[CERT-daily] Tageszusammenfassung - 14.06.2018
Daily end-of-shift report
team at cert.at
Thu Jun 14 18:19:54 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 13-06-2018 18:00 − Donnerstag 14-06-2018 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ SigSpoof: Signaturen fälschen mit GnuPG ∗∗∗
---------------------------------------------
In bestimmten Situationen lässt sich die Signaturprüfung von GnuPG in den Plugins für Thunderbird und Apple Mail austricksen. Der Grund: Über ungefilterte Ausgaben lassen sich Statusmeldungen des Kommandozeilentools fälschen. Doch der Angriff funktioniert nur unter sehr speziellen Bedingungen. (GPG, E-Mail)
---------------------------------------------
https://www.golem.de/news/sigspoof-signaturen-faelschen-mit-gnupg-1806-134940-rss.html
∗∗∗ Lazy FPU: Intels Floating Point Unit kann geheime Daten leaken ∗∗∗
---------------------------------------------
Register der Floating Point Unit in Core I und wohl auch von einigen Xeon-Prozessoren können Ergebnisse vertraulicher Berechnungen verraten. Dazu ist jedoch ein lokaler Angriff mit Malware erforderlich, außerdem ein veraltetes Betriebssystem. (Intel, Amazon)
---------------------------------------------
https://www.golem.de/news/lazy-fpu-intels-floating-point-unit-kann-geheime-daten-leaken-1806-134957-rss.html
∗∗∗ Microsoft Reveals Which Bugs It Won’t Patch ∗∗∗
---------------------------------------------
A draft document lays out its criteria for addressing various flaws and notes the exceptions.
---------------------------------------------
https://threatpost.com/microsoft-reveals-which-bugs-it-wont-patch/132817/
∗∗∗ A Bunch of Compromized Wordpress Sites, (Wed, Jun 13th) ∗∗∗
---------------------------------------------
A few days ago, one of our readers contacted reported an incident affecting his website based on Wordpress. He performed quick checks by himself and found some pieces of evidence: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/23764
∗∗∗ Tapplock Smart locks found to be physically and digitally vulnerable ∗∗∗
---------------------------------------------
Tapplock Smart locks contain several physical and digital vulnerabilities, each of which could allow an attacker to crack the lock with some attacks taking as little as two seconds to execute.
---------------------------------------------
https://www.scmagazine.com/tapplock-smart-locks-found-to-be-physically-and-digitally-vulnerable/article/773348/
∗∗∗ Malspam Campaigns Using IQY Attachments to Bypass AV Filters and Install RATs ∗∗∗
---------------------------------------------
Malspam campaigns, such as ones being distributed by Necurs, are utilizing a new attachment type that is doing a good job in bypassing antivirus and mail filters. These IQY attachments are called Excel Web Query files and when opened will attempt to pull data from external sources.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malspam-campaigns-using-iqy-attachments-to-bypass-av-filters-and-install-rats/
∗∗∗ Mac-Malware kann Sicherheits-Tools austricksen ∗∗∗
---------------------------------------------
Mit einer vermeintlichen Apple-Signatur ist es Schadsoftware möglich, bekannte Security-Tools zu umgehen. Das Problem besteht offenbar seit Jahren.
---------------------------------------------
http://heise.de/-4077945
∗∗∗ Ecos Secure Boot Stick: Forscher warnen vor Schwachstellen ∗∗∗
---------------------------------------------
Tests mit dem SBS-Stick 5.6.5 und der System-Management-Software 5.2.68 haben mehrere Angriffspunkte offenbart. Updates stehen bereit.
---------------------------------------------
http://heise.de/-4078344
∗∗∗ Schadcode per Git: Xcode-Update soll Schwachstelle beheben ∗∗∗
---------------------------------------------
Apple hat die Programmierumgebung aktualisiert, um Sicherheitslücken auszuräumen. Git-Nutzer sollten das Update zügig einspielen.
---------------------------------------------
http://heise.de/-4078821
∗∗∗ New CryptoMiner hijacks your Bitcoin transaction. Over 300,000 computers have been attacked. ∗∗∗
---------------------------------------------
Recently, 360 Security Center discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker. The Trojan monitors clipboard activity to detect if it contains the account [...]
---------------------------------------------
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium and gnupg), Debian (spip), Fedora (pdns-recursor), Gentoo (adobe-flash, burp, quassel, and wget), openSUSE (bouncycastle and taglib), Oracle (kernel), SUSE (java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, and samba), and Ubuntu (file, perl, and ruby1.9.1, ruby2.0, ruby2.3).
---------------------------------------------
https://lwn.net/Articles/757531/
∗∗∗ Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-041
∗∗∗ OpenSSL, Libgcrypt, LibreSSL: Zwei Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1138/
https://www.openssl.org/news/secadv/20180612.txt
∗∗∗ Enigmail: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1155/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22017118
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM® SPSS Statistics Server ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016900
∗∗∗ IBM Security Bulletin: A privilege escalation vulnerability in nzhwinfo that affects IBM Netezza Platform Software clients. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015701
∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016809
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – October 2017, January 2018 and April 2018 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012379
∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Tomcat vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22017032
∗∗∗ SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020) ∗∗∗
---------------------------------------------
https://neopg.io/blog/gpg-signature-spoof/
∗∗∗ SigSpoof 2: More ways to spoof signatures in GnuPG (CVE-2018-12019) ∗∗∗
---------------------------------------------
https://neopg.io/blog/enigmail-signature-spoof/
∗∗∗ SigSpoof 3: Breaking signature verification in pass (Simple Password Store) (CVE-2018-12356) ∗∗∗
---------------------------------------------
https://neopg.io/blog/pass-signature-spoof/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list