[CERT-daily] Tageszusammenfassung - 06.07.2018

Fri Jul 6 18:11:21 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 05-07-2018 18:00 − Freitag 06-07-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ HNS Botnet Recent Activities ∗∗∗
---------------------------------------------
Author: Rootkiter, yegenshenHNS is an IoT botnet (Hide and Seek) originally discovered by BitDefender in January this year. In that report, the researchers pointed out that HNS used CVE-2016-10401, and other vulnerabilities to propagate malicious code and stole user information. The HNS communicates through the P2P mechanism, which is [...]
---------------------------------------------
http://blog.netlab.360.com/hns-botnet-recent-activities-en/


∗∗∗ CoinImp Cryptominer and Fully Qualified Domain Names ∗∗∗
---------------------------------------------
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. "www.example.com", where "www" is a subdomain, "example" is a second level domain, and "com" is a top level domain. However, very few know that there is also a DNS root domain and it can be also specified in the fully qualified domain names.
---------------------------------------------
https://blog.sucuri.net/2018/07/coinimp-cryptominer-and-fully-qualified-domain-names.html


∗∗∗ Schädlinge unterminieren Windows-Zertifikats-System ∗∗∗
---------------------------------------------
Immer mehr Trojaner installieren eigene Root-CAs in Windows, um damit ihre Schadprogramme signieren oder Web-Seiten-Aufrufe manipulieren zu können.
---------------------------------------------
http://heise.de/-4100993


∗∗∗ Apple stopft WLAN-Lücken auf Macs unter Windows ∗∗∗
---------------------------------------------
Mit einem Update sollen zwei Angriffspunkte in den Boot-Camp-Treibern behoben werden, mit denen Macs das Microsoft-Betriebssystem nutzen.
---------------------------------------------
http://heise.de/-4102490


∗∗∗ Datenleck bei Domainfactory: Hacker knackt Systeme, lässt Kundendaten mitgehen ∗∗∗
---------------------------------------------
Die Systeme des Hosters Domainfactory wurden offensichtlich von einem Hacker kompromittiert, der nun Zugang zu sensiblen Daten der Kunden hat.
---------------------------------------------
http://heise.de/-4102881


∗∗∗ IT-Sicherheit - Elektronikhändler e-tec und Ditech wurden Kundendaten gestohlen ∗∗∗
---------------------------------------------
Altes Passwort ist abgelaufen und muss neu gesetzt werden, Zahlungsdaten zu Kreditkarten und Kontoverbindungen nicht betroffen
---------------------------------------------
https://derstandard.at/2000082932960/Elektronikhaendler-e-tec-und-Ditech-wurden-Kundendaten-gestohlen


∗∗∗ What is it that Makes a Microsoft Executable a Microsoft Executable? ∗∗∗
---------------------------------------------
What exactly is it that separates arbitrary code from code that originates from Microsoft? I would wager that the reaction of most people would be to claim, "well... if it's signed by Microsoft, then it comes from Microsoft. What else is there to talk about?"
---------------------------------------------
https://posts.specterops.io/what-is-it-that-makes-a-microsoft-executable-a-microsoft-executable-b43ac612195e


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers BIOS Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attacker to bypass the BIOS authentication and execute actions as an unprivileged user.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-encs-ucs-bios-auth-bypass


∗∗∗ WordPress 4.9.7 Security and Maintenance Release ∗∗∗
---------------------------------------------
WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.
---------------------------------------------
https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/


∗∗∗ Stored XSS under CA and CRL certificate view page ∗∗∗
---------------------------------------------
Javascript code and HTML tags can be injected into the CN value of CA and CRL certificates via the import CA and CRL certificates feature of the GUI. The injected code may be executed when the GUI administrator views the CA certificate details and browses CRL certificates when CN values are rendered.
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-17-305


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dokuwiki, libsoup2.4, mercurial, php7.0, and phpmyadmin), Fedora (ant, gnupg, libgit2, and libsoup), openSUSE (cairo, git-annex, postgresql95, and zsh), Scientific Linux (firefox), Slackware (mozilla), SUSE (nodejs6 and rubygem-yard), and Ubuntu (AMD microcode, devscripts, and firefox).
---------------------------------------------
https://lwn.net/Articles/759212/


∗∗∗ 2018-07-06: Vulnerability in Panel Builder 800 - Improper Input Validation ∗∗∗
---------------------------------------------
http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by a resource leakage vulnerability (CVE-2018-1548) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22017136


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22017003


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016892


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016895


∗∗∗ IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10716005


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015940


∗∗∗ IBM Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2018-2602, CVE-2018-2634) ∗∗∗
---------------------------------------------
https://www-prd-trops.events.ibm.com/node/715345


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application and IHS server ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=ibm10713469


∗∗∗ PEPPERL+FUCHS Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2018-009


∗∗∗ PEPPERL+FUCHS Remote Code Execution Vulnerability in HMI Devices ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2018-008

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily