[CERT-daily] Tageszusammenfassung - 05.10.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-10-2018 18:00 − Freitag 05-10-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stefan Lenzhofer

=====================
=       News        =
=====================

∗∗∗ Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware ∗∗∗
---------------------------------------------
The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-now-installing-the-kraken-cryptor-ransomware/


∗∗∗ 365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools ∗∗∗
---------------------------------------------
Posted by Ivan Fratric, Google Project ZeroAround a year ago, we published the results of research about the resilience of modern browsers against DOM fuzzing, a well-known technique for finding browser bugs. Together with the bug statistics we also published Domato, our DOM fuzzing tool that was used to find those bugs.Given that in the previous research, Apple Safari, or more specifically, WebKit (its DOM engine) did noticeably worse than other browsers, we decided to revisit it after a year [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-exploiting.html


∗∗∗ ThreatList: 83% of Routers Contain Vulnerable Code ∗∗∗
---------------------------------------------
Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities.
---------------------------------------------
https://threatpost.com/threatlist-83-of-routers-contain-vulnerable-code/137966/


∗∗∗ Domain Name System: Vorsichtsmaßnahmen für den DNS-Schlüsseltausch ∗∗∗
---------------------------------------------
Der kryptografische Hauptschlüssel des DNS wird in einer Woche gewechselt. Für unvorbereitete Provider kann das fatale Folgen haben.
---------------------------------------------
http://heise.de/-4179793



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Carestream Vue RIS ∗∗∗
---------------------------------------------
This advisory includes mitigations for an information exposure through an error message vulnerability in the Carestream Vue RIS, a web-based radiology information system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01


∗∗∗ Change Healthcare PeerVue Web Server ∗∗∗
---------------------------------------------
This advisory includes mitigations for an information exposure through an error message vulnerability in the Change Healthcare PeerVue Web Server.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-02


∗∗∗ WECON PI Studio ∗∗∗
---------------------------------------------
This advisory includes information on stack-based buffer overflow, out-of-bounds write, and out-of-bounds read vulnerabilities in WECON’s PI Studio HMI project programmer.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01


∗∗∗ Security Advisory 2018-06: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
October 05, 2018 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security at otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2020-11-16] uid OTRS Security Team  GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22The post Security Advisory 2018-06: Security Update for OTRS Framework appeared first on | community.otrs.com.
---------------------------------------------
https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/


∗∗∗ VMSA-2018-0024.1 ∗∗∗
---------------------------------------------
VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0024.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel), Fedora (lcms2, php-tcpdf, and udisks2), openSUSE (ImageMagick, libX11, openssl-1_0_0, openssl-1_1, and otrs), SUSE (kernel, php5, php53, php7, and python), and Ubuntu (apparmor and imagemagick).
---------------------------------------------
https://lwn.net/Articles/767689/


∗∗∗ IBM Security Bulletin: A vulnerability in yum-utils affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10728307


∗∗∗ IBM Security Bulletin: Vulnerabilities in docker affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10725649


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=ibm10733857


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10733905


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager generates Application Error (CVE-2018-1753) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733359


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Incorrect Permission Assignment for Critical Resource (CVE-2018-1750) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733311


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Hazardous Input Validation ( CVE-2018-1749) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733303


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Information Exposure (CVE-2018-1743) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733351


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager Uses Hard-coded Credentials (CVE-2018-1742) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733419


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Improper Control of Interaction Frequency (CVE-2018-1741) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733425


∗∗∗ Security vulnerabilities fixed in Thunderbird 60.2.1 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily