[CERT-daily] Tageszusammenfassung - 20.07.2018

Fri Jul 20 18:14:33 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 19-07-2018 18:00 − Freitag 20-07-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Calisto Trojan for macOS ∗∗∗
---------------------------------------------
As researchers we interesting in developmental prototypes of malware that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto.
---------------------------------------------
https://securelist.com/calisto-trojan-for-macos/86543/


∗∗∗ Reporting Malicious Websites in 2018, (Thu, Jul 19th) ∗∗∗
---------------------------------------------
Back in 2010 I wrote up a quick diary on how to report malicious websites at the end of your incident reponse process (https://isc.sans.edu/forums/diary/How+Do+I+Report+Malicious+Websites/8719/). John C, a reader, asked for an update. Let's see how munch has changed in the past 8 years...
---------------------------------------------
https://isc.sans.edu/diary/rss/23892


∗∗∗ Sicherheitsupdates: VMware Horizon View Agent könnte Anmeldeinformationen leaken ∗∗∗
---------------------------------------------
Wichtige Patches schließen Sicherheitslücken in verschiedenen Anwendungen von VMware.
---------------------------------------------
http://heise.de/-4116871


∗∗∗ TLS 1.2: Client-Zertifikate als Tracking-Falle ∗∗∗
---------------------------------------------
Kombiniert mit TLS 1.2 lassen sich Client-Zertifikate zum Tracking missbrauchen. So ließen sich etwa die Aktivitäten von Millionen iPhone-Nutzern mitverfolgen.
---------------------------------------------
http://heise.de/-4117357


∗∗∗ The danger of third parties: ads, pipelines, and plugins ∗∗∗
---------------------------------------------
We take a look at the perils of the tools and services embedded into the websites you use on a daily basis, thanks to the development help of third parties.
---------------------------------------------
https://blog.malwarebytes.com/101/2018/07/third-party-dangers-ads-pipelines-and-plugins/


∗∗∗ Hunting for Bad Apples — Part 2 ∗∗∗
---------------------------------------------
In the previous post in this series, I introduced the use case of an attacker persisting via a LaunchAgent/Daemon, and a few osquery queries to detect such activity. In this post, I will discuss hunting for activity resulting from attackers using the tactic of defense evasion on MacOS systems, and corresponding techniques.
---------------------------------------------
https://posts.specterops.io/hunting-for-bad-apples-part-2-6f2d01b1f7d3


=====================
=  Vulnerabilities  =
=====================

∗∗∗ AVEVA InduSoft Web Studio and InTouch Machine Edition ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in AVEVAs InduSoft Web Studio and InTouch Machine Edition.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01


∗∗∗ AVEVA InTouch ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in AVEVAs InTouch HMI software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02


∗∗∗ Echelon SmartServer 1, SmartServer 2, SmartServer 3, i.LON 100, i.LON 600 ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for information exposure, authentication bypass using an alternate path or channel, unprotected storage of credentials, cleartext transmission of sensitive information vulnerabilities in the Echelon SmartServer 1, SmartServer 2, i.LON 100, i.LON 600 products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03


∗∗∗ HPESBHF03864 rev.1 - HPE Intelligent Management Center (iMC PLAT), Remote Code Execution ∗∗∗
---------------------------------------------
A security vulnerability in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability could be exploited to allow remote execution of code.
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03864en_us


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dnsmasq, linux-base, and openjpeg2), Fedora (libgit2, libtomcrypt, openslp, and perl-Archive-Zip), and openSUSE (gdk-pixbuf, libopenmpt, mercurial, perl, php7, polkit, and rsyslog).
---------------------------------------------
https://lwn.net/Articles/760450/


∗∗∗ Sophos UTM: Mehrere Schwachstellen ermöglichen u. a. einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1441/


∗∗∗ Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1434/


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in Libidn2 (CVE-2017-14062) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10717427


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2017-12133) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10717425


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products (CVE-2016-10708) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10717661


∗∗∗ IBM Security Bulletin: Malformed message headers could cause message transmission to be blocked through channels resulting in denial of service in IBM MQ(CVE-2018-1503) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015617


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in GNU C Library ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10717429


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in libxml/libxml2 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10717431


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in dhcp ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10717433


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in Ncurses (CVE-2017-13733) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10717423


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in cURL/libcURL (CVE-2016-7141) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10717421

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily