[CERT-daily] Tageszusammenfassung - 17.08.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 16-08-2018 18:00 − Freitag 17-08-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ PHP Deserialization Issue Left Unfixed in WordPress CMS ∗∗∗
---------------------------------------------
WordPress CMS installations are vulnerable to a PHP bug related to data unserialization (also known as deserialization), a security researcher has revealed at the start of the month.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/php-deserialization-issue-left-unfixed-in-wordpress-cms/


∗∗∗ New Trickbot Variant Touts Stealthy Code-Injection Trick ∗∗∗
---------------------------------------------
Trickbot is back, this time with a stealthy code injection trick.
---------------------------------------------
https://threatpost.com/new-trickbot-variant-touts-stealthy-code-injection-trick/136606/


∗∗∗ Highly Flexible Marap Malware Enters the Financial Scene ∗∗∗
---------------------------------------------
A new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module.
---------------------------------------------
https://threatpost.com/highly-flexible-marap-malware-enters-the-financial-scene/136623/


∗∗∗ Anti-Coinminer Mining Campaign ∗∗∗
---------------------------------------------
Coinminer malware has been on the rise for some time. As more and more users become aware of this threat and try to take measures to protect themselves, cybercriminals are attempting to cash on that fear by serving crypto-miner malware from a website claiming to offer a coinminer blocker.
---------------------------------------------
https://www.zscaler.com/blogs/research/anti-coinminer-mining-campaign


∗∗∗ Detecting SSH Username Enumeration ∗∗∗
---------------------------------------------
A very quick post about a new thread which has been started yesterday on the OSS-Security mailing list. It's about a vulnerability affecting almost ALL SSH server version.
---------------------------------------------
https://blog.rootshell.be/2018/08/16/detecting-ssh-username-enumeration/


∗∗∗ Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe ∗∗∗
---------------------------------------------
Microsoft.Workflow.Compiler.exe, a utility included by default in the .NET framework, permits the execution of arbitrary, unsigned code by supplying a serialized workflow in the form of a XOML workflow file (dont worry. I had no clue what that was either) and an XML file consisting of serialized compiler arguments.
---------------------------------------------
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb


∗∗∗ Back to the 90s: FragmentSmack ∗∗∗
---------------------------------------------
As we had the previous week SegmentSmack (CVE-2018-5390) allowing remote DoS attacks by sending crafted TCP packets, this week a similar vulnerability has been reported on IP fragments.
---------------------------------------------
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Philips PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs ∗∗∗
---------------------------------------------
This medical device advisory includes mitigation recommendations for improper input validation and use of hard-coded credentials vulnerabilities in Philips PageWriter Cardiographs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01


∗∗∗ Emerson DeltaV DCS Workstations ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities in Emersons Delta V workstations.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01


∗∗∗ Tridium Niagara ∗∗∗
---------------------------------------------
This advisory was originally posted to the HSIN ICS-CERT library on July 10, 2018, and is being released to the NCCIC/ICS-CERT website. This advisory includes mitigation recommendations for path traversal and improper authentication vulnerabilities in Tridums Niagara systems.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03


∗∗∗ WAGO 750-8xx Controller Denial of Service ∗∗∗
---------------------------------------------
The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets.
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2018-013


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (intel-microcode, keystone, php-horde-image, and xen), Fedora (rsyslog), openSUSE (apache2, clamav, kernel, php7, qemu, samba, and Security), Oracle (mariadb and qemu-kvm), Red Hat (docker, mariadb, and qemu-kvm), Scientific Linux (mariadb and qemu-kvm), SUSE (GraphicsMagick, kernel, kgraft, mutt, perl-Archive-Zip, python, and xen), and Ubuntu (postgresql-10, postgresql-9.3, postgresql-9.5, procps, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/762914/


∗∗∗ Jenkins: Mehrere Schwachstellen ermöglichen u. a. Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1645/


∗∗∗ Red Hat JBoss Core Services Apache HTTP Server: Mehrere Schwachstellen ermöglichen u. a. verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1673/


∗∗∗ Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1674/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10719653


∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10713739


∗∗∗ BIG-IP APM client for Linux and macOS X vulnerabilitiy CVE-2018-5546 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54431371


∗∗∗ BIG-IP APM client for Windows vulnerability CVE-2018-5547 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10015187


∗∗∗ BIG-IP APM client for Linux and macOS vulnerabilitiy CVE-2018-5546 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54431371

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily