[CERT-daily] Tageszusammenfassung - 06.09.2018

Daily end-of-shift report team at cert.at
Thu Sep 6 18:11:44 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 05-09-2018 18:00 − Donnerstag 06-09-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Nicht bestellen bei apothekerezeptfrei.com ∗∗∗
---------------------------------------------
KonsumentInnen, die auf der Suche nach Medikamenten und insbesondere Potenzmitteln sind, finden auf apothekerezeptfrei.com ein großes Angebot an teils verschreibungspflichtigen Medikamenten. InteressentInnen sollten hier auf keinen Fall bestellen, denn es handelt sich um einen Fake-Shop, der trotz Bezahlung keine Ware liefert. Zusätzlich sollten verschreibungspflichtige Medikamente nicht ohne entsprechende Verschreibung gekauft werden.
---------------------------------------------
https://www.watchlist-internet.at/news/nicht-bestellen-bei-apothekerezeptfreicom/


∗∗∗ Browser Extensions: Are They Worth the Risk? ∗∗∗
---------------------------------------------
Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or
---------------------------------------------
https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/


∗∗∗ Malicious PowerShell Compiling C# Code on the Fly, (Wed, Sep 5th) ∗∗∗
---------------------------------------------
What I like when hunting is to discover how attackers are creative to find new ways to infect their victims computers. I came across a Powershell sample that looked new and interesting to me.
---------------------------------------------
https://isc.sans.edu/diary/rss/24072


∗∗∗ Using just a laptop, boffins sniff, spoof and pry – without busting browser padlock ∗∗∗
---------------------------------------------
In a paper seen by The Register, to be presented at the ACM's Conference on Computer and Communications Security (Toronto in October), Dr Shulman's team wrote:
"The attack exploits DNS Cache Poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker's public key to a victim domain."
---------------------------------------------
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: September 05, 2018 Cisco has released updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/09/05/Cisco-Releases-Security-Updates


∗∗∗ DokuWiki CSV Formula Injection Vulnerability ∗∗∗
---------------------------------------------
The administration panel of the application has a “CSV export of users” feature which allows the export of user data (username, real name, email address and user groups) as a CSV file. On the registration page, it is possible for an attacker to set certain values in the Real Name field that – when exported and opened with a spreadsheet application (Microsoft Excel, Open Office, etc.) – will be interpreted as a formula.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/


∗∗∗ VMSA-2018-0023: AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities ∗∗∗
---------------------------------------------
* The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. CVE-2018-6975
* The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker. CVE-2018-6976
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0023.html


∗∗∗ Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities ∗∗∗
---------------------------------------------
Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning (ERP) cloud application. These vulnerabilities enable an attacker to bypass authentication and get unauthenticated access to sensitive data. An attacker can use a normal web browser to trigger these vulnerabilities — no special tools are required.
---------------------------------------------
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-talos-2018-0560.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, gdm3, git-annex, lcms2, and sympa), Fedora (discount, dolphin-emu, gd, obs-build, osc, tcpflow, and yara), openSUSE (wireshark), Slackware (curl, firefox, ghostscript, and thunderbird), SUSE (apache-pdfbox, curl, dovecot22, and libvirt), and Ubuntu (libtirpc).
---------------------------------------------
https://lwn.net/Articles/764300/


∗∗∗ IBM Security Bulletin: Vulnerabilities in Kerberos affect Power Hardware Management Console (CVE-2017-11368, CVE-2017-7562) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10717893


∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from PHP ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10719483


∗∗∗ IBM Security Bulletin: Vulnerabilities in Oracle Outside In Technology Affect IBM WebSphere Portal (CVE-2018-2768, CVE-2018-2801, CVE-2018-2806) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10715935


∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2018-1567) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22016254


∗∗∗ Apache Tomcat vulnerability CVE-2018-8034 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K34468163

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list