[CERT-daily] Tageszusammenfassung - 18.09.2017

Mon Sep 18 18:11:46 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 15-09-2017 18:00 − Montag 18-09-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Machine Learning Myths ∗∗∗
---------------------------------------------
“Machine learning” is the new “it” buzzword in security. As a result, it’s being thrown around fairly loosely on vendor websites and in marketing materials. Not only is that unfortunate for anyone looking to get a straight answer on how machine learning can help their company stay more secure, it is also fostering a general sense of confusion around what the term actually means. To help clear things up, let’s take a closer look at six of the most common [...]
---------------------------------------------
https://feeds.feedblitz.com/~/459728214/0/alienvault-blogs~Machine-Learning-Myths


∗∗∗ Optionsbleed: Apache-Webserver blutet ∗∗∗
---------------------------------------------
Beim Apache-Webserver lassen sich in bestimmten Konfigurationen Speicherfragmente durch einen Angreifer auslesen. Besonders kritisch ist diese Lücke in Shared-Hosting-Umgebungen.
---------------------------------------------
https://www.golem.de/news/optionsbleed-apache-webserver-blutet-1709-130105-rss.html


∗∗∗ CCleaner: Avast verteilt Malware mit Optimierungsprogramm ∗∗∗
---------------------------------------------
So hatten sich Nutzer die Optimierung des PCs sicher nicht vorgestellt: Eine Version von CCleaner wurde für rund einen Monat mit Malware ausgeliefert.
---------------------------------------------
https://www.golem.de/news/ccleaner-avast-verteilt-malware-mit-optimierungsprogramm-1709-130119-rss.html


∗∗∗ An (un)documented Word feature abused by attackers ∗∗∗
---------------------------------------------
A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content.
---------------------------------------------
http://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/


∗∗∗ Malicious Backdoors: Fake Images and Strrev Functions ∗∗∗
---------------------------------------------
When a website is compromised, attackers frequently leave behind a backdoor – according to our research around 70% of all website hacks include a backdoor. These backdoors are not designed to attack a website or destroy data, instead they allow an attacker to re-enter a targeted website with little to no authentication, providing them with unauthorized access to the system. Backdoors can be planted anywhere within a site, file system, or database.
---------------------------------------------
https://blog.sucuri.net/2017/09/malicious-backdoors-fake-images-strrev-functions.html


∗∗∗ Achtung: Aktuelle Spam-Mails fälschen Absender von Mitarbeitern ∗∗∗
---------------------------------------------
Akute Gefahr geht von einer Schädlingswelle aus, die per E-Mail anrollt. Durch eine clevere Wahl der Absender könnten auch versierte Anwender verleitet werden, dem darin enthaltenen Link zu folgen. Er führt zu bislang weitgehend unerkannter Malware.
---------------------------------------------
https://heise.de/-3834782


∗∗∗ Keine Sicherheits-App der Erste Bank installieren ∗∗∗
---------------------------------------------
In einer gefälschten Erste Bank-Nachricht fordern Kriminelle Kund/innen dazu auf, dass sie eine Sicherheits-App für ihr mobiles Endgerät installieren. Das sei angeblich notwendig, damit diese weiterhin ihren OnlineBanking-Zugang nützen können. In Wahrheit ist die Sicherheits-App Schadsoftware. Sie ermöglicht es Unbekannten, auf die Konten ihrer Opfer zuzugreifen.
---------------------------------------------
https://www.watchlist-internet.at/schadsoftware/keine-sicherheits-app-der-erste-bank-installieren/


∗∗∗ People cant read (Equifax edition) ∗∗∗
---------------------------------------------
One of these days Im going to write a guide for journalists reporting on the cyber. One of the items Id stress is that they often fail to read the text of what is being said, but instead read some sort of subtext that wasnt explicitly said. This is valid sometimes -- as the subtext is what the writer intended all along, even if they didnt explicitly write it. Other times, though the imagined subtext is not what the writer intended at all. A good example is the recent Equifax breach.
---------------------------------------------
http://blog.erratasec.com/2017/09/people-cant-read-equifax-edition.html


=====================
=    Advisories     =
=====================

∗∗∗ DSA-3974 tomcat8 - security update ∗∗∗
---------------------------------------------
Two issues were discovered in the Tomcat servlet and JSP engine.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3974


∗∗∗ DSA-3975 emacs25 - security update ∗∗∗
---------------------------------------------
Charles A. Roelli discovered that Emacs is vulnerable to arbitrary codeexecution when rendering text/enriched MIME data (e.g. when usingEmacs-based mail clients).
---------------------------------------------
https://www.debian.org/security/2017/dsa-3975


∗∗∗ DSA-3976 freexl - security update ∗∗∗
---------------------------------------------
Marcin Icewall Noga of Cisco Talos discovered two vulnerabilities infreexl, a library to read Microsoft Excel spreadsheets, which mightresult in denial of service or the execution of arbitrary code if amalformed Excel file is opened.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3976


∗∗∗ ZDI-17-811: EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of EMC Data Protection Advisor. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-17-811/


∗∗∗ Magento 2.0.16 and 2.1.9 Security Update ∗∗∗
---------------------------------------------
Magento Commerce and Open Source 2.1.9 and 2.0.16 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.
---------------------------------------------
https://magento.com/security/patches/magento-2016-and-219-security-update


∗∗∗ SUPEE-10266 ∗∗∗
---------------------------------------------
SUPEE-10266, Magento Commerce 1.14.3.6 and Open Source 1.9.3.6 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.
---------------------------------------------
https://magento.com/security/patches/supee-10266


∗∗∗ BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045807


∗∗∗ Vuln: Moodle CVE-2017-12157 Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/100848


∗∗∗ Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017 ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce


∗∗∗ Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2


∗∗∗ Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn


∗∗∗ DFN-CERT-2017-1634: ChakraCore: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1634/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008401


∗∗∗ IBM Security Bulletin: A vulnerability in XStream affects IBM InfoSphere Information Governance components ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22004784


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-3511, CVE-2017-10115, CVE-2017-10116) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006034


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1194) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006028


∗∗∗ IBM Security Bulletin: Sweet32 vulnerability affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-2183) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006040


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1137) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006029


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1121) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006027


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008182


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006696


∗∗∗ IBM Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008410


∗∗∗ OpenJDK vulnerabilities CVE-2015-2621, CVE-2015-2632, CVE-2015-4748, and CVE-2015-4749 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K84947349

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily