[CERT-daily] Tageszusammenfassung - 05.12.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-12-2018 18:00 − Mittwoch 05-12-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Adventures in Video Conferencing Part 1: The Wild World of WebRTC ∗∗∗
---------------------------------------------
Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. While a lot of research has been done into the cryptographic and privacy properties of video conferencing, there is limited information available about the attack surface of these platforms [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html


∗∗∗ Notfallpatch: Exploit-Code für kritische Flash-Lücke im Umlauf ∗∗∗
---------------------------------------------
Es gibt ein wichtiges Sicherheitsupdate für Adobes Flash Player. Nutzer sollten es dringend installieren.
---------------------------------------------
http://heise.de/-4242328


∗∗∗ SplitSpectre: Neue Methode macht Prozessor-Angriffe einfacher ∗∗∗
---------------------------------------------
Eine neue Abwandlung des Spectre-V1-Angriffs macht solche Attacken auf CPUs realistischer. Sie lässt sich über die JavaScript-Engine eines Browsers ausführen.
---------------------------------------------
http://heise.de/-4241478


∗∗∗ Achtung Dynamit-Phishing: Gefährliche Trojaner-Welle legt ganze Firmen lahm ∗∗∗
---------------------------------------------
BSI, CERT-Bund und Cybercrime-Spezialisten der LKAs sehen eine akute Welle von Infektionen mit Emotet, die Millionenschäden anrichtet.
---------------------------------------------
http://heise.de/-4241424


∗∗∗ The Dark Side of the ForSSHe ∗∗∗
---------------------------------------------
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, "The Dark Side of the ForSSHe", they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats
---------------------------------------------
https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/


∗∗∗ Achtung: Gefälschte PayPal-Rechnungen im Umlauf ∗∗∗
---------------------------------------------
Konsument/innen wird per E-Mail eine angebliche Rechnung von PayPal zugesandt - für ein Produkt, das nie bestellt wurde. Um die Rechnung zu stornieren, soll man einem Link folgen und dort seine persönlichen Daten und Zahlungsinformationen bekannt geben. Wer der Aufforderung nachkommt, wird Opfer eines Datendiebstahls und ermöglicht Kriminellen Zahlungen im eigenen Namen!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-gefaelschte-paypal-rechnungen-im-umlauf/


∗∗∗ It looked like a Citrix ShareFile phishing attack, but wasn’t ∗∗∗
---------------------------------------------
Guest contributor Bob Covello isn’t happy about a password reset email that Citrix has been sending its customers.If you’re a company contacting your customers via email, please make sure it doesn’t look phishy.
---------------------------------------------
https://www.grahamcluley.com/citrix-sharefile-not-phishing-email/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Omron CX-One ∗∗∗
---------------------------------------------
This advisory includes mitigations for stack-based buffer overflow and use after free vulnerabilities in Omrons CX-One software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01


∗∗∗ SpiderControl SCADA WebServer ∗∗∗
---------------------------------------------
This advisory includes mitigations for a reflected cross-site scripting vulnerability in SpiderControls SCADA WebServer software management platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02


∗∗∗ Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018 ∗∗∗
---------------------------------------------
Version 1.15: Final
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload


∗∗∗ Inadequate cryptography implementation in Kerio Control VPN protocol ∗∗∗
---------------------------------------------
A vulnerability in the Kerio Control VPN protocol allowed an attacker to modify data transferred through the VPN.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/inadequate-cryptography-implementation-in-kerio-control/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby).
---------------------------------------------
https://lwn.net/Articles/773964/


∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1935) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-security-refresh-cve-2018-1935/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-for-multi-platform-is-affected-by-vulnerabilities-in-ibm-java-runtime/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-rational-asset-analyzer-raa/


∗∗∗ IBM Security Bulletin: IBM Financial Transaction Manager for Check Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-17/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-2/


∗∗∗ IBM Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-impacts-ibm-control-center-cve-2018-1656/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer (RAA). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer-raa-2/


∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a XSS vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-xss-vulnerability/


∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-was-liberty-vulnerability-2/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-exist-in-ibm-cognos-tm1-cve-2018-1656-cve-2018-0732-cve-2018-12539/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily