[CERT-daily] Tageszusammenfassung - 03.10.2018
Daily end-of-shift report
team at cert.at
Wed Oct 3 18:42:46 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 02-10-2018 18:00 − Mittwoch 03-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Phishing Attack Uses Azure Blob Storage to Impersonate Microsoft ∗∗∗
---------------------------------------------
A new Office 365 phishing attack utilizes an interesting method of storing their phishing form hosted on Azure Blob Storage in order to be secured by a Microsoft SSL certificate.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/phishing-attack-uses-azure-blob-storage-to-impersonate-microsoft/
∗∗∗ ct deckt auf: Enigmail verschickt Krypto-Mails im Klartext ∗∗∗
---------------------------------------------
In der verbreiteten Thunderbird-Erweiterung Enigmail steckt ein fataler Fehler. Das Problem betrifft den Junior-Modus, der seit April standardmäßig aktiv ist.
---------------------------------------------
https://heise.de/-4180405
∗∗∗ Popular TP-Link wireless home router open to remote hijacking ∗∗∗
---------------------------------------------
By concatenating a known improper authentication flaw with a newly discovered CSRF vulnerability, remote unauthenticated attackers can obtain full control over TP-Link TL-WR841N, a popular wireless consumer router used worldwide. "This type of remote attack can also compromise routers behind a network address translator (NAT) and those not exposed to the public wide area network (WAN) as the vulnerability is remotely reflected off a locally connected host, rather than coming directly over [...]
---------------------------------------------
https://www.helpnetsecurity.com/2018/10/03/tp-link-wireless-home-router-hijacking/
=====================
= Vulnerabilities =
=====================
∗∗∗ Delta Electronics ISPSoft ∗∗∗
---------------------------------------------
This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics ISPSoft software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01
∗∗∗ GE Communicator ∗∗∗
---------------------------------------------
This advisory includes mitigations for a heap-based buffer overflow vulnerability in GEs Communicator, an application for programming and monitoring supported metering devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02
∗∗∗ Entes EMG 12 ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper authentication and information exposure through query strings in GET request vulnerabilities in the Entes EMG 12 Ethernet Modbus Gateway.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (elfutils), Gentoo (firefox), Red Hat (instack-undercloud, openstack-tripleo-heat-templates and openstack-nova), Slackware (mozilla), SUSE (ghostscript, ImageMagick, kernel, mgetty, qemu, and unzip), and Ubuntu (firefox, haproxy, kernel, liblouis, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/767539/
∗∗∗ ZDI-18-1107: (0Day) Wecon PIStudio screendata HSC Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1107/
∗∗∗ ZDI-18-1106: (0Day) Wecon PIStudio xmlparser LoadXMLFile XML External Entity Processing Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1106/
∗∗∗ ZDI-18-1109: (0Day) Wecon PIStudio basedll TextContent Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1109/
∗∗∗ ZDI-18-1108: (0Day) Wecon PIStudio cximageu Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1108/
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/
∗∗∗ HPESBGN03900 rev.1 - HPE enhanced Internet Usage Manager (eIUM) Remote Unauthorized Disclosure of Information vulnerability and Remote Bypass Security Restrictions ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us
∗∗∗ Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list