[CERT-daily] Tageszusammenfassung - 03.12.2018

Stephan Richter richter at cert.at
Mon Dec 3 19:27:26 CET 2018

= End-of-Day report =

Timeframe:   Freitag 30-11-2018 18:00 − Montag 03-12-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=       News        =

∗∗∗ Who Is Targeting Industrial Facilities and ICS Equipment, and How? ∗∗∗
Industrial Control Systems (ICS) are expected to be installed and left
isolated for a long time. Technical changes and the necessity of
reducing operating costs led to this equipment being left in operation
longer than expected, exposing it to a broad range of cyber-threats.
Malware designed to compromise [...]

∗∗∗ DeepSec 2018 Wrap-Up ∗∗∗
I’m writing this quick wrap-up in Vienna, Austria where I attended my
first DeepSec conference. This event was already on my schedule for a
while but I never had a chance to come. This year, I submitted a
training and I was accepted! Good opportunity to visit the beautiful
city [...]

∗∗∗ The 9 Lives of Bleichenbachers CAT: New Cache ATtacks on TLS
Implementations ∗∗∗
In this whitepaper*, nine different implementations of TLS were tested
against cache attacks and seven were found to be vulnerable: [...]

∗∗∗ Injecting Code into Windows Protected Processes using COM - Part 2 ∗∗∗
In my previous blog I discussed a technique which combined numerous
issues I’ve previously reported to Microsoft to inject arbitrary code
into a PPL-WindowsTCB process. The techniques presented don’t work for
exploiting the older, stronger Protected Processes (PP) for a few
different reasons. This blog seeks to remedy this omission and provide
details of how I was able to also hijack a full PP-WindowsTCB process
without requiring administrator privileges.

∗∗∗ What the Marriott Breach Says About Security ∗∗∗
We dont yet know the root cause(s) that forced Marriott this week to
disclose a four-year-long breach involving the personal and financial
information of 500 million guests of its Starwood hotel properties. But
anytime we see such a colossal intrusion go undetected for so long, the
ultimate cause is usually a failure to adopt the most important
principle in cybersecurity defense that applies to both corporations and
consumers: Assume you are compromised.

∗∗∗ Gefälschte iPhone-Gewinn-SMS von Billa im Umlauf ∗∗∗
Betrüger/innen versenden SMS-Nachrichten im Namen von Billa an
Konsument/innen. Wer die Nachricht öffnet, soll einige Fragen
beantworten und kann anschließend den Gewinn, ein iPhone XS im Wert von
über 1200 Euro, auswählen. Für den Erhalt sollen 1,50 Euro per
Kreditkarte bezahlt werden. Betroffene dürfen Ihre Daten nicht eingeben,
denn es handelt sich um eine Abo-Falle und das versprochene iPhone wird
nie verschickt!

=  Vulnerabilities  =

∗∗∗ Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital
Oscilloscope ∗∗∗
A digital oscilloscope by Siglent Technologies is affected by multiple
vulnerabilities such as hardcoded backdoor accounts or missing
authentication. The vendor was unresponsive and did not provide a patch.

∗∗∗ Security updates for Friday ∗∗∗
Security updates have been issued by Debian (libarchive, perl, and
qemu), Fedora (glibc, glusterfs, links, and moodle), Gentoo (libsndfile
and postgresql), openSUSE (openssh, rubygem-loofah, and tiff), Oracle
(ruby), Red Hat (ruby), and Ubuntu (libssh and linux-aws).

∗∗∗ Security updates for Monday ∗∗∗
Security updates have been issued by Debian (nsis, openssl, poppler, and
tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools,
net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core,
php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and
python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel).

∗∗∗ Vuln: NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote
Command Injection Vulnerability ∗∗∗

∗∗∗ IBM Security Bulletin: There are multiple vulnerabilities in IBM®
SDK Java™ Technology Edition, Version 6, Version 7, Version 8, that is
used by IBM Workload Scheduler. These issues were disclosed as part of
the IBM Java SDK updates in [...] ∗∗∗

∗∗∗ Ruby on Rails: Mehrere Schwachstellen ermöglichen Umgehen von
Sicherheitsvorkehrungen ∗∗∗

More information about the Daily mailing list