[CERT-daily] Tageszusammenfassung - 18.05.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 17-05-2018 18:00 − Freitag 18-05-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ DrayTek Router Zero-Day Under Attack ∗∗∗
---------------------------------------------
DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/draytek-router-zero-day-under-attack/


∗∗∗ Business Email Compromise incidents, (Fri, May 18th) ∗∗∗
---------------------------------------------
Over the past 12 months we have seen a sharp increase in the number of incidents relating to the compromise of business emails. Often O365, but also some Gmail and on premise systems with webmail access.
---------------------------------------------
https://isc.sans.edu/diary/rss/23669


∗∗∗ MEWKit phishing campaign steals MyEtherWallet credentials to perform automated fund transfers ∗∗∗
---------------------------------------------
The cybercriminals who last April executed a man-in-the-middle attack on a Amazon DNS server to steal $152,000 in Ethereum cryptocurrency from MyEtherWallet.com pulled off their heist using a newly discovered phishing kit that includes an automated transfer system (ATS) malware component.
---------------------------------------------
https://www.scmagazine.com/mewkit-phishing-campaign-steals-myetherwallet-credentials-to-perform-automated-fund-transfers/article/766775/


∗∗∗ WordPress 4.9.6 Privacy and Maintenance Release ∗∗∗
---------------------------------------------
WordPress 4.9.6 is now available. This is a privacy and maintenance release. We encourage you to update your sites to take advantage of the new privacy features.
---------------------------------------------
https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/


∗∗∗ Spectre-NG: Patches für Pfingstmontag erwartet ∗∗∗
---------------------------------------------
Achtung bei der Urlaubsplanung: Intel bereitet für den 21. Mai Updates gegen die ersten Spectre-Next-Generation-Lücken vor. Parallel dazu wird es dazu dann wohl auch endlich konkrete Informationen zu den Lücken geben.
---------------------------------------------
https://www.heise.de/-4051247


∗∗∗ Updates fixen böses Loch in Signals Desktop-App ∗∗∗
---------------------------------------------
Mit einfachen Nachrichten konnte ein Angreifer HTML-Code in die Desktop-App des verschlüsselnden Messengers einschleusen und damit sogar alle Nachrichten seines Opfers auslesen. Die aktuelle Version 1.11 beseitigt diese Lücken.
---------------------------------------------
https://www.heise.de/-4052040


∗∗∗ WhatsApp wird nicht kostenpflichtig ∗∗∗
---------------------------------------------
Aktuell kursiert auf WhatsApp die Nachricht, dass der Messenger-Dienst in Zukunft kostenpflichtig werde. Die angeblichen Kosten dafür können Nutzer/innen vermeiden, wenn sie den Hinweis darüber an zehn ihrer Kontakte weiterleiten. Diese Behauptungen sind falsch, denn bei dem Schreiben handelt es sich um einen erfundenen Kettenbrief. Er kann bedenkenlos gelöscht werden.
---------------------------------------------
https://www.watchlist-internet.at/news/whatsapp-wird-nicht-kostenpflichtig/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Medtronic NVision Clinician Programmer ∗∗∗
---------------------------------------------
This medical advisory includes mitigations for a missing encryption of sensitive data vulnerability in Medtronics NVision Clinician Programmer.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01


∗∗∗ GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi ∗∗∗
---------------------------------------------
This advisory includes mitigations for an improper input validation vulnerability in the GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi industrial Internet controllers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01


∗∗∗ PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series ∗∗∗
---------------------------------------------
This advisory includes mitigations for command injection, information exposure, and stack-based buffer overflow vulnerabilities in the PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02


∗∗∗ Delta Electronics Delta Industrial Automation TPEditor ∗∗∗
---------------------------------------------
This advisory includes mitigations for a heap-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation TPEditor.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04


∗∗∗ Client for Open Enterprise Server 2 SP4 (IR8a) ∗∗∗
---------------------------------------------
Abstract: This is interim release (IR8a) of Client for Open Enterprise Server 2 SP4 (formerly "Novell Client 2 SP4 for Windows"). It includes fixes for problems found after Client for Open Enterprise Server 2 SP4 was released. It also includes support for Microsoft Windows Server 2016.
---------------------------------------------
https://download.novell.com/Download?buildid=wdhtRhxCLdg~


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (curl and zathura-pdf-mupdf), Debian (libmad and vlc), openSUSE (enigmail), Red Hat (collectd, Red Hat OpenStack Platform director, and sensu), and SUSE (firefox, ghostscript, and mysql).
---------------------------------------------
https://lwn.net/Articles/754854/


∗∗∗ Red Hat JBoss Enterprise Application Platform: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-0955/


∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by a privilege escalation vulnerability ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016465


∗∗∗ IBM Security Bulletin: IBM BigFix Platform is affected by multiple vulnerabities (CVE-2017-3735, CVE-2017-1000100, CVE-2017-1000254) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011879


Next End-of-Day report: 2018-05-22

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily