[CERT-daily] Tageszusammenfassung - 16.11.2017
Daily end-of-shift report
team at cert.at
Thu Nov 16 18:45:43 CET 2017
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 15-11-2017 18:00 − Donnerstag 16-11-2017 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Suspicious Domains Tracking Dashboard, (Thu, Nov 16th) ∗∗∗
---------------------------------------------
Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how can we detect potentially malicious DNS activity if domains are not (yet) present in a blacklist? The typical case is DGAs of Domain Generation Algorithm used by some malware families.
---------------------------------------------
https://isc.sans.edu/diary/rss/23046
∗∗∗ Microsoft DDE protocol based malware attacks ∗∗∗
---------------------------------------------
Introduction: Over the past few weeks, there have been several reports about the Microsoft Dynamic Data Exchange (DDE) vulnerability. To no ones surprise, hackers have been quick to exploit this vulnerability to spread malware through rigged Microsoft Word documents. In this same timeframe, the Zscaler ThreatLabZ team has seen a number of these malicious documents using the DDE vulnerability to download and execute malware. Most of the payloads we saw were Remote Access Trojans (RATs) [...]
---------------------------------------------
https://www.zscaler.com/blogs/research/microsoft-dde-protocol-based-malware-attacks
∗∗∗ Quad9: Datenschutzfreundliche Alternative zum Google-DNS ∗∗∗
---------------------------------------------
Wer Google nicht wesentliche Teile seines Surfverhaltens anvertrauen möchte, kann ab sofort auf einen alternativen DNS-Dienst ausweichen: 9.9.9.9 statt 8.8.8.8. Doch auch dort gibt es Besonderheiten.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Quad9-Datenschutzfreundliche-Alternative-zum-Google-DNS-3890741.html
∗∗∗ Ciscos Voice Operating System ist empfänglich für Angreifer ∗∗∗
---------------------------------------------
Angreifer könnten die Kontrolle über Cisco-Geräte mit Voice Operating System an sich reißen. Sicherheitsupdates schließen diese und weitere Lücken in anderen Produkten.
---------------------------------------------
https://heise.de/-3891402
∗∗∗ Sharp rise in fileless attacks evading endpoint security ∗∗∗
---------------------------------------------
A new Ponemon Institute survey of 665 IT and security leaders finds that over-reliance on traditional endpoint security is leaving organizations exposed to significant risk. 54 percent of respondents said their company experienced a successful attack. Of those respondents, 77 percent were victim to fileless attack or exploit. "This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations." said Dr. Larry Ponemon [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/11/16/fileless-attacks-evading-endpoint-security/
=====================
= Vulnerabilities =
=====================
∗∗∗ Update: Kritische Lücke in Microsoft Office ermöglicht Remote Code Execution ∗∗∗
---------------------------------------------
Researcher haben eine schwerwiegende Sicherheitslücke in Microsoft Office entdeckt. Beschreibung Wenn ein Benutzer eine speziell präparierte Datei im Microsoft Excel-Format oder Microsoft Word-Format öffnet, kann in Folge ein Angreifer beliebigen Code, mit den Rechten des angemeldeten Benutzers, auf dem System ausführen. Die Schwachstelle basiert auf der Verwendung von [...]
---------------------------------------------
http://www.cert.at/warnings/all/20171011.html
∗∗∗ Security Patch Compliance does not take effect on an activated Android device ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046673
∗∗∗ Bugtraq: CA20171114-01: Security Notice for CA Identity Governance ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541530
∗∗∗ Yoast SEO <= 5.7.1 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8960
∗∗∗ DFN-CERT-2017-2056: FreeBSD: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2056/
∗∗∗ DFN-CERT-2017-2046: MongoDB: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2046/
∗∗∗ DFN-CERT-2017-2066: Webkit2GTK: Mehrere Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2066/
∗∗∗ Security Advisory - SQL Injection Vulnerabilities in Huawei UMA Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en
∗∗∗ IBM Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010512
∗∗∗ IBM Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005401
∗∗∗ Broken access control & LINQ injection in Progress Sitefinity ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/broken-access-control-linq-injection-in-progress-sitefinity/index.html
∗∗∗ Shibboleth Service Provider Error in Dynamic MetadataProvider Plugin Lets Remote Users Bypass Security Restrictions on the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039808
∗∗∗ MediaWiki Multiple Flaws Let Remote Users Modify Data, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Passwords ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039812
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list