[CERT-daily] Tageszusammenfassung - 31.10.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 30-10-2018 18:00 − Mittwoch 31-10-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

Next End-of-Day report: 2018-11-02

=====================
=       News        =
=====================

∗∗∗ Square, PayPal POS Hardware Open to Multiple Attack Vectors ∗∗∗
---------------------------------------------
Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft.
---------------------------------------------
https://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-vectors/138681/


∗∗∗ Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims ∗∗∗
---------------------------------------------
Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that [...]
---------------------------------------------
https://securingtomorrow.mcafee.com/mcafee-labs/fallout-exploit-kit-releases-the-kraken-ransomware-on-its-victims/


∗∗∗ Using PHP 5 Becomes Dangerous in 2 Months ∗∗∗
---------------------------------------------
WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older.
---------------------------------------------
https://www.wordfence.com/blog/2018/10/php5-dangerous/


∗∗∗ 5 Types of Malware Currently Affecting macOS ∗∗∗
---------------------------------------------
Mac malware, or macOS malware, exists contrary to the popular belief that Apple’s operating system is immune to online threats. Cybersecurity researchers have been closely observing the threat landscape only to conclude that malware infections targeting Mac devices have increased in 2018.
---------------------------------------------
https://www.tripwire.com/state-of-security/security-awareness/5-types-of-malware-currently-affecting-macos/


∗∗∗ Wenn Sie in eine Abo-Falle getappt sind… ∗∗∗
---------------------------------------------
Auf der Suche nach kostenlosen Angeboten und gratis Dienstleistungen werden Sie im Internet schnell fündig. Doch Vorsicht: Hier ist nicht alles Gold, was glänzt! Oft handelt es sich nämlich um Abo-Fallen, bei denen Ihnen unbegründet Rechnungen zugeschickt werden und man Ihnen mit Inkassobüro oder Rechtsanwaltsschreiben droht. Die Lösung? Auf gar keinen Fall bezahlen!
---------------------------------------------
https://www.watchlist-internet.at/news/wenn-sie-in-eine-abo-falle-getappt-sind-1/


∗∗∗ Warnung vor sierrasport-berlin.de ∗∗∗
---------------------------------------------
Der Online-Shop sierrasport-berlin.de vertreibt Markenfälschungen. Das können Konsument/innen daran erkennen, dass sämtliche Produkte stark rabattiert und lagernd sind. Kaufen sie bei sierrasport-berlin.de ein, müssen sie mit hohen Zusatzkosten, rechtlichen Konsequenzen und einem Identitätsdiebstahl rechnen. Von einem Einkauf bei sierrasport-berlin.de wird dringend abgeraten!
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-sierrasport-berlinde/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability ∗∗∗
---------------------------------------------
Integrated Data Protection Appliance (iDPA) contains undocumented accounts with limited access which may potentially be used by a malicious user to compromise the affected system.
---------------------------------------------
https://seclists.org/fulldisclosure/2018/Oct/53


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (gitlab), Debian (gnutls28), Fedora (audiofile, coreutils, firefox, hesiod, kernel, kernel-headers, kernel-tools, libssh, lighttpd, mosquitto, opencc, patch, php-horde-nag, sos-collector, strongswan, and thunderbird), Gentoo (libxkbcommon, mutt-1.10, postgresql, systemd, xen, and xorg-server), Mageia (curl, libtiff, samba, spamassassin, and unzip), Oracle (java-1.7.0-openjdk and python-paramiko), Red Hat (git, glusterfs, java-1.7.0-openjdk, [...]
---------------------------------------------
https://lwn.net/Articles/770203/


∗∗∗ VMSA-2015-0008.2 ∗∗∗
---------------------------------------------
VMware product updates address information disclosure issue.
Updated advisory to add vCloud Director fixes for 9.0.0.x and 9.1.0.x versions that now address CVE-2015-3269.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2015-0008.html


∗∗∗ HPESBHF03894 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) Firmware Updates, Local Bypass of Security Restrictions ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us


∗∗∗ ElegantThemes (divi, extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS) ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/9140


∗∗∗ Apple security updates ∗∗∗
---------------------------------------------
https://support.apple.com/en-us/HT201222


∗∗∗ Security Advisory - SegmentSmack Vulnerability in Linux Kernel ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-01-linux-en


∗∗∗ Security Advisory - Improper Authorization Vulnerability in Huawei Watches ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-01-watch-en


∗∗∗ IBM Security Bulletin: IBM Robotic Process Automation could disclose sensitive information in a web request (CVE-2018-1878) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10735977


∗∗∗ IBM Security Bulletin: Passwords are unencrypted locally in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1877) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10735973


∗∗∗ IBM Security Bulletin: Passwords printed to log files in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1876) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10735967


∗∗∗ IBM Security Bulletin: ViewONE is vulnerable to XXE attack when opening PDF documents ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733815


∗∗∗ IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10737147


∗∗∗ IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10737125


∗∗∗ IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by vulnerabilities in python (CVE-2016-5636 CVE-2017-1000158) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10736105


∗∗∗ IBM Security Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1552) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016247


∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15314 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K04524282


∗∗∗ XSS vulnerability in undisclosed TMUI page CVE-2018-15313 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K21042153


∗∗∗ TMM vulnerability CVE-2018-15320 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K72442354


∗∗∗ BIG-IP tmsh vulnerability CVE-2018-15321 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01067037


∗∗∗ MQTT vulnerability CVE-2018-15323 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K26583415


∗∗∗ BIG-IP Configuration utility vulnerability CVE-2018-15327 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20222812


∗∗∗ tmsh utility vulnerability CVE-2018-15322 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28003839


∗∗∗ BIG-IP APM portal access vulnerability CVE-2018-15324 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52206731


∗∗∗ TMM vulnerability CVE-2018-15319 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K64208870


∗∗∗ BIG-IP iControl & tmsh vulnerability CVE-2018-15325 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K77313277


∗∗∗ BIG-IP APM CRL vulnerability CVE-2018-15326 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K34652116


∗∗∗ TMM vulnerability CVE-2018-15318 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K16248201


∗∗∗ TMM vulnerability CVE-2018-15317 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K43625118

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily