[CERT-daily] Tageszusammenfassung - 15.10.2018

Mon Oct 15 18:27:59 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 12-10-2018 18:00 − Montag 15-10-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Dimitri Robl

=====================
=       News        =
=====================

∗∗∗ l+f: Krypto-Miner hegt und pflegt Flash ∗∗∗
---------------------------------------------
Ein Trojaner tut erst Gutes und dann Böses.
---------------------------------------------
http://heise.de/-4190878


∗∗∗ Patching, Re-Patching and Meta-Patching the Jet Database Engine RCE (CVE-2018-8423) ∗∗∗
---------------------------------------------
Flawed Patches Will Always Happen, But We Can Change How They Get Fixed by Mitja Kolsek, the 0patch TeamTL;DR: Microsoft patched CVE-2018-8423 eighteen days after we had micropatched it. Their official patch turned out to be incomplete so we re-micropatched it.This is a story about a Windows vulnerability that was reported to Microsoft, published as "0day" before the official patch was available, micropatched by us one day later, subsequently patched by Microsoft, found to be [...]
---------------------------------------------
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html


∗∗∗ Datendiebstahl mit gefälschter WhatsApp-Rechnung ∗∗∗
---------------------------------------------
Datendiebe versenden eine gefälschte WhatsApp-Rechnung per E-Mail. Darin behaupten sie in betrügerischer Absicht, dass Konsument/innen für den Messenger bezahlen müssen. Dazu sollen sie auf einer Website ihre Kreditkartendaten und ihren TAN-Code bekannt geben. Das führt zur Übermittlung der Informationen an Kriminelle. Dadurch verlieren Opfer ihr Geld und ihre Identität an Datendiebe.
---------------------------------------------
https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschter-whatsapp-rechnung/


∗∗∗ IT-Security - "PHP-Zeitbombe": 62 Prozent aller Internetseiten sind bald unsicher ∗∗∗
---------------------------------------------
Mit Ende des Jahres endet der Support für PHP 5.6, das immer noch vielfach genutzt wird
---------------------------------------------
https://derstandard.at/2000089376436/PHP-Zeitbombe-62-Prozent-aller-Internetseiten-sind-bald-unsicher


=====================
=  Vulnerabilities  =
=====================

∗∗∗ MS-ISAC Releases Advisory on PHP Vulnerabilities ∗∗∗
---------------------------------------------
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/10/12/MS-ISAC-Releases-Advisory-PHP-Vulnerabilities


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (wireshark-cli), Debian (imagemagick, otrs2, tomcat7, and wireshark), Fedora (ca-certificates, dislocker, dolphin-emu, kernel-headers, kernel-tools, libgit2, mbedtls, mingw-openjpeg2, nekovm, openjpeg2, patch, strongswan, and thunderbird), Mageia (firefox, git, nextcloud, and texlive), Oracle (kernel and openssl), Scientific Linux (spamassassin), SUSE (libtirpc), and Ubuntu (requests).
---------------------------------------------
https://lwn.net/Articles/768406/


∗∗∗ Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170306-01-smartphone-en


∗∗∗ IBM Security Bulletin: Vulnerability CVE-2018-11763 in the IBM i HTTP Server affects IBM i. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10735045


∗∗∗ IBM Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730631

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily