End-of-Day report
Timeframe: Mittwoch 03-10-2018 18:00 - Donnerstag 04-10-2018 18:00
Handler: Stephan Richter
Co-Handler: Dimitri Robl
News
Phishing Attacks Distributed Through CloudFlares IPFS Gateway
Yesterday we reported on a phishing attack that utilizes Azure Blob storage in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs used by the same attacker, BleepingComputer has discovered that these same bad actors are utilizing the Cloudflare IPFS gateway for the same purpose.
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
Nicht bei conquerconsoles.com, konsolenkammer24.de oder konsolenstation24.com kaufen
Die Fakeshops conquerconsoles.com, konsolenkammer24.de und konsolenstation24.com vertreiben Spielkonsolen und Spiele zu unschlagbaren Preisen. Die Fakeshops locken mit Angeboten, wo Sie eine PlayStation 4 samt Spiel und Controller kostengünstig erwerben können. Sie können nur im Voraus per Banküberweisung bezahlen, erhalten aber keine Ware!
https://www.watchlist-internet.at/news/nicht-bei-conquerconsolescom-konsolenkammer24de-oder-konsolenstation24com-kaufen/
Vulnerabilities
Printer, email and PDF versions - Highly critical - Remote Code Execution - SA-CONTRIB-2018-063
Project: Printer, email and PDF versionsVersion: 7.x-2.x-devDate: 2018-October-03Security risk: Highly critical 20-25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionDescription: This module provides printer-friendly versions of content, including send by e-mail and PDF versions.The module doesnt sufficiently sanitize the arguments passed to the wkhtmltopdf executable, allowing a remote attacker to execute arbitrary shell commands.
https://www.drupal.org/sa-contrib-2018-063
Security updates for Thursday
Security updates have been issued by Arch Linux (firefox and python-django), Debian (dnsmasq, firefox-esr, imagemagick, and linux-4.9), Fedora (haproxy), openSUSE (bitcoin, firefox, and texlive), SUSE (openslp), and Ubuntu (apache2).
https://lwn.net/Articles/767611/
Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions.The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions.The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass
More Cisco Security Advisories
https://tools.cisco.com/security/center/publicationListing.x
Red Hat JBoss Web Server: Eine Schwachstelle ermöglicht das Erlangen von Benutzerrechten
https://adv-archiv.dfn-cert.de/adv/2018-1992/
Apache Tomcat: Eine Schwachstelle ermöglicht das Darstellen falscher Informationen
https://adv-archiv.dfn-cert.de/adv/2018-2000/
ClamAV: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe
https://adv-archiv.dfn-cert.de/adv/2018-2008/
IBM Security Bulletins
https://www.ibm.com/blogs/psirt/