[CERT-daily] Tageszusammenfassung - 10.09.2018
Daily end-of-shift report
team at cert.at
Mon Sep 10 18:05:20 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 07-09-2018 18:00 − Montag 10-09-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ VLAN Hopping and Mitigation ∗∗∗
---------------------------------------------
We'll start with a few concepts: VLAN A VLAN is used to share the physical network while creating virtual segmentations to divide specific groups. For example, a host on VLAN 1 is separated from any host on VLAN 2. Any packets sent between VLANs must go through a router or other layer 3 devices. Security is one of the many reasons network administrators configure VLANs. However, with an exploit known as VLAN Hopping, an attacker is able to bypass these security implementations.
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/vlan-hopping-and-mitigation
∗∗∗ Keybase Browser Extension Could Allow Sites to See Messages ∗∗∗
---------------------------------------------
The browser extension for the Keybase app fails to keep the end-to-end encryption promised by its desktop variant as sites could see the text being types into the chat area.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/keybase-browser-extension-could-allow-sites-to-see-messages/
∗∗∗ Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall ∗∗∗
---------------------------------------------
Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since.
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/
∗∗∗ Knuddels.de: Millionen Nutzerdaten mit Passwörtern geleakt ∗∗∗
---------------------------------------------
Bei der deutschen Chat-Community Knuddels.de gab es ein immenses Datenleck: Die Accountdaten fast aller Nutzer standen im Netz.
---------------------------------------------
https://heise.de/-4158265
∗∗∗ Apps that steal users' browser histories kicked out of the Mac App store ∗∗∗
---------------------------------------------
Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasnt the only popular app stealing users private information.
---------------------------------------------
https://www.tripwire.com/state-of-security/featured/apps-that-steal-users-browser-histories-kicked-out-of-the-mac-app-store/
∗∗∗ Irreführende Rechnung von ITR Register ∗∗∗
---------------------------------------------
Unternehmen, die ihre Marke oder ihr Geschmacksmuster beim Amt der Europäischen Union für Geistiges Eigentum (EuIPO) registrieren, erhalten eine Rechnung von ITR Register. Sie sollen 1.380 Euro für einen Eintrag auf itr-service.com bezahlen. Die Zahlungsaufforderung von ITR Register ist ein irreführendes Vertragsangebot. Unternehmen müssen den Geldbetrag nicht bezahlen.
---------------------------------------------
https://www.watchlist-internet.at/news/irrefuehrende-rechnung-von-itr-register/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium-browser, curl, discount, firefox-esr, ghostscript, and openssh), Fedora (curl, firefox, ghostscript, glibc, mod_perl, thunderbird, and unixODBC), openSUSE (chromium, firefox, GraphicsMagick, nodejs4, and thunderbird), Oracle (kernel), and SUSE (java-1_7_1-ibm and kvm).
---------------------------------------------
https://lwn.net/Articles/764511/
∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by multiple issues ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10726039
∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730341
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DataPower Gateways ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10726009
∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a vulnerability in OpenSSL (CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730515
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728351
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718249
∗∗∗ RSA BSAFE Crypto-J Crypto Timing Error Lets Remote Users Obtain Keys ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041615
∗∗∗ RSA BSAFE SSL-J Crypto Timing and Memory Access Errors Let Remote or Physically Local Users Obtain Keys ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041614
∗∗∗ QNAP Storage Devices PHP Buffer Error Lets Remote Users Deny Service ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1041607
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list