[CERT-daily] Tageszusammenfassung - 25.01.2018

Daily end-of-shift report team at cert.at
Thu Jan 25 18:20:23 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 24-01-2018 18:00 − Donnerstag 25-01-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Nina Bieringer

=====================
=       News        =
=====================

∗∗∗ Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack ∗∗∗
---------------------------------------------
The worlds largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/maersk-reinstalled-45-000-pcs-and-4-000-servers-to-recover-from-notpetya-attack/


∗∗∗ BSI-Richtlinie: Der streng geheime Streit über die Routersicherheit ∗∗∗
---------------------------------------------
Das BSI will in den kommenden Monaten eine Technische Richtlinie für Heimrouter herausgeben. Vor allem die Kabelnetzbetreiber halten nichts davon, für möglichst viel Sicherheit bei den Geräten zu sorgen. Der CCC spricht von "Lobbying-Sabotage".
---------------------------------------------
https://www.golem.de/news/bsi-richtlinie-der-streng-geheime-streit-ueber-die-routersicherheit-1801-132363-rss.html


∗∗∗ Windows 10: Microsoft will aufzeigen, was an Gerätedaten gesammelt wird ∗∗∗
---------------------------------------------
Sprachdaten, Positionsdaten und Browserverlauf: Nutzer sollen künftig einen besseren Überblick über gesammelte Daten in Windows 10 bekommen. Dazu stellt Microsoft ein Dashboard für Microsoft-Accounts und einen Diagnostic Viewer für Geräteinformation zur Verfügung. (Microsoft, Datenschutz)
---------------------------------------------
https://www.golem.de/news/windows-10-microsoft-will-aufzeigen-was-an-geraetedaten-gesammelt-wird-1801-132393-rss.html


∗∗∗ Cloudflare[.]solutions Keylogger Returns on New Domains ∗∗∗
---------------------------------------------
A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains. Keylogger Spreads to New Domains A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken [...]
---------------------------------------------
https://blog.sucuri.net/2018/01/cloudflare-solutions-keylogger-returns-on-new-domains.html


∗∗∗ libcurl has had auth leak bug since the first commit we recorded ∗∗∗
---------------------------------------------
Fixed in 7.58.0 If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/01/25/curl_carried_auth_leak_bug_practically_forever/


∗∗∗ Healthcare CERTs highlight the need for security guidance for specific sectors ∗∗∗
---------------------------------------------
A new computer emergency response team has been launched in the Netherlands to provide guidance specifically tailored to the healthcare sector. Martijn Grooten welcomes the development.  Read more
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/01/healthcare-certs-show-need-security-guidance-specific-sectors/


∗∗∗ Announcing turndown of the deprecated Google Safe Browsing APIs ∗∗∗
---------------------------------------------
Posted by Alex Wozniak, Software Engineer, Safe Browsing TeamIn May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect over 3 billion devices from unsafe web resources.Coupled with that announcement was the deprecation of legacy Safe Browsing APIs, v2 and v3. Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must [...]
---------------------------------------------
https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-4096 firefox-esr - security update ∗∗∗
---------------------------------------------
Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, use-after-frees, integeroverflows and other implementation errors may lead to the execution ofarbitrary code, denial of service or URL spoofing.
---------------------------------------------
https://www.debian.org/security/2018/dsa-4096


∗∗∗ Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified ∗∗∗
---------------------------------------------
Update 1/25/18: Blender has released version 2.79a to address these issues
Technology has evolved in incredible ways that has helped people to create and visualize media like never before. Today, people can use tools such as Blender to visualize, model, and animate 3D content, especially since its free and open-source software. However, this also make it an attractive target for adversaries to audit and find vulnerabilities. Given the user base of Blender, exploiting these vulnerabilities to [...]
---------------------------------------------
http://blog.talosintelligence.com/2018/01/unpatched-blender-vulns.html


∗∗∗ DFN-CERT-2018-0177: Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0177/


∗∗∗ IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026853


∗∗∗ IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026733


∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026732


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Portable Runtime affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026735


∗∗∗ IBM Security Bulletin: A vulnerability in procmail affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026736


∗∗∗ IBM Security Bulletin: A vulnerability in curl affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026734


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012767


∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026731


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007398


∗∗∗ IBM Security Bulletin: Rational DOORS is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012789

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list