[CERT-daily] Tageszusammenfassung - 17.12.2018

Daily end-of-shift report team at cert.at
Mon Dec 17 18:10:26 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 14-12-2018 18:00 − Montag 17-12-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Shamoon Disk Wiper Returns with Second Sample Uncovered this Month ∗∗∗
---------------------------------------------
Shamoons comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/shamoon-disk-wiper-returns-with-second-sample-uncovered-this-month/


∗∗∗ Datenbank: Fehler in SQLite ermöglichte Codeausführung ∗∗∗
---------------------------------------------
Anwendungen, die SQLite einsetzen und von außen SQL-Zugriff darauf bieten, sind offenbar von einem Fehler betroffen, der eine beliebige Codeausführung ermöglicht. Dazu gehören unter anderem Browser auf Chromium-Basis, für die inzwischen Updates bereitstehen. (Security, Browser)
---------------------------------------------
https://www.golem.de/news/datenbank-fehler-in-sqlite-ermoeglichte-codeausfuehrung-1812-138280-rss.html


∗∗∗ Worst passwords list is out, but this time we’re not scolding users ∗∗∗
---------------------------------------------
This is on you, makers of sites and services that allow users to create passwords like "password." You can do better!
---------------------------------------------
https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but-this-time-were-not-scolding-users/


∗∗∗ The GPS 2019 Week Rollover - What You Need to Know ∗∗∗
---------------------------------------------
The Global Positioning System provides accurate timing information to many of our critical systems - power grid, communications, financial markets, emergency services, and industrial control to name a few. [...] The next time the counter will reach week 1023 and rollover to zero is on April 6, 2019.
---------------------------------------------
https://spectracom.com/resources/blog/lisa-perdue/2018/gps-2019-week-rollover-what-you-need-know


∗∗∗ Intels NUCs: Viele Mini-PCs mit fehlerhaftem BIOS-Schutz ∗∗∗
---------------------------------------------
Bei einigen Mini-PCs aus Intels NUC-Reihe lässt sich das BIOS mit manipuliertem Code überschreiben, etwa um eine Backdoor einzupflanzen.
---------------------------------------------
http://heise.de/-4251738


∗∗∗ Betrügerische Androhung von Pfändungsterminen ∗∗∗
---------------------------------------------
Konsument/innen erhalten von erfundenen Inkassobüros und Rechtsanwält/innen letzte Zahlungsaufforderungen in Höhe von 479,16 Euro. Darin heißt es, dass es zu einer Pfändung ihrer Wertgegenstände komme, wenn sie den geforderten Geldbetrag nicht bezahlen. Empfänger/innen können das Schreiben ignorieren und müssen keine Überweisung tätigen.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-androhung-von-pfaendungsterminen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (php5, poppler, and samba), Fedora (firefox, mbedtls, nbdkit, pdns-recursor, php, php-symfony, php-symfony3, and php-symfony4), Gentoo (CouchDB, scala, and spamassassin), Mageia (firefox, libwpd, nss, and thunderbird), openSUSE (Chromium, cups, ghostscript, kernel, openvswitch, phpMyAdmin, qemu, and tcpdump), Red Hat (RHGS WA), and SUSE (ansible, openldap2, openvswitch, qemu, and tcpdump).
---------------------------------------------
https://lwn.net/Articles/775102/


∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gskit-affect-ibm-tivoli-directory-server-and-ibm-security-directory-server-for-aix-security-bulletin/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-security-bulletin-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-doors-web-access-7/


∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology Oct 2018 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-java-sdk-affect-multiple-ibm-rational-products-based-on-ibm-jazz-technology-oct-2018-cpu/


∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-vulnerability-in-was-liberty/


∗∗∗ IBM Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ntpv4-affect-aix-cve-2018-12327-cve-2018-7170-security-bulletin/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability. (CVE-2018-1667) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-cross-site-scripting-vulnerability-cve-2018-1667/


∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1643) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2018-1643/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-software-architect-and-rational-software-architect-for-websphere-software-4/


∗∗∗ IBM Security Bulletin: Potential redirection to external site when using the the IBM Event Streams API (CVE-2018-1833) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-redirection-to-external-site-when-using-the-the-ibm-event-streams-api-cve-2018-1833/


∗∗∗ NodeJS vulnerability CVE-2018-12120 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K37111863


∗∗∗ OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43741620

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list