[CERT-daily] Tageszusammenfassung - 25.07.2017

Tue Jul 25 18:10:17 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 24-07-2017 18:00 − Dienstag 25-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ Fruit Fly 2: Mysteriöse Mac-Malware seit Jahren aktiv ∗∗∗
---------------------------------------------
Auch Mac-Nutzer sind nicht vor Schadsoftware sicher: Eine Malware soll seit mehr als fünf Jahren aktiv sein, aber nur einige hundert Nutzer befallen haben. Die Software ermöglicht einen weitgehenden Zugriff auf den Rechner und private Informationen. (Malware, Virus)
---------------------------------------------
https://www.golem.de/news/fruit-fly-2-mysterioese-mac-malware-seit-jahren-aktiv-1707-129102-rss.html


∗∗∗ CowerSnail, from the creators of SambaCry ∗∗∗
---------------------------------------------
We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry.
---------------------------------------------
http://securelist.com/cowersnail-from-the-creators-of-sambacry/79087/


∗∗∗ Novel Attack Tricks Servers to Cache, Expose Personal Data ∗∗∗
---------------------------------------------
Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers.
---------------------------------------------
http://threatpost.com/novel-attack-tricks-servers-to-cache-expose-personal-data/127014/


∗∗∗ SBA Research co-organizes ROOTS 2017 ∗∗∗
---------------------------------------------
November 16, 2017 - November 17, 2017 - All Day The Imperial Riding School Vienna Ungargasse 60 Vienna
---------------------------------------------
https://www.sba-research.org/events/sba-research-co-organizes-roots-2017/


∗∗∗ Alternatives to Government-Mandated Encryption Backdoors ∗∗∗
---------------------------------------------
Policy essay: "Encryption Substitutes," by Andrew Keane Woods
---------------------------------------------
https://www.schneier.com/blog/archives/2017/07/alternatives_to_1.html


∗∗∗ ShieldFS Is a Clever New Tool That Shuts Down Ransomware Before Its Too Late ∗∗∗
---------------------------------------------
By sniffing out ransomware in real-time, ShieldFS might be the cure to the internets latest security scourge.
---------------------------------------------
https://www.wired.com/story/shieldfs-ransomware-protection-tool


∗∗∗ ENISA invites European utilities to join EE-ISAC Expert meeting in September ∗∗∗
---------------------------------------------
Together with the DG Energy of the European Commission, ENISA is organising a full-day expert seminar, which will be held on 7th September, 2017 in Athens. Registration is now open.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-invites-european-utilities-to-join-ee-isac-expert-meeting-in-september


=====================
=    Advisories     =
=====================

∗∗∗ VU#350135: Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin ∗∗∗
---------------------------------------------
Vulnerability Note VU#350135 Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin Original Release date: 07 Jun 2017 | Last revised: 24 Jul 2017   Overview WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device. 
---------------------------------------------
http://www.kb.cert.org/vuls/id/350135


∗∗∗ VU#838200: Telerik Web UI contains cryptographic weakness ∗∗∗
---------------------------------------------
Vulnerability Note VU#838200 Telerik Web UI contains cryptographic weakness Original Release date: 25 Jul 2017 | Last revised: 25 Jul 2017   Overview The Telerik Web UI, versions R2 2017 (2017.2.503) and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys.
---------------------------------------------
http://www.kb.cert.org/vuls/id/838200


∗∗∗ [20170704] - Core - Installer: Lack of Ownership Verification ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Installer Severity: High Versions: 1.0.0 through 3.7.3 Exploit type: Lack of Ownership Verification Reported Date: 2017-Apr-06 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11364  Description The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control. Please note: Already installed sites are not affected, as this issue is limited to the installer application!
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/dsijOki-S50/700-20170704-core-installer-lack-of-ownership-verification.html


∗∗∗ [20170705] - Core - XSS Vulnerability ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Severity: Low Versions: 1.5.0 through 3.7.3 Exploit type: XSS Reported Date: 2017-April-26 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11612  Description Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uutSEqYQKbU/701-20170605-core-xss-vulnerability.html


∗∗∗ DFN-CERT-2017-1285: Cacti: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1285/


∗∗∗ Vulnerability in Citrix NetScaler SD-WAN Enterprise & Standard Edition and Citrix CloudBridge Virtual WAN Edition Could Result in Unauthenticated Remote Code Execution ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX225990


∗∗∗ IBM Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2017-1496) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006175


∗∗∗ IBM Security Bulletin: A vulnerability in OpenSource GNU Glibc affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005677


∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2017-1370) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005868


∗∗∗ IBM Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002754


∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities affect IBM Network Advisor ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010466


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM WebSphere Portal Rich Media Edition ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005279


∗∗∗ [2017-07-24] Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products ∗∗∗
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170724-0_Ubiquiti_Networks_EdgeRouter_XSS_v10.txt


∗∗∗ [2017-07-24] Open Redirect issue in multiple Ubiquiti Networks products ∗∗∗
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170724-1_Ubiquiti_Networks_-Open_Redirect_in_Login_Page_v10.txt

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily