[CERT-daily] Tageszusammenfassung - 11.10.2018
Daily end-of-shift report
team at cert.at
Thu Oct 11 18:09:40 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 10-10-2018 18:00 − Donnerstag 11-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ 5 Endpoint Threats Impacting Security ∗∗∗
---------------------------------------------
Introduction Endpoint threats pose serious security risks to many organizations. Companies are reporting attacks ranging from ransomware to phishing attacks. These attacks lead to the loss of customer data, resulting in massive damage to the company’s reputation, finances and structure.
---------------------------------------------
https://resources.infosecinstitute.com/5-endpoint-threats-impacting-security/
∗∗∗ ICS Tactical Security Trends: Analysis of the Most Frequent SecurityRisks Observed in the Field ∗∗∗
---------------------------------------------
Introduction FireEye iSIGHT Intelligence compiled extensive data from dozens of ICS security health assessment engagements (ICS Healthcheck) performed by Mandiant, FireEyes consulting team, to identify the most pervasive and highest priority security risks in industrial facilities. The information was acquired from hands-on assessments carried out over the last few years across a broad range of industries [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2018/10/ics-tactical-security-trends-analysis-of-security-risks-observed-in-field.html
∗∗∗ DNS-Schlüsselwechsel: Wie man DNS-Ausfälle erkennt, was dagegen hilft ∗∗∗
---------------------------------------------
Am 11.10. wechselt die ICANN den DNS-Vertrauensanker. Dabei kann es zu Ausfällen von Internet-Diensten kommen. Wir fassen zusammen, was dagegen hilft.
---------------------------------------------
https://heise.de/-4187064
∗∗∗ Sicherheitsupdates: Junipers Junos OS offen für Fernzugriff ohne Passwort ∗∗∗
---------------------------------------------
In Junos OS klaffen zum Teil kritische Sicherheitslücken. Aktualisierte Versionen des Betriebssystems schließen die Schwachstellen.
---------------------------------------------
http://heise.de/-4188397
∗∗∗ Nicht bei saturn-media.net einkaufen ∗∗∗
---------------------------------------------
Saturn-media.net lockt mit günstigen Technikangeboten und versucht durch den Domain eine Verbindung zu den seriösen Anbietern Media Markt und Saturn herzustellen. Saturn-media.net hat jedoch nichts mit den genannten Anbietern zu tun, es handelt sich um einen Fakeshop. Sie erhalten keine Ware und verlieren ihr Geld!
---------------------------------------------
https://www.watchlist-internet.at/news/nicht-bei-saturn-medianet-einkaufen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Juniper Networks Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: October 10, 2018 Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the Juniper Security Advisories website and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/10/10/Juniper-Networks-Releases-Security-Updates
∗∗∗ NVP field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-066 ∗∗∗
---------------------------------------------
Project: NVP fieldDate: 2018-October-10Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: NVP field module allows you to create a field type of name/value pairs, with customtitles and easily editable rendering with customizable HTML/text surrounding the pairs.The module doesnt sufficiently handle sanitization of its field formatters output.
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-066
∗∗∗ Search API Solr Search - Moderately critical - Access bypass - SA-CONTRIB-2018-065 ∗∗∗
---------------------------------------------
Project: Search API Solr SearchVersion: 7.x-1.13Date: 2018-October-10Security risk: Moderately critical 10∕25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module.The module doesnt sufficiently take the searched fulltext fields into account when creating a search excerpt.
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-065
∗∗∗ Lightbox2 - Critical - Cross Site Scripting - SA-CONTRIB-2018-064 ∗∗∗
---------------------------------------------
Project: Lightbox2Version: 7.x-2.x-devDate: 2018-October-10Security risk: Critical 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: The Lightbox2 module enables you to overlay images on the current page.The module did not sanitize some inputs when used in combination with a custom view leading to potential Cross Site Scripting (XSS).Solution: Install the latest version [...]
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-064
∗∗∗ Teltonika RUT9XX Unauthenticated OS Command Injection ∗∗∗
---------------------------------------------
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
---------------------------------------------
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection
∗∗∗ Teltonika RUT9XX Reflected Cross-Site Scripting (XSS) ∗∗∗
---------------------------------------------
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
---------------------------------------------
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting
∗∗∗ Teltonika RUT9XX Missing Access Control to UART Root Terminal ∗∗∗
---------------------------------------------
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
---------------------------------------------
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_Teltonika_Incorrect_Access_Control
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).
---------------------------------------------
https://lwn.net/Articles/768145/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10728795
∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801q ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10731217
∗∗∗ IBM Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server (CVE-2014-7810) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10729557
∗∗∗ IBM Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10729521
∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager component FileNet Deployment Manager security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=ibm10732755
∗∗∗ IBM Security Bulletin: Remote code execution vulnerability (CVE-2018-1260) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1 ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10731859
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10734697
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list