===================== = End-of-Day report = =====================
Timeframe: Donnerstag 21-12-2017 18:00 − Freitag 22-12-2017 18:00 Handler: Nina Bieringer Co-Handler: n/a
===================== = News = =====================
∗∗∗ Myloc/Webtropia: Offene VNC-Ports ermöglichten Angriffe auf Server ∗∗∗ --------------------------------------------- Golem.de hat den Serverhoster Webtropia über eine kritische Schwachstelle informiert: Über eine Lücke in den Ports der Kontrollserver hätten Angreifer ohne Passwort die Kontrolle übernehmen können - zumindest bei einigen Systemen. --------------------------------------------- https://www.golem.de/news/myloc-webtropia-offene-vnc-ports-ermoeglichten-ang...
∗∗∗ Conference review: Botconf 2017 ∗∗∗ --------------------------------------------- Virus Bulletin researchers report back from a very interesting fifth edition of Botconf, the botnet fighting conference. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/12/conference-review-botconf-201...
∗∗∗ Opera: Version 50 soll vor Krypto-Mining im Browser schützen ∗∗∗ --------------------------------------------- Auf immer mehr Webseiten lauern Skripte, die unbemerkt CPUs anzapfen, um Kryptowährungen zu schürfen. Die neue Opera-Version enthält mit "NoCoin" einen eingebauten Schutzmechanismus gegen diese Masche. --------------------------------------------- https://heise.de/-3926990
∗∗∗ Thunderbird: Version 52.5.2 fixt Mailsploit und weitere Schwachstellen ∗∗∗ --------------------------------------------- Mozilla reagiert auf unlängst von Forschern entdeckte Sicherheitsprobleme und bessert seinen Mail-Client nach. Nutzer sollten zeitnah auf die aktuelle Version umsteigen. --------------------------------------------- https://heise.de/-3927213
===================== = Vulnerabilities = =====================
∗∗∗ Moxa NPort W2150A and W2250A ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a credentials management vulnerability in Moxas NPort W2150A and W2250A serial network interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01
∗∗∗ Schneider Electric Pelco VideoXpert Enterprise ∗∗∗ --------------------------------------------- This advisory contains mitigation details for path traversal and improper access control vulnerabilities in Schneider Electric’s Pelco VideoXpert Enterprise. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02
∗∗∗ The installer of Music Center for PC may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN60695371/
∗∗∗ The installer of Content Manager Assistant for PlayStation may insecurely load Dynamic Link Libraries ∗∗∗ --------------------------------------------- http://jvn.jp/en/jp/JVN95423049/
∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Print Spooler Service ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-0...
∗∗∗ Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171130-01-h...
∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-0...
∗∗∗ IBM Security Bulletin: Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2017-1698) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011519
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been fixed in products bundled with IBM Security Directory Suite 8.0.1 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011971
∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010523
∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in IBM Cognos Planning. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011963
∗∗∗ Citrix XenServer Lets Local Administrative Users on a Guest System Cause Denial of Service Conditions on the Host System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1040031
∗∗∗ SSA-323211 (Last Update 2017-12-22): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211....
Next End-of-Day report: 2017-12-27