End-of-Day report
Timeframe: Dienstag 02-10-2018 18:00 - Mittwoch 03-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Phishing Attack Uses Azure Blob Storage to Impersonate Microsoft
A new Office 365 phishing attack utilizes an interesting method of storing their phishing form hosted on Azure Blob Storage in order to be secured by a Microsoft SSL certificate.
https://www.bleepingcomputer.com/news/security/phishing-attack-uses-azure-blob-storage-to-impersonate-microsoft/
ct deckt auf: Enigmail verschickt Krypto-Mails im Klartext
In der verbreiteten Thunderbird-Erweiterung Enigmail steckt ein fataler Fehler. Das Problem betrifft den Junior-Modus, der seit April standardmäßig aktiv ist.
https://heise.de/-4180405
Popular TP-Link wireless home router open to remote hijacking
By concatenating a known improper authentication flaw with a newly discovered CSRF vulnerability, remote unauthenticated attackers can obtain full control over TP-Link TL-WR841N, a popular wireless consumer router used worldwide. "This type of remote attack can also compromise routers behind a network address translator (NAT) and those not exposed to the public wide area network (WAN) as the vulnerability is remotely reflected off a locally connected host, rather than coming directly over [...]
https://www.helpnetsecurity.com/2018/10/03/tp-link-wireless-home-router-hijacking/
Vulnerabilities
Delta Electronics ISPSoft
This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics ISPSoft software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-275-01
GE Communicator
This advisory includes mitigations for a heap-based buffer overflow vulnerability in GEs Communicator, an application for programming and monitoring supported metering devices.
https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02
Entes EMG 12
This advisory includes mitigations for improper authentication and information exposure through query strings in GET request vulnerabilities in the Entes EMG 12 Ethernet Modbus Gateway.
https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03
Security updates for Wednesday
Security updates have been issued by Fedora (elfutils), Gentoo (firefox), Red Hat (instack-undercloud, openstack-tripleo-heat-templates and openstack-nova), Slackware (mozilla), SUSE (ghostscript, ImageMagick, kernel, mgetty, qemu, and unzip), and Ubuntu (firefox, haproxy, kernel, liblouis, and webkit2gtk).
https://lwn.net/Articles/767539/
ZDI-18-1107: (0Day) Wecon PIStudio screendata HSC Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1107/
ZDI-18-1106: (0Day) Wecon PIStudio xmlparser LoadXMLFile XML External Entity Processing Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1106/
ZDI-18-1109: (0Day) Wecon PIStudio basedll TextContent Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1109/
ZDI-18-1108: (0Day) Wecon PIStudio cximageu Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1108/
IBM Security Bulletins
https://www.ibm.com/blogs/psirt/
HPESBGN03900 rev.1 - HPE enhanced Internet Usage Manager (eIUM) Remote Unauthorized Disclosure of Information vulnerability and Remote Bypass Security Restrictions
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us
Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/