[CERT-daily] Tageszusammenfassung - 05.04.2018
Daily end-of-shift report
team at cert.at
Thu Apr 5 18:13:34 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 04-04-2018 18:00 − Donnerstag 05-04-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs ∗∗∗
---------------------------------------------
Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/intel-tells-users-to-uninstall-remote-keyboard-app-over-unpatched-security-bugs/
∗∗∗ Natus Neuroworks: Sicherheitslücken in Gehirnscan-Software entdeckt ∗∗∗
---------------------------------------------
Der Scan der Hirnaktivitäten ist nicht gefährdet, das Krankenhaus aber schon: Sicherheitsexperten haben Schwachstellen in der Software von EEG-Geräten gefunden, die es ermöglichen, Code auf dem Gerät auszuführen und sich Zugriff auf das Krankenhausnetz zu verschaffen. (Security, Cisco)
---------------------------------------------
https://www.golem.de/news/natus-neuroworks-sicherheitsluecken-in-gehirnscan-software-entdeckt-1804-133687-rss.html
∗∗∗ Apples Dateisystem: APFS-Probleme bleiben bestehen ∗∗∗
---------------------------------------------
Nach dem letzten Problem rund um die Klartextspeicherung von Passwörtern zu verschlüsselten APFS-Datenträgern stellt sich nach weiteren Untersuchungen heraus, dass die Passwörter mit 10.13.4 weiter lesbar sind. Die Passwörter verbleiben auch nach dem Patch in den Logs. (APFS, Apple)
---------------------------------------------
https://www.golem.de/news/apples-dateisystem-apfs-probleme-bleiben-bestehen-1804-133686-rss.html
∗∗∗ Understanding Code Signing Abuse in Malware Campaigns ∗∗∗
---------------------------------------------
Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem regarding code signing abuse, which we will elaborate on in this post.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/understanding-code-signing-abuse-in-malware-campaigns/
∗∗∗ Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client ∗∗∗
---------------------------------------------
Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in U.S. CERTs recent alert.
---------------------------------------------
http://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html
∗∗∗ Keine 358.80 Euro an toxflix.de und ähnliche Streaming-Plattformen zahlen! ∗∗∗
---------------------------------------------
Die CINE STAR LTD ist laut Impressum verantwortlich für Streaming-Webseiten wie toxflix.de, roxflix.de oder laflix.de. Auf den Seiten werden Filme zum Streamen angeboten, vorab ist aber eine Registrierung durch die InteressentInnen notwendig. Die Anmeldung führt nach Ablauf einer 5-Tagesfrist zum Abschluss einer Premium-Mitgliedschaft und Forderungen in der Höhe von 358,80 Euro im Jahr. Der Betrag muss nicht bezahlt werden, denn ein gültiger Vertrag kommt nie zustande!
---------------------------------------------
https://www.watchlist-internet.at/news/keine-35880-euro-an-toxflixde-und-aehnliche-streaming-plattformen-zahlen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (drupal), Debian (openjdk-7), Fedora (exempi, gd, and tomcat), SUSE (python-paramiko), and Ubuntu (kernel, libvncserver, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-trusty, and linux-raspi2).
---------------------------------------------
https://lwn.net/Articles/751026/
∗∗∗ Vuln: Atlassian Bamboo CVE-2018-5224 Remote Security Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/103653
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013308
∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Bind affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014266
∗∗∗ IBM Security Bulletin: Potential spoofing attack in Liberty for Java for IBM Cloud (CVE-2017-1788) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015292
∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM PureApplication System (CVE-2017-12618) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011238
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect™ Plus ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014937
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK that affect IBM PureApplication System ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015284
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015161
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Service (CVE-2017-10295, CVE-2017-10355, CVE-2017-10356) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013492
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2017-10295, CVE-2017-10355) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013493
∗∗∗ IBM Security Bulletin: Potential Privilege Escalation and Information disclosure affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1731, CVE-2017-1741) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014721
∗∗∗ IBM Security Bulletin: IBM Distributed Marketing Could Allow an Authenticated but Unauthorized User with Special Access to Change Security Policies (CVE-2017-1109) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015044
∗∗∗ IBM Security Bulletin: IBM SPSS Statistics is affected by multiple GSKit vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015252
∗∗∗ IBM Security Bulletin: XML External Entity Injection (XXE) Vulnerability Impacts IBM Campaign (CVE-2015-0254) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015263
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services for ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014821
∗∗∗ IBM Security Bulletin: Denial of Service in Apache CXF used by Liberty for Java for IBM Cloud (CVE-2017-12624) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015296
∗∗∗ IBM Security Bulletin: Information Disclosure in IBM HTTP Server and Denial of Service in Apache CXF used by IBM WebSphere Application Server for IBM Cloud (CVE-2017-12613, CVE-2017-12624) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015297
∗∗∗ FreeBSD IPsec AH Option Header Infinite Loop Lets Remote Users Cause the Target System to Crash ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040628
∗∗∗ HPE integrated Lights Out (iLO) TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040630
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list