===================== = End-of-Day report = =====================
Timeframe: Dienstag 13-11-2018 18:00 − Mittwoch 14-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a
===================== = News = =====================
∗∗∗ Hackers Change WordPress Siteurl to Pastebin ∗∗∗ --------------------------------------------- Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn't work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend [...] --------------------------------------------- https://blog.sucuri.net/2018/11/hackers-change-wordpress-siteurl-to-pastebin...
∗∗∗ Want to hack an ATM for free cash? Its as easy as Windows XP ∗∗∗ --------------------------------------------- Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash. --------------------------------------------- https://www.theregister.co.uk/2018/11/14/atm_security_lousy/
∗∗∗ November 2018 Microsoft Patch Tuesday ∗∗∗ --------------------------------------------- This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. [...] The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. [...] Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild. --------------------------------------------- https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/2430...
∗∗∗ Patchday bei Adobe: Nicht kritisch, aber wichtig ∗∗∗ --------------------------------------------- Sicherheitsupdates von Adobe schließen Lücken in Acrobat, Flash, Photoshop CC und Reader. Keine Schwachstelle gilt als "kritisch". --------------------------------------------- http://heise.de/-4220586
∗∗∗ Generalschlüssel für Fingerabdruckscanner: Master-Prints entsperren Smartphones ∗∗∗ --------------------------------------------- Mit KI-Methoden erstellten Forscher Fingerabdrücke, die als eine Art Generalschlüssel für Fingerabdruckscanner fungieren und damit etwa Smartphones entsperren. --------------------------------------------- http://heise.de/-4220782
∗∗∗ Prozessor-Sicherheit: Sieben neue Varianten von Spectre-Lücken ∗∗∗ --------------------------------------------- Die Spectre-Sicherheitslücken in Prozessoren lassen sich angeblich noch anders nutzen, als bisher bekannt; Intel gibt allerdings Entwarnung. --------------------------------------------- http://heise.de/-4220854
∗∗∗ Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies ∗∗∗ --------------------------------------------- You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really dont like? Logging on to Report URI and being greeted with something like this: [...] --------------------------------------------- https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice-...
===================== = Vulnerabilities = =====================
∗∗∗ Security Advisory 2018-10: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- This advisory covers a problem with a data migration discovered in the OTRS framework. --------------------------------------------- https://community.otrs.com/security-advisory-2018-10-security-update-for-otr...
∗∗∗ VMSA-2018-0028 ∗∗∗ --------------------------------------------- VMware vRealize Log Insight updates address an authorization bypass vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0028.html
∗∗∗ November 2018 Office Update Release ∗∗∗ --------------------------------------------- The November 2018 Public Update releases for Office are now available! This month, there are 29 security updates and 16 non-security updates. All of the security and non-security updates are listed in KB article 4469617. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/11/13/...
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), Debian (ceph and spamassassin), Fedora (feh, flatpak, and xen), Red Hat (kernel, kernel-rt, openstack-cinder, python-cryptography, and Red Hat Single Sign-On 7.2.5), and Ubuntu (python2.7, python3.4, python3.5). --------------------------------------------- https://lwn.net/Articles/771881/
∗∗∗ Security Advisory - Information Leakage Vulnerability on Several Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-0...
∗∗∗ Security Advisory - Two Vulnerabilities in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-0...
∗∗∗ Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-0...
∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-0...
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytics...
∗∗∗ Denial of Service Vulnerability in Microsoft Skype for Business / Lync ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/vulnerability-in-skype-for-bu...