[CERT-daily] Tageszusammenfassung - 30.03.2018

Fri Mar 30 18:09:58 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 29-03-2018 18:00 − Freitag 30-03-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ 10 Steps to Avoid Insecure Deserialization ∗∗∗
---------------------------------------------
You might think that your applications are secure and safe from prying eyes, but hackers are using ever more sophisticated methods to capture your user data over the Internet. We will explore some of the most common insecure deserialization methods that have been uncovered recently, and look at 10 steps that can be implemented [...]
---------------------------------------------
http://resources.infosecinstitute.com/10-steps-avoid-insecure-deserialization/


∗∗∗ How to Identify and Mitigate XXE Vulnerabilities ∗∗∗
---------------------------------------------
Security vulnerabilities that are created through the serialization of sensitive data are well known, yet some developers are still falling into this trap. We will look at some basic web application safeguards that you can employ to keep your applications hardened against this growing threat. To help understand this growing problem, we will turn [...]
---------------------------------------------
http://resources.infosecinstitute.com/identify-mitigate-xxe-vulnerabilities/


∗∗∗ ENISA publishes the first comprehensive study on cyber Threat Intelligence Platforms ∗∗∗
---------------------------------------------
ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of consumers, users, developers, vendors and the security research community.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-publishes-first-study-on-cyber-threat-intelligence-platforms


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Philips iSite/IntelliSpace PACS Vulnerabilities ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for vulnerabilities identified in the Philips Philips iSite and IntelliSpace PACS.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01


∗∗∗ WAGO 750 Series ∗∗∗
---------------------------------------------
This advisory includes mitigations for an improper resource shutdown or release vulnerability in the WAGO 750 series PLC.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-088-01


∗∗∗ Siemens TIM 1531 IRC ∗∗∗
---------------------------------------------
This advisory includes mitigations for an incorrect implementation of authentication algorithm vulnerability in the Siemens TIM 1531 IRC communications modules.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-088-02


∗∗∗ Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software ∗∗∗
---------------------------------------------
This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-088-03


∗∗∗ Apple Releases Multiple Security Updates ∗∗∗
---------------------------------------------
Original release date: March 29, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:iOS 11.3, tvOS 11.3, watchOS 4.3, Xcode 9.3 [...]
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/03/29/Apple-Releases-Multiple-Security-Updates


∗∗∗ Kritische Sicherheitslücke in Microsoft Windows - Patch verfügbar ∗∗∗
---------------------------------------------
Microsoft hat ein Security Advisory sowie ein Sicherheitsupdate dazu ausserhalb des normalen Patch-Zyklus veröffentlicht. Der Bug ermöglicht einem Angreifer durch eine Privilege Escalation beliebigen Code mit Kernel Rechten auszuführen. CVE: CVE-2018-1038 Details: Durch Ausnutzen der Lücke kann ein Angreifer höhere Rechte auf betroffenen Systemen erlangen, und [...]
---------------------------------------------
http://www.cert.at/warnings/all/20180330.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (memcached, openssl, openssl1.0, php5, thunderbird, and xerces-c), Fedora (python-notebook, slf4j, and unboundid-ldapsdk), Mageia (kernel, libvirt, mailman, and net-snmp), openSUSE (aubio, cacti, cacti-spine, firefox, krb5, LibVNCServer, links, memcached, and tomcat), Slackware (ruby), SUSE (kernel and python-paramiko), and Ubuntu (intel-microcode).
---------------------------------------------
https://lwn.net/Articles/750573/


∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is Affected by an Apache Poi Vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014912


∗∗∗ IBM Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012643


∗∗∗ IBM Security Bulletin: Potential spoofing attack in IBM WebSphere Application Server in IBM Cloud (CVE-2017-1788) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014798


∗∗∗ IBM Security Bulletin: IBM MobileFirst Platform Foundation is vulnerable to cross-site scripting (CVE-2017-1772) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg2C1000369


∗∗∗ IBM Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014179


Next End-of-Day report: 2018-04-03

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily