Daily

daily@lists.cert.at

1 participants
3189 discussions

Tageszusammenfassung - 20.11.2017
by Daily end-of-shift report 20 Nov '17

20 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-11-2017 18:00 − Montag 20-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Defining and securing the Internet of Things: ENISA publishes a study on how to face cyber threats in critical information infrastructures ∗∗∗ --------------------------------------------- The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments. The ENISA report was developed in cooperation with the ENISA IoT Security Experts Group and additional key stakeholders. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/defining-and-securing-the-inter… ∗∗∗ New Open-Source IDS Tools ∗∗∗ --------------------------------------------- On November 16, 2017, [Dell] Secureworks released two open-source tools: Flowsynth and Dalton. These tools allow analysts to easily create and test network packet captures against IDS engines such as Suricata and Snort. --------------------------------------------- https://www.secureworks.com/blog/new-open-source-ids-tools ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2081/">Procmail: Eine Schwachstelle ermöglicht u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Eine Schwachstelle in 'procmail' ermöglicht einem entfernten, nicht authentisierten Angreifer die Durchführung eines Denial-of-Service (DoS)-Angriffes oder möglicherweise die Ausführung beliebigen Programmcodes. Voraussetzung ist, dass das Opfer eine schädlich präparierte Email-Nachricht des Angreifers öffnet. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2081/ ∗∗∗ DFN-CERT-2017-2085/">Moodle: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer kann eine Schwachstelle in Moodle ausnutzen, um Informationen über Kursteilnehmer auszuspähen oder zu erraten. Moodle stellt die Versionen 3.1.9, 3.2.6, 3.3.3 und 3.4 als Sicherheitsupdates zur Behebung der Schwachstelle zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2085/ ∗∗∗ Helping to Secure your PostgreSQL Database ∗∗∗ --------------------------------------------- But what about properly securing your PostgreSQL database? There are many ways you can go about securing a PostgreSQL database. Im going to highlight a few tips that I feel are important and essential to preventing unauthorized access into your data environment. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Helping-to-Secure-your-… ∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗ --------------------------------------------- On October 16, 2017, an article titled "Key Reinstallation Attacks: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was released, which mentioned multiple security vulnerabilities in protocols Wi-Fi Protected Access (WPA) and WPA2. The researcher had reported some of these vulnerabilities to Huawei before disclosing them. Huawei immediately launched investigation and carried out technical communication with the researcher. At present, the products that are affected by vulnerabilities include Android-based Huawei smart phone and Huawei smart home products (Huawei smart router, Honor smart router and Honor TV Box). --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-… ∗∗∗ SSA-689071 (Last Update 2017-11-17): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M800 and SCALANCE S615 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-689071… ∗∗∗ OpenSSH vulnerability CVE-2017-15906 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K89621551 ∗∗∗ Vuln: Varnish Cache CVE-2017-8807 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101886 ∗∗∗ Symantec Management Console Directory Traversal ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ FortiWeb Stored XSS vulnerability on webUI certificate view page ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-131 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008478 ∗∗∗ IBM Security Bulletin: IBM Tivoli Monitoring is affected by a vulnerability in its internal web server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010554 ∗∗∗ IBM Security Bulletin: An unspecified vulnerability in Oracle Java SE affects IBM Algo One Algo Risk Application (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009930 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Algo One – Core (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009138 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Modeler ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010687 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5664) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009583 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5648) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004763 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-12163) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010785 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010746 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010740 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010745 ∗∗∗ IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Storwize V7000 Unified (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010731 ∗∗∗ IBM Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22006357 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2017-15906) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.11.2017
by Daily end-of-shift report 17 Nov '17

17 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-11-2017 18:00 − Freitag 17-11-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Projekthoster: Github zeigt Sicherheitswarnungen für Projektabhängigkeiten ∗∗∗ --------------------------------------------- Vor wenigen Wochen hat der Projekthoster Github ein Werkzeug vorgestellt, das die Abhängigkeiten eines Projekts besser darstellen soll. Das Konzept wird nun um Sicherheitshinweise und Warnungen erweitert, was die Pflege deutlich erleichtern sollte. --------------------------------------------- https://www.golem.de/news/projekthoster-github-zeigt-sicherheitswarnungen-f… ∗∗∗ Here’s How To Get Solid Browser Security [Update 2017] ∗∗∗ --------------------------------------------- Of all the threats out there, browser security is often forgotten. This is tragic because browsers are a favorite target for malicious hackers. They’re the main way you interact with the Internet. You Google things, you visit blogs, buy online, pay your bills or browse Facebook. If a malicious hacker breaks in, he will find everything about [...] --------------------------------------------- https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/ ∗∗∗ Terdot banking trojan targets social media and email in addition to financial services ∗∗∗ --------------------------------------------- The Terdot banking trojan not only steals credit card information and login credentials for online financial services, but it also intercepts and modifies traffic on social media and email platforms, according to Bitdefender. --------------------------------------------- https://www.scmagazine.com/terdot-banking-trojan-targets-social-media-and-e… ∗∗∗ New White House Announcement on the Vulnerability Equities Process ∗∗∗ --------------------------------------------- The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet, but the best place to start is Cybersecurity Coordinator Rob Joyces blog post. --------------------------------------------- https://www.schneier.com/blog/archives/2017/11/new_white_house_1.html ∗∗∗ Oracle scrambles to sew up horrid security holes in PeopleSofts Tuxedo ∗∗∗ --------------------------------------------- Nothing like unauthd hijacking, Heartbleed-style bugs to patch ASAP Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/16/oracle_peop… ∗∗∗ US-CERT: Security Tip (ST17-001) Securing the Internet of Things ∗∗∗ --------------------------------------------- The Internet of Things is becoming an important part of everyday life. Being aware of the associated risks is a key part of keeping your information and devices secure. --------------------------------------------- https://www.us-cert.gov/ncas/tips/ST17-001 ∗∗∗ Over 530 cyber-activities during fifth edition of European Cyber Security Month ∗∗∗ --------------------------------------------- The 2017 European Cyber Security Month (ECSM) has ended. This was the fifth consecutive edition of the awareness campaign put together by the EU Cybersecurity Agency ENISA, the EU Commission’s DG CONNECT and their partners. ... During the month of October, some 530 activities such as conferences, workshops, seminars and online courses took place across Europe, --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/over-530-cyber-activities-durin… ∗∗∗ Supplementing Windows Audit, Alerting, and Remediation with PowerShell [PDF] ∗∗∗ --------------------------------------------- This paper outlines the use of PowerShell to supplement audit, alerting, and remediation platform for Windows environments. This answers the question of why use PowerShell for these purposes. Several examples of using PowerShell are included to start the thought process on why PowerShell should be the security multi-tool of first resort. Coverage includes how to implement these checks in a secure, automatable way. --------------------------------------------- https://www.sans.org/reading-room/whitepapers/assurance/supplementing-windo… ∗∗∗ Beware Catphishing attacks targeting the hearts of security pros ∗∗∗ --------------------------------------------- Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated. --------------------------------------------- https://www.scmagazineuk.com/beware-catphishing-attacks-targeting-the-heart… ∗∗∗ Zehn Sicherheitslücken in Wiki-Software MediaWiki ∗∗∗ --------------------------------------------- Neue MediaWiki-Versionen schützen darauf aufsetzende Wikis unter anderem effektiver vor Brute-Force-Attacken. --------------------------------------------- https://heise.de/-3892250 ===================== = Vulnerabilities = ===================== ∗∗∗ BIG-IP SSL vulnerability CVE-2017-6168 ∗∗∗ --------------------------------------------- A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. --------------------------------------------- https://support.f5.com/csp/article/K21905460 ∗∗∗ Moxa NPort 5110, 5130, and 5150 ∗∗∗ --------------------------------------------- This advisory contains mitigation details for injection, information exposure, and resource exhaustion vulnerabilities in Moxa's NPort 5110, 5130, and 5150. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01 ∗∗∗ Siemens SICAM ∗∗∗ --------------------------------------------- This advisory contains mitigation details for missing authentication for critical function, cross-site scripting, and code injection vulnerabilities in the Siemens SICAM products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-02 ∗∗∗ VMSA-2017-0019 ∗∗∗ --------------------------------------------- NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0019.html ∗∗∗ VMSA-2017-0018 ∗∗∗ --------------------------------------------- VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0018.html ∗∗∗ VU#817544: Windows 8.0 and later fail to properly randomize all applications if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/817544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541543 ∗∗∗ DFN-CERT-2017-2068: Jenkins Plugin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2068/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009204 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010329 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010744 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010742 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SONAS (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010747 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010321 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data. (CVE-2017-1484) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010103 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010671 ∗∗∗ IBM Security Bulletin: IBM DataQuant is affected by an Open Source Apache Poi vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010565 ∗∗∗ IBM Security Bulletin: Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-2619) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010689 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2017
by Daily end-of-shift report 16 Nov '17

16 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-11-2017 18:00 − Donnerstag 16-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Suspicious Domains Tracking Dashboard, (Thu, Nov 16th) ∗∗∗ --------------------------------------------- Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how can we detect potentially malicious DNS activity if domains are not (yet) present in a blacklist? The typical case is DGAs of Domain Generation Algorithm used by some malware families. --------------------------------------------- https://isc.sans.edu/diary/rss/23046 ∗∗∗ Microsoft DDE protocol based malware attacks ∗∗∗ --------------------------------------------- Introduction: Over the past few weeks, there have been several reports about the Microsoft Dynamic Data Exchange (DDE) vulnerability. To no ones surprise, hackers have been quick to exploit this vulnerability to spread malware through rigged Microsoft Word documents. In this same timeframe, the Zscaler ThreatLabZ team has seen a number of these malicious documents using the DDE vulnerability to download and execute malware. Most of the payloads we saw were Remote Access Trojans (RATs) [...] --------------------------------------------- https://www.zscaler.com/blogs/research/microsoft-dde-protocol-based-malware… ∗∗∗ Quad9: Datenschutzfreundliche Alternative zum Google-DNS ∗∗∗ --------------------------------------------- Wer Google nicht wesentliche Teile seines Surfverhaltens anvertrauen möchte, kann ab sofort auf einen alternativen DNS-Dienst ausweichen: 9.9.9.9 statt 8.8.8.8. Doch auch dort gibt es Besonderheiten. --------------------------------------------- https://www.heise.de/newsticker/meldung/Quad9-Datenschutzfreundliche-Altern… ∗∗∗ Ciscos Voice Operating System ist empfänglich für Angreifer ∗∗∗ --------------------------------------------- Angreifer könnten die Kontrolle über Cisco-Geräte mit Voice Operating System an sich reißen. Sicherheitsupdates schließen diese und weitere Lücken in anderen Produkten. --------------------------------------------- https://heise.de/-3891402 ∗∗∗ Sharp rise in fileless attacks evading endpoint security ∗∗∗ --------------------------------------------- A new Ponemon Institute survey of 665 IT and security leaders finds that over-reliance on traditional endpoint security is leaving organizations exposed to significant risk. 54 percent of respondents said their company experienced a successful attack. Of those respondents, 77 percent were victim to fileless attack or exploit. "This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations." said Dr. Larry Ponemon [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/11/16/fileless-attacks-evading-endpoin… ===================== = Vulnerabilities = ===================== ∗∗∗ Update: Kritische Lücke in Microsoft Office ermöglicht Remote Code Execution ∗∗∗ --------------------------------------------- Researcher haben eine schwerwiegende Sicherheitslücke in Microsoft Office entdeckt. Beschreibung Wenn ein Benutzer eine speziell präparierte Datei im Microsoft Excel-Format oder Microsoft Word-Format öffnet, kann in Folge ein Angreifer beliebigen Code, mit den Rechten des angemeldeten Benutzers, auf dem System ausführen. Die Schwachstelle basiert auf der Verwendung von [...] --------------------------------------------- http://www.cert.at/warnings/all/20171011.html ∗∗∗ Security Patch Compliance does not take effect on an activated Android device ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Bugtraq: CA20171114-01: Security Notice for CA Identity Governance ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541530 ∗∗∗ Yoast SEO <= 5.7.1 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8960 ∗∗∗ DFN-CERT-2017-2056: FreeBSD: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2056/ ∗∗∗ DFN-CERT-2017-2046: MongoDB: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2046/ ∗∗∗ DFN-CERT-2017-2066: Webkit2GTK: Mehrere Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2066/ ∗∗∗ Security Advisory - SQL Injection Vulnerabilities in Huawei UMA Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-… ∗∗∗ IBM Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010512 ∗∗∗ IBM Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005401 ∗∗∗ Broken access control & LINQ injection in Progress Sitefinity ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/broken-access-control-linq-i… ∗∗∗ Shibboleth Service Provider Error in Dynamic MetadataProvider Plugin Lets Remote Users Bypass Security Restrictions on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039808 ∗∗∗ MediaWiki Multiple Flaws Let Remote Users Modify Data, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Passwords ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039812 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2017
by Daily end-of-shift report 15 Nov '17

15 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-11-2017 18:00 − Mittwoch 15-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsrisiko: Oneplus-Smartphones kommen mit eingebautem Root-Zugang ∗∗∗ --------------------------------------------- Oneplus verkauft offenbar seit Jahren seine Smartphones mit einem vorinstallierten Entwicklertool von Qualcomm, das Zugriff auf zahlreiche Systemressourcen erlaubt. Per ADB ist ein Root-Zugriff auf das jeweilige Gerät möglich. Der Hersteller will die Anwendung herauspatchen. --------------------------------------------- https://www.golem.de/news/sicherheitsrisiko-oneplus-smartphones-kommen-mit-… ∗∗∗ Privater Schlüssel: DXC veröffentlicht AWS-Key und muss 64.000 US-Dollar zahlen ∗∗∗ --------------------------------------------- Private Schlüssel in freier Wildbahn sind ein verbreitetes Problem. Zuletzt traf es das Sicherheitsunternehmen DXC, das den AWS-Schlüssel versehentlich bei Github hochlud - und dann die Rechnung dafür bekam. --------------------------------------------- https://www.golem.de/news/privater-schluessel-dxc-veroeffentlicht-aws-key-u… ∗∗∗ These Campaigns Explain Why AV Detection for New Malware Remains Low ∗∗∗ --------------------------------------------- This year we saw massive spam campaigns like NonPetya or Locky fly below the radar of antivirus software and went undetected during the first hours or even days. Some of them actually went undetected even for months. Second-generation malware usually has the ability to evade detection and bypass antivirus programs users have installed on their computers to [...] --------------------------------------------- https://heimdalsecurity.com/blog/campaigns-av-detection-new-malware-low/ ∗∗∗ Confusion reigns over crypto vuln in Spanish electronic ID smartcards ∗∗∗ --------------------------------------------- Certs revoked, but where are the updates? The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/15/spanish_id_… ∗∗∗ TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318A ∗∗∗ TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 | Last revised: November 15, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318B ∗∗∗ Secure Engineering Guidelines ∗∗∗ --------------------------------------------- Some best practices for building and trusting software. --------------------------------------------- https://medium.com/@HockeyInJune/secure-engineering-guidelines-3b8845ac3265 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available in Foxit MobilePDF for iOS 6.1 ∗∗∗ --------------------------------------------- Foxit has released Foxit MobilePDF for iOS 6.1, which addresses potential security and stability issues. --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php ∗∗∗ Microsoft Security Updates ∗∗∗ --------------------------------------------- MS17-023 Security Update for Adobe Flash Player MS17-022 Security Update for Microsoft XML Core Services MS17-021 Security Update for Windows DirectShow MS17-020 Security Update for Windows DVD Maker MS17-019 Security Update for Active Directory Federation Services MS17-018 Security Update for Windows Kernel-Mode Drivers MS17-017 Security Update for Windows Kernel MS17-016 Security Update for Windows IIS MS17-015 Security Update for Microsoft Exchange Server MS17-014 Security Update for [...] --------------------------------------------- https://technet.microsoft.com/en-us/security/bulletins ∗∗∗ QNX-2017-001 Multiple vulnerabilities impact BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01 ∗∗∗ ABB TropOS ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-02 ∗∗∗ Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01 ∗∗∗ Cisco Security Advisories and Alerts ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ DFN-CERT-2017-2041: Oracle Fusion Middleware, Oracle Tuxedo: Mehrere Schwachstellen ermöglichen u.a. eine vollständige Komprommittierung ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2041/ ∗∗∗ Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in MTK Platform ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Java vulnerability CVE-2017-10176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05911127 ∗∗∗ Linux kernel vulnerability CVE-2017-11176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K56450659 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2017
by Daily end-of-shift report 14 Nov '17

14 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 13-11-2017 18:00 − Dienstag 14-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Breaking security controls using subdomain hijacking ∗∗∗ --------------------------------------------- Users obtain a domain name to establish a unique identity on the Internet. Domain names are not only used to serve names and addresses of computers and services but also to store security controls, such as SPF or CAA records. --------------------------------------------- https://securityblog.switch.ch/2017/11/14/subdomain-hijacking/ ∗∗∗ Investigating Command and Control Infrastructure (Emotet) ∗∗∗ --------------------------------------------- Although the majority of botnets still use a basic client-server model, with most relying on HTTP servers to receive commands, many prominent threats now use more advanced infrastructure to evade endpoint blacklisting and be resilient to take-down. In this article I will go through and explain my process of identifying Command and Control (C2) servers and understanding their topology, using Emotet as an example. --------------------------------------------- https://www.malwaretech.com/2017/11/investigating-command-and-control-infra… ∗∗∗ XZZX Cryptomix Ransomware Variant Released ∗∗∗ --------------------------------------------- A new CryptoMix Ransomware variant has been discovered that appends the .XZZX extension to encrypted files. This article will discuss the changes found in this new variant. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-va… ===================== = Vulnerabilities = ===================== ∗∗∗ SQL Injection in bbPress ∗∗∗ --------------------------------------------- During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug --------------------------------------------- https://blog.sucuri.net/2017/11/sql-injection-bbpress.html ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Flash Player (APSB17-33), Photoshop CC (APSB17-34), Connect (APSB17-35), Acrobat and Reader (APSB17-36), DNG Converter (APSB17-37), InDesign CC (APSB17-38), Digital Editions (APSB17-39), Shockwave Player (APSB17-40) and Adobe Experience Manager (APSB17-41). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1510 ∗∗∗ #AVGater: Systemübernahme via Quarantäne-Ordner ∗∗∗ --------------------------------------------- Eine neue Angriffstechnik nutzt die Wiederherstellungs-Funktion der Anti-Viren-Quarantäne, um Systeme via Malware zu kapern. Bislang reagierten sechs Software-Hersteller mit Updates. --------------------------------------------- https://heise.de/-3889107 ∗∗∗ Authentication bypass, cross-site scripting & code execution in Siemens SICAM RTU SM-2556 ∗∗∗ --------------------------------------------- The Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00) are affected by an authentication bypass vulnerability as the authentication checks are only performed client-side (JavaScript). Furthermore, the device is affected by cross site scripting vulnerabilities and outdated webserver software which allows code execution. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/authentication-bypass-cross-… ∗∗∗ Vulnerability in windows antivirus products (IK-SA-2017-0002) ∗∗∗ --------------------------------------------- A privilege escalation and arbitrary write vulnerability was found in all our windows antivirus products. [...] Successful exploitation of this issue would allow an attacker to overwrite any memory region (including kernel) in the client machine with elevated privileges. --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-w… ∗∗∗ SAP Security Patch Day - November 2017 ∗∗∗ --------------------------------------------- On 14th of November 2017, SAP Security Patch Day saw the release of 13 Security Notes. Additionally, there were 9 updates to previously released security notes. --------------------------------------------- https://blogs.sap.com/2017/11/14/sap-security-patch-day-november-2017/ ∗∗∗ DFN-CERT-2017-2025/">OTRS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2025/ ∗∗∗ DFN-CERT-2017-2024/">Symantec Endpoint Encryption: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2024/ ∗∗∗ IBM Security Bulletin: Vulnerability may affect IBM® SDK for Node.js™ (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009851 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by vulnerabilities in the IBM® SDK, Java Technology Edition Quarterly Critical Patch Updates (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010282 ∗∗∗ IBM Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009145 ∗∗∗ Cacti Input Validation Flaw in Page Refresh Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039774 ∗∗∗ jQuery vulnerability CVE-2016-7103 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95208524 ∗∗∗ Java vulnerability CVE-2017-10135 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23489380 ∗∗∗ Java vulnerability CVE-2017-10198 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04734043 ∗∗∗ Java SE and JRockit vulnerability CVE-2017-10243 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54747614 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2017
by Daily end-of-shift report 13 Nov '17

13 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-11-2017 18:00 − Montag 13-11-2017 18:00 Handler: Stephan Richter Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Detecting reflective DLL loading with Windows Defender ATP ∗∗∗ --------------------------------------------- Todays attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In recent blogs we described how attackers use basic... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/11/13/detecting-reflective-dl… ∗∗∗ Keep An Eye on your Root Certificates, (Sat, Nov 11th) ∗∗∗ --------------------------------------------- A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers which silently installs a root certificate[1]. The risks associated with this kind of behaviour are multiple, the most important remains performing MitM attacks. New root certificates are not always the result of an attack or infection by a malware. Corporate end-points might also get new root certificates. --------------------------------------------- https://isc.sans.edu/diary/rss/23030 ∗∗∗ Sicherheitsupdate: VMware AirWatch Launcher for Android als Sprungbrett für Angreifer ∗∗∗ --------------------------------------------- VMware schließt mehrere Sicherheitslücken in AirWatch Launcher und AirWatch Console for Android. Davon gilt keine als kritisch. --------------------------------------------- https://heise.de/-3888725 ∗∗∗ Hintergrund: Cardiac Scan: Herzbewegung als biometrisches Authentifizierungsmerkmal ∗∗∗ --------------------------------------------- Zu den gängigen biometrischen Identifikationsmerkmalen wie Fingerabdrücken, Iris-Scans oder Gesichtserkennung könnte sich bald auch das menschliche Herz gesellen. Denn keines bewegt sich wie das andere. --------------------------------------------- https://heise.de/-3842874 ∗∗∗ Ordinypt: Vermeintlicher Erpressungstrojaner-Ausbruch in Deutschland gibt Rätsel auf ∗∗∗ --------------------------------------------- Die vor kurzem aufgetauchte Ransomware Ordinypt löscht Dateien, statt sie zu verschlüsseln und hat es mit Fake-PDF-Dateien auf deutsche Personalabteilungen abgesehen. Allerdings gibt es bisher kaum Anzeichen auf Infektionen in freier Wildbahn. --------------------------------------------- https://heise.de/-3889143 ∗∗∗ Keine Bank Austria-Kundendaten aktualisieren ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bank Austria-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie eine Website aufrufen und auf dieser ihre persönlichen Kund/innendaten aktualisieren. Wer der Aufforderung nachkommt, übermittelt OnlineBanking-Zugangsdaten an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-bank-austria-kundendaten-a… ∗∗∗ Fighting persistent malware with a UEFI scanner, or ‘What’s it all about UEFI?” ∗∗∗ --------------------------------------------- The biggest news in malware so far this year has been WannaCryptor a.k.a. WannaCry, and one reason that particular ransomware spread so fast was because it used a "top secret" exploit developed by the NSA, an agency known to have dabbled in UEFI compromise. --------------------------------------------- https://www.welivesecurity.com/2017/11/10/uefi-scanner-fighting-persistent-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras ∗∗∗ --------------------------------------------- These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryThe Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identified several vulnerabilities present in these devices, and worked with Foscam to develop fixes for them, which we published the details for in a blog post here. --------------------------------------------- http://blog.talosintelligence.com/2017/11/foscam-multiple-vulns.html ∗∗∗ DSA-4031 ruby2.3 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4031 ∗∗∗ DSA-4032 imagemagick - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4032 ∗∗∗ Vuln: ManageEngine ServiceDesk CVE-2017-11511 Arbitrary File Download Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101788 ∗∗∗ WP Support Plus Responsive Ticket System <= 8.0.7 - Remote Code Execution (RCE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8949 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.11.2017
by Daily end-of-shift report 10 Nov '17

10 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-11-2017 18:00 − Freitag 10-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ "Eavesdropper" Vulnerability Exposes Millions of Private Conversations ∗∗∗ --------------------------------------------- Security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service. --------------------------------------------- https://www.bleepingcomputer.com/news/security/-eavesdropper-vulnerability-… ∗∗∗ Google Ranks Phishing Above Keyloggers & Password Reuse as Bigger Threat to Users ∗∗∗ --------------------------------------------- Research carried out by Google engineers and academics from the University of California, Berkeley and the International Computer Science Institute has revealed that phishing attacks pose a more significant threat to users losing access to their Google accounts when compared to keyloggers or password reuse. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-ranks-phishing-above-… ∗∗∗ First Android Malware Detected Using New "Toast Overlay" Attack ∗∗∗ --------------------------------------------- A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-android-malware-detect… ∗∗∗ Ordinypt: Erpressungstrojaner bedroht deutsche Firmen ∗∗∗ --------------------------------------------- Allem Anschein nach geht in Deutschland ein neuer Trojaner um, der auf Personalabteilungen zielt und Lösegeld erpresst. Der in Delphi verfasste Trojaner lässt Opfern allerdings keine Chance, ihre Daten wiederzubekommen. --------------------------------------------- https://heise.de/-3887249 ∗∗∗ Achtung: Abzocker-Version des Windows Movie Maker ist Nummer Eins bei Google ∗∗∗ --------------------------------------------- Eine gefälschte Version des nicht mehr von Microsoft angebotenen Windows Movie Maker verführt Opfer zum Download und bittet sie dann zur Kasse. Die Betrüger-Webseite hat es sogar ganz vorne in die Ergebnisse vieler Suchmaschinen geschafft. --------------------------------------------- https://heise.de/-3887323 ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-36) ∗∗∗ --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, November 14, 2017. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1508 ∗∗∗ AutomationDirect CLICK, C-More, C-More Micro, GS Drives, and SL-Soft SOLO ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-01 ∗∗∗ Schneider Electric InduSoft Web Studio and InTouch Machine Edition ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-02 ∗∗∗ iOS 11.1.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208255 ∗∗∗ DFN-CERT-2017-1998/">PostgreSQL: Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1998/ ∗∗∗ DFN-CERT-2017-1995/">GitLab: Mehrere Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1995/ ∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by a Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010229 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar Network Security Manager component of IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007568 ∗∗∗ SSA-901333 (Last Update 2017-11-09): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-901333… ∗∗∗ VMSA-2017-0017 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0017.html ∗∗∗ VMSA-2017-0016 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0016.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2017
by Daily end-of-shift report 09 Nov '17

09 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-11-2017 18:00 − Donnerstag 09-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Evil pixels: researcher demos data-theft over screen-share protocols ∗∗∗ --------------------------------------------- Users see white noise, attackers see whatever they just stole from you Its the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/09/evil_pixels… ∗∗∗ Tausende Cisco-Switches offen im Internet – Angriffe laufen bereits ∗∗∗ --------------------------------------------- Über 200.000 Cisco Switches sind übers Internet erreichbar und lassen sich umkonfigurieren oder komplett übernehmen; mehrere tausend davon allein in Deutschland. Die Systeme werden bereits angegriffen, doch der Hersteller sieht keine Schwachstelle. --------------------------------------------- https://heise.de/-3882810 ∗∗∗ Hacker dringt weiter in Intels Management Engine vor ∗∗∗ --------------------------------------------- Maxim Goryachy von der Beratungsfirma Positive Technologies konnte eine Programmierschnittstelle zu Intels Managemet Engine öffnen, während Google-Experten die Firmware-Alternative NERF entwickeln. --------------------------------------------- https://heise.de/-3884928 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4022 libreoffice - security update ∗∗∗ --------------------------------------------- Marcin Noga discovered two vulnerabilities in LibreOffice, which couldresult in the execution of arbitrary code if a malformed PPT or DOCdocument is opened. --------------------------------------------- https://www.debian.org/security/2017/dsa-4022 ∗∗∗ BlackBerry powered by Android Security Bulletin – November 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ VU#739007: IEEE P1735 implementations may have weak cryptographic protections ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/739007 ∗∗∗ 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0 ∗∗∗ --------------------------------------------- https://technet.microsoft.com/en-us/library/security/4053440 ∗∗∗ Vuln: Multiple Asterisk Products CDR Remote Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101760 ∗∗∗ DFN-CERT-2017-1987: Jenkins: Zwei Schwachstellen ermöglichen u.a. Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1987/ ∗∗∗ DFN-CERT-2017-1991: Roundcube Webmail: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1991/ ∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant GUI affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-1710) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010788 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in libtasn1 (CVE-2015-2806, CVE-2015-3622) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010224 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007609 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000357 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10115, CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009304 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010191 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2017
by Daily end-of-shift report 08 Nov '17

08 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-11-2017 18:00 − Mittwoch 08-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSH Server "Time to Live"? Less than a cup of coffee!, (Wed, Nov 8th) ∗∗∗ --------------------------------------------- After the stories I posted last week on SSH, I had some folks ask me about putting an SSH server on the public internet - apparently lots of lots of folks still think that's a safe thing to do. --------------------------------------------- https://isc.sans.edu/diary/rss/23020 ∗∗∗ BSI veröffentlicht Bericht zur Lage der IT-Sicherheit in Deutschland 2017 ∗∗∗ --------------------------------------------- Der Lagebericht der nationalen Cyber-Sicherheitsbehörde beschreibt und analysiert die aktuelle IT-Sicherheitslage, die Ursachen von Cyber-Angriffen sowie die verwendeten Angriffsmittel und -methoden. Daraus abgeleitet zeigt das BSI Lösungsansätze zur Verbesserung der IT-Sicherheit in Deutschland auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Bericht_zur… ∗∗∗ Amazon Updates AWS Dashboard to Warn Admins When Theyre Exposing S3 Buckets ∗∗∗ --------------------------------------------- Following a long string of data leaks caused by misconfigured S3 servers, Amazon has decided to add a visible warning to the AWS backend dashboard panel that will let server admins know if one of their buckets (storage environments) is publicly accessible and exposing potentially sensitive data on the Internet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-updates-aws-dashboard… ∗∗∗ Windows 10: Microsoft stellt Sicherheitsrichtlinien für Windows-PCs auf ∗∗∗ --------------------------------------------- Ein aktueller Prozessor, UEFI 2.4 und am besten ein TPM-Chip: Neue Sicherheitsrichtlinien machen Systeme mit Fall Creators Update laut Microsoft erst sicher. Die 8-GByte-RAM-Regel kann jedoch etwa das eigene Surface Pro teils nicht einhalten. (Windows 10, Microsoft) --------------------------------------------- https://www.golem.de/news/windows-10-microsoft-stellt-sicherheitsrichtlinie… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory - Denial of Service Vulnerability on Huawei Smartphones ∗∗∗ --------------------------------------------- There is a denial of service vulnerability on Huawei Smartphones. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. (Vulnerability ID: HWPSIRT-2017-09085) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15345. Huawei has released software updates to fix this vulnerability. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei FusionSphere OpenStack ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Three Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Command Injection Vulnerability in OpsMonitor ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact affected by IBM® SDK Java™ Technology Edition Quarterly CPU – Jul 2017 – Includes Oracle Jul 2017 CPU vulnerabilities in IBM WebSphere Application Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010162 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Guardium Data Redaction (multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008888 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010223 ∗∗∗ Kernel vulnerabilities CVE-2017-12192 and CVE-2017-15274 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33567812 ∗∗∗ Java vulnerability CVE-2017-10118 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42185012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2017
by Daily end-of-shift report 07 Nov '17

07 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 06-11-2017 18:00 − Dienstag 07-11-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Security: Malware mit legitimen Zertifikaten weit verbreitet ∗∗∗ --------------------------------------------- Aktuelle Forschungen werfen erneut ein schlechtes Licht auf den Umgang mit Zertifikaten. Fast 200 Malware-Proben sind mit legitimen digitalen Unterschriften ausgestattet gewesen. Damit kann die Schadsoftware Prüfungen durch Sicherheitssoftware bestehen. (Security, Virus) --------------------------------------------- https://www.golem.de/news/security-malware-mit-legitimen-zertifikaten-weit-… ∗∗∗ NCSC publishes factsheet Post-quantum cryptography ∗∗∗ --------------------------------------------- The emergence of quantum computers can have major implications for organizations that process sensitive information. Using a future quantum computer, one can decrypt data that is encrypted with popular cryptographic algorithms. The consequences are, however, even more serious. Encrypted data may already be intercepted, awaiting the possibility to decrypt the data with a future quantum computer. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-po… ∗∗∗ The Apple iOS 11 Privacy and Security Settings You Should Check ∗∗∗ --------------------------------------------- Heads up, iPhone owners. iOS 11 comes with a batch of security features that merit your attention. --------------------------------------------- https://www.wired.com/story/ios-11-privacy-security-settings ∗∗∗ Warnung vor gefälschter Bank Austria-Sicherheits-App ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht fordern Kriminelle Empfänger/innen dazu auf, dass sie eine Sicherheits-App installieren. Die Installation der Anwendung sei erforderlich, damit Kund/innen weiterhin das OnlineBanking ihrer Bank nützen können. In Wahrheit ist die Sicherheits-App Schadsoftware. Sie hilft den Betrüger/innen dabei, das Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/warnung-vor-gefaelschter-bank-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Oh Brother: Hackers can crash your unpatched printers – researchers ∗∗∗ --------------------------------------------- DoSsing for fun and profit not just a nuisance, they warn Security researchers have said theyve uncovered a new way for hackers to crash Brother printers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/07/brother_pri… ∗∗∗ DFN-CERT-2017-1975/">Chrome OS: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung betroffener Systeme ∗∗∗ --------------------------------------------- Betroffene Software: Chrome OS < 62.0.3202.74 Betroffene Plattformen: Chrome OS Lösung: Patch; Chrome Stable Channel Update for Chrome OS, 27.10.2017 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1975/ ∗∗∗ DFN-CERT-2017-1972/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Betroffene Software * Google Android Operating System < 5.0.2 2017-11-06 * Google Android Operating System < 5.1.1 2017-11-06 * Google Android Operating System < 6.0 2017-11-06 * Google Android Operating System < 6.0.1 2017-11-06 * Google Android Operating System < 7.0 2017-11-06 * Google Android Operating System < 7.1.1 2017-11-06 * Google Android Operating System < 7.1.2 2017-11-06 * Google Android Operating System < 8.0 2017-11-06 * LG Mobile Android < SMR-NOV-2017 * Samsung Mobile Android < SMR-NOV-2017 Betroffene Plattformen * Google Nexus * Google Pixel * Google Android Operating System * LG Mobile Android * Samsung Mobile Android --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1972/ ∗∗∗ Vulnerabilities in multiple third party TYPO3 CMS extensions ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: * "File manager" (ameos_filemanager) * "T3Blog Extbase" (t3extblog) * "Recommend page " (pb_recommend_page) * "Formhandler" (formhandler) * "restler" (restler) * "CAB FAL search" (falsearch) * "Multishop" (multishop) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2017/000413.html ∗∗∗ [20171103] - Core - Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/ZBmazG0EZeU/715-20171103-c… ∗∗∗ [20171102] - Core - 2-factor-authentication bypass ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/KWysQZRrTWQ/713-20171102-c… ∗∗∗ [20171101] - Core - LDAP Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_Ud0fZdMIyg/714-20171101-c… ∗∗∗ DFN-CERT-2017-1973/">Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen u.a. die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1973/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008552 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2017 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010650 ∗∗∗ IBM Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007610 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004827 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010154 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008814 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily