Tageszusammenfassung - 19.01.2018

End-of-Day report

Timeframe: Donnerstag 18-01-2018 18:00 − Freitag 19-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter


∗∗∗ Magento: Kreditkartendaten von bis zu 40.000 Oneplus-Käufern kopiert ∗∗∗ Oneplus hat seine Untersuchung zu kopierten Kreditkarten abgeschlossen. Angreifer konnten wohl eine Schwachstelle für Cross-Site-Scripting ausnutzen.

https://www.golem.de/news/magento-kreditkartendaten-von-bis-zu-40-000-oneplus-kaeufern-kopiert-1801-132267-rss.html ∗∗∗ NCSC Releases Security Advisory ∗∗∗ Original release date: January 18, 2018 The United Kingdoms National Cyber Security Centre (NCSC) has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. NCCIC/US-CERT encourages users and administrators to review the NCSC advisory to access the report and for more information.

https://www.us-cert.gov/ncas/current-activity/2018/01/18/NCSC-Releases-Security-Advisory ∗∗∗ 2018: Vierfach-Jubiläum für Österreichs Internet ∗∗∗ Nicht nur die Republik begeht im heurigen Jahr mehrere Jahrestage, auch Österreichs Internet hat 2018 mehrfachen Grund zu feiern: Vor genau dreißig Jahren wurde die Internet-Endung .at ins weltweite Domain Name System eingetragen, 1998 wurden die Vergabestelle nic.at und die Online-Meldestelle Stopline ins Leben gerufen. Das CERT.at, Österreichs nationales Computer Emergency Response Team, feiert 2018 seinen zehnten Geburtstag.

https://www.nic.at/de/news/pressemeldungen/2018-vierfach-jubilaum-fur-osterreichs-internet ∗∗∗ Militärs, Journalisten, Aktivisten: Libanesische Hacker vergaßen Daten auf offenem Server ∗∗∗ Libanesischer Geheimdienst GDGS als Urheber des Leaks vermutet – Betroffene aus über 20 Ländern



∗∗∗ Cisco Releases Security Updates ∗∗∗ Original release date: January 17, 2018 | Last revised: January 18, 2018 Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: [...]

https://www.us-cert.gov/ncas/current-activity/2018/01/17/Cisco-Releases-Security-Updates ∗∗∗ Filr 3.0 - Security Update 3 ∗∗∗ Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360950Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:readme_filr_3su3.txt (2.68 kB)Products:Filr 3 Standard EditionFilr 3 Advanced EditionSuperceded Patches: None

https://download.novell.com/Download?buildid=4_X7yeGlMKg~ ∗∗∗ Filr 2.0 - Security Update 4 ∗∗∗ Abstract: Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).Document ID: 5360930Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:Search- (157.55 MB)MySQL- (157.55 MB)Filr- (157.55 MB)Products:Filr 2Superceded Patches: None

https://download.novell.com/Download?buildid=h0wMCm1OqIU~ ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001), Citrix has superseded these hotfixes with new hotfixes listed below. Customers are strongly recommended to apply these new hotfixes.

https://support.citrix.com/article/CTX231390 ∗∗∗ Security updates for Friday ∗∗∗ Security updates have been issued by Arch Linux (bind, irssi, nrpe, perl-xml-libxml, and transmission-cli), CentOS (java-1.8.0-openjdk), Debian (awstats, libgd2, mysql-5.5, rsync, smarty3, and transmission), Fedora (keycloak-httpd-client-install and rootsh), and Red Hat (java-1.7.0-oracle and java-1.8.0-oracle).

https://lwn.net/Articles/744791/rss ∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel ∗∗∗ DFN-CERT-2018-0136: Symantec Advanced Secure Gateway, ProxySG: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2018-0136/ ∗∗∗ CPU hardware vulnerable to Meltdown and Spectre attacks ∗∗∗

http://fortiguard.com/psirt/FG-IR-18-002 ∗∗∗ IBM Security Bulletin: IBM StoredIQ is affected by the vulnerabilities known as Spectre and Meltdown. ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22012718 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for IBM Cloud October 2017 CPU ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22011913 ∗∗∗ IBM Security Bulletin: September 2016 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010852 ∗∗∗ BIG-IP AFM vulnerability CVE-2017-6142 ∗∗∗
