[CERT-daily] Tageszusammenfassung - 04.04.2018
Daily end-of-shift report
team at cert.at
Wed Apr 4 18:13:53 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 03-04-2018 18:00 − Mittwoch 04-04-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Intel Admits It Wont Be Possible to Fix Spectre (V2) Flaw in Some Processors ∗∗∗
---------------------------------------------
As speculated by the researcher who disclosed Meltdown and Spectre flaws in Intel processors, some of the Intel processors will not receive patches for the Spectre (variant 2) side-channel analysis attack In a recent microcode revision guidance (PDF), Intel admits that it would not be possible to address the Spectre design flaw in its specific old CPUs, because it requires changes to the
---------------------------------------------
https://thehackernews.com/2018/04/intel-spectre-vulnerability.html
∗∗∗ Pocket cryptofarms - Investigating mobile apps for hidden mining ∗∗∗
---------------------------------------------
We've noticed that attackers no longer limit themselves to servers, desktops, and laptops. They are increasingly drawn to mobile devices, mainly Android. We decided to take a closer look to see which mobile apps stealthily mine digital coins on user devices and how widespread they are.
---------------------------------------------
https://securelist.com/pocket-cryptofarms/85137/
∗∗∗ BSI warnt vor Sicherheitslücken in iTunes für Windows ∗∗∗
---------------------------------------------
Apples Medienverwaltung enthält mehrere kritische Fehler – nicht nur in der enthaltenen Browser-Engine WebKit. Sicherheits-Bugs stecken auch in der iCloud-Unterstützung für Windows.
---------------------------------------------
https://heise.de/-4010622
∗∗∗ Nvidia patcht mehrere Lücken in GPU-Treibern ∗∗∗
---------------------------------------------
Lücken in mehreren Nvidia-Grafikkartentreibern können unter anderem für die Code-Ausführung aus der Ferne missbraucht werden. Gepatchte Versionen stehen zum Download bereit.
---------------------------------------------
https://www.heise.de/-4010707
∗∗∗ LockCrypt ransomware: weakness in code can lead to recovery ∗∗∗
---------------------------------------------
A lesser-known variant called LockCrypt ransomware has been creeping around under the radar since June 2017. We take a look inside its code and expose its flaws.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2018/04/lockcrypt-ransomware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Microsoft Malware Protection Engine: Sicherheitsupdate behebt kritische Schwachstelle ∗∗∗
---------------------------------------------
Am 03.04.18 hat Microsoft ein Update zur Behebung des kritischen Fehlers CVE-2018-0986 in der hauseigenen Antiviren-Software (Microsoft Malware Protection Engine) benutzt in zum Beispiel Windows Defender, Microsoft Security Essentials, Microsoft Intune Endpoint, Microsoft Forefront Endpoint 2010 sowie in Exchange Server 2013 und 2016 unter den Systemen Windows 7 bis Windows 10 beziehungsweise [...]
---------------------------------------------
http://www.cert.at/services/blog/20180404151337-2161.html
∗∗∗ Siemens Building Technologies Products ∗∗∗
---------------------------------------------
This advisory includes mitigations for a series of vulnerabilities in Siemens Building Technologies Products, including stack-based buffer overflows, security features, improper restriction of operations within the bounds of a memory buffer, NULL pointer deference, XML entity expansion, heap-based buffer overflow, and improper access control.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
∗∗∗ USN-3618-1: LibVNCServer vulnerability ∗∗∗
---------------------------------------------
LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic. [...] It was discovered that LibVNCServer incorrectly handled certain packetlengths. A remote attacker able to connect to a LibVNCServer could possiblyuse this issue [...]
---------------------------------------------
https://usn.ubuntu.com/3618-1/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (apache2, ldap-account-manager, and openjdk-7), Fedora (libuv and nodejs), Gentoo (glibc and libxslt), Mageia (acpica-tools, openssl, and php), SUSE (clamav, coreutils, and libvirt), and Ubuntu (kernel, libraw, linux-hwe, linux-gcp, linux-oem, and python-crypto).
---------------------------------------------
https://lwn.net/Articles/750902/
∗∗∗ IBM Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022442
∗∗∗ Cacti Input Validation Flaw in get_current_page() Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040620
∗∗∗ WordPress 4.9.5 Security and Maintenance Release ∗∗∗
---------------------------------------------
https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list