[CERT-daily] Tageszusammenfassung - 04.10.2018

Thu Oct 4 18:16:54 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 03-10-2018 18:00 − Donnerstag 04-10-2018 18:00
Handler:     Stephan Richter
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ Phishing Attacks Distributed Through CloudFlares IPFS Gateway ∗∗∗
---------------------------------------------
Yesterday we reported on a phishing attack that utilizes Azure Blob storage in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs used by the same attacker, BleepingComputer has discovered that these same bad actors are utilizing the Cloudflare IPFS gateway for the same purpose.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/


∗∗∗ Nicht bei conquerconsoles.com, konsolenkammer24.de oder konsolenstation24.com kaufen ∗∗∗
---------------------------------------------
Die Fakeshops conquerconsoles.com, konsolenkammer24.de und konsolenstation24.com vertreiben Spielkonsolen und Spiele zu unschlagbaren Preisen. Die Fakeshops locken mit Angeboten, wo Sie eine PlayStation 4 samt Spiel und Controller kostengünstig erwerben können. Sie können nur im Voraus per Banküberweisung bezahlen, erhalten aber keine Ware!
---------------------------------------------
https://www.watchlist-internet.at/news/nicht-bei-conquerconsolescom-konsolenkammer24de-oder-konsolenstation24com-kaufen/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Printer, email and PDF versions - Highly critical - Remote Code Execution - SA-CONTRIB-2018-063 ∗∗∗
---------------------------------------------
Project: Printer, email and PDF versionsVersion: 7.x-2.x-devDate: 2018-October-03Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionDescription: This module provides printer-friendly versions of content, including send by e-mail and PDF versions.The module doesnt sufficiently sanitize the arguments passed to the wkhtmltopdf executable, allowing a remote attacker to execute arbitrary shell commands.
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-063


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox and python-django), Debian (dnsmasq, firefox-esr, imagemagick, and linux-4.9), Fedora (haproxy), openSUSE (bitcoin, firefox, and texlive), SUSE (openslp), and Ubuntu (apache2).
---------------------------------------------
https://lwn.net/Articles/767611/


∗∗∗ Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions.The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access


∗∗∗ Cisco Digital Network Architecture Center Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions.The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass


∗∗∗ More Cisco Security Advisories ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x


∗∗∗ Red Hat JBoss Web Server: Eine Schwachstelle ermöglicht das Erlangen von Benutzerrechten ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1992/


∗∗∗ Apache Tomcat: Eine Schwachstelle ermöglicht das Darstellen falscher Informationen ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-2000/


∗∗∗ ClamAV: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-2008/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily