[CERT-daily] Tageszusammenfassung - 14.11.2018

Daily end-of-shift report team at cert.at
Wed Nov 14 18:08:52 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 13-11-2018 18:00 − Mittwoch 14-11-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackers Change WordPress Siteurl to Pastebin ∗∗∗
---------------------------------------------
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn't work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend [...]
---------------------------------------------
https://blog.sucuri.net/2018/11/hackers-change-wordpress-siteurl-to-pastebin.html


∗∗∗ Want to hack an ATM for free cash? Its as easy as Windows XP ∗∗∗
---------------------------------------------
Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash.
---------------------------------------------
https://www.theregister.co.uk/2018/11/14/atm_security_lousy/


∗∗∗ November 2018 Microsoft Patch Tuesday ∗∗∗
---------------------------------------------
This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. [...] The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. [...] Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild.
---------------------------------------------
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/


∗∗∗ Patchday bei Adobe: Nicht kritisch, aber wichtig ∗∗∗
---------------------------------------------
Sicherheitsupdates von Adobe schließen Lücken in Acrobat, Flash, Photoshop CC und Reader. Keine Schwachstelle gilt als "kritisch".
---------------------------------------------
http://heise.de/-4220586


∗∗∗ Generalschlüssel für Fingerabdruckscanner: Master-Prints entsperren Smartphones ∗∗∗
---------------------------------------------
Mit KI-Methoden erstellten Forscher Fingerabdrücke, die als eine Art Generalschlüssel für Fingerabdruckscanner fungieren und damit etwa Smartphones entsperren.
---------------------------------------------
http://heise.de/-4220782


∗∗∗ Prozessor-Sicherheit: Sieben neue Varianten von Spectre-Lücken ∗∗∗
---------------------------------------------
Die Spectre-Sicherheitslücken in Prozessoren lassen sich angeblich noch anders nutzen, als bisher bekannt; Intel gibt allerdings Entwarnung.
---------------------------------------------
http://heise.de/-4220854


∗∗∗ Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies ∗∗∗
---------------------------------------------
You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really dont like? Logging on to Report URI and being greeted with something like this: [...]
---------------------------------------------
https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice-with-content-security-policies/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Advisory 2018-10: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
This advisory covers a problem with a data migration discovered in the OTRS framework.
---------------------------------------------
https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/


∗∗∗ VMSA-2018-0028 ∗∗∗
---------------------------------------------
VMware vRealize Log Insight updates address an authorization bypass vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0028.html


∗∗∗ November 2018 Office Update Release ∗∗∗
---------------------------------------------
The November 2018 Public Update releases for Office are now available! This month, there are 29 security updates and 16 non-security updates. All of the security and non-security updates are listed in KB article 4469617.
---------------------------------------------
https://blogs.technet.microsoft.com/office_sustained_engineering/2018/11/13/november-2018-office-update-release/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), Debian (ceph and spamassassin), Fedora (feh, flatpak, and xen), Red Hat (kernel, kernel-rt, openstack-cinder, python-cryptography, and Red Hat Single Sign-On 7.2.5), and Ubuntu (python2.7, python3.4, python3.5).
---------------------------------------------
https://lwn.net/Articles/771881/


∗∗∗ Security Advisory - Information Leakage Vulnerability on Several Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-01-fusionsphere-en


∗∗∗ Security Advisory - Two Vulnerabilities in Huawei eSpace Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-02-espace-en


∗∗∗ Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-01-espace-en


∗∗∗ Security Advisory - FRP Bypass Vulnerability on Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-01-smartphone-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-cve-2018-1656-cve-2018-12539/


∗∗∗ IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytics-local-is-affected-by-multiple-node-js-vulnerabilities/


∗∗∗ Denial of Service Vulnerability in Microsoft Skype for Business / Lync ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/vulnerability-in-skype-for-business-lync-might-lead-to-denial-of-service-attack/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list