[CERT-daily] Tageszusammenfassung - 30.10.2018

Tue Oct 30 18:11:36 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-10-2018 18:00 − Dienstag 30-10-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ CommonRansom Ransomware Demands RDP Access to Decrypt Files ∗∗∗
---------------------------------------------
A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victims files.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/


∗∗∗ Krankenkassen: Vivy-App gibt Daten preis ∗∗∗
---------------------------------------------
Sicherheitsforscher haben einige gravierende Lücken in der Krankenkassen-App Vivy gefunden. Unter anderem konnte auf Dokumente, die man mit dem Arzt teilte, unberechtigt zugegriffen werden. (Medizin, Verschlüsselung)
---------------------------------------------
https://www.golem.de/news/krankenkassen-vivy-app-gibt-daten-preis-1810-137376-rss.html


∗∗∗ Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures ∗∗∗
---------------------------------------------
by Stephen Hilt, Numaan Huq, Vladimir Kropotov, Robert McArdle, Cedric Pernet, and Roel Reyes Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5LDw-xUlnAw/


∗∗∗ Sicherheitsupdates: Multifunktionsgeräte von Lexmark anfällig für "böse" Faxe ∗∗∗
---------------------------------------------
Sicherheitspatches für Drucker-Fax-Kopier-Kombinationen von Lexmark schließen zwei Lücken. Eine davon gilt als kritisch.
---------------------------------------------
http://heise.de/-4206719


∗∗∗ Systemd: DHCPv6-Pakete können Linux-Rechner kapern ∗∗∗
---------------------------------------------
Eine Systemd-Komponente in vielen modernen Linux-Systemen kann missbraucht werden, um den Rechner übers Netz zu kapern.
---------------------------------------------
http://heise.de/-4206800


∗∗∗ Erpresserische E-Mails drohen mit Masturbationsvideo ∗∗∗
---------------------------------------------
Kriminelle versenden betrügerische Nachrichten. Darin behaupten sie, dass sie das Passwort der Empfänger/innen kennen, angeblich Zugriff auf ihren Computer haben und deshalb über Masturbationsvideos verfügen. Die Adressat/innen sollen Bitcoins bezahlen, damit es zu keiner Veröffentlichung der Aufnahmen kommt. Konsument/innen können das Schreiben ignorieren, denn es ist erfunden. Eine Reaktion ist nicht erforderlich.
---------------------------------------------
https://www.watchlist-internet.at/news/erpresserische-e-mails-drohen-mit-masturbationsvideo/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:4 ∗∗∗
---------------------------------------------
Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors.
---------------------------------------------
http://www.squid-cache.org/Advisories/SQUID-2018_4.txt


∗∗∗ Squid Proxy Cache Security Update Advisory SQUID-2018:5 ∗∗∗
---------------------------------------------
Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack.
---------------------------------------------
http://www.squid-cache.org/Advisories/SQUID-2018_5.txt


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (xorg-x11-server), Debian (xen), Red Hat (389-ds-base, binutils, curl and nss-pem, fuse, glibc, glusterfs, GNOME, gnutls, jasper, java-1.7.0-openjdk, kernel, kernel-alt, kernel-rt, krb5, libcdio, libkdcraw, libmspack, libreoffice, libvirt, openssl, ovmf, python, python-paramiko, qemu-kvm, qemu-kvm-ma, samba, setup, sssd, wget, wpa_supplicant, X.org X11, xerces-c, zsh, and zziplib), and SUSE (ardana-monasca, ardana-spark, kafka, kafka-kit, [...]
---------------------------------------------
https://lwn.net/Articles/770031/


∗∗∗ Sandbox Bypass in Script Security and Pipeline Groovy Plugins ∗∗∗
---------------------------------------------
https://jenkins.io/security/advisory/2018-10-29/


∗∗∗ GitLab Security Release: 11.4.3, 11.3.8, and 11.2.7 ∗∗∗
---------------------------------------------
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/


∗∗∗ IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10735105


∗∗∗ IBM Security Bulletin: Vulnerability in the IBM FlashSystem model V840 ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10732968


∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2018-10858) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10732876


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10737813


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10735169


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10733845


∗∗∗ reposync vulnerability CVE-2018-10897 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23200408

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily