[CERT-daily] Tageszusammenfassung - 17.11.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 16-11-2017 18:00 − Freitag 17-11-2017 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Projekthoster: Github zeigt Sicherheitswarnungen für Projektabhängigkeiten ∗∗∗
---------------------------------------------
Vor wenigen Wochen hat der Projekthoster Github ein Werkzeug vorgestellt, das die Abhängigkeiten eines Projekts besser darstellen soll. Das Konzept wird nun um Sicherheitshinweise und Warnungen erweitert, was die Pflege deutlich erleichtern sollte.
---------------------------------------------
https://www.golem.de/news/projekthoster-github-zeigt-sicherheitswarnungen-fuer-projektabhaengigkeiten-1711-131212-rss.html


∗∗∗ Here’s How To Get Solid Browser Security [Update 2017] ∗∗∗
---------------------------------------------
Of all the threats out there, browser security is often forgotten. This is tragic because browsers are a favorite target for malicious hackers. They’re the main way you interact with the Internet. You Google things, you visit blogs, buy online, pay your bills or browse Facebook. If a malicious hacker breaks in, he will find everything about [...]
---------------------------------------------
https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/


∗∗∗ Terdot banking trojan targets social media and email in addition to financial services ∗∗∗
---------------------------------------------
The Terdot banking trojan not only steals credit card information and login credentials for online financial services, but it also intercepts and modifies traffic on social media and email platforms, according to Bitdefender.
---------------------------------------------
https://www.scmagazine.com/terdot-banking-trojan-targets-social-media-and-email-in-addition-to-financial-services/article/708114/


∗∗∗ New White House Announcement on the Vulnerability Equities Process ∗∗∗
---------------------------------------------
The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet, but the best place to start is Cybersecurity Coordinator Rob Joyces blog post.
---------------------------------------------
https://www.schneier.com/blog/archives/2017/11/new_white_house_1.html


∗∗∗ Oracle scrambles to sew up horrid security holes in PeopleSofts Tuxedo ∗∗∗
---------------------------------------------
Nothing like unauthd hijacking, Heartbleed-style bugs to patch ASAP Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/11/16/oracle_peoplesoft_tuxedo_security_vulnerabilities/


∗∗∗ US-CERT: Security Tip (ST17-001) Securing the Internet of Things ∗∗∗
---------------------------------------------
The Internet of Things is becoming an important part of everyday life. Being aware of the associated risks is a key part of keeping your information and devices secure.
---------------------------------------------
https://www.us-cert.gov/ncas/tips/ST17-001


∗∗∗ Over 530 cyber-activities during fifth edition of European Cyber Security Month ∗∗∗
---------------------------------------------
The 2017 European Cyber Security Month (ECSM) has ended. This was the fifth consecutive edition of the awareness campaign put together by the EU Cybersecurity Agency ENISA, the EU Commission’s DG CONNECT and their partners. ... During the month of October, some 530 activities such as conferences, workshops, seminars and online courses took place across Europe,
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/over-530-cyber-activities-during-fifth-edition-of-european-cyber-security-month


∗∗∗ Supplementing Windows Audit, Alerting, and Remediation with PowerShell [PDF] ∗∗∗
---------------------------------------------
This paper outlines the use of PowerShell to supplement audit, alerting, and remediation platform for Windows environments. This answers the question of why use PowerShell for these purposes. Several examples of using PowerShell are included to start the thought process on why PowerShell should be the security multi-tool of first resort. Coverage includes how to implement these checks in a secure, automatable way.
---------------------------------------------
https://www.sans.org/reading-room/whitepapers/assurance/supplementing-windows-audit-alerting-remediation-powershell-38140


∗∗∗ Beware Catphishing attacks targeting the hearts of security pros ∗∗∗
---------------------------------------------
Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated.
---------------------------------------------
https://www.scmagazineuk.com/beware-catphishing-attacks-targeting-the-hearts-of-security-pros/article/708117/


∗∗∗ Zehn Sicherheitslücken in Wiki-Software MediaWiki ∗∗∗
---------------------------------------------
Neue MediaWiki-Versionen schützen darauf aufsetzende Wikis unter anderem effektiver vor Brute-Force-Attacken.
---------------------------------------------
https://heise.de/-3892250



=====================
=  Vulnerabilities  =
=====================

∗∗∗ BIG-IP SSL vulnerability CVE-2017-6168 ∗∗∗
---------------------------------------------
A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself.
---------------------------------------------
https://support.f5.com/csp/article/K21905460


∗∗∗ Moxa NPort 5110, 5130, and 5150 ∗∗∗
---------------------------------------------
This advisory contains mitigation details for injection, information exposure, and resource exhaustion vulnerabilities in Moxa's NPort 5110, 5130, and 5150.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01


∗∗∗ Siemens SICAM ∗∗∗
---------------------------------------------
This advisory contains mitigation details for missing authentication for critical function, cross-site scripting, and code injection vulnerabilities in the Siemens SICAM products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-320-02


∗∗∗ VMSA-2017-0019 ∗∗∗
---------------------------------------------
NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0019.html


∗∗∗ VMSA-2017-0018 ∗∗∗
---------------------------------------------
VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0018.html


∗∗∗ VU#817544: Windows 8.0 and later fail to properly randomize all applications if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/817544


∗∗∗ Bugtraq: [security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541544


∗∗∗ Bugtraq: [security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541543


∗∗∗ DFN-CERT-2017-2068: Jenkins Plugin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2068/


∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-01-wpa-en


∗∗∗ Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-01-smartphone-en


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009204


∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010329


∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010744


∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010742


∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SONAS (CVE-2017-7674, CVE-2017-7675) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010747


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010321


∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data. (CVE-2017-1484) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010103


∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010671


∗∗∗ IBM Security Bulletin: IBM DataQuant is affected by an Open Source Apache Poi vulnerability. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010565


∗∗∗ IBM Security Bulletin: Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-2619) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010689

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily