[CERT-daily] Tageszusammenfassung - 10.10.2018

Daily end-of-shift report team at cert.at
Wed Oct 10 18:14:19 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-10-2018 18:00 − Mittwoch 10-10-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Zero-day exploit (CVE-2018-8453) used in targeted attacks ∗∗∗
---------------------------------------------
Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453.
---------------------------------------------
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/


∗∗∗ Patchday: Zero-Day-Fix für Windows, kritische Exchange-Lücke ∗∗∗
---------------------------------------------
Im Oktober behebt Microsoft knapp 50 Sicherheitsprobleme. Darunter kritische Lücken in Windows-Komponenten und im Exchange Mail-Server.
---------------------------------------------
http://heise.de/-4186268


∗∗∗ Kritische Sicherheitslücke gefährdet Milliarden WhatsApp-Nutzer ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in WhatsApp ermöglicht es, ein Smartphone mit einem einzigen Video-Call zu kapern. Potentiell betroffen sind Milliarden WhatsApp-Nutzer.
---------------------------------------------
http://heise.de/-4186365


∗∗∗ Patchday: Adobe stopft kritische Lücke in Digital Editions ∗∗∗
---------------------------------------------
Ein Sicherheitsupdate für Flash, das keins ist, und die Abwesenheit von Reader-Patches sorgen bei Adobe für einen eher untypischen Patchday.
---------------------------------------------
http://heise.de/-4186327


∗∗∗ IIS attacks surge from 2,000 to 1.7 million over last quarter ∗∗∗
---------------------------------------------
IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. According to a new threat report from eSentire, IIS attacks showed a massive increase, from 2,000 to 1.7 million, since last quarter. 
---------------------------------------------
https://www.helpnetsecurity.com/2018/10/10/iis-attacks-surge/


∗∗∗ Magecart hacks Shopper Approved to simultaneously hit many e-commerce sites ∗∗∗
---------------------------------------------
The cybercriminal groups under the Magecart umbrella strike again and again, and one of them has apparently specialized in compromising third parties to more easily get in as many online shops as possible. The latest target of Magecart Group 5, as it has been dubbed by RiskIQ researcher Yonathan Klijnsma, is Shopper Approved, an organization that provides rating seals for online stores.
---------------------------------------------
https://www.helpnetsecurity.com/2018/10/10/magecart-hacks-shopper-approved/


∗∗∗ Kleinanzeigenbetrug mit Western Union Überweisungen ∗∗∗
---------------------------------------------
Vorsicht beim Kleinanzeigenverkauf! BetrügerInnen, die sich als KaufinteressentInnen ausgeben, behaupten, ihren Opfern überhöhte Geldbeträge überwiesen zu haben, die nur durch eine Western Union Transaktion an ein Speditionsunternehmen freigeschalten werden können. Führen Sie diese Transaktion nicht durch, denn Ihr Geld wäre verloren und die freizuschaltende Überweisung gibt es nicht!
---------------------------------------------
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-mit-western-union-ueberweisungen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Digital Editions (APSB18-27), Adobe Experience Manager (APSB18-36), Adobe Framemaker (APSB18-37) and Adobe Technical Communications Suite (APSB18-38). Adobe recommends users update their product installations to the latest versions using the instructions referenced [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1633


∗∗∗ jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability ∗∗∗
---------------------------------------------
Topic: jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability Risk: Medium Text:Title: jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability Author: Larry W. Cashdollar [...]
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018100094


∗∗∗ GE iFix ∗∗∗
---------------------------------------------
This advisory includes mitigations for an unsafe ActiveX control marked safe for scripting vulnerability in a Gigasoft component affecting GE’s iFix HMI products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01


∗∗∗ Fuji Electric Energy Savings Estimator ∗∗∗
---------------------------------------------
This advisory includes mitigations for an uncontrolled search path element (DLL Hijacking) vulnerability in the Fuji Electric Energy Savings Estimator software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07


∗∗∗ October 2018 Security Update Release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. 
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2018/10/09/october-2018-security-update-release/


∗∗∗ October 2018 Microsoft Patch Tuesday, (Tue, Oct 9th) ∗∗∗
---------------------------------------------
Microsoft released patches for 48 vulnerabilities today and one advisory regarding a defense in depth update for Office. No Adobe updates are included so far, but Adobe has released updates to PDF Reader / Acrobat about a week ago.
---------------------------------------------
https://isc.sans.edu/diary/rss/24186


∗∗∗ VMSA-2018-0025 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0025.html


∗∗∗ USN-3787-1: Tomcat vulnerability ∗∗∗
---------------------------------------------
tomcat7, tomcat8 vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 16.04 LTSUbuntu 14.04 LTSSummaryTomcat could be made to redirect to arbitrary locations.Software Descriptiontomcat8 - Servlet and JSP enginetomcat7 - Servlet and JSP engineDetailsIt was discovered that Tomcat incorrectly handled returning redirects to adirectory. A remote attacker could possibly use this issue with a speciallycrafted URL to redirect to arbitrary URIs.
---------------------------------------------
https://usn.ubuntu.com/3787-1/


∗∗∗ October 2018 Office Update Release ∗∗∗
---------------------------------------------
The October 2018 Public Update releases for Office are now available! This month, there are 23 security updates and 17 non-security updates. All of the security and non-security updates are listed in KB article 4464656. A new version of Office 2013 Click-To-Run is available: 15.0.5075.1001 A new version of Office 2010 Click-To-Run is available: 14.0.7214.5000
---------------------------------------------
https://blogs.technet.microsoft.com/office_sustained_engineering/2018/10/09/october-2018-office-update-release/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/768041/


∗∗∗ BSRT 2018-004 Information Disclosure Vulnerability in Management Console Impacts UEM ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000052161


∗∗∗ Security Advisory - Improper Authentication Vulnerability on Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181010-01-applock-en


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server in IBM Cloud July 2018 CPU ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10734161


∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager affected by Apache PDFBox security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=ibm10716315


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10734167


∗∗∗ IBM Security Bulletin: Server Automation is affected by the following GSKit vulnerabilities (CVE-2018-1447, CVE-2018-1427, CVE-2018-1428) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718773

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list