[CERT-daily] Tageszusammenfassung - 08.09.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 07-09-2017 18:00 − Freitag 08-09-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Daten von 143 Millionen US-Amerikanern entwendet ∗∗∗
---------------------------------------------
Bei einem Cyberangriff auf den US-Finanzdienstleister Equifax wurden äußerst sensible Daten von Millionen Amerikanern erbeutet, die nun Betrug im großen Stil ermöglichen.
---------------------------------------------
https://futurezone.at/digital-life/daten-von-143-millionen-us-amerikanern-entwendet/285.046.414


∗∗∗ Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions ∗∗∗
---------------------------------------------
Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the “Toast type” overlay.The post Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions appeared first on Palo Alto Networks Blog.
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/


∗∗∗ YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday ∗∗∗
---------------------------------------------
Yesterday saw CVE-2017-9805, today we have a new remote code execution vulnerability in Apache Struts 2 which is CVE-2017-12611. Yesterdays was in the REST API and related to Java XML unsafe deserializarion. Todays relates to using Freemarker in your application. Both should encourage you to patch.
---------------------------------------------
https://isc.sans.edu/diary/rss/22796


∗∗∗ Secure microkernel in a KVM switch offers spy-grade app virtualization ∗∗∗
---------------------------------------------
Need a few air-gapped apps on one screen? Heres how Researchers at Australian think tank Data61 and the nations Defence Science and Technology Group have cooked up application publishing for the paranoid, by baking an ARM CPU and secure microkernel into a KVM switch.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/09/07/cross_domain_desktop_compositor_vdi_for_the_paranoid/


∗∗∗ TLS-Zertifikate: CAAs sollen Zertifizierungsstellen an die Leine legen ∗∗∗
---------------------------------------------
Admins können mit einer Certification Authority Authorization im DNS festlegen, wer Zertifikate für ihre Domain unterschreiben darf. Ab dem 8. September sind diese Vorgaben für Zertifizierungsstellen verbindlich.
---------------------------------------------
https://heise.de/-3822010


∗∗∗ Sechs Lücken in Android-Bootloadern bekannter Hersteller entdeckt ∗∗∗
---------------------------------------------
Die automatisierte Analyse des Codes zweier Android-Bootloader förderte insgesamt sechs Schwachstellen zutage. Denial-of-Service und Zugriff auf sensible Daten sind mögliche Folgen – allerdings nur dann, wenn der Angreifer bereits Root-Rechte hat.
---------------------------------------------
https://heise.de/-3824289


∗∗∗ Schwachstelle in Typo3-Repository als mögliches Schlupfloch für trojanisierte Erweiterungen ∗∗∗
---------------------------------------------
Aufgrund eines Fehlers hätten Dritte unter Umständen mit beliebigem Passwort auf das Typo3 Extension Repository zugreifen können. Nun warnen die Entwickler vor möglichen Erweiterungen mit Schadcode.
---------------------------------------------
https://heise.de/-3825378


∗∗∗ Keine Kartenaktivierung bei card complete erforderlich ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte card complete-Nachricht. Darin heißt es, dass die Kreditkarte von Kund/innen gesperrt worden sei. Für eine Reaktivierung sollen diese persönliche Daten bekannt geben. Wer der Aufforderung nachkommt, sendet Betrüger/innen seine Kreditkarteninformationen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/keine-kartenaktivierung-bei-card-complete-erforderlich/



=====================
=    Advisories     =
=====================

∗∗∗ Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 ∗∗∗
---------------------------------------------
On September 5, 2017, the Apache Software Foundation released security bulletins that disclose three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity. For more information about the vulnerabilities, refer to the Details section of this advisory.Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected ...
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2


∗∗∗ Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02


∗∗∗ SpiderControl SCADA Web Server ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01


∗∗∗ PHOENIX CONTACT, Innominate Security Technologies mGuard Firmware ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-250-02


∗∗∗ i-SENS Inc. SmartLog Diabetes Management Software ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-01


∗∗∗ DFN-CERT-2017-1587/">GDK-PixBuf: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1587/


∗∗∗ Security Advisory - MITM Vulnerability in Huawei Themes App in Some Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170908-01-smartphone-en


∗∗∗ IBM Security Bulletin: Vulnerability in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007909


∗∗∗ IBM Security Bulletin: Open Source XStream as used in IBM QRadar SIEM is vulnerable to Denial of Service. (CVE-2017-7957) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008217


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22005380


∗∗∗ IBM Security Bulletin: IBM Java SDK as used in IBM QRadar SIEM is vulnerable to multiple CVE’s. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008210


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure. (CVE-2017-1162) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008194

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily