===================== = End-of-Day report = =====================
Timeframe: Montag 12-11-2018 18:00 − Dienstag 13-11-2018 18:00 Handler: Stephan Richter Co-Handler: n/a
===================== = News = =====================
∗∗∗ Trojaner: Der Banking-Trojaner Trickbot hat neue Tricks gelernt ∗∗∗ --------------------------------------------- Vor zwei Jahren hatte es Trickbot nur auf Bankdaten abgesehen. Nun ist eine neue Variante des Trojaners im Umlauf, die auch Passwörter aus anderen Anwendungen abgreifen kann. (Malware, Spam) --------------------------------------------- https://www.golem.de/news/trojaner-der-banking-trojaner-trickbot-hat-neue-tr...
∗∗∗ Blockverschlüsselung: Verschlüsselungsmodus OCB2 gebrochen ∗∗∗ --------------------------------------------- Im Verschlüsselungsmodus OCB2 wurden in kurzer Abfolge zahlreiche Sicherheitsprobleme gefunden. Breite Verwendung findet dieser Modus nicht, obwohl er Teil eines ISO-Standards ist. (Verschlüsselung, Applikationen) --------------------------------------------- https://www.golem.de/news/blockverschluesselung-verschluesselungsmodus-ocb2-...
∗∗∗ Should You Send Your Pen Test Report to the MSRC? ∗∗∗ --------------------------------------------- Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/11/12/should-you-send-your-pen...
∗∗∗ Why Google Internet Traffic Rerouted Through China and Russia ∗∗∗ --------------------------------------------- For two hours Monday, Google internet traffic rerouted through China, Russia, and elsewhere. Heres why. --------------------------------------------- https://www.wired.com/story/google-internet-traffic-china-russia-rerouted
∗∗∗ TLS-Aufschlüsselung: Malware und Angriffe in verschlüsselten Datenströmen erkennen ∗∗∗ --------------------------------------------- Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten. --------------------------------------------- http://heise.de/-4219047
===================== = Vulnerabilities = =====================
∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1648
∗∗∗ SAP Security Patch Day - November 2018 ∗∗∗ --------------------------------------------- On 13th of November 2018, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 3 updates to previously released security notes. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd). --------------------------------------------- https://lwn.net/Articles/771697/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 ) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-v...
∗∗∗ RSA BSAFE Micro Edition Suite Lets Remote Users Cause the Target Service to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1042057
∗∗∗ SSA-113131 (Last Update: 2018-11-13): Denial-of-Service Vulnerabilities in S7-400 CPUs ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt
∗∗∗ SSA-233109 (Last Update: 2018-11-13): Web Vulnerabilities in SIMATIC Panels ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-233109.txt
∗∗∗ SSA-242982 (Last Update: 2018-11-13): Cross-Site Scripting Vulnerability in SCALANCE S ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-242982.txt
∗∗∗ SSA-584286 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-584286.txt
∗∗∗ SSA-621493 (Last Update: 2018-11-13): Password Storage Vulnerability in SIMATIC STEP7 (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-621493.txt
∗∗∗ SSA-886615 (Last Update: 2018-11-13): Vulnerability in SIMATIC IT Production Suite ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-886615.txt
∗∗∗ SSA-944083 (Last Update: 2018-11-13): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal) ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-944083.txt
∗∗∗ SSA-168644 (Last Update: 2018-11-13): Spectre and Meltdown Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt
∗∗∗ SSA-179516 (Last Update: 2018-11-13): OpenSSL Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt
∗∗∗ SSA-254686 (Last Update: 2018-11-13): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt
∗∗∗ SSA-268644 (Last Update: 2018-11-13): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt
∗∗∗ SSA-293562 (Last Update: 2018-11-13): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-293562.txt
∗∗∗ SSA-346262 (Last Update: 2018-11-13): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt
∗∗∗ SSA-348629 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-348629.txt
∗∗∗ SSA-901333 (Last Update: 2018-11-13): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt
∗∗∗ SSA-159860 (Last Update: 2018-11-13): Access Control Vulnerability in IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/txt/ssa-159860.txt