[CERT-daily] Tageszusammenfassung - 20.11.2018

Daily end-of-shift report team at cert.at
Tue Nov 20 18:15:40 CET 2018 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 19-11-2018 18:00 − Dienstag 20-11-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Datendiebstahl durch FinanzOnline-Phishing-Mails ∗∗∗
---------------------------------------------
Kriminelle versenden im Namen des Bundesministeriums für Finanzen (BMF) betrügerische Phishing-Mails. Darin werden Sie dazu aufgefordert, Ihre Daten zu aktualisieren, um eine Steuerrückzahlung zu ermöglichen. Folgen Sie den Anweisungen nicht, denn Sie könnten erheblichen finanziellen Schaden erleiden! Es handelt sich um einen Versuch, Ihre persönlichen Daten und Kontoinformationen zu stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/datendiebstahl-durch-finanzonline-phishing-mails/


∗∗∗ Internet Domain Services Austria-Mahnung nicht bezahlen ∗∗∗
---------------------------------------------
Unternehmen erhalten von Internet Domain Services Austria (IDSA) einen Payment Reminder. Darin heißt es, dass es unbeglichene Rechnungen gebe und der Betrag in Höhe von 237 Euro innerhalb von 5 Tagen bezahlt werden müsse. Empfänger/innen müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund.
---------------------------------------------
https://www.watchlist-internet.at/news/internet-domain-services-austria-mahnung-nicht-bezahlen/


∗∗∗ TP-Link-Router TL-R600VPN vielfältig angreifbar ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für einen VPN-Router von TP-Link.
---------------------------------------------
http://heise.de/-4225979


∗∗∗ Notfall-Patch: Adobe sichert Flash außer der Reihe ab ∗∗∗
---------------------------------------------
Eigentlich veröffentlicht Adobe nur ein Mal im Monat Sicherheitsupdates für seine Produkte. Für eine gefährliche Flash-Lücke macht der Hersteller eine Ausnahme.
---------------------------------------------
http://heise.de/-4227033



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMSA-2018-0029 ∗∗∗
---------------------------------------------
vSphere Data Protection (VDP) updates address multiple security issues.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0029.html


∗∗∗ Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor ∗∗∗
---------------------------------------------
Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software.
---------------------------------------------
https://blog.talosintelligence.com/2018/11/Atlantis-Word-Processor-RCE-vulns.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium), Debian (mariadb-10.1, openjpeg2, systemd, and uriparser), Mageia (389-ds-base, apache, and soundtouch), SUSE (libwpd, py26-compat-salt, salt, and SMS3.1), and Ubuntu (systemd).
---------------------------------------------
https://lwn.net/Articles/772621/


∗∗∗ x86: DoS from attempting to use INVPCID with a non-canonical addresses ∗∗∗
---------------------------------------------
A buggy or malicious PV guest can crash the host.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-279.html


∗∗∗ Fix for XSA-240 conflicts with shadow paging ∗∗∗
---------------------------------------------
A malicious or buggy x86 PV guest may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-280.html


∗∗∗ Insufficient TLB flushing / improper large page mappings with AMD IOMMUs ∗∗∗
---------------------------------------------
A malicious or buggy guest may be able to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access (information leak).
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-275.html


∗∗∗ Resource accounting issues in x86 IOREQ server handling ∗∗∗
---------------------------------------------
A compromised DM stubdomain may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-276.html


∗∗∗ x86: incorrect error handling for guest p2m page removals ∗∗∗
---------------------------------------------
A malicious or buggy guest may cause a deadlock, resulting in a DoS (Denial of Service) affecting the entire host.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-277.html


∗∗∗ Ricoh myPrint Hardcoded Credentials / Information Disclosure ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018110154


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2018 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-october-2018-cpu/


∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private Cloud Foundry (CVE-2018-14645) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cloud-foundry-cve-2018-14645/


∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2018-1843) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cve-2018-1843/


∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cve-2015-9251/


∗∗∗ IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2017-7526) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-could-affect-ibm-cloud-private-cve-2017-7526/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private Cloud Foundry (CVE-2018-3646, CVE-2018-3615, CVE-2018-3620) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-cloud-private-cloud-foundry-cve-2018-3646-cve-2018-3615-cve-2018-3620/


∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK (July 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2016-0705, CVE 2017-3732, CVE 2017-3736, and CVE-2018-2973) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-java-sdk-july-2018-affecting-ibm-application-delivery-intelligence-v5-0-5-and-v5-0-4-cve-2016-0705-cve-2017-3732-cve-2017-3736-and-cve-2018-2973/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+ ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-ftp-4/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for Microsoft Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-microsoft-windows/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list