[CERT-daily] Tageszusammenfassung - 12.10.2018

Fri Oct 12 18:14:18 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 11-10-2018 18:00 − Freitag 12-10-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Proof-of-Concept-Code für Windows-Lücke veröffentlicht ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher zeigt, wie er mit einem vergleichsweise simplen Skript aus dem Browser Edge heraus eine andere Anwendung startet.
---------------------------------------------
http://heise.de/-4189565


∗∗∗ Adaptable, All-in-One Android Trojan Shows the Future of Malware ∗∗∗
---------------------------------------------
GPlayed may be the new face of malware -- flexible and adaptable, with a Swiss Army knife-like toolbox that can be used to target pretty much anyone.
---------------------------------------------
https://threatpost.com/adaptable-all-in-one-android-trojan-shows-the-future-of-malware/138215/


∗∗∗ New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors ∗∗∗
---------------------------------------------
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot.
---------------------------------------------
https://threatpost.com/new-drupalgeddon-attacks-enlist-shellbot-to-open-backdoors/138230/


∗∗∗ Google Adds Control-Flow Integrity to Beef up Android Kernel Security ∗∗∗
---------------------------------------------
Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities.
---------------------------------------------
https://thehackernews.com/2018/10/android-linux-kernel-cfi.html


∗∗∗ AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide ∗∗∗
---------------------------------------------
This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States. In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world.
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/AA18-284A


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin).
---------------------------------------------
https://lwn.net/Articles/768244/


∗∗∗ NUUO NVRmini2 and NVRsolo ∗∗∗
---------------------------------------------
This advisory includes mitigations for stack-based buffer overflow and leftover debug code vulnerabilities in NUUOs NVRmini2 and NVRsolo network video recorders.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-01


∗∗∗ NUUO CMS ∗∗∗
---------------------------------------------
This advisory includes mitigations for use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical resource, and use of hard-coded credentials vulnerabilities in a NUUOs CMS software management platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02-NUUO-CMS


∗∗∗ Delta Industrial Automation TPEditor ∗∗∗
---------------------------------------------
This advisory includes mitigations for out-of-bounds write and stack-based buffer overflow vulnerabilities in the Delta Industrial Automation TPEditor software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03


∗∗∗ Critical Patch Update - October 2018 - Pre-Release Announcement ∗∗∗
---------------------------------------------
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in glibc (CVE-2018-11236) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10734721


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10734739


∗∗∗ IBM Security Bulletin: Vulnerabilities in procps affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733895


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in procps ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10734741


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10734657


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Path Traversal (CVE-2018-1744) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10733353


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libjpeg ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10734731


∗∗∗ IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to a XML External Entity Injection (XXE) attack (CVE-2018-1747) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10733429


∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733909


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in ICU ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10734727

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily