===================== = End-of-Day report = =====================
Timeframe: Dienstag 02-10-2018 18:00 − Mittwoch 03-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Phishing Attack Uses Azure Blob Storage to Impersonate Microsoft ∗∗∗ --------------------------------------------- A new Office 365 phishing attack utilizes an interesting method of storing their phishing form hosted on Azure Blob Storage in order to be secured by a Microsoft SSL certificate. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-attack-uses-azure-bl...
∗∗∗ ct deckt auf: Enigmail verschickt Krypto-Mails im Klartext ∗∗∗ --------------------------------------------- In der verbreiteten Thunderbird-Erweiterung Enigmail steckt ein fataler Fehler. Das Problem betrifft den Junior-Modus, der seit April standardmäßig aktiv ist. --------------------------------------------- https://heise.de/-4180405
∗∗∗ Popular TP-Link wireless home router open to remote hijacking ∗∗∗ --------------------------------------------- By concatenating a known improper authentication flaw with a newly discovered CSRF vulnerability, remote unauthenticated attackers can obtain full control over TP-Link TL-WR841N, a popular wireless consumer router used worldwide. "This type of remote attack can also compromise routers behind a network address translator (NAT) and those not exposed to the public wide area network (WAN) as the vulnerability is remotely reflected off a locally connected host, rather than coming directly over [...] --------------------------------------------- https://www.helpnetsecurity.com/2018/10/03/tp-link-wireless-home-router-hija...
===================== = Vulnerabilities = =====================
∗∗∗ Delta Electronics ISPSoft ∗∗∗ --------------------------------------------- This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics ISPSoft software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01
∗∗∗ GE Communicator ∗∗∗ --------------------------------------------- This advisory includes mitigations for a heap-based buffer overflow vulnerability in GEs Communicator, an application for programming and monitoring supported metering devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02
∗∗∗ Entes EMG 12 ∗∗∗ --------------------------------------------- This advisory includes mitigations for improper authentication and information exposure through query strings in GET request vulnerabilities in the Entes EMG 12 Ethernet Modbus Gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (elfutils), Gentoo (firefox), Red Hat (instack-undercloud, openstack-tripleo-heat-templates and openstack-nova), Slackware (mozilla), SUSE (ghostscript, ImageMagick, kernel, mgetty, qemu, and unzip), and Ubuntu (firefox, haproxy, kernel, liblouis, and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/767539/
∗∗∗ ZDI-18-1107: (0Day) Wecon PIStudio screendata HSC Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1107/
∗∗∗ ZDI-18-1106: (0Day) Wecon PIStudio xmlparser LoadXMLFile XML External Entity Processing Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1106/
∗∗∗ ZDI-18-1109: (0Day) Wecon PIStudio basedll TextContent Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1109/
∗∗∗ ZDI-18-1108: (0Day) Wecon PIStudio cximageu Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1108/
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/
∗∗∗ HPESBGN03900 rev.1 - HPE enhanced Internet Usage Manager (eIUM) Remote Unauthorized Disclosure of Information vulnerability and Remote Bypass Security Restrictions ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/