[CERT-daily] Tageszusammenfassung - 04.01.2019
Daily end-of-shift report
team at cert.at
Fri Jan 4 18:12:28 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 03-01-2019 18:00 − Freitag 04-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Open redirects - the vulnerability class no one but attackers cares about ∗∗∗
---------------------------------------------
Open redirects is an underrated bug class that is often considered a non-vulnerability. In certain cases it could lead to Windows credential stealing, javascript execution and in the best case it can only be used in phishing attacks, malicious redirecting and damaging the brand off the vulnerable company.
---------------------------------------------
https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-class-no-one-but-attackers-cares-about/
∗∗∗ OWASP Top 10 Security Risks – Part IV ∗∗∗
---------------------------------------------
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.
---------------------------------------------
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-iv.html
∗∗∗ Phishing template uses fake fonts to decode content and evade detection ∗∗∗
---------------------------------------------
Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding.
---------------------------------------------
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
∗∗∗ Sicherheitsupdates: Zwei kritische Lücken in Adobe Acrobat und Reader ∗∗∗
---------------------------------------------
Adobe patcht seine PDF-Anwendungen außer der Reihe. Über ein Schlupfloch könnten Angreifer Schadcode ausführen.
---------------------------------------------
http://heise.de/-4265230
=====================
= Vulnerabilities =
=====================
∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an improper input validation vulnerability in Schneider Electrics Pro-face GP-Pro EX, an HMI screen editor and logic programming software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01
∗∗∗ Yokogawa Vnet/IP Open Communication Driver ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for a resource management error vulnerability in Yokogawas Vnet/IP open communication driver.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02
∗∗∗ Hetronic Nova-M ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an authentication bypass by capture-relay vulnerability in Hetronics Nova-M remote control transmitters and receivers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (wget), Oracle (kernel), Red Hat (keepalived), Scientific Linux (keepalived), and SUSE (GraphicsMagick and mailman).
---------------------------------------------
https://lwn.net/Articles/776019/
∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0007
∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0006
∗∗∗ IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-the-use-of-local-read-only-cache-lroc-may-result-in-directory-corruption-and-undetected-data-corruption-in-regu/
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale (CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-spectrum-scale-cve-2018-3180/
∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vulnerable-to-http-request-smuggling-caused-by-improper-handling-of-chunked-transfer-encoding-chunk-size-ibm-rational-service-tester-is-affected-by-this-vulne/
∗∗∗ IBM Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-eclipse-jetty-is-vulnerable-to-http-request-smuggling-caused-by-improper-handling-of-chunked-transfer-encoding-chunk-size-ibm-rational-performance-tester-is-affected-by-this-v/
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1677) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2018-1677/
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by glibc vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-glibc-vulnerabilities/
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2018-0732/
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by weak cryptographic algorithms (CVE-2018-1665) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-weak-cryptographic-algorithms-cve-2018-1665/
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a man in the middle vulnerability (CVE-2018-1663) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-man-in-the-middle-vulnerability-cve-2018-1663/
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a XML External Entity Injection (XXE) vulnerability (CVE-2018-1669) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-xml-external-entity-injection-xxe-vulnerability-cve-2018-1669/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list