[CERT-daily] Tageszusammenfassung - 05.09.2017
Daily end-of-shift report
team at cert.at
Tue Sep 5 18:09:26 CEST 2017
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-09-2017 18:00 − Dienstag 05-09-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Six-Year-Old "Loop Bug" Re-Discovered to Affect Almost All Major PDF Viewers ∗∗∗
---------------------------------------------
A bug discovered in an obscure PDF parsing library back in 2011 is also present in most of todays top PDF viewers, according to German software developer Hanno Böck.
---------------------------------------------
https://www.bleepingcomputer.com/news/software/six-year-old-loop-bug-re-discovered-to-affect-almost-all-major-pdf-viewers/
∗∗∗ TrustZone Downgrade Attack Opens Android Devices to Old Vulnerabilities ∗∗∗
---------------------------------------------
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trustzone-downgrade-attack-opens-android-devices-to-old-vulnerabilities/
∗∗∗ The Mirai Botnet: A Look Back and Ahead At Whats Next, (Tue, Sep 5th) ∗∗∗
---------------------------------------------
It is a bit hard to nail down when the Mirai botnet really started. I usually use scans for port:2323 and the use of the password "xc3511" as an indicator. But of course, that isn't perfect. The very first scan using the password "xc3511" was detected by our sensor on February 26th, 2016, well ahead of Mirai.
---------------------------------------------
https://isc.sans.edu/diary/rss/22786
∗∗∗ Hunting Pastebin with PasteHunter ∗∗∗
---------------------------------------------
>From a security analytics and Threat Intelligence perspective Pastebin is a treasure trove of information. All content that is uploaded to pastebin and not explicitly set to private (which requires an account) is listed and can be viewed by anyone.
---------------------------------------------
https://techanarchy.net/2017/09/hunting-pastebin-with-pastehunter/
∗∗∗ Finger weg von SHA-1: 320 Millionen Passwörter geknackt ∗∗∗
---------------------------------------------
Wenn Webseitenbetreiber Passwörter von Kunden nicht sicher verwahren, ist der Super-GAU vorprogrammiert. Daran erinnern abermals Sicherheitsforscher, die in überschaubarer Zeit Millionen Passwörter entschlüsselt haben.
---------------------------------------------
https://heise.de/-3822005
=====================
= Advisories =
=====================
∗∗∗ DFN-CERT-2017-1547/">Liblouis: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1547/
∗∗∗ DFN-CERT-2017-1554/">Apache Software Foundation Struts: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1554/
∗∗∗ Security Notice - Statement About the Bootloader Vulnerabilities in Huawei Mobile Phones Disclosed at the USENIX Conference ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170905-01-bootloader-en
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22001461
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg21996956
∗∗∗ Arbitrary Code Execution in TYPO3 CMS ∗∗∗
---------------------------------------------
https://typo3.org/news/article/arbitrary-code-execution-in-typo3-cms/
∗∗∗ Information Disclosure in TYPO3 CMS ∗∗∗
---------------------------------------------
https://typo3.org/news/article/information-disclosure-in-typo3-cms-1/
∗∗∗ Information Disclosure in TYPO3 CMS ∗∗∗
---------------------------------------------
https://typo3.org/news/article/information-disclosure-in-typo3-cms/
∗∗∗ Cross-Site Scripting in TYPO3 CMS Backend ∗∗∗
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-in-typo3-cms-backend/
∗∗∗ USN-3409-1: FontForge vulnerabilities ∗∗∗
---------------------------------------------
http://www.ubuntu.com/usn/usn-3409-1/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list