[CERT-daily] Tageszusammenfassung - 15.11.2017

Daily end-of-shift report team at cert.at
Wed Nov 15 18:51:19 CET 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-11-2017 18:00 − Mittwoch 15-11-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sicherheitsrisiko: Oneplus-Smartphones kommen mit eingebautem Root-Zugang ∗∗∗
---------------------------------------------
Oneplus verkauft offenbar seit Jahren seine Smartphones mit einem vorinstallierten Entwicklertool von Qualcomm, das Zugriff auf zahlreiche Systemressourcen erlaubt. Per ADB ist ein Root-Zugriff auf das jeweilige Gerät möglich. Der Hersteller will die Anwendung herauspatchen.
---------------------------------------------
https://www.golem.de/news/sicherheitsrisiko-oneplus-smartphones-kommen-mit-eingebautem-root-zugang-1711-131156-rss.html


∗∗∗ Privater Schlüssel: DXC veröffentlicht AWS-Key und muss 64.000 US-Dollar zahlen ∗∗∗
---------------------------------------------
Private Schlüssel in freier Wildbahn sind ein verbreitetes Problem. Zuletzt traf es das Sicherheitsunternehmen DXC, das den AWS-Schlüssel versehentlich bei Github hochlud - und dann die Rechnung dafür bekam.
---------------------------------------------
https://www.golem.de/news/privater-schluessel-dxc-veroeffentlicht-aws-key-und-muss-64-000-us-dollar-zahlen-1711-131162-rss.html


∗∗∗ These Campaigns Explain Why AV Detection for New Malware Remains Low ∗∗∗
---------------------------------------------
This year we saw massive spam campaigns like NonPetya or Locky fly below the radar of antivirus software and went undetected during the first hours or even days. Some of them actually went undetected even for months. Second-generation malware usually has the ability to evade detection and bypass antivirus programs users have installed on their computers to [...]
---------------------------------------------
https://heimdalsecurity.com/blog/campaigns-av-detection-new-malware-low/


∗∗∗ Confusion reigns over crypto vuln in Spanish electronic ID smartcards ∗∗∗
---------------------------------------------
Certs revoked, but where are the updates? The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/11/15/spanish_id_card/


∗∗∗ TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL ∗∗∗
---------------------------------------------
Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as [...]
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA17-318A


∗∗∗ TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer ∗∗∗
---------------------------------------------
Original release date: November 14, 2017 | Last revised: November 15, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean [...]
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA17-318B


∗∗∗ Secure Engineering Guidelines ∗∗∗
---------------------------------------------
Some best practices for building and trusting software.
---------------------------------------------
https://medium.com/@HockeyInJune/secure-engineering-guidelines-3b8845ac3265



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates available in Foxit MobilePDF for iOS 6.1 ∗∗∗
---------------------------------------------
Foxit has released Foxit MobilePDF for iOS 6.1, which addresses potential security and stability issues.
---------------------------------------------
https://www.foxitsoftware.com/support/security-bulletins.php


∗∗∗ Microsoft Security Updates ∗∗∗
---------------------------------------------
MS17-023 Security Update for Adobe Flash Player 
MS17-022 Security Update for Microsoft XML Core Services 
MS17-021 Security Update for Windows DirectShow 
MS17-020 Security Update for Windows DVD Maker 
MS17-019 Security Update for Active Directory Federation Services 
MS17-018 Security Update for Windows Kernel-Mode Drivers 
MS17-017 Security Update for Windows Kernel 
MS17-016 Security Update for Windows IIS 
MS17-015 Security Update for Microsoft Exchange Server 
MS17-014 Security Update for [...]
---------------------------------------------
https://technet.microsoft.com/en-us/security/bulletins


∗∗∗ QNX-2017-001 Multiple vulnerabilities impact BlackBerry QNX Software Development Platform ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046674


∗∗∗ Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01


∗∗∗ ABB TropOS ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-318-02


∗∗∗ Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01


∗∗∗ Cisco Security Advisories and Alerts ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x


∗∗∗ DFN-CERT-2017-2041: Oracle Fusion Middleware, Oracle Tuxedo: Mehrere Schwachstellen ermöglichen u.a. eine vollständige Komprommittierung ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2041/


∗∗∗ Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-01-smartphone-en


∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-01-nfc-en


∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-01-h323-en


∗∗∗ Security Advisory - Multiple Vulnerabilities in MTK Platform ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-01-mtk-en


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Java vulnerability CVE-2017-10176 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K05911127


∗∗∗ Linux kernel vulnerability CVE-2017-11176 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K56450659

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list