[CERT-daily] Tageszusammenfassung - 27.12.2017
Daily end-of-shift report
team at cert.at
Wed Dec 27 18:10:35 CET 2017
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 22-12-2017 18:00 − Mittwoch 27-12-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Vulnerability Affects Hundreds of Thousands of IoT Devices ∗∗∗
---------------------------------------------
Heres something to be cheery on Christmas Day - a vulnerability affecting a web server thats been embedded in hundreds of thousands of IoT devices. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vulnerability-affects-hundreds-of-thousands-of-iot-devices/
∗∗∗ Huawei Router Vulnerability Used to Spread Mirai Variant ∗∗∗
---------------------------------------------
Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori.
---------------------------------------------
http://threatpost.com/huawei-router-vulnerability-used-to-spread-mirai-variant/129238/
∗∗∗ Recent Russian Routing Leak was Largely Preventable ∗∗∗
---------------------------------------------
Last week, the IP address space belonging to several high-profile companies, including Google, Facebook and Apple, was briefly announced out of Russia, as was first reported by BGPmon. Following the incident, Job Snijders of NTT wrote in a post entitled, “What to do about BGP hijacks”. He stated that, given the inherent security weaknesses in [...]
---------------------------------------------
https://dyn.com/blog/recent-russian-routing-leak-was-largely-preventable/
∗∗∗ Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet ∗∗∗
---------------------------------------------
Researchers found that network configuration errors have left thousands of high-end speakers open to epic audio pranking.
---------------------------------------------
https://www.wired.com/story/hackers-can-rickroll-sonos-bose-speakers-over-internet
∗∗∗ Botnetze können das Stromnetz sabotieren ∗∗∗
---------------------------------------------
Ein Botnetz könnte den Stromverbrauch vernetzter Geräte rascher beeinflussen, als Stromnetze darauf reagieren können. Damit könnte die Stromversorgung ganzer Länder sabotiert werden.
---------------------------------------------
https://heise.de/-3927886
∗∗∗ Inkasso-Sicherheitsleck offenbart Daten von über 33.000 Schuldnern ∗∗∗
---------------------------------------------
Der schweizerische Zweig der Eos-Inkassogruppe hat große Mengen sensibler Daten von Schuldnern in unbefugte Hände fallen lassen. Namen, Adressen, die Höhe von Schuldensbeträgen und sogar Krankenakten waren durch das Datenleck zugänglich.
---------------------------------------------
https://heise.de/-3928173
∗∗∗ 34C3: Riesige Sicherheitslücken bei Stromtankstellen ∗∗∗
---------------------------------------------
An Ladesäulen auf fremde Rechnung Strom fürs E-Auto abzuzapfen ist laut dem Sicherheitsforscher Mathias Dalheimer kein Problem. Die Abrechnungsnummer für Nutzerkarten könne einfach kopiert werden, die Kommunikationsinfrastruktur sei kaum geschützt.
---------------------------------------------
https://heise.de/-3928264
=====================
= Vulnerabilities =
=====================
∗∗∗ Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure ∗∗∗
---------------------------------------------
Input passed thru the file GET parameter in forceSave.php script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
∗∗∗ PMASA-2017-9 ∗∗∗
---------------------------------------------
XSRF/CSRF vulnerability in phpMyAdminAffected VersionsVersions 4.7.x (prior to 4.7.7) are affected.
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2017-9/
∗∗∗ SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Trend Micro has released some Critical Patches (CP) and an updated build for Trend Micro Smart Protection Server (Standalone) to resolve multiple vulnerabilities in the product.
---------------------------------------------
https://success.trendmicro.com/solution/1118992
∗∗∗ 2017-12-22: Cyber Security Notification - TRITON/TRISIS malware ∗∗∗
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A7931&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ 2017-12-08: Vulnerability in Ellipse8 - Ellipse Authentication to LDAP/AD ∗∗∗
---------------------------------------------
http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A7341&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ Security Advisory - Activation Lock Bypass Vulnerability on Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-01-smartphone-en
∗∗∗ Security Advisory - Several Vulnerabilities in H323 Protocol of Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171227-01-h323-en
∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010779
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010778
∗∗∗ IBM Security Bulletin: A vulnerability in Eclipse Jetty affects the IBM InfoSphere Information Server installers ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009537
∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010776
∗∗∗ IBM Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem model V840 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010775
∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011689
∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011302
∗∗∗ Linux kernel vulnerability CVE-2017-16648 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73337338
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list