[CERT-daily] Tageszusammenfassung - 11.09.2018
Daily end-of-shift report
team at cert.at
Tue Sep 11 18:06:38 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Montag 10-09-2018 18:00 − Dienstag 11-09-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Mongo Lock Attack Ransoming Deleted MongoDB Databases ∗∗∗
---------------------------------------------
An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/
∗∗∗ OpenSSL 1.1.1 Is Released ∗∗∗
---------------------------------------------
Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible. For most applications this should be straight forward if they are written to work with OpenSSL 1.1.0.
---------------------------------------------
https://www.openssl.org/blog/blog/2018/09/11/release111/
∗∗∗ "Google Fonts" popup leads to malware ∗∗∗
---------------------------------------------
A recent malware injection in a client's WordPress file was found to be targeting website visitors that were using the Google Chrome browser to access the infected website. It uses Javascript to detect the visitor's use of Google Chrome and then upon the visitor clicking it generates a popup notification which falsely claims that the visitor's Google Chrome is missing the "HoeflerText" font ...
---------------------------------------------
http://labs.sucuri.net/?note=2018-09-10
∗∗∗ Nicht auf gamingkoenig.org reinfallen ∗∗∗
---------------------------------------------
Bei gamingkoenig.org wird Computerzubehör zu Schnäppchenpreisen angeboten. Konsument/innen dürfen bei dem Anbieter auf keinen Fall bestellen, denn es handelt sich um einen Fakeshop. Die bestellte Ware wird sie nie erreichen und Konsument/innen verlieren einen hohen Geldbetrag.
---------------------------------------------
https://www.watchlist-internet.at/news/nicht-auf-gamingkoenigorg-reinfallen/
∗∗∗ Anwaltsschreiben mit Schadsoftware im Umlauf ∗∗∗
---------------------------------------------
Kriminelle versenden unter dem Namen von erfundenden Anwaltskanzleien betrügerische E-Mails. Darin behauten sie, dass Empfänger/innen einen pornografischen Film angesehen und damit eine Urheberrechtsverletzung begangen haben. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden.
---------------------------------------------
https://www.watchlist-internet.at/news/anwaltsschreiben-mit-schadsoftware-im-umlauf/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe ColdFusion(APSB18-33) and Adobe Flash Player (APSB18-31). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1607
∗∗∗ eDirectory 9.1.1 Hot Patch 1 ∗∗∗
---------------------------------------------
This update is being provided to resolve potential critical issues found since the latest patch:
- Open unvalidated redirect vulnerability in iMonitor (Bug 1082040) (CVE-2018-7692)
---------------------------------------------
https://download.novell.com/Download?buildid=vP3nS-Hctkk~
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libextractor), Fedora (godot and iniparser), Oracle (kernel), Red Hat (chromium-browser and Fuse 7.1), SUSE (compat-openssl098, openssh, php5, php53, qemu, and tiff), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, and linux-hwe, linux-azure, linux-gcp).
---------------------------------------------
https://lwn.net/Articles/764575/
∗∗∗ Vuln: SAP Business One For Android CVE-2018-2460 Certificate Validation Security Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/105309
∗∗∗ Vuln: SAP NetWeaver WebDynpro Java CVE-2018-2464 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/105308
∗∗∗ Vuln: SAP Business One CVE-2018-2458 Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/105307
∗∗∗ Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
∗∗∗ Security Advisory - Two Insufficient Input Validation Vulnerabilities in Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180911-01-smartphone-en
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1656, CVE-2018-12539) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10730799
∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10719697
∗∗∗ IBM Security Bulletin: Datacap Taskmaster Capture, Datacap Fastdoc Capture and Datacap Navigator is affected by vulnerability due to unexpected authentication behavior ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10729013
∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10720295
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10729699
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0732, CVE-2018-0737) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10730811
∗∗∗ IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0739) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10726053
∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in bind (CVE-2017-3145) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10719051
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728841
∗∗∗ SSA-268644 (Last Update: 2018-09-11): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
∗∗∗ SSA-346256 (Last Update: 2018-09-11): Vulnerability in SIMATIC WinCC OA V3.14 and prior ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf
∗∗∗ SSA-198330 (Last Update: 2018-09-11): Local Privilege Escalation in TD Keypad Designer ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf
∗∗∗ SSA-447396 (Last Update: 2018-09-11): Denial-of-Service in SCALANCE X300, SCALANCE X408 and SCALANCE X414 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list