Deutsch | English

[CERT-daily] Tageszusammenfassung - 13.04.2018

Daily end-of-shift report team at cert.at
Fri Apr 13 18:22:03 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 12-04-2018 18:00 − Freitag 13-04-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code ∗∗∗
---------------------------------------------
The exploitation of a very dangerous Drupal vulnerability has started after the publication of proof-of-concept (PoC) code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploitation-of-drupalgeddon2-flaw-starts-after-publication-of-poc-code/


∗∗∗ "Early Bird" Code Injection Technique Helps Malware Stay Undetected ∗∗∗
---------------------------------------------
Security researchers have discovered at least three malware strains using a new code injection technique that allowed them to avoid antivirus detection.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/early-bird-code-injection-technique-helps-malware-stay-undetected/


∗∗∗ Office Macros ∗∗∗
---------------------------------------------
Eine kleine Bemerkung aus aktuellem Anlass: Ich hab gestern mal wieder meinen üblichen Vortrag zum Thema "Bedrohungslage" gehalten, und dabei auch - wie immer - erwähnt, dass Office-Macros gefährlich sind und eingeschränkt werden müssen. Im Publikum war klar zu erkennen, dass einige das bei sich nicht machen können. Verständlich, weil in so manchen Firmen wichtige Geschäftsprozesse als Excel-Macros implementiert [...]
---------------------------------------------
http://www.cert.at/services/blog/20180413094624-2176.html


∗∗∗ Thousands of WP, Joomla and SquareSpace sites serving malicious updates ∗∗∗
---------------------------------------------
Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been going on since at least December 2017 and has been gaining steam. The malicious actors are injecting JavaScript that triggers the download requests into the content management systems' JavaScript files or directly into the sites' homepage.
---------------------------------------------
https://www.helpnetsecurity.com/2018/04/13/wp-joomla-squarespace-malicious-updates/


∗∗∗ Android-Hersteller belügen Nutzer bei Sicherheits-Updates ∗∗∗
---------------------------------------------
Bis auf Google liefert niemand wirklich alle Patches aus – Samsung patzt manchmal, OnePlus, LG und Co. regelmäßig
---------------------------------------------
http://derstandard.at/2000077842490


∗∗∗ Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers ∗∗∗
---------------------------------------------
https://blog.hboeck.de/archives/892-Introducing-Snallygaster-a-Tool-to-Scan-for-Secrets-on-Web-Servers.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Yokogawa CENTUM and Exaopc ∗∗∗
---------------------------------------------
This advisory includes mitigations for a permissions, privileges, and access controls vulnerability in the Yokogawa CENTUM series and Exaopc products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01


∗∗∗ Oracle Critical Patch Update Pre-Release Announcement - April 2018 ∗∗∗
---------------------------------------------
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2018, which will be released on Tuesday, April 17, 2018. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html


∗∗∗ VMSA-2018-0009 ∗∗∗
---------------------------------------------
vRealize Automation updates address multiple security issues.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0009.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (apache), openSUSE (libvirt, openssl, policycoreutils, and zziplib), Oracle (firefox and python-paramiko), and Red Hat (python-paramiko).
---------------------------------------------
https://lwn.net/Articles/751780/


∗∗∗ Bugtraq: [security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541942


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22014440


∗∗∗ IBM Security Bulletin: IBM MQ clients connecting to an MQ queue manager can cause a SIGSEGV in the amqrmppa channel process terminating it. (CVE-2018-1371) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012983


∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities which is used by IBM PureApplication Systems/Service (CVE-2017-3736 CVE-2017-3738) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014945


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015346


∗∗∗ IBM Security Bulletin: Content Collector for Email affected by privilege escalation vulnerability in WebSphere Application Server ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22015034


∗∗∗ IBM Security Bulletin: Content Collector for Email affected by information disclosure vulnerability in Websphere Application Server ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22015032


∗∗∗ BIG-IP TMM vulnerability CVE-2018-5510 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K77671456


∗∗∗ BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K05263202


∗∗∗ BIG-IP PEM vulnerability CVE-2018-5508 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10329515


∗∗∗ BIG-IP SOCKS proxy vulnerability CVE-2017-6148 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K55225440


∗∗∗ vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52521791


∗∗∗ Apache vulnerability CVE-2018-5506 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K65355492


∗∗∗ TMUI vulnerability CVE-2018-5511 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K30500703


∗∗∗ BIG-IP TMM vulnerability CVE-2017-6158 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K19361245


∗∗∗ TMM vulnerability CVE-2017-6155 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10930474


∗∗∗ IP Intelligence Feed List vulnerability CVE-2017-6143 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11464209


∗∗∗ cURL and libcurl vulnerability CVE-2018-1000120 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K22052524

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2016
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).