===================== = End-of-Day report = =====================
Timeframe: Freitag 23-02-2018 18:00 − Montag 26-02-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner
===================== = News = =====================
∗∗∗ Incident Response: Social Engineering funktioniert als Angriffsvektor weiterhin ∗∗∗ --------------------------------------------- Was passiert, nachdem ein Unternehmen gehackt wurde - und welche Mechanismen werden dafür genutzt? Das Sicherheitsunternehmen F-Secure hat Zahlen des eigenen Incident-Response-Teams veröffentlicht und stellt fest: Besonders im Gaming-Sektor und bei Behörden gibt es gezielte Angriffe. --------------------------------------------- https://www.golem.de/news/incident-response-social-engineering-funktioniert-...
===================== = Vulnerabilities = =====================
∗∗∗ DFN-CERT-2018-0384/">Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht authentisierten Angreifer für verschiedene Denial-of-Service (DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen erfordert die Verarbeitung speziell präparierter Datenpakete oder Packet-Trace-Dateien. Der Hersteller stellt Wireshark 2.2.13 und 2.4.5 als Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0384/
∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗ --------------------------------------------- Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. ... Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-0...
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (lib32-wavpack, phpmyadmin, unixodbc, and wavpack), Debian (drupal7, golang, imagemagick, libdatetime-timezone-perl, libvpx, and tzdata), Fedora (exim, irssi, kernel, milkytracker, qt5-qtwebengine, seamonkey, and suricata), Mageia (advancecomp, apache-commons-email, freetype2, ghostscript, glpi, jackson-databind, kernel, mariadb, and postgresql), openSUSE (dhcp, GraphicsMagick, lame, php5, phpMyAdmin, timidity, and wireshark), and Oracle (kernel). --------------------------------------------- https://lwn.net/Articles/748073/
∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ∗∗∗ --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1416) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013706
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013753
∗∗∗ IBM Security Bulletin:IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities (CVE-2016-1000220, CVE-2017-11479) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013921
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Inadequate Encryption Strength vulnerability (CVE-2018-1425) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013751
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Weak password policy vulnerability (CVE-2018-1372) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013832
∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013094
∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security is affected by a publicly disclosed vulnerability in BIND ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013558
∗∗∗ IBM Security Bulletin: IBM Protector is affected by Open Source XMLsoft Libxml2 Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013890