[CERT-daily] Tageszusammenfassung - 02.03.2018

Daily end-of-shift report team at cert.at
Fri Mar 2 18:15:08 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 01-03-2018 18:00 − Freitag 02-03-2018 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones ∗∗∗
---------------------------------------------
Over 40 models of low-cost Android smartphones are sold already infected with the Triada banking trojan, says Dr.Web, a Russia-based antivirus vendor.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over-40-models-of-low-cost-android-smartphones/


∗∗∗ Chromes WebUSB Feature Leaves Some Yubikeys Vulnerable to Attack ∗∗∗
---------------------------------------------
While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome.
---------------------------------------------
https://www.wired.com/story/chrome-yubikey-phishing-webusb


∗∗∗ Spectre-Lücke: Microcode-Updates nun doch als Windows Update ∗∗∗
---------------------------------------------
So wie einige Linux-Distributionen (re-)aktiviert Microsoft die Möglichkeit, Microcode-Updates mit IBC-Patches gegen Spectre als Update des Betriebssystems einzuspielen – vorerst nur für Core i-6000 (Skylake).
---------------------------------------------
https://www.heise.de/meldung/Spectre-Luecke-Microcode-Updates-nun-doch-als-Windows-Update-3985133.html


∗∗∗ Rekord-DDoS-Attacke mit 1,35 Terabit pro Sekunde gegen Github.com ∗∗∗
---------------------------------------------
Die Webseite von Github hat die bislang heftigste dokumentierte DDoS-Attacke überstanden. Die Angreifer setzten dabei auf einen erst kürzlich bekanntgewordenen Angriffsvektor.
---------------------------------------------
https://www.heise.de/meldung/Rekord-DDoS-Attacke-mit-1-35-Terabit-pro-Sekunde-gegen-Github-com-3985411.html


∗∗∗ Financial Cyber Threat Sharing Group Phished ∗∗∗
---------------------------------------------
The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected [...]
---------------------------------------------
https://krebsonsecurity.com/2018/03/financial-cyber-threat-sharing-group-phished/


∗∗∗ Warnung vor gefälschter Raiffeisen Bank-Kundeninformation ∗∗∗
---------------------------------------------
Datendiebe versenden eine gefälschte Raiffeisen Bank-Kundeninformation. Darin fordern sie Empfänger/innen dazu auf, dass sie eine angebliche Sicherheits-App für die weitere Nutzung ihres ELBA Internet-Kontos installieren. Die Anwendung ist Schadsoftware. Sie ermöglicht es den Kriminellen, auf das Konto ihrer Opfer zuzugreifen und Geld zu stehlen.
---------------------------------------------
http://www.watchlist-internet.at/index.php?id=6&tx_news_pi1[overwriteDemand][categories]=16&cHash=942908471300561aed2a20dd8aea068d


∗∗∗ Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image ∗∗∗
---------------------------------------------
OverviewTalos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog and many Humble Bundle games. SDL officially supports Windows,
---------------------------------------------
http://blog.talosintelligence.com/2018/03/vulnerability-spotlight-simple.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Siemens SIMATIC, SIMOTION, and SINUMERIK ∗∗∗
---------------------------------------------
This advisory contains mitigation details for stack-based buffer overflow and permissions, privileges, and access controls vulnerabilities in the Siemens SIMATIC, SIMOTION, and SINUMERIK Industrial PCs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-060-01


∗∗∗ Moxa OnCell G3100-HSPA Series ∗∗∗
---------------------------------------------
This advisory contains mitigation details for reliance on cookies without validation and integrity checking, improper handling of length parameter inconsistency, and NULL pointer dereference vulnerabilities in the Moxa OnCell G3100-HSPA Series IP gateway.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02


∗∗∗ Delta Electronics Delta Industrial Automation DOPSoft ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation DOPSoft human machine interface.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-060-03


∗∗∗ MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) ∗∗∗
---------------------------------------------
A potential security vulnerability has been identified in Micro Focus Operations Orchestration. The vulnerability could be remotely exploited to allow Denial of Service (DoS).
---------------------------------------------
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03103896


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (freexl and simplesamlphp), Fedora (krb5, libvirt, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, and phpMyAdmin), Mageia (krb5, leptonica, and libvirt), Slackware (dhcp and ntp), and Ubuntu (isc-dhcp).
---------------------------------------------
https://lwn.net/Articles/748422/


∗∗∗ Vuln: Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.securityfocus.com/bid/103201


∗∗∗ DFN-CERT-2018-0399: PHP: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0399/


∗∗∗ DFN-CERT-2018-0418: SimpleSAMLphp: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0418/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list