[CERT-daily] Tageszusammenfassung - 17.05.2018

Daily end-of-shift report team at cert.at
Thu May 17 18:14:23 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 16-05-2018 18:00 − Donnerstag 17-05-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Oh, great, now theres a SECOND remote Rowhammer exploit ∗∗∗
---------------------------------------------
Send enough crafted packets to a NIC to put nasties into RAM, then the fun really starts Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/05/17/nethammer_second_remote_rowhammer_exploit/


∗∗∗ The Rowhammer: the Evolution of a Dangerous Attack ∗∗∗
---------------------------------------------
The Rowhammer Attack Back in 2015, security researchers at Google's Project Zero team demonstrated how to hijack an Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips. The attack technique devised by the experts was dubbed "Rowhammer" [...]
---------------------------------------------
http://resources.infosecinstitute.com/rowhammer-evolution-dangerous-attack-years/


∗∗∗ TeleGrab - Grizzly Attacks on Secure Messaging ∗∗∗
---------------------------------------------
This post was written by Vitor Ventura with contributions from Azim KhodjibaevIntroductionOver the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. This malware was first seen on April 4, 2018, with a second variant emerging on April 10.
---------------------------------------------
https://blog.talosintelligence.com/2018/05/telegrab.html


∗∗∗ Mahnungen über 479,16 Euro der DEBTSOLUTIONS LTD ignorieren! ∗∗∗
---------------------------------------------
Betroffene Internetnutzer/innen finden eine angebliche letzte Zahlungsaufforderung vor einem Mahnverfahren von der Debtsolutions LTD in Ihrem Posteingang. Als Begründung wird genannt, dass eine betrügerische Rechnung der MOVIES DARLING LTD nicht bezahlt wurde. Aus diesem Grund sollen die Empfänger/innen 479,16 Euro an die Debtsolutions LTD überweisen. Doch Vorsicht! Auch dieses Schreiben ist betrügerisch und der Geldbetrag sollte auf keinen Fall bezahlt werden.
---------------------------------------------
https://www.watchlist-internet.at/news/mahnungen-ueber-47916-euro-der-debtsolutions-ltd-ignorieren/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitsupdates: Cisco vergisst mal wieder Standard-Passwort in Netzwerk-Software ∗∗∗
---------------------------------------------
Cisco hat wichtige Patches veröffentlicht und stopft damit Sicherheitslücken in seinem Produktportfolio. Drei Lücken gelten als äußerst kritisch.
---------------------------------------------
https://www.heise.de/meldung/Sicherheitsupdates-Cisco-vergisst-mal-wieder-Standard-Passwort-in-Netzwerk-Software-4051003.html?wt_mc=rss.security.beitrag.atom


∗∗∗ SECURITY BULLETIN: Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
Trend Micro has released a new critical patch (CP) for Trend Micro Endpoint Application Control 2.0 SP1. This CP resolves a FileDrop directory traversal remote code execution (RCE) vulnerability.
---------------------------------------------
https://success.trendmicro.com/solution/1119811


∗∗∗ [R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability ∗∗∗
---------------------------------------------
Industrial Security leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers.
---------------------------------------------
https://www.tenable.com/security/tns-2018-06


∗∗∗ [R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability ∗∗∗
---------------------------------------------
Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers.
---------------------------------------------
https://www.tenable.com/security/tns-2018-07


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (runc), Debian (curl), Fedora (xdg-utils), Mageia (firefox), openSUSE (libreoffice, librsvg, and php5), Slackware (curl and php), SUSE (curl, firefox, kernel, kvm, libapr1, libvorbis, and memcached), and Ubuntu (curl, dpdk, php5, and qemu).
---------------------------------------------
https://lwn.net/Articles/754773/


∗∗∗ Vuln: Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/104164


∗∗∗ Vuln: Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/104163


∗∗∗ 2018-05-15: Vulnerability in Welcome IP-Gateway - Command Injection, Missing Session Management, Clear Text Passwords in Cookies ∗∗∗
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=ABB-VU-EPBP-R-2505&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ FortiWeb Recursive URL Decoding is not enabled by default ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-18-058


∗∗∗ FortiOS SSL Deep-Inspection badssl.com Compliance ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-17-160


∗∗∗ IBM Security Bulletin: Vulnerabilities in Linux Kernel affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099805


∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099804


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015305


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016198


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015347


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016159


∗∗∗ IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014553


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016029


∗∗∗ IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg2C1000380

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list