[CERT-daily] Tageszusammenfassung - 06.12.2018

Daily end-of-shift report team at cert.at
Thu Dec 6 18:09:39 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 05-12-2018 18:00 − Donnerstag 06-12-2018 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================


∗∗∗ Adventures in Video Conferencing Part 2: Fun with FaceTime ∗∗∗
---------------------------------------------
FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the ..
---------------------------------------------
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-2.html


∗∗∗ Data Exfiltration in Penetration Tests ∗∗∗
---------------------------------------------
In many penetration tests, therell be a point where you need to exfiltrate some data. Sometimes this is a situation of "OK, we got the crown jewels, lets get the data off premise". Or sometimes in ..
---------------------------------------------
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/


∗∗∗ Campaign evolution: Hancitor changes its Word macros ∗∗∗
---------------------------------------------
Todays diary reviews trends in recent malicious spam (malspam) pushing Hancitor.
---------------------------------------------
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+changes+its+Word+macros/24376/


∗∗∗ MikroTik: Hunderttausende Router schürfen heimlich Kryptogeld ∗∗∗
---------------------------------------------
Eine im August bekannt gewordenen Schwachstelle in den Geräten wird momentan öfter angegriffen denn je.
---------------------------------------------
http://heise.de/-4243857


∗∗∗ Linux: Besserer Spectre-V2-Schutz jetzt im Kernel, kaum Geschwindigkeitsverlust ∗∗∗
---------------------------------------------
Nach einem abgelehnten Patch haben die Linux-Entwickler den Schutz gegen die CPU-Lücke Spectre V2 in den Kerneln 4.14.86 und 4.19.7 verbessert.
---------------------------------------------
http://heise.de/-4244052


∗∗∗ Betrügerischer Sicherheitsalarm im Postfach ∗∗∗
---------------------------------------------
Konsument/innen finden in ihrem E-Mailpostfach eine Nachricht mit dem Betreff „Sicherheitsalarm. Hacker kennen das Passwort vom (E-Mailadresse)“. In dem Schreiben behaupten Kriminelle ..
---------------------------------------------
https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3205&tx_news_pi1[controller]=News&tx_news_pi1[action]=detail&cHash=9fe17fde34bdd6472a61a89153d2c136


∗∗∗ konsolensultan.de ist ein Fake-Shop ∗∗∗
---------------------------------------------
Bestellen Sie nicht bei konsolensultan.de, es handelt sich um einen unseriösen Anbieter. Die gewünschten Spielkonsolen und Controller werden Sie nie erreichen. Sie verlieren Ihr Geld.
---------------------------------------------
https://www.watchlist-internet.at/news/konsolensultande-ist-ein-fake-shop/


∗∗∗ A botnet of over 20,000 WordPress sites is attacking other WordPress sites ∗∗∗
---------------------------------------------
Botnet is still up and running but law enforcement has been notified.
---------------------------------------------
https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-attacking-other-wordpress-sites/#ftag=RSSbaffb68


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-41) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB18-41) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, December 11, 2018. We will continue to provide updates on the ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1669


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin).
---------------------------------------------
https://lwn.net/Articles/774089/


∗∗∗ MISP 2.4.99 released (aka API/UI fixes and critical security vulnerability fixed) ∗∗∗
---------------------------------------------
A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.Thanks to Francois-Xavier Stellamans from NCI Agency Cyber Security who reported a critical vulnerability in the STIX 1 import code. The vulnerability allows a malicious authenticated user to inject commands via ..
---------------------------------------------
https://www.misp-project.org/2018/12/06/MISP.2.4.99.released.html


∗∗∗ Apple Releases Multiple Security Updates ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Multiple-Security-Updates


∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-service-is-affected-by-a-privilege-escalation-vulnerability-in-kubernetes-api-server/


∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-5407 and CVE-2018-0734 in OpenSSL affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2018-5407-and-cve-2018-0734-in-openssl-affect-ibm-i/


∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1896) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-security-refresh-cve-2018-1896/


∗∗∗ IBM Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-could-allow-an-attacker-to-execute-a-denial-of-service-attack-cve-2018-1883/


∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulnerability-with-openid-connect-in-websphere-application-server-liberty-affects-ibm-websphere-application-server-in-ibm-cloud-cve-2018-1851/


∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a downgrade vulnerability (CVE-2018-1663) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateways-is-affected-by-a-downgrade-vulnerability-cve-2018-1663/


∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerabilities-affect-the-ibm-spectrum-protect-server/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list