[CERT-daily] Tageszusammenfassung - 31.10.2017

Tue Oct 31 18:17:47 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 30-10-2017 18:00 − Dienstag 31-10-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Flaws in Googles Bug Tracker Exposed Companys Vulnerability Database ∗∗∗
---------------------------------------------
A Romanian bug hunter has found three flaws in Googles official bug tracker, one of which could have been used to exposed sensitive vulnerabilities to unauthorized intruders.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/flaws-in-googles-bug-tracker-exposed-companys-vulnerability-database/


∗∗∗ New VibWrite System Uses Finger Vibrations to Authenticate Users ∗∗∗
---------------------------------------------
Rutgers engineers have created a new type of user authentication system that relies on transmitting vibrations through a surface and having the user touch the surface to generate a unique signature. This signature is then used to approve or deny a user access to an app, room, or building.
---------------------------------------------
https://www.bleepingcomputer.com/news/technology/new-vibwrite-system-uses-finger-vibrations-to-authenticate-users/


∗∗∗ Tales from the blockchain ∗∗∗
---------------------------------------------
We will tell you two unusual success stories that happened on the "miner front". The first story echoes the TinyNuke event and, in many respects gives an idea of the situation with miners. The second one proves that to get crypto-currency, you don’t need to "burn" the processor.
---------------------------------------------
http://securelist.com/tales-from-the-blockchain/82971/


∗∗∗ Engineers at Work: Automatic Static Detection of Malicious JavaScript ∗∗∗
---------------------------------------------
Our engineers at work examine the automatic static detection of malicious JavaScript.
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2017/10/engineers-work-automatic-static-detection-malicious-javascript/


∗∗∗ Say what? Another reCaptcha attack, now against audio challenges ∗∗∗
---------------------------------------------
unCaptcha is the sound of security crumbling Whatever Google has in mind to replace its reCaptcha had better be ready soon: another research group has found a way to defeat it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/10/31/uncaptcha_research_cracks_audio_captchas/


∗∗∗ Ebury and Mayhem server malware families still active ∗∗∗
---------------------------------------------
Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/10/ebury-and-mayhem-server-malware-families-still-active/


∗∗∗ [SANS ISC] Some Powershell Malicious Code ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.org: "Some Powershell Malicious Code". Powershell is a great language that can interact at a low-level with Microsoft Windows. While hunting, I found a nice piece of Powershell code. After some deeper checks, it appeared that the code was not brand new [...]
---------------------------------------------
https://blog.rootshell.be/2017/10/31/sans-isc-powershell-malicious-code/


∗∗∗ WordPress 4.8.3 Security Release ∗∗∗
---------------------------------------------
WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
---------------------------------------------
https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/


∗∗∗ IoT-Botnetz ist wohl kleiner als angenommen ∗∗∗
---------------------------------------------
Aktuellen Analysen zufolge soll das Reaper-Botnetz mit 10.000 bis 20.000 IoT-Geräten wesentlich kleiner sein als zuvor angenommen. Der zugrunde liegende optimierte Mirai-Quellcode birgt aber viel Potenzial für erfolgreiche (DDoS-)Angriffe.
---------------------------------------------
https://heise.de/-3876165


∗∗∗ WhatsApp Messenger-Konto läuft nicht ab ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte WhatsApp-E-Mail. Darin behaupten sie, dass das Konto von Nutzer/innen ablaufe. Das Konto müssen Kund/innen für die weitere Verwendung des Programms verlängern. Dafür ist die Bekanntgabe von Kreditkartendaten notwendig. Wer der betrügerischen Aufforderung nachkommt, wird Opfer eines Datendiebstahls.
---------------------------------------------
https://www.watchlist-internet.at/phishing/whatsapp-messenger-konto-laeuft-nicht-ab/


∗∗∗ Antimalware Day: Genesis of viruses… and computer defense techniques ∗∗∗
---------------------------------------------
To honor the work of Dr. Fred Cohen and Professor Len Adleman, and the foundation they laid for research of computer threats, we decided to declare November 3 as the first ever Antimalware Day.
---------------------------------------------
https://www.welivesecurity.com/2017/10/31/antimalware-day-genesis-viruses/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ ABB FOX515T ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an improper input validation vulnerability in ABBs FOX515T communication interface.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-304-01


∗∗∗ Trihedral Engineering Limited VTScada ∗∗∗
---------------------------------------------
This advisory contains mitigation details for improper access control and uncontrolled search path element vulnerabilities in Trihedral Engineering Limiteds VTScada software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02


∗∗∗ NetIQ Access Manager 4.2 Support Pack 5 4.2.5.0-17 ∗∗∗
---------------------------------------------
Abstract: NetIQ Access Manager 4.2 Support Pack 5 build (version 4.2.5.0-17). This file contains updates for services contained in the NetIQ Access Manager 4.2 product. NetIQ recommends that all customers running Access Manager 4.2 release code apply this patch.  The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.2 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, [...]
---------------------------------------------
https://download.novell.com/Download?buildid=HcH_x-A_kgo~


∗∗∗ Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017100212


∗∗∗ DSA-4011 quagga - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-4011


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ HPESBHF03788 rev.1 - Hewlett Packard Enterprise Intelligent Management Center flexFileUpload Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03788en_us


∗∗∗ RPC portmapper vulnerability CVE-1999-0632 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K62832776


∗∗∗ Apache OpenOffice patches four vulnerabilities in 4.1.4 update ∗∗∗
---------------------------------------------
https://www.scmagazineuk.com/news/apache-openoffice-patches-four-vulnerabilities-in-414-update/article/703967/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily