[CERT-daily] Tageszusammenfassung - 21.06.2018
Daily end-of-shift report
team at cert.at
Thu Jun 21 18:09:11 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-06-2018 18:00 − Donnerstag 21-06-2018 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Downloading 3rd Party OpenVPN Configs May Be Dangerous. Here’s Why. ∗∗∗
---------------------------------------------
If an actor wanted to cause the OpenVPN configuration file to execute a command they would add the "script-security 2" line, which allows user defined scripts to be executed, and a "up" entry, which contains the command that is executed after after a connection has been made.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/downloading-3rd-party-openvpn-configs-may-be-dangerous-here-s-why/
∗∗∗ Beginner’s Guide to Pentesting IoT Architecture/Network and Setting Up IoT Pentesting Lab – Part 1 ∗∗∗
---------------------------------------------
In this post, I will explain how to pentest an IoT Network/Architecture. Also, I will explain how to set up an IoT Pentesting lab for getting started with IoT Pentesting. Since the post is too long, to make it digestible, it will be split into two parts.
---------------------------------------------
https://resources.infosecinstitute.com/beginners-guide-to-pentesting-iot-architecture-network-and-setting-up-iot-pentesting-lab-part-1/
∗∗∗ Google Developer Discovers a Critical Bug in Modern Web Browsers ∗∗∗
---------------------------------------------
Chrome and Safari already have a policy in place to reject such cross-origin requests as soon as they see any redirection after the underlying content appears to have changed between requests, their users are already protected.
...
FireFox and Edge browsers that were found vulnerable to this issue have also patched the vulnerability in their latest versions after Archibald responsibly reported it to their security teams.
Therefore, FireFox and Edge browser users are highly recommended to make sure that they are running the latest version of these browsers.
---------------------------------------------
https://thehackernews.com/2018/06/browser-cross-origin-vulnerability.html
∗∗∗ Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware ∗∗∗
---------------------------------------------
We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework. For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0C5nXsg4wxQ/
∗∗∗ Warnung vor gefälschter Finanzonline.at-Nachricht ∗∗∗
---------------------------------------------
Internet-Nutzer/innen erhalten eine gefälschte E-Mail des Finanzministeriums. Sie hat das Betreff „Ihre Steuerrückzahlung“. Darin heißt es, dass eine kürzlich erfolgte Steuerrückzahlung an Empfänger/innen fehlgeschlagen sei. Aus diesem Grund sollen sie auf einer unbekannten Website persönliche Bankdarten bekannt geben. Nutzer/innen übermitteln diese an Kriminelle und werden Opfer eines Datendiebstahls.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-gefaelschter-finanzonlineat-nachricht/
=====================
= Vulnerabilities =
=====================
∗∗∗ NVIDIA TX1 Boot ROM Vulnerability ∗∗∗
---------------------------------------------
On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode (RCM) is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected system. The vulnerability has been identified by CVE-2018-6242.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nvidia-tx1-rom
∗∗∗ Nextcloud Server: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
er Hersteller stellt die Nextcloud Server Versionen 12.0.8 und 13.0.3 zur Behebung der Schwachstellen CVE-2018-3761 und CVE-2018-3762 zur Verfügung. Zur Behebung der Schwachstellen CVE-2018-3763 und CVE-2018-3764 stehen Sicherheitsupdates für die Apps 'Contacts' auf Version 2.1.2 und 'Calendar' auf Version 1.6.1 bzw. 1.5.8 zur Verfügung.
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1204/
∗∗∗ Security Advisory für Microsoft Exchange Server ∗∗∗
---------------------------------------------
Microsoft hat anlässlich des Quartals-Updates für Microsoft Exchange Server ein Security Advisory sowie Sicherheitsupdates für Elemente der "Outside In" Libraries von Oracle veröffentlicht, die in Microsoft Exchange Server enthalten sind. Durch diese Patches werden drei Schwachstellen geschlossen.
---------------------------------------------
https://www.cert.at/warnings/all/20180620.html
∗∗∗ Sicherheitslücken (teils kritisch) in Cisco FXOS und NX-OS Software - Patches verfügbar ∗∗∗
---------------------------------------------
Cisco hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Cisco FXOS und Cisco NX-OS Software veröffentlicht. Fünf der Schwachstellen werden mit einem CVSS Base Score von 9.8 als kritisch eingestuft: [...]
---------------------------------------------
https://www.cert.at/warnings/all/20180621.html
∗∗∗ Symantec Endpoint Protection Multiple Issues ∗∗∗
---------------------------------------------
Symantec has released a set of updates to address issues that were discovered in the Symantec Endpoint Protection product.
---------------------------------------------
https://support.symantec.com/en_US/article.SYMSA1454.html
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (cobbler and matrix-synapse), Oracle (git), Red Hat (git), SUSE (java-1_7_1-ibm, nagios-nrpe, and ntp), and Ubuntu (AMD microcode).
---------------------------------------------
https://lwn.net/Articles/757971/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list