[CERT-daily] Tageszusammenfassung - 23.07.2018

Mon Jul 23 18:07:59 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-07-2018 18:00 − Montag 23-07-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Half a Billion IoT Devices Vulnerable to DNS Rebinding Attacks ∗∗∗
---------------------------------------------
Armis, the cyber-security firm that discovered the BlueBorne vulnerabilities in the Bluetooth protocol, warns that nearly half a billion of todays "smart" devices are vulnerable to a decade-old attack known as DNS rebinding.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/half-a-billion-iot-devices-vulnerable-to-dns-rebinding-attacks/


∗∗∗ Academics Announce New Protections Against Spectre and Rowhammer Attacks ∗∗∗
---------------------------------------------
Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/academics-announce-new-protections-against-spectre-and-rowhammer-attacks/


∗∗∗ Weblogic Exploit Code Made Public (CVE-2018-2893), (Fri, Jul 20th) ∗∗∗
---------------------------------------------
[UPDATE] We do see first exploit attempts. The exploit attempts to download additional code from %%ip:185.159.128.200%% . We are still looking at details, but it looks like the code attempts to install a backdoor. The initial exploit came from %%ip:5.8.54.27%%.
---------------------------------------------
https://isc.sans.edu/diary/rss/23896


∗∗∗ Maldoc analysis with standard Linux tools, (Sun, Jul 22nd) ∗∗∗
---------------------------------------------
I received a malicious Word document (Richiesta.doc MD5 2f87105fea2d4bae72ebc00efc6ede56) with heavily obfuscated VBA code: just a few functional lines of code, the rest is junk code.
---------------------------------------------
https://isc.sans.edu/diary/rss/23900


∗∗∗ TA18-201A: Emotet Malware ∗∗∗
---------------------------------------------
Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA18-201A


∗∗∗ TeamViewer reagiert auf Passwort-Leck ∗∗∗
---------------------------------------------
Das Fernwartungs-Tool TeamViewer wird vergesslich: Künftig merkt es sich Passwörter nur noch fünf Minuten, um Angriffe zu erschweren.
---------------------------------------------
http://heise.de/-4118201


∗∗∗ Erpressung durch Passwortdiebstahl und Masturbationsvideo ∗∗∗
---------------------------------------------
InternetuserInnen erhalten momentan vermehrt E-Mails in denen sie dazu aufgefordert werden, Geld dafür zu bezahlen, dass ein heimlich per Webcam aufgenommenes Masturbationsvideo von ihnen nicht veröffentlicht wird. Um zu einer Zahlung zu bewegen, wird auch ein altes Passwort der betroffenen Personen in der Mail angegeben. EmpfängerInnen der Nachricht sollten ihre Passwörter ändern aber das Geld auf keinen Fall bezahlen, denn die Masturbationsvideos existieren nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/erpressung-durch-passwortdiebstahl-und-masturbationsvideo/


∗∗∗ Nicht im Fake-Shop fitolino.net einkaufen ∗∗∗
---------------------------------------------
Der Online-Shop fitolino.net vertreibt günstige Produkte für den Haushalt und den Garten. Konsument/innen, die bei dem Anbieter einkaufen, verlieren ihr Geld, denn trotz Bezahlung gibt es keine Ware. Darüber hinaus verfügen Kriminelle über Daten ihrer Opfer, die sie für Verbrechen unter fremden Namen nützen können.
---------------------------------------------
https://www.watchlist-internet.at/news/nicht-im-fake-shop-fitolinonet-einkaufen/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ National Instruments Linux Driver Remote Code Injection ∗∗∗
---------------------------------------------
Topic: National Instruments Linux Driver Remote Code Injection Risk: High Text:Hello folks, ive recently discovered a critical vulnerability in the National Instruments Linux driver package, which open [...]
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018070204


∗∗∗ OpenSSL vulnerability CVE-2018-0732 ∗∗∗
---------------------------------------------
OpenSSL vulnerability CVE-2018-0732. Security Advisory. Security Advisory Description. During key agreement in a TLS [...]
---------------------------------------------
https://support.f5.com/csp/article/K21665601


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (apache, networkmanager-vpnc, and znc), Debian (gosa, opencv, and slurm-llnl), Fedora (evolution, evolution-data-server, evolution-ews, gnome-bluetooth, libtomcrypt, podman, python-cryptography, and rust), Gentoo (passenger), Red Hat (java-1.8.0-openjdk and openslp), Slackware (php), SUSE (openssl-1_1, procps, python, rsyslog, rubygem-passenger, and xen), and Ubuntu (mutt).
---------------------------------------------
https://lwn.net/Articles/760583/


∗∗∗ Synology-SA-18:37 Photo Station ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to hijack web sessions via a susceptible version of Synology Photo Station.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_37


∗∗∗ VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/304725


∗∗∗ Bugtraq: Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/542174


∗∗∗ Apache Tomcat: Mehrere Schwachstellen ermöglichen u. a. das Erlangen von Benutzerrechten ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1443/


∗∗∗ Apple macOS: Mehrere Schwachstellen ermöglichen u. a. die komplette Systemübernahme ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1059/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10716653


∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (‪CVE-2018-8012)‬‬‬ ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10716659


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (‪CVE-2017-3738, CVE-2017-3736)‬‬‬ ∗∗∗
---------------------------------------------
https://www-prd-trops.events.ibm.com/node/716657


∗∗∗ IBM Security Bulletin: Rational Software Architect Design Manager is vulnerable to cross-site scripting (CVE-2018-1400) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10717617


∗∗∗ RSA Archer Flaws Let Remote Authenticated Users Conduct Cross-Site Scripting Attacks and Gain Elevated Privileges via a REST API ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041359

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily