End-of-Day report
Timeframe: Donnerstag 04-10-2018 18:00 - Freitag 05-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stefan Lenzhofer
News
Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware
The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware.
https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-now-installing-the-kraken-cryptor-ransomware/
365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
Posted by Ivan Fratric, Google Project ZeroAround a year ago, we published the results of research about the resilience of modern browsers against DOM fuzzing, a well-known technique for finding browser bugs. Together with the bug statistics we also published Domato, our DOM fuzzing tool that was used to find those bugs.Given that in the previous research, Apple Safari, or more specifically, WebKit (its DOM engine) did noticeably worse than other browsers, we decided to revisit it after a year [...]
https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-exploiting.html
ThreatList: 83% of Routers Contain Vulnerable Code
Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities.
https://threatpost.com/threatlist-83-of-routers-contain-vulnerable-code/137966/
Domain Name System: Vorsichtsmaßnahmen für den DNS-Schlüsseltausch
Der kryptografische Hauptschlüssel des DNS wird in einer Woche gewechselt. Für unvorbereitete Provider kann das fatale Folgen haben.
http://heise.de/-4179793
Vulnerabilities
Carestream Vue RIS
This advisory includes mitigations for an information exposure through an error message vulnerability in the Carestream Vue RIS, a web-based radiology information system.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01
Change Healthcare PeerVue Web Server
This advisory includes mitigations for an information exposure through an error message vulnerability in the Change Healthcare PeerVue Web Server.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-02
WECON PI Studio
This advisory includes information on stack-based buffer overflow, out-of-bounds write, and out-of-bounds read vulnerabilities in WECON-s PI Studio HMI project programmer.
https://ics-cert.us-cert.gov/advisories/ICSA-18-277-01
Security Advisory 2018-06: Security Update for OTRS Framework
October 05, 2018 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:
security at otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2020-11-16] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22The post Security Advisory 2018-06: Security Update for OTRS Framework appeared first on | community.otrs.com.
https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/
VMSA-2018-0024.1
VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability
https://www.vmware.com/security/advisories/VMSA-2018-0024.html
Security updates for Friday
Security updates have been issued by Debian (kernel), Fedora (lcms2, php-tcpdf, and udisks2), openSUSE (ImageMagick, libX11, openssl-1_0_0, openssl-1_1, and otrs), SUSE (kernel, php5, php53, php7, and python), and Ubuntu (apparmor and imagemagick).
https://lwn.net/Articles/767689/
IBM Security Bulletin: A vulnerability in yum-utils affects PowerKVM
http://www.ibm.com/support/docview.wss?uid=ibm10728307
IBM Security Bulletin: Vulnerabilities in docker affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=ibm10725649
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access
https://www.ibm.com/support/docview.wss?uid=ibm10733857
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software
https://www-01.ibm.com/support/docview.wss?uid=ibm10733905
IBM Security Bulletin: IBM Security Key Lifecycle Manager generates Application Error (CVE-2018-1753)
http://www.ibm.com/support/docview.wss?uid=ibm10733359
IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Incorrect Permission Assignment for Critical Resource (CVE-2018-1750)
http://www.ibm.com/support/docview.wss?uid=ibm10733311
IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Hazardous Input Validation ( CVE-2018-1749)
http://www.ibm.com/support/docview.wss?uid=ibm10733303
IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Information Exposure (CVE-2018-1743)
http://www.ibm.com/support/docview.wss?uid=ibm10733351
IBM Security Bulletin: IBM Security Key Lifecycle Manager Uses Hard-coded Credentials (CVE-2018-1742)
http://www.ibm.com/support/docview.wss?uid=ibm10733419
IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Improper Control of Interaction Frequency (CVE-2018-1741)
http://www.ibm.com/support/docview.wss?uid=ibm10733425
Security vulnerabilities fixed in Thunderbird 60.2.1
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/