Daily

daily@lists.cert.at

1 participants
3291 discussions

Tageszusammenfassung - 26.09.2018
by Daily end-of-shift report 26 Sep '18

26 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-09-2018 18:00 − Mittwoch 26-09-2018 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Der nächste Meilenstein: [CERT.at #1000000] ∗∗∗ --------------------------------------------- Für unsere Kommunikation per E-Mail verwenden wir (wie viele Firmen) ein Ticketsystem, damit a) die Kommunikation für alle Teammitglieder nachvollziehbar ist, dass b) möglichst keine Anfragen unbeantwortet bleiben und c) der Workflow mit Meldung/Vorfall/Nachforschung abgebildet werden kann. --------------------------------------------- http://www.cert.at/services/blog/20180926100651-2293.html ∗∗∗ Nach Safari und Chrome: Firefox ins Jenseits befördern ∗∗∗ --------------------------------------------- Mit einem präparierten Link kann Mozillas Firefox zum Absturz gebracht werden. Ähnliches hat ein Sicherheitsforscher zuvor mit Apples Safari und Googles Chrome gezeigt. Auf einer Webseite sammelt er die Lücken - mitsamt Absturz-Button. --------------------------------------------- https://www.golem.de/news/nach-safari-und-chrome-firefox-ins-jenseits-befoe… ∗∗∗ New CVE-2018-8373 Exploit Spotted ∗∗∗ --------------------------------------------- On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability. Its important to note that this exploit doesnt work on systems with updated Internet Explorer versions. --------------------------------------------- https://blog.trendmicro.com/trendlabs-security-intelligence/new-cve-2018-83… ∗∗∗ Full compliance with the PCI DSS drops for the first time in six years ∗∗∗ --------------------------------------------- After documenting improvements in Payment Card Industry Data Security Standard (PCI DSS) compliance over the past six years (2010 – 2016), Verizon’s 2018 Payment Security Report (PSR) now reveals a concerning downward trend with companies failing compliance assessments and perhaps, more importantly, not maintaining – full compliance. --------------------------------------------- https://www.helpnetsecurity.com/2018/09/26/pci-dss-compliance-drop/ ∗∗∗ Gefälschte kabelplus-Phishingmail im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte kabelplus-Nachricht. Darin behaupten sie, dass „ihr Kabelplus Webmail (kabsi.at) Nachrichtenspeicher das Limit-Kontingent in unserer Datenbank erreicht“ hat. Aus diesem Grund sollen Kund/innen eine externe Website aufrufen und persönliche Daten bekannt geben. Diese übermitteln sie nicht an kabelplus, sondern an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-kabelplus-phishingmail-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Magecart Attacks Grow Rampant in September ∗∗∗ --------------------------------------------- Attacks that compromise websites with scripts that steal payment card data from checkout pages have increased to hundreds of thousands of attempts in little over a month. --------------------------------------------- https://www.bleepingcomputer.com/news/security/magecart-attacks-grow-rampan… ∗∗∗ VU#581311: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks ∗∗∗ --------------------------------------------- TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks The TP-LINK EAP Controller is TP-LINKs software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an attacker to implement deserialization attacks and control the EAP Controller server. --------------------------------------------- http://www.kb.cert.org/vuls/id/581311 ∗∗∗ One Emotet infection leads to three follow-up malware infections, (Wed, Sep 26th) ∗∗∗ --------------------------------------------- In recent weeks, I've generally seen Emotet retrieve Trickbot, the IcedID banking Trojan, or spambot malware for its follow-up infection. I rarely see Emotet retrieve more than one type of follow-up malware. But on Tuesday 2018-09-25, my infected lab host retrieved Trickbot and IcedID immediately after an Emotet infection. Then IcedID caused another infection with AZORult on the same host. --------------------------------------------- https://isc.sans.edu/diary/rss/24140 ∗∗∗ eDirectory 9.1.1 Hot Patch 1 ∗∗∗ --------------------------------------------- This patch is an update to eDirectory 9.1 Support Pack 1 (9.1.1). This update is being provided to resolve potential critical issues found since the latest patch Architecture: x86-64 Security patch: Yes Priority: Mandatory --------------------------------------------- https://download.novell.com/Download?buildid=vP3nS-Hctkk~ ∗∗∗ Stored Cross-Site Scripting in Kendo UI Editor ∗∗∗ --------------------------------------------- A cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application which allows attackers in the worst case to take over user sessions. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/stored-cross-site-scripting-… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python2.7 and python3.4), openSUSE (php5-smarty3), Oracle (389-ds-base, flatpak, kernel, and nss), Red Hat (389-ds-base, chromium-browser, flatpak, kernel, kernel-alt, kernel-rt, nss, and qemu-kvm-ma), and SUSE (ant, dom4j, kernel, and wireshark). --------------------------------------------- https://lwn.net/Articles/766746/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM WebSphere Portal (CVE-2018-1820) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732287 ∗∗∗ IBM Security Bulletin: Security Vulnerability in Apache Batik Affects IBM WebSphere Portal (CVE-2018-8013) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731435 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10728567 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8 Affect Transformation Extender ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720173 ∗∗∗ IBM Security Bulletin: Open Redirect Vulnerability in IBM WebSphere Portal (CVE-2018-1736) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729683 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1716) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729323 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10732916 ∗∗∗ IBM Security Bulletin: Open Source Libvorbis, Patch and Python-paramiko vulnerabilities affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10729297 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1660) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10715923 ∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability from BIND affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10729637 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.09.2018
by Daily end-of-shift report 25 Sep '18

25 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Montag 24-09-2018 18:00 − Dienstag 25-09-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Android Trojan reads Whatsapp-Messages ∗∗∗ --------------------------------------------- A spyware still in development can read users Whatsapp-Messages and other sensitive data. G DATA researchers analysed the Malware to protect our customers. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/09/31122-android-trojan-reads-whats… ∗∗∗ OpenPGP/GnuPG: Signaturen fälschen mit HTML und Bildern ∗∗∗ --------------------------------------------- PGP-Signaturen sollen gewährleisten, dass eine E-Mail tatsächlich vom korrekten Absender kommt. Mit einem simplen Trick kann man bei vielen Mailclients scheinbar signierte Nachrichten erstellen - indem man die entsprechende Anzeige mittels HTML fälscht. (OpenPGP, E-Mail) --------------------------------------------- https://www.golem.de/news/openpgp-gnupg-signaturen-faelschen-mit-html-und-b… ∗∗∗ Analyzing Encoded Shellcode with scdbg, (Mon, Sep 24th) ∗∗∗ --------------------------------------------- Reader Jason analyzed a malicious RTF file: using OfficeMalScanner and xorsearch he was able to extract and find the entry point of the shellcode, but scdbg was not able to emulate the shellcode. --------------------------------------------- https://isc.sans.edu/diary/rss/24134 ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Cisco Identity Services Engine ∗∗∗ --------------------------------------------- Cisco Identity Services Engine (ISE) contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ DSA-4305 strongswan - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4305 ∗∗∗ ZDI-18-1083: Apple Safari Array Concat Uninitialized Buffer Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1083/ ∗∗∗ ZDI-18-1082: Apple Safari Subframe Same-Origin Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1082/ ∗∗∗ ZDI-18-1081: Apple Safari performProxyCall Internal Object Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1081/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.09.2018
by Daily end-of-shift report 24 Sep '18

24 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-09-2018 18:00 − Montag 24-09-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Malware Disguised as Job Offers Distributed on Freelance Sites ∗∗∗ --------------------------------------------- Attackers are using freelance job sites such as fiverr and Freelancer to distribute malware disguised as job offers. These job offers contain attachments that pretends to be the job brief, but are actually .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-off… ∗∗∗ Security: Curl bekommt eigenes Bug-Bounty-Programm ∗∗∗ --------------------------------------------- Das kleine Kommandozeilenwerkzeug Curl und dessen Bibliothek finden sich in nahezu allen vernetzten Geräten. Sicherheitsforscher erhalten künftig eine Bug-Bounty, also Geld für das Auffinden von Sicherheitslücken in der .. --------------------------------------------- https://www.golem.de/news/security-curl-bekommt-eigenes-bug-bounty-programm… ∗∗∗ Adwind Dodges AV via DDE ∗∗∗ --------------------------------------------- Cisco Talos, along with fellow cybersecurity firm ReversingLabs, recently discovered a .. --------------------------------------------- https://blog.talosintelligence.com/2018/09/adwind-dodgesav-dde.html ∗∗∗ Security - Android: Immer mehr Hersteller liefern Sicherheits-Updates ∗∗∗ --------------------------------------------- Mittlerweile 250 Modelle mit Patch Level aus den letzten 90 Tagen – Google zahlt 3 Millionen Dollar für Bug Bounties --------------------------------------------- https://derstandard.at/2000087981052/Android-Immer-mehr-Hersteller-liefern-… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Video Surveillance Manager Appliance Default Password Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DSA-4301 mediawiki - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4301 ∗∗∗ DSA-4302 openafs - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4302 ∗∗∗ ZDI-18-1079: Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1079/ ∗∗∗ ZDI-18-1078: Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1078/ ∗∗∗ Multiple vulnerabilities in Citrix StorageZones Controller ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-cit… ∗∗∗ Security vulnerabilities fixed in Firefox ESR 60.2.1 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/ ∗∗∗ Security vulnerabilities fixed in Firefox 62.0.2 ∗∗∗ --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.09.2018
by Daily end-of-shift report 21 Sep '18

21 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-09-2018 18:00 − Freitag 21-09-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist ∗∗∗ --------------------------------------------- Servers and storage disks filled with millions of unencrypted confidential records of employees, customers .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/unwiped-drives-and-servers-f… ∗∗∗ Pre-Pwned AMI Images in Amazons AWS public instance store, (Fri, Sep 21st) ∗∗∗ --------------------------------------------- I keep getting reports about AMI images in Amazon&#;x26;#;39;s AWS, which come "pre-pwned." These images .. --------------------------------------------- https://isc.sans.edu/diary/rss/24126 ∗∗∗ AES Resulted in a $250-Billion Economic Benefit ∗∗∗ --------------------------------------------- NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the .. --------------------------------------------- https://www.schneier.com/blog/archives/2018/09/aes_resulted_in.html ∗∗∗ DanaBot shifts its targeting to Europe, adds new features ∗∗∗ --------------------------------------------- Recently, we have spotted a surge in activity of DanaBot, a stealthy banking Trojan discovered earlier this year. The malware, first observed in campaigns targeting Australia and later Poland, has apparently .. --------------------------------------------- https://www.welivesecurity.com/2018/09/21/danabot-targeting-europe-adds-new… ∗∗∗ Cyber - USA und Großbritannien rüsten im Cyberspace auf ∗∗∗ --------------------------------------------- Größerer Fokus auf eigene Offensiven gegen Angreifer von außen --------------------------------------------- https://derstandard.at/2000087842532/USA-und-Grossbritannien-ruesten-im-Cyb… ===================== = Vulnerabilities = ===================== ∗∗∗ Tec4Data SmartCooler ∗∗∗ --------------------------------------------- This advisory includes mitigations for a missing authentication for critical function vulnerability in Tec4Datas SmartCooler, a cooling appliance. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-263-01 ∗∗∗ Rockwell Automation RSLinx Classic ∗∗∗ --------------------------------------------- This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and resource exhaustion vulnerabilities in Rockwell Automation’s RSLinx Classic. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 ∗∗∗ Security Advisory 2018-05: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-05-security-update-for-ot… ∗∗∗ Security Advisory 2018-04: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- https://community.otrs.com/security-advisory-2018-04-security-update-for-ot… ∗∗∗ Vuln: Microsoft Windows JET Database Engine Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105376 ∗∗∗ Wireshark Bugs in Multiple Dissectors Let Remote Users Cause the Application to Crash or Consume Excessive CPU Resources ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041608 ∗∗∗ MediaWiki Multiple Flaws Let Remote Authenticated Users Bypass Security Restrictions and Obtain Potentially Sensitive Information ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041695 ∗∗∗ Asterisk Stack Overflow in HTTP Websocket Upgrade Lets Remote Users Cause the Target Service to Crash ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041694 ∗∗∗ RSA Authentication Manager Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041697 ∗∗∗ HPESBST03881 rev.1 - HPE Command View Advanced Edition (CVAE), Local and Remote Access Restriction Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03879 rev.1 - HPE StorageWorks XP7 Automation Director (AutoDir), Local and Remote Authentication Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03882 rev.1 - HPE Command View Advance Edition (CVAE) using JDK, Local and Remote Authentication Bypass ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.09.2018
by Daily end-of-shift report 20 Sep '18

20 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-09-2018 18:00 − Donnerstag 20-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hunderttausende Überwachungskameras wegen Linux-Schwachstelle angreifbar ∗∗∗ --------------------------------------------- Die Angreifer können die Aufzeichnungen live ansehen, Material löschen oder Videos in Dauerschleife abspielen, um Einbrüche zu verschleiern. --------------------------------------------- https://futurezone.at/digital-life/hunderttausende-ueberwachungskameras-weg… ∗∗∗ BSI veröffentlicht Übersicht qualifizierter DDoS-Mitigation-Dienstleister ∗∗∗ --------------------------------------------- Basierend auf den ebenfalls veröffentlichten Auswahlkriterien für qualifizierte Dienstleister wurde ein wettbewerbsneutrales Verfahren entwickelt, durch das erste geeignete DDoS-Mitigation-Dienstleister identifiziert werden konnten. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/DDos-Mitiga… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (glusterfs, php5, reportbug, and suricata), openSUSE (chromium and exempi), Red Hat (openstack-rabbitmq-container), SUSE (couchdb, crowbar, crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui, gdm, OpenStack, pango, and webkit2gtk3), and Ubuntu (bind9, lcms, lcms2, and lcms2). --------------------------------------------- https://lwn.net/Articles/765814/ ∗∗∗ Vuln: Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability ∗∗∗ --------------------------------------------- Symantec Messaging Gateway is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Versions prior to Messaging Gateway 10.6.6 are vulnerable --------------------------------------------- http://www.securityfocus.com/bid/105330 ∗∗∗ Vuln: Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- Symantec Messaging Gateway is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Versions prior to Messaging Gateway 10.6.6 are vulnerable --------------------------------------------- http://www.securityfocus.com/bid/105329 ∗∗∗ Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10730909 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-11047) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731715 ∗∗∗ IBM Security Bulletin: Privilege escalation vulnerability affects IBM Db2 Administrative Task Scheduler (CVE-2018-1711). ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729983 ∗∗∗ IBM Security Bulletin: Buffer overflow in IBM Db2 tool db2licm (CVE-2018-1710). ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729981 ∗∗∗ IBM Security Bulletin: Privilege escalation in IBM Db2 tool db2cacpy (CVE-2018-1685). ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10729979 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2018-0732) Security Bulletin ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731039 ∗∗∗ IBM Security Bulletin: IBM Cloud Private Cloud Foundry is vulnerable to a security vulnerability ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731705 ∗∗∗ IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Spectrum Scale used by DB2 pureScale (CVE-2018-1431, CVE-2018-1447, CVE-2017-3732, CVE-2016-0705) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731657 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.09.2018
by Daily end-of-shift report 19 Sep '18

19 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-09-2018 18:00 − Mittwoch 19-09-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Western Digitals My Cloud NAS Devices Turn Out to Be Easily Hacked ∗∗∗ --------------------------------------------- Security researchers have discovered an authentication bypass vulnerability in Western Digitals My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices. --------------------------------------------- https://thehackernews.com/2018/09/wd-my-cloud-nas-hacking.html ∗∗∗ XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins ∗∗∗ --------------------------------------------- It appears that on Windows, Xbash will focus on malicious cryptomining functions and self-propagation techniques, while on Linux systems, the malware will flaunt its data destructive tendencies; as the malware triggers a downloader to execute a coinminer on Windows, while on Linux it flaunts ransomware functions. --------------------------------------------- https://threatpost.com/xbash-malware-packs-double-punch-destroys-data-and-m… ∗∗∗ TIPs to Securely Deploy Industrial Control Systems ∗∗∗ --------------------------------------------- Schneider Electric has authored a whitepaper “Effective Implementation of Cybersecurity Countermeasures in Industrial Control Systems” that takes asset owners through the system deployment process. In this blog article, I will provide a brief overview of the concepts presented in the whitepaper. --------------------------------------------- https://blog.schneider-electric.com/cyber-security/2018/09/18/tips-to-secur… ∗∗∗ Fake finance apps on Google Play target users from around the world ∗∗∗ --------------------------------------------- Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the impersonated legitimate services. --------------------------------------------- https://www.welivesecurity.com/2018/09/19/fake-finance-apps-google-play-tar… ∗∗∗ Multi-Vector WordPress Infection from Examhome ∗∗∗ --------------------------------------------- This September, we’ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database. --------------------------------------------- http://labs.sucuri.net/?note=2018-09-18 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Updates available for Adobe Acrobat and Reader (APSB18-34) ∗∗∗ --------------------------------------------- Adobe has published security bulletin for Adobe Acrobat and Reader (APSB18-34) for Windows and MacOS. These updates address critical and important vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1617 ∗∗∗ BSRT-2018-003 Directory traversal vulnerability impacts the Connect Service of the BlackBerry Enterprise Mobility Server ∗∗∗ --------------------------------------------- This advisory addresses a directory traversal vulnerability that has been discovered in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited ... --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Google Chrome, Chromium: Eine Schwachstelle ermöglicht nicht spezifizierte Angriffe ∗∗∗ --------------------------------------------- Ein Angreifer kann aufgrund einer Schwachstelle welche mit dem Schweregrad 'high' bewertet wird nicht weiter spezifizierte Angriffe ausführen. In der Vergangenheit konnten derartige Schwachstellen zumeist von einem entfernten und nicht authentisierten Angreifer ausgenutzt werden. Google stellt die Chrome und Chromium Version 69.0.3497.100 als Sicherheitsupdate bereit. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1886/ ∗∗∗ Xcode: Eine Schwachstelle ermöglicht die Übernahme des Systems ∗∗∗ --------------------------------------------- Ein lokaler, einfach authentifizierter Angreifer kann die Schwachstelle mit Hilfe einer speziell präparierten Anwendung ausnutzen, um beliebigen Programmcode mit Kernelprivilegien auszuführen und dadurch das komplette System zu übernehmen. Apple stellt Xcode 10 für macOS High Sierra 10.13.6 und später zur Behebung der Schwachstelle bereit. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1885/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser and libapache2-mod-perl2), Oracle (kernel), and Ubuntu (ghostscript, glib2.0, and php5). --------------------------------------------- https://lwn.net/Articles/765573/ ∗∗∗ WECON PLC Editor ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01 ∗∗∗ Vuln: Apache Camel CVE-2018-8041 Directory Traversal Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/105352 ∗∗∗ Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180919-… ∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1800) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731379 ∗∗∗ IBM Security Bulletin: Blind SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (CVE-2018-1674) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10720035 ∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by a cryptography vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10720161 ∗∗∗ The BIG-IP ASM system may stop enforcing attack signatures after activating a security policy that includes a new signature ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K83093212 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.09.2018
by Daily end-of-shift report 18 Sep '18

18 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Montag 17-09-2018 18:00 − Dienstag 18-09-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Public Shaming of Companies for Bad Security ∗∗∗ --------------------------------------------- Troy Hunt makes some good points, with good examples. --------------------------------------------- https://www.schneier.com/blog/archives/2018/09/public_shaming_.html ∗∗∗ New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms ∗∗∗ --------------------------------------------- Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms Security researchers at Palo Alto Networks have .. --------------------------------------------- https://securityaffairs.co/wordpress/76305/malware/xbash-malware.html ∗∗∗ Extended Validation Certificates are Dead ∗∗∗ --------------------------------------------- Thats it - Im calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from .. --------------------------------------------- https://www.troyhunt.com/extended-validation-certificates-are-dead/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory: CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal ∗∗∗ --------------------------------------------- Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security restriction and read arbitrary files. Full security advisory --------------------------------------------- https://www.sba-research.org/2018/09/18/security-advisory-cve-2018-13982-sm… ∗∗∗ VMSA-2018-0015.1 ∗∗∗ --------------------------------------------- VMware AirWatch Agent updates resolve remote code execution vulnerability. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0015.html ∗∗∗ iOS 12 is out today - Updates for Safari, watchOS, tvOS, iOS. Full details here https://support.apple.com/en-ca/HT201222, (Tue, Sep 18th) ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/24112 ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh for Apache Struts Remote Code Execution (RCE) Vulnerability (CVE-2018-11776) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10731343 ∗∗∗ IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10725849 ∗∗∗ Remote Code Execution in Moodle ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-un… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.09.2018
by Daily end-of-shift report 17 Sep '18

17 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-09-2018 18:00 − Montag 17-09-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-34) ∗∗∗ --------------------------------------------- A prenotification security advisory (APSB18-34) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Wednesday, September 19, 2018. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1609 ∗∗∗ CSS-basierte Web-Attacke bringt iPhones zum Absturz ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat eine Schwachstelle in iOS entdeckt, mit der iPhones zum Absturz gebracht und neu gestartet werden können. --------------------------------------------- https://futurezone.at/digital-life/css-basierte-web-attacke-bringt-iphones-… ∗∗∗ Fbot, A Satori Related Botnet Using Block-chain DNS System ∗∗∗ --------------------------------------------- Since 2018-09-13 11:30 UTC, a new botnet (we call it Fbot) popped up in our radar which really caught our attention.There are 3 interesting aspects about this new botnet:First, so far the only purpose of this botnet looks to be just going after and removing another botnet --------------------------------------------- http://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-i… ∗∗∗ Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows ∗∗∗ --------------------------------------------- Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-b… ∗∗∗ User Agent String "$ua.tools.random()" ? :-) ! ∗∗∗ --------------------------------------------- For many years I've observed requests for page license.php on my webservers, from various IPs and with various User Agent Strings: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/24102 ∗∗∗ Outdated Duplicator Plugin RCE Abused ∗∗∗ --------------------------------------------- We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is able to run any arbitrary code on the target site. --------------------------------------------- https://blog.sucuri.net/2018/09/outdated-duplicator-plugin-rce-abused.html ∗∗∗ Erlang Authenticated Remote Code Execution ∗∗∗ --------------------------------------------- Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently.Erlange is an interesting language because it has “built-in concurrency, distribution, and fault tolerence”. To me, this means that it does job queing and distributed tasks right out of the gate. --------------------------------------------- https://malicious.link/post/2018/erlang-arce/ ∗∗∗ Bewerbungsschreiben verbreiten Schadsoftware ∗∗∗ --------------------------------------------- Unternehmen erhalten von Arbeitssuchenden elektronische Bewerbungsschreiben. Für die ausführlichen und angehängten Bewerbungsunterlagen der Kandidat/innen sollen sie einen Dateianhang im ZIP-Format öffnen. Er beinhaltet ausführbare Microsoft Windows-Anwendungen, die Schadsoftware sind. Diese Anwendungen dürfen Mitarbeiter/innen nicht öffnen, denn damit installieren sie die Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news/bewerbungsschreiben-verbreiten-schad… ∗∗∗ gymondi.com ist ein Fakeshop ∗∗∗ --------------------------------------------- Gymondi.com ist ein sehr aufwendig aufgesetzter Onlineshop, der das Herz von Sportler/innen höherschlagen lässt. Konsument/innen finden bei gymondi.com Fitnessgeräte zu günstigeren Preisen als bei der Konkurrenz. Zusätzlich zum Preisvorteil kann ein 20% Rabattgutschein eingelöst werden, was den Gesamtpreis erheblich mindert. Wir raten von einem Einkauf ab! Sie werden lediglich um einen hohen Geldbetrag betrogen und gehen leer aus. --------------------------------------------- https://www.watchlist-internet.at/news/gymondicom-ist-ein-fakeshop/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (discount, ghostscript, intel-microcode, mbedtls, thunderbird, and zutils), Fedora (ghostscript, java-1.8.0-openjdk-aarch32, kernel-headers, kernel-tools, libzypp, matrix-synapse, nspr, nss, nss-softokn, nss-util, zsh, and zypper), Mageia (kernel, kernel-linus, and kernel-tmb), openSUSE (chromium, curl, ffmpeg-4, GraphicsMagick, kernel, libzypp, zypper, okular, python3, spice-gtk, tomcat, and zsh), Oracle (kernel), Slackware (php), SUSE (curl, [...] --------------------------------------------- https://lwn.net/Articles/765048/ ∗∗∗ BlackBerry Powered by Android Security Bulletin - September 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Moodle: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1871/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.09.2018
by Daily end-of-shift report 14 Sep '18

14 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-09-2018 18:00 − Freitag 14-09-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Interesting approach: Skill Squatting with Amazon Echo ∗∗∗ --------------------------------------------- Mishearing something every once in a while is a normal thing for humans. In that respect, Amazon Echo has some human characteristics as well. A research team from the University of Illinois has taken a closer look at Echo, Alexa and the abuse potential for malicious Alexa skills. They have presented their findings at the Usenix conference. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/09/31112-skill-squatting-amazon-echo ∗∗∗ Windows, Linux Kodi Users Infected With Cryptomining Malware ∗∗∗ --------------------------------------------- An anonymous reader quotes a report from ZDNet: Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm .. --------------------------------------------- https://it.slashdot.org/story/18/09/13/2118233/windows-linux-kodi-users-inf… ∗∗∗ Apple Has Started Paying Hackers for iPhone Exploits ∗∗∗ --------------------------------------------- Lorenzo Franceschi-Bicchierai, reporting for Motherboard: In 2016, Apples head of security surprised the attendees of one of the biggest security conference in the world by announcing a bug bounty program for Apples mobile operating .. --------------------------------------------- https://it.slashdot.org/story/18/09/14/1441201/apple-has-started-paying-hac… ∗∗∗ Unsuccessfully Defaced Websites ∗∗∗ --------------------------------------------- Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a peculiar JavaScript injection included in the source code. What is a .. --------------------------------------------- https://blog.sucuri.net/2018/09/unsuccessfully-defaced-websites.html ∗∗∗ DarkCloud Bootkit ∗∗∗ --------------------------------------------- In an earlier blog about crypto-malware, we described different techniques used by cybercriminals, such as cryptomining and wallet stealing. In this blog, we will provide a technical analysis of yet another type of .. --------------------------------------------- https://www.zscaler.com/blogs/research/darkcloud-bootkit ∗∗∗ Bug in Intels ME-Firmware: Wieder BIOS-Updates nötig ∗∗∗ --------------------------------------------- Die russischen Experten von PTE haben erneut einen schwerwiegenden Bug bei kryptografischen Schlüsseln in Intels Management Engine (ME) entdeckt. --------------------------------------------- https://heise.de/-4165732 ∗∗∗ GlobeImposter use new ways to spread to the globe: How to prevent falling victims? ∗∗∗ --------------------------------------------- Recently, there have been many incidents of ransomware attacks. Once users are .. --------------------------------------------- https://blog.360totalsecurity.com/en/globeimposter-use-new-ways-to-spread-t… ∗∗∗ Hacking an assault tank… A Nerf one ∗∗∗ --------------------------------------------- TL;DR A complex, challenging reverse and hijack of a toy tank Nerf gun camera, but the result was we got to shoot the 44Con conference organiser with it! Why A remote-controlled Nerf gun with .. --------------------------------------------- https://www.pentestpartners.com/security-blog/hacking-an-assault-tank-a-ner… ===================== = Vulnerabilities = ===================== ∗∗∗ Honeywell Mobile Computers with Android Operating Systems ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper privilege management vulnerability in the Honeywell mobile computers running the Android Operating System. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01 ∗∗∗ CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption ∗∗∗ --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-Sec… ∗∗∗ HPESBHF03866 rev.1 - HPE Integrated Lights-Out 3,4,5 using SSH, Remote Execution of Arbitrary Code and Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.09.2018
by Daily end-of-shift report 13 Sep '18

13 Sep '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 12-09-2018 18:00 − Donnerstag 13-09-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Office VBA + AMSI: Parting the veil on malicious macros ∗∗∗ --------------------------------------------- As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior. --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi… ∗∗∗ A New Mining Botnet Blends Its C2s into ngrok Service ∗∗∗ --------------------------------------------- These days, it feels like new mining malwares are popping up almost daily and we have pretty much stopped blogging the regular ones so we don’t flood our readers’ feed. With that being said, one did have our attention recently. This botnet hides its C2s(Downloader and Reporter [...] --------------------------------------------- http://blog.netlab.360.com/a-new-mining-botnet-blends-its-c2s-into-ngrok-se… ∗∗∗ Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars ∗∗∗ --------------------------------------------- High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow to unlock and start the vehicle based on the physical proximity of a paired key fob; no user interaction is required. --------------------------------------------- https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyles… ∗∗∗ The 42M Record kayo.moe Credential Stuffing Data ∗∗∗ --------------------------------------------- This is going to be a brief blog post but its a necessary one because I cant load the data Im about to publish into Have I Been Pwned (HIBP) without providing more context than what I can in a single short breach description. Heres the story: [...] --------------------------------------------- https://www.troyhunt.com/the-42m-record-kayo-moe-credential-stuffing-data/ ∗∗∗ Keine 359,88 Euro an Streaming-Plattformen zahlen ∗∗∗ --------------------------------------------- Die Streaming-Plattformen borastream.de und matostream.de verlangen von Besucher/innen eine kostenlose Registrierung. Sie führt ohne Hinweis zu einer Premium-Mitgliedschaft um 359,88 Euro pro Jahr. Konsument/innen müssen die Rechnung der Website-Betreiberinnen Roxo Films Ltd bzw. Filmser Ltd27 nicht bezahlen, denn ihre Angebote sind unseriöse Abo-Fallen. --------------------------------------------- https://www.watchlist-internet.at/news/keine-35988-euro-an-streaming-plattf… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ghostscript and openssh), Oracle (firefox), Scientific Linux (firefox and OpenAFS), SUSE (tomcat), and Ubuntu (openjdk-lts). --------------------------------------------- https://lwn.net/Articles/764713/ ∗∗∗ ZDI-18-1046: (0Day) PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1046/ ∗∗∗ Intel Baseboard Management Controller (BMC) Firmware: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1861/ ∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1791) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731207 ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-1656 and CVE-2018-12539) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728399 ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718837 ∗∗∗ IBM Security Bulletin: A Vulnerability in the Java runtime environment that IBM provides affects WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718653 ∗∗∗ IBM Security Bulletin: A Vulnerability in Java runtime environment that IBM provides affects WebSphere eXtreme Scale ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718453 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731317 ∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0739 ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10731019 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily