[CERT-daily] Tageszusammenfassung - 16.03.2018
Daily end-of-shift report
team at cert.at
Fri Mar 16 18:16:49 CET 2018
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 15-03-2018 18:00 − Freitag 16-03-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ TROOPERS 18 Wrap-Up Day #2 ∗∗∗
---------------------------------------------
Hello Readers, here is my wrap-up of the second day. Usually, the second day is harder in the morning due to the social events but, at TROOPERS, they organize the hacker run started at 06:45 for the most motivated of us. Today, the topic of the 3rd track switched from [...]
---------------------------------------------
https://blog.rootshell.be/2018/03/15/troopers-18-wrap-day-2/
∗∗∗ Schwachstelle in Chrome RDP für macOS: Gast kann vollen Remote-Zugriff erhalten ∗∗∗
---------------------------------------------
Ein Fehler in Googles Fernwartungs-Tool Chrome Remote Desktop kann es Unbefugten ohne Kenntnis eines Passwortes ermöglichen, einen aktiven Nutzer-Account auf dem entfernten Mac zu übernehmen, warnen Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3996450
∗∗∗ Sofacy Uses DealersChoice to Target European Government Agency ∗∗∗
---------------------------------------------
Back in October 2016, Unit 42 published an initial analysis on a Flash exploitation framework used by the Sofacy threat group called DealersChoice. The attack consisted of Microsoft Word delivery documents that contained Adobe Flash objects capable of loading additional malicious Flash objects embedded in the file or directly provided by a command and control server. Sofacy continued to use [...]
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/
∗∗∗ Hintertüren in USB-Controllern auch in Intel-Systemen vermutet ∗∗∗
---------------------------------------------
Einige der kürzlich von CTS-Labs gemeldeten Sicherheitslücken von AMD-Chips betreffen auch PCIe-USB-3.0-Controller von ASMedia, die auf vielen Mainboards für Intel-Prozessoren sitzen.
---------------------------------------------
https://heise.de/-3996868
∗∗∗ Qrypter RAT Hits Hundreds of Organizations Worldwide ∗∗∗
---------------------------------------------
Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says. The malware, often mistaken for the Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform.
---------------------------------------------
https://www.securityweek.com/qrypter-rat-hits-hundreds-organizations-worldwide
∗∗∗ Abusing Duo 2FA ∗∗∗
---------------------------------------------
On a recent client engagement, our customer asked us to look at their use of Duo Security multifactor authentication that protected Windows workstation logins. It was configured to send a push notification to users' phones whenever they logged in or unlocked, either physically at the console or over remote desktop.
---------------------------------------------
https://www.pentestpartners.com/security-blog/abusing-duo-2fa/
=====================
= Vulnerabilities =
=====================
∗∗∗ VMSA-2018-0008 ∗∗∗
---------------------------------------------
Workstation and Fusion updates address a denial-of-service vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0008.html
∗∗∗ VMSA-2018-0007.2 ∗∗∗
---------------------------------------------
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-03-15: Updated in conjunction with the release of Identity Manager (vIDM) 3.2 and vRealize Automation (vRA) 7.3.1 on 2018-03-15.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0007.html
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox), Debian (clamav and firefox-esr), openSUSE (Chromium and kernel-firmware), Oracle (firefox), Red Hat (ceph), Scientific Linux (firefox), Slackware (curl), and SUSE (java-1_7_1-ibm and mariadb).
---------------------------------------------
https://lwn.net/Articles/749513/
∗∗∗ Bugtraq: Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541861
∗∗∗ DFN-CERT-2018-0513: HP-UX CIFS Server (Samba), Apache Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0513/
∗∗∗ DFN-CERT-2018-0507: Monitorix: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0507/
∗∗∗ [remote] MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/44290/?rss
∗∗∗ [remote] SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/44292/?rss
∗∗∗ IBM Security Bulletin: IBM® Db2® vulnerability allows local user to overwrite Db2 files (CVE-2018-1448) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014388
∗∗∗ IBM Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2017-12613) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013598
∗∗∗ IBM Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2016-1000031) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22011981
∗∗∗ IBM Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22011984
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list