[CERT-daily] Tageszusammenfassung - 03.05.2018

Daily end-of-shift report team at cert.at
Thu May 3 18:15:30 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 02-05-2018 18:00 − Donnerstag 03-05-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ Notfall-Hotline für von Cybercrime betroffene Unternehmen in Wien
∗∗∗
---------------------------------------------
Anzeigen wegen Cybercrime-Delikten sind im Vorjahr in Österreich um
rund 28 Prozent gestiegen. ... Die WK Wien startete deshalb eine
Notfall-Hotline für betroffene Unternehmen. 
---------------------------------------------
http://derstandard.at/2000079106868


∗∗∗ Threat Roundup for April 20-27 ∗∗∗
---------------------------------------------
Today, Talos is publishing a glimpse into the most prevalent threats
weve observed between April 20 and 27. As with previous roundups, this
post isnt meant to be an in-depth analysis. Instead, this post will
summarize the threats weve observed by highlighting key behavioral
characteristics, indicators of compromise...
---------------------------------------------
http://blog.talosintelligence.com/2018/04
   /threat-round-up-0420-0427.html


∗∗∗ Betrug mit gefälschter Microsoft-Warnung ∗∗∗
---------------------------------------------
Mit einer gefälschten Microsoft-Warnung fordern Kriminelle von
Konsument/innen, dass sie telefonisch Kontakt mit einem Support-Center
aufnehmen. Es teilt ihnen mit, dass ihr Computer mit Schadsoftware
befallen sei. Aus diesem Grund sollen sie ein Programm herunterladen
und für die Hilfestellung bezahlen. Kommen die Konsument/innen den
Aufforderungen nach, verlieren sie Geld und infizieren ihr Endgerät mit
Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/news
   /betrug-mit-gefaelschter-microsoft-warnung/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Releases Security Updates ∗∗∗
---------------------------------------------
Cisco has released updates to address vulnerabilities affecting
multiple products. A remote attacker could exploit some of these
vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the following Cisco
Security Advisories and apply the necessary updates:
  * WebEx Advanced Recording Format Remote Code Execution Vulnerability
cisco-sa-20180502-war
  * Prime File Upload Servlet Path Traversal and Remote Code Execution
Vulnerability cisco-sa-20180502-prime-upload
  * Secure Access Control System Remote Code Execution Vulnerability
cisco-sa-20180502-acs1
  * Wireless LAN Controller 802.11 Management Frame Denial-of-Service
Vulnerability cisco-sa-20180502-wlc-mfdos
  * Wireless LAN Controller IP Fragment Reassembly Denial-of-Service
Vulnerability cisco-sa-20180502-wlc-ip
  * Meeting Server Remote Code Execution Vulnerability
cisco-sa-20180502-cms-cx
  * Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point
Tunneling Protocol Denial-of-Service Vulnerability
cisco-sa-20180502-ap-ptp
  * Aironet 1800, 2800, and 3800 Series Access Points Secure Shell
Privilege Escalation Vulnerability cisco-sa-20180502-aironet-ssh
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/05/02
   /Cisco-Releases-Security-Updates


∗∗∗ Weitere Spectre-Lücken im Anflug ∗∗∗
---------------------------------------------
Ganze acht neue Sicherheitslücken in Intel-CPUs haben mehrere
Forscher-Teams dem Hersteller bereits gemeldet, die aktuell noch
geheimgehalten werden.
...
Die konkrete Gefahr für Privatleute und Firmen-PCs ist hingegen eher
gering, weil es dort in aller Regel andere, einfacher auszunutzende
Schwachstellen gibt. Trotzdem sollte man sie ernst nehmen und die
anstehenden Spectre-NG-Updates nach deren Erscheinen zügig einspielen.
---------------------------------------------
https://heise.de/-4039134


∗∗∗ Kritische Sicherheitslücke in Oracle Access Manager - Updates
verfügbar ∗∗∗
---------------------------------------------
Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar
3. Mai 2018 Beschreibung Das IT-Security Consulting Unternehmen
SEC-Consult hat eine kritische Sicherheitslücke in der verbreiteten
Software Oracle Access Manager (OAM) entdeckt, die in vielen Umgebungen
für Single-Sign-On und andere Login-Szenarios verwendet wird. 
CVE-Nummer: CVE-2018-2879 Auswirkungen Angreifer können sich durch
Ausnutzen der Lücke mit beliebigen Accounts (auch
---------------------------------------------
http://www.cert.at/warnings/all/20180503.html


∗∗∗ Docker für Windows: Microsoft patcht Go-Bibliothek hcsshim ∗∗∗
---------------------------------------------
Wer Docker zur Containervirtualisierung unter Windows nutzt oder selbst
Go-Programme entwickelt, sollte dringend die Aktualität des "Windows
Host Compute Service Shim" (hcsshim)-Packages auf seinem System
überprüfen.
---------------------------------------------
https://heise.de/-4040139


∗∗∗ SSA-546832 (Last Update: 2018-05-03): Vulnerabilities in Medium
Voltage SINAMICS Products ∗∗∗
---------------------------------------------
The latest updates for medium voltage SINAMICS products fix two
security vulnerabilities that could allow an attacker to cause a
Denial-of-Service condition either via specially crafted PROFINET DCP
broadcast packets or by sending specially crafted packets to port
161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct
Layer 2 access to the affected products. PROFIBUS interfaces are not
affected.
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf


∗∗∗ SSA-468514 (Last Update: 2018-05-03): Improper Certificate
Validation Vulnerability in Siveillance VMS Video Mobile App for
Android and iOS ∗∗∗
---------------------------------------------
The latest update for the Siveillance VMS Video mobile app for Android
and iOS fixes a security vulnerability that could allow an attacker in
a privileged network position to read data from and write data to the
encrypted communication channel between the app and a server.
Precondition for this scenario is that an attacker is able to intercept
the communication channel between the affected app and a server, and is
also able to generate a certificate that results for the validation
algorithm in
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf


∗∗∗ SSA-457058 (Last Update: 2018-05-03): .NET Security Vulnerability
in Siveillance VMS ∗∗∗
---------------------------------------------
Siemens has released software updates for Siveillance VMS which fix a
security vulnerability with the .NET Remoting deserialization that
could allow elevation of privileges and/or causing a Denial-of-Service,
if affected ports are exposed.
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf


∗∗∗ HPESBHF03841 rev.1 - Certain HPE Servers with AMD-based Processors,
Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗
---------------------------------------------
Several HPE servers that use AMD processors are vulnerable to security
defects (Fallout/Masterkey) which allow local unauthorized elevation of
privilege, unauthorized modification of information, unauthorized
disclosure of information, and Denial of Service.
---------------------------------------------
https://support.hpe.com/hpsc/doc/public
   /display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox,
java-1.7.0-openjdk, java-1.8.0-openjdk, librelp, patch, and
python-paramiko), Debian (kernel and quassel), Gentoo (chromium,
hesiod, and python), openSUSE (corosync, dovecot22, libraw, patch, and
squid), Oracle (java-1.7.0-openjdk), Red Hat (go-toolset-7 and
go-toolset-7-golang, java-1.7.0-openjdk, and rh-php70-php), and SUSE
(corosync and patch).
---------------------------------------------
https://lwn.net/Articles/753457/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK IBM
Rational Software Architect and Rational Software Architect for
WebSphere Software. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015990


∗∗∗ IBM Security Bulletin: Information Disclosure in WebSphere
Application Server (CVE-2017-1743) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013601


∗∗∗ IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect
Multiple N series Products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012311


∗∗∗ IBM Security Bulletin: ISC DHCP vulnerability affects TS4500 Tape
Library (CVE-2018-5732) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012247

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list