[CERT-daily] Tageszusammenfassung - 10.07.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 09-07-2018 18:00 − Dienstag 10-07-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ APT Trends Report Q2 2018 ∗∗∗
---------------------------------------------
These summaries are a representative snapshot of what has been discussed in greater detail in our private reports during Q2 2018. They aim to highlight the significant events and findings that we feel people should be aware of.
---------------------------------------------
https://securelist.com/apt-trends-report-q2-2018/86487/


∗∗∗ Researchers Reveal Bypass for Apple’s USB Restricted Mode ∗∗∗
---------------------------------------------
Researchers released a workaround for Apples USB Restricted Mode security feature the same day it was rolled out.
---------------------------------------------
https://threatpost.com/researchers-reveal-bypass-for-apples-usb-restricted-mode/133819/


∗∗∗ Apple Patches Everything Again., (Tue, Jul 10th) ∗∗∗
---------------------------------------------
As usual for Apple patches, vulnerabilities tend to affect all/most Apple operating systems. One notable security issue that was addressed, but is not listed here, is the "USB accessory unlock" issue. This allowed systems like Greylock to unlock phones by brute forcing the passcode via the lightning port / USB. iOS 11.4.1 only allows USB devices to connect within 1 hour after the phone/tablet is locked. This is enabled by default but can be disabled by the user. OS X also fixes the [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/23852


∗∗∗ Worm (Mirai?) Exploiting Android Debug Bridge (Port 5555/tcp), (Tue, Jul 10th) ∗∗∗
---------------------------------------------
Today, I noticed a marked increase in %%port:5555%% scans.
---------------------------------------------
https://isc.sans.edu/diary/rss/23856


∗∗∗ What’s New in the Xen Project Hypervisor 4.11 ∗∗∗
---------------------------------------------
This release contains mitigations for the Meltdown and Spectre vulnerabilities. It is worth noting that we spent a significant amount of time on completing and optimizing fixes for Meltdown and Spectre vulnerabilities.
---------------------------------------------
https://blog.xenproject.org/2018/07/10/whats-new-in-the-xen-project-hypervisor-4-11/


∗∗∗ Betrügerische Urlaubsnachricht von Kriminellen ∗∗∗
---------------------------------------------
Internet-Nutzer/innen erhalten von ihren Kontakten die Nachricht, dass sie im Ausland seien und Hilfe benötigen, denn sie haben ihre "Tasche verloren samt Reispass und kreditkarte". Aus diesem Grund sollen Empfänger/innen Geld mit Western Union ins Ausland überweisen. Es wird für ein "ticket und die hotelrechnungen" benötigt. In Wahrheit stammt die Nachricht von Kriminellen. Das Geld ist bei einer Auslandsüberweisung verloren.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-urlaubsnachricht-von-kriminellen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-21), Adobe Connect (APSB18-22), Adobe Experience Manager (APSB18-23) and Adobe Flash Player (APSB18-24). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1581


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ruby-sprockets), Red Hat (ansible and rh-git29-git), Scientific Linux (firefox), SUSE (ceph), and Ubuntu (libjpeg-turbo, ntp, and openslp-dfsg).
---------------------------------------------
https://lwn.net/Articles/759436/


∗∗∗ [webapps] D-Link DIR601 2.02 - Credential Disclosure ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/45002/?rss


∗∗∗ IBM Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10716319


∗∗∗ IBM Security Bulletin: OpenSSL vulnerabilties affect IBM NeXtScale Fan Power Controller (FPC) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10716741


∗∗∗ IBM Security Bulletin: Vulnerability in Apache CXF affects IBM TRIRIGA Application Platform (CVE-2017-12624) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10716291


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10715747


∗∗∗ WAGO Multiple vulnerabilities in e!DISPLAY products ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2018-010

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily