[CERT-daily] Tageszusammenfassung - 07.09.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 06-09-2018 18:00 − Freitag 07-09-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New Chainshot Malware Found By Cracking 512-Bit RSA Key ∗∗∗
---------------------------------------------
Security researchers exploited a threat actors poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-by-cracking-512-bit-rsa-key/


∗∗∗ Hotspot Honeypot ∗∗∗
---------------------------------------------
Introduction The Hotspot Honeypot is an illegitimate Wi-Fi access point which can appear as an authorized and secure hotspot. Despite appearances, it is actually set up by black-hat attackers or malicious hackers to steal your bank and credit card details, passwords and other personal information.
---------------------------------------------
https://resources.infosecinstitute.com/hotspot-honeypot/


∗∗∗ British Airways Website, Mobile App Breach Compromises 380k ∗∗∗
---------------------------------------------
The airline said information like name, address and bank card details like CVC code were compromised.
---------------------------------------------
https://threatpost.com/british-airways-website-mobile-app-breach-compromises-380k/137291/


∗∗∗ 2018 CEF Telecom Call - €13 million to reinforce the EUs Cybersecurity capacity ∗∗∗
---------------------------------------------
The European Commission calls for proposals under the Connecting Europe Facility (CEF) to reinforce the EUs cybersecurity capacity, with up to €13 million available in grant funding, open until the 22 November 2018.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/2018-cef-telecom-call2013-20ac13-million-to-reinforce-the-eus-cybersecurity-capacity


∗∗∗ Jetzt patchen! Die Ransomware Gandcrab schlüpft durch Flash- und Windows-Lücken ∗∗∗
---------------------------------------------
Auf einigen kompromittierten Webseiten lauert ein Exploit Kit, das nach Sicherheitslücken in Flash und Windows Ausschau hält.
---------------------------------------------
https://heise.de/-4157172


∗∗∗ Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities ∗∗∗
---------------------------------------------
Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user.
---------------------------------------------
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMSA-2018-0017.3 - VMware Tools update addresses an out-of-bounds read vulnerability ∗∗∗
---------------------------------------------
[...] VMware Tools 10.3.0 is is discontinued because of a functional issue with 10.3.0 in ESXi 6.5, please refer to KB55796 for more information.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0017.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (qemu and xen), Mageia (libxkbcommon, sleuthkit, and wireshark), openSUSE (apache-pdfbox, dovecot22, and php7), SUSE (enigmail, kernel, nodejs4, and php7), and Ubuntu (firefox and transfig).
---------------------------------------------
https://lwn.net/Articles/764386/


∗∗∗ (0Day) Remote Code Execution Vulnerabilities in Hewlett Packard Enterprise Intelligent Management Center ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-999/
http://www.zerodayinitiative.com/advisories/ZDI-18-1000/
http://www.zerodayinitiative.com/advisories/ZDI-18-1001/
http://www.zerodayinitiative.com/advisories/ZDI-18-1002/
http://www.zerodayinitiative.com/advisories/ZDI-18-1003/
http://www.zerodayinitiative.com/advisories/ZDI-18-1004/
http://www.zerodayinitiative.com/advisories/ZDI-18-1005/
http://www.zerodayinitiative.com/advisories/ZDI-18-1006/
http://www.zerodayinitiative.com/advisories/ZDI-18-1007/
---------------------------------------------


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730727


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22016006


∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730717


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Public disclosed vulnerability from Bouncy Castle ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22016292


∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by an Information disclosure vulnerability (CVE-2017-1679) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728737


∗∗∗ Apache Tomcat vulnerability CVE-2018-1336 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K73008537

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily