------------
https://heise.de/-3910855
∗∗∗ An analysis of 120 mobile app stores uncovers plethora of malicious apps ∗∗∗
---------------------------------------------
RiskIQ analyzed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, their Q3 mobile threat landscape report documents an increase in blacklisted apps over Q2, as well as the continued ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/12/12/mobile-app-stores-malicious-apps/
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4063 pdns-recursor - security update ∗∗∗
---------------------------------------------
Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer.
---------------------------------------------
https://www.debian.org/security/2017/dsa-4063
∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Simple Mail Transfer Protocol (SMTP) header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling of a malformed SMTP header in ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ DSA-4064 chromium-browser - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-4064
∗∗∗ Qt for Android vulnerable to OS command injection ∗∗∗
---------------------------------------------
http://jvn.jp/en/jp/JVN67389262/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-12-2017 18:00 − Montag 11-12-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Heres How to Enable Chrome "Strict Site Isolation" Experimental Security Mode ∗∗∗
---------------------------------------------
Google Chrome 63, which shipped yesterday evening, arrived with a new experimental feature called Site Isolation that according to Google engineers is an additional security layer on top of Chromes built-in sandboxing technology.
---------------------------------------------
https://www.bleepingcomputer.com/news/google/heres-how-to-enable-chrome-str…
∗∗∗ Script Recovers Event Logs Doctored by NSA Hacking Tool ∗∗∗
---------------------------------------------
Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/script-recovers-event-logs-d…
∗∗∗ Botconf 2017 Wrap-Up Day #3 ∗∗∗
---------------------------------------------
And this is already the end of Botconf. Time for my last wrap-up. The day started a little bit later to allow some people to recover from the social event.
---------------------------------------------
https://blog.rootshell.be/2017/12/08/botconf-2017-wrap-day-3/
∗∗∗ Security, Incident Response, Privacy and Data Protection ∗∗∗
---------------------------------------------
[...] to protect the personal data on their systems and networks, security and incident response teams must themselves process personal data. Fortunately regulators also provide guidance on balancing privacy protection and privacy invasion. The words “legitimate interest” are not just a phrase, but one of the most deeply analysed terms in data protection law.
---------------------------------------------
https://www.first.org/blog/20171211_GDPR_for_CSIRTs
=====================
= Vulnerabilities =
=====================
∗∗∗ DFN-CERT-2017-2228/">ISC DHCPD: Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff ∗∗∗
---------------------------------------------
Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine Schwachstelle im DHCP Daemon (ISC DHCPD) mit Hilfe speziell präparierter OMAPI-Nachrichten ausnutzen, um die Zahl der verfügbaren Dateideskriptoren im zugehörigen Prozess zu erschöpfen und dadurch einen Denial-of-Service (DoS)-Zustand zu erzeugen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2228/
∗∗∗ DFN-CERT-2017-2238/">Tor-Browser: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
Mehrere Schwachstellen im Tor Browser vor Version 7.5a9 bzw. 7.0.11 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung von Denial-of-Service (DoS)-Angriffen. Zwei Schwachstellen ermöglichen das Ausspähen von Informationen. Die Schwachstelle CVE-2017-7845 in der verwendeten Firefox ESR Version ermöglicht dem Angreifer das Ausführen beliebigen Programmcodes und eine weitere Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2238/
∗∗∗ Sicherheit: Keylogger in HP-Notebooks gefunden ∗∗∗
---------------------------------------------
Schon wieder wurde in einem vorinstallierten Treiber von HP ein Keylogger gefunden. Zwar ist die Schnüffelfunktion standardmäßig deaktiviert, ein Forscher fand allerdings einen Weg, das zu ändern.
---------------------------------------------
https://www.golem.de/news/sicherheit-keylogger-in-hp-notebooks-gefunden-171…
∗∗∗ DFN-CERT-2017-2237/">Node.js: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Node.js ermöglichen einem entfernten, nicht authentisierten Angreifer das Umgehen von Sicherheitsvorkehrungen und das Ausspähen von Informationen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2237/
∗∗∗ DFN-CERT-2017-2236/">GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗
---------------------------------------------
Eine Schwachstelle in GitLab ermöglicht einem entfernten, nicht authentisierten Angreifer das Ausspähen von Informationen über private Projekte. Mehrere weitere Schwachstellen ermöglichen einem entfernten, einfach authentisierten Angreifer einen Cross-Site-Scripting (XSS)-Angriff, das Ausspähen von Informationen und die Eskalation von Privilegien.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2236/
∗∗∗ DFN-CERT-2017-2239/">Jenkins-Plugin: Eine Schwachstelle ermöglicht das Lesen beliebiger Dateien ∗∗∗
---------------------------------------------
Ein entfernter, einfach authentisierter Angreifer mit der Berechtigung, abgesicherte (sandboxed) Groovy- und Pipeline-Skripte zu erstellen, kann eine Schwachstelle im Jenkins-Plugin Script Security ausnutzen, um Lesezugriff auf beliebige Dateien des Master-Dateisystems von Jenkins zu erhalten. Dadurch sind weitere Angriffe möglich.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2239/
∗∗∗ Android flaw lets attack code slip into signed apps ∗∗∗
---------------------------------------------
The vulnerability, CVE-2017-13156, was addressed in patch level 1 of the December Android update, so those who get their patches directly from Google should be protected. Unfortunately, due to the nature of the Android ecosystem, many vendors and carriers are slow to release fixes.
---------------------------------------------
https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip…
∗∗∗ FortiClient improper access control of users VPN credentials ∗∗∗
---------------------------------------------
FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations; regular users may therefore be able to see each others encrypted credentials. This is an issue, because the key used to encrypt the aforementioned credentials may be retrieved from the binary.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-214
∗∗∗ Xiongmai Technology IP Cameras and DVRs ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Xiongmai Technology IP Cameras and DVRs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01
∗∗∗ Rockwell Automation FactoryTalk Alarms and Events ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automations FactoryTalk Alarms and Events component.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02
∗∗∗ PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a cross-site scripting vulnerability in PHOENIX CONTACT’s FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH industrial networking equipment.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Security Advisory - Memory Leak Vulnerability in Multiple Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-…
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime Affect IBM Web Experience Factory ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011357
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026378
∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010330
∗∗∗ IBM Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2017-11185) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026377
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026250
∗∗∗ IBM Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2016-9318) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026376
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/java_oct2017_advisory.asc
∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008900
∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1421) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005234
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011198
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 06-12-2017 18:00 − Donnerstag 07-12-2017 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ "Process Doppelgänging" Attack Works on All Windows Versions ∗∗∗
---------------------------------------------
Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelgänging." [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/-process-doppelg-nging-attac…
∗∗∗ Firmware-Bug: Codeausführung in deaktivierter Intel-ME möglich ∗∗∗
---------------------------------------------
Sicherheitsforscher demonstrieren einen Angriff auf Intels ME zum Ausführen von beliebigem Code, gegen den weder das sogenannte Kill-Bit noch die von Google geplanten Sicherheitsmaßnahmen für seine Server helfen. Theoretisch lassen sich Geräte so auch aus der Ferne angreifen.
---------------------------------------------
https://www.golem.de/news/firmware-bug-codeausfuehrung-in-deaktivierter-int…
∗∗∗ Apple Issues Security Updates for MacOS, iOS, TvOS, WatchOS, and Safari ∗∗∗
---------------------------------------------
Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was [...]
---------------------------------------------
https://apple.slashdot.org/story/17/12/06/2137251/apple-issues-security-upd…
∗∗∗ VB2017 paper: Modern reconnaissance phase on APT – protection layer ∗∗∗
---------------------------------------------
During recent research, Cisco Talos researchers observed the ways in which APT actors are evolving and how a reconnaissance phase is included in the infection vector in order to protect valuable zero-day exploits or malware frameworks. At VB2017 in Madrid, two of those researchers, Paul Rascagneres and Warren Mercer, presented a paper detailing five case studies that demonstrate how the infection vector is evolving.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/11/vb2017-paper-modern-reconnai…
∗∗∗ 37 Sicherheitslücken in Chrome geschlossen ∗∗∗
---------------------------------------------
Googles Webbrowser Chrome ist in der abgesicherten Version 63.0.3239.84 für Linux, macOS und Windows erschienen. Im Menüpunkt "Hilfe" kann man unter "Über Google Chrome" die installierte Ausgabe prüfen und das Update anstoßen.
---------------------------------------------
https://heise.de/-3912131
∗∗∗ Sysinternals Sysmon suspicious activity guide ∗∗∗
---------------------------------------------
Sysmon tool from Sysinternals provides a comprehensive monitoring about activities in the operating system level. Sysmon is running in the background all the time, and is writing events to the event log. You can find the Sysmon events under the Microsoft-Windows-Sysmon/Operational event log. This guide will help you to investigate and appropriately handle these events.
---------------------------------------------
https://blogs.technet.microsoft.com/motiba/2017/12/07/sysinternals-sysmon-s…
∗∗∗ Penetration Testing Apache Thrift Applications ∗∗∗
---------------------------------------------
... Apache Thrift, which is used to easily build RPC clients and servers regardless of programming languages used on each side. The web interception tool of choice at MDSec is Burp Suite, so it follows suit that we wanted to continue using Burp during the assessment. Unfortunately, there are no Burp extensions out there (at least that we know of) for Thrift encoded data, so we decided to make our own.
---------------------------------------------
https://www.mdsec.co.uk/2017/12/penetration-testing-apache-thrift-applicati…
∗∗∗ November 2017: The Month in Ransomware ∗∗∗
---------------------------------------------
November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cyber-s…
∗∗∗ StorageCrypt: Ransomware infiziert NAS-Geräte via SambaCry-Lücke ∗∗∗
---------------------------------------------
Viele Netzwerkspeicher (NAS) weisen noch immer die SMB-Lücke SambaCry auf. Ein aktueller Verschlüsselungstrojaner macht sich das zunutze. NAS-Besitzer sollten zügig patchen.
---------------------------------------------
https://heise.de/-3912498
=====================
= Vulnerabilities =
=====================
∗∗∗ OpenSSL Security Advisory [07 Dec 2017] ∗∗∗
---------------------------------------------
Read/write after SSL object in error state (CVE-2017-3737)
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
---------------------------------------------
https://www.openssl.org/news/secadv/20171207.txt
∗∗∗ DFN-CERT-2017-2213: Microsoft Malware Protection Engine: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2213/
∗∗∗ Huawei Security Advisories ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009964
∗∗∗ IBM Security Bulletin: Potential information leakage vulnerability in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010627
∗∗∗ [R1]Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2017-15
Next End-of-Day report on 2017-12-11
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 05-12-2017 18:00 − Mittwoch 06-12-2017 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ PSA: Do not Trust Reverse DNS (and why does an address resolve to "localhost")., (Wed, Dec 6th) ∗∗∗
---------------------------------------------
Reverse DNS can be a valuable to find out more about an IP address. For example: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/23105
∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Dresscode for apps in the Google Play Store: malicious Quad9 – does it offer a data protection-friendly alternative to Google [...]
---------------------------------------------
https://securityblog.switch.ch/2017/12/06/a-new-issue-of-our-switch-securit…
∗∗∗ Daten von 31 Millionen Nutzern der App ai.type Keyboard geleakt ∗∗∗
---------------------------------------------
In dem riesigen Datenleak stehen unter anderen E-Mail-Adressen, Namen und IMEI- und Telefon-Nummern von Nutzern der App. Auch Kontakte aus Telefonbüchern sollen sich darin finden.
---------------------------------------------
https://heise.de/-3910522
∗∗∗ Sicherheitsupdates: Angreifer könnten TeamViewer-Sessions entern ∗∗∗
---------------------------------------------
Unter bestimmten Voraussetzungen sind TeamViewer-Sessions gefährdet. Sicherheitsupdates sind zum Teil schon verfügbar.
---------------------------------------------
https://heise.de/-3911170
∗∗∗ Recam Redux - DeConfusing ConfuserEx ∗∗∗
---------------------------------------------
This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign from our Advanced Malware Protection (AMP) telemetry. Initial infection is via a malicious Word document, the malware ultimately executes in memory an embedded payload from the Recam family. Recam is an information stealer. Although the malware has been around for the past few years, theres a [...]
---------------------------------------------
http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confusere…
∗∗∗ ParseDroid vulnerabilities could affect all Android developers ∗∗∗
---------------------------------------------
Checkpoint researchers discovered several vulnerabilities in Android application developer tools that put any organisation that does Java/Android development at risk of an outsider gaining access to their system.
---------------------------------------------
https://www.scmagazineuk.com/news/parsedroid-vulnerabilities-could-affect-a…
∗∗∗ MailSploit bugs let spoofed emails bypass DMARC, spam detectors ∗∗∗
---------------------------------------------
A collection of vulnerabilities dubbed Mailsploit, found by German security researcher Sabri Haddouche in 30 types of email client applications - from Apple Mail to Mozilla Thunderbird - lets hackers bypass anti-spoofing mechanisms.
---------------------------------------------
https://www.scmagazineuk.com/news/mailsploit-bugs-let-spoofed-emails-bypass…
=====================
= Vulnerabilities =
=====================
∗∗∗ Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability ∗∗∗
---------------------------------------------
4A vulnerability in the TCP stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper processing of certain TCP packets in the closing sequence of a TCP session while the affected device is in a TIME_WAIT state.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
∗∗∗ [Xen-announce] Xen Security Advisory 238 (CVE-2017-15591) - DMOP map/unmap missing argument checks ∗∗∗
---------------------------------------------
Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. Only domains controlling HVM guests can exploit this vulnerability. (This includes domains providing hardware emulation services to HVM guests.)
---------------------------------------------
https://lists.xenproject.org/archives/html/xen-announce/2017-12/msg00002.ht…
∗∗∗ Vuln: Multiple F-Secure Internet Gatekeeper Products Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102066
∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-…
∗∗∗ Security Advisory - Double Free Vulnerability in Flp Driver of Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-…
∗∗∗ Security Advisory - Multiple Security Vulnerabilities in the IKEv2 Protocol Implementation of Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-…
∗∗∗ Security Advisory - Input Validation Vulnerability in H323 Protocol of Huawei products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-…
∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-…
∗∗∗ IBM Security Bulletin: IBM BigInsights is affected by a Text Analytics vulnerabilty (CVE-2017-1336 ) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010812
∗∗∗ IBM Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010305
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009835
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008854
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in glibc ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008853
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008339
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in openssh (CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-6210 CVE-2016-6515) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008340
∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in IBM Support Tools for Lotus WCM (CVE-2017-1536) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008031
∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and Cloud Orchestrator Enterprise update of IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000361
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008757
∗∗∗ IBM Security Bulletin: IBM MQ could allow an authenticated user to insert messages with malformed data into the channel which would cause it to restart. (CVE-2017-1433) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005525
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-12-2017 18:00 − Dienstag 05-12-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Gefälschte Sicherheitswarnung auf Facebook ∗∗∗
---------------------------------------------
Mit dem gefälschten Facebook-Profil „Help Update Account“ teilen Kriminelle Beiträge von Kleinunternehmen und sprechen eine Sicherheitswarnung aus. Sie fordern die Eigentümer/innen der Konten auf, dass sie auf einer Website ihren Account bestätigen, um eine Blockierung zu verhindern. Wer dem nachkommt, übermittelt die Unternehmens-Zugangsdaten an Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/facebook-betrug/gefaelschte-sicherheitswa…
=====================
= Vulnerabilities =
=====================
∗∗∗ Apache Software Foundation Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: December 04, 2017 The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Apache Security Bulletins S2-054 and S2-055 and upgrade to Struts 2.5.14.1.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2017/12/04/Apache-Software-Fo…
∗∗∗ DFN-CERT-2017-2198/">OTRS: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
Ein entfernter, einfach authentifizierter Angreifer mit Agenten-Benutzerkonto in OTRS kann eine Schwachstelle ausnutzen, um beliebige Kommandozeilenbefehle mit erweiterten Privilegien auf dem unterliegenden Betriebssystem zur Ausführung zu bringen. Ein Angreifer mit Kundenkonto kann eine weitere Schwachstelle ausnutzen, um interne Informationen über seinem Konto zugeordnete Kundentickets auszuspähen.
Der Hersteller stellt OTRS 6.0.2, 5.0.25 und 4.0.27 als Sicherheitsupdates zur Behebung der Schwachstellen zur Verfügung.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2198/
∗∗∗ DFN-CERT-2017-2204/">Jenkins: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗
---------------------------------------------
Ein entfernter, einfach authentisierter Angreifer mit Administratorrechten kann einen Cross-Site-Scripting (XSS)-Angriff gegen Benutzer von Jenkins durchführen.
Der Hersteller plant kein Sicherheitsupdate zur Behebung der Schwachstelle, da Administratoren in Jenkins gemäß ihrer Rollendefinition bereits alle Rechte haben, um die durch die genannte Schwachstelle möglichen Angriffe durchzuführen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2204/
∗∗∗ Android Security Bulletin - December 2017 ∗∗∗
---------------------------------------------
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2017-12-05 or later address all of these issues.
---------------------------------------------
https://source.android.com/security/bulletin/2017-12-01.html
∗∗∗ IBM Security Bulletin: A vulnerability in busybox affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2016-2147) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099729
∗∗∗ IBM Security Bulletin: A tcp vulnerability in Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-14106) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099730
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2017 CPU ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010560
∗∗∗ IBM Security Bulletin: Apache Commons Collection as used in IBM QRadar SIEM is vulnerable to remote code execution. (CVE-2015-6420) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011281
∗∗∗ IBM Security Bulletin: IBM Case Manager may be vulnerable to Apache Commons FileUpload code execution ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010267
∗∗∗ IBM Security Bulletin: Financial Transaction Manager (FTM) for Multi-Platform (MP) is affected by a SQL Injection security vulnerability (CVE-2017-1606) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011179
∗∗∗ IBM Security Bulletin: IBM Connections Engagement Center Security Refresh (CVE-2017-1613, CVE-2017-1683) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010690
∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2017-1498) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006286
∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2017-1481) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010761
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a GNU C library (glibc) vulnerability (CVE-2017-8804) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009796
∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005400
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily