End-of-Day report
Timeframe: Dienstag 09-10-2018 18:00 - Mittwoch 10-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Zero-day exploit (CVE-2018-8453) used in targeted attacks
Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453.
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Patchday: Zero-Day-Fix für Windows, kritische Exchange-Lücke
Im Oktober behebt Microsoft knapp 50 Sicherheitsprobleme. Darunter kritische Lücken in Windows-Komponenten und im Exchange Mail-Server.
http://heise.de/-4186268
Kritische Sicherheitslücke gefährdet Milliarden WhatsApp-Nutzer
Eine Sicherheitslücke in WhatsApp ermöglicht es, ein Smartphone mit einem einzigen Video-Call zu kapern. Potentiell betroffen sind Milliarden WhatsApp-Nutzer.
http://heise.de/-4186365
Patchday: Adobe stopft kritische Lücke in Digital Editions
Ein Sicherheitsupdate für Flash, das keins ist, und die Abwesenheit von Reader-Patches sorgen bei Adobe für einen eher untypischen Patchday.
http://heise.de/-4186327
IIS attacks surge from 2,000 to 1.7 million over last quarter
IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. According to a new threat report from eSentire, IIS attacks showed a massive increase, from 2,000 to 1.7 million, since last quarter.
https://www.helpnetsecurity.com/2018/10/10/iis-attacks-surge/
Magecart hacks Shopper Approved to simultaneously hit many e-commerce sites
The cybercriminal groups under the Magecart umbrella strike again and again, and one of them has apparently specialized in compromising third parties to more easily get in as many online shops as possible. The latest target of Magecart Group 5, as it has been dubbed by RiskIQ researcher Yonathan Klijnsma, is Shopper Approved, an organization that provides rating seals for online stores.
https://www.helpnetsecurity.com/2018/10/10/magecart-hacks-shopper-approved/
Kleinanzeigenbetrug mit Western Union Überweisungen
Vorsicht beim Kleinanzeigenverkauf! BetrügerInnen, die sich als KaufinteressentInnen ausgeben, behaupten, ihren Opfern überhöhte Geldbeträge überwiesen zu haben, die nur durch eine Western Union Transaktion an ein Speditionsunternehmen freigeschalten werden können. Führen Sie diese Transaktion nicht durch, denn Ihr Geld wäre verloren und die freizuschaltende Überweisung gibt es nicht!
https://www.watchlist-internet.at/news/kleinanzeigenbetrug-mit-western-union-ueberweisungen/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Digital Editions (APSB18-27), Adobe Experience Manager (APSB18-36), Adobe Framemaker (APSB18-37) and Adobe Technical Communications Suite (APSB18-38). Adobe recommends users update their product installations to the latest versions using the instructions referenced [...]
https://blogs.adobe.com/psirt/?p=1633
jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability
Topic: jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability Risk: Medium Text:Title: jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability Author: Larry W. Cashdollar [...]
https://cxsecurity.com/issue/WLB-2018100094
GE iFix
This advisory includes mitigations for an unsafe ActiveX control marked safe for scripting vulnerability in a Gigasoft component affecting GE-s iFix HMI products.
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01
Fuji Electric Energy Savings Estimator
This advisory includes mitigations for an uncontrolled search path element (DLL Hijacking) vulnerability in the Fuji Electric Energy Savings Estimator software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-07
October 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month-s security updates can be found in the Security Update Guide.
https://blogs.technet.microsoft.com/msrc/2018/10/09/october-2018-security-update-release/
October 2018 Microsoft Patch Tuesday, (Tue, Oct 9th)
Microsoft released patches for 48 vulnerabilities today and one advisory regarding a defense in depth update for Office. No Adobe updates are included so far, but Adobe has released updates to PDF Reader / Acrobat about a week ago.
https://isc.sans.edu/diary/rss/24186
VMSA-2018-0025
VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability
https://www.vmware.com/security/advisories/VMSA-2018-0025.html
USN-3787-1: Tomcat vulnerability
tomcat7, tomcat8 vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 16.04 LTSUbuntu 14.04 LTSSummaryTomcat could be made to redirect to arbitrary locations.Software Descriptiontomcat8 - Servlet and JSP enginetomcat7 - Servlet and JSP engineDetailsIt was discovered that Tomcat incorrectly handled returning redirects to adirectory. A remote attacker could possibly use this issue with a speciallycrafted URL to redirect to arbitrary URIs.
https://usn.ubuntu.com/3787-1/
October 2018 Office Update Release
The October 2018 Public Update releases for Office are now available! This month, there are 23 security updates and 17 non-security updates. All of the security and non-security updates are listed in KB article 4464656. A new version of Office 2013 Click-To-Run is available: 15.0.5075.1001 A new version of Office 2010 Click-To-Run is available: 14.0.7214.5000
https://blogs.technet.microsoft.com/office_sustained_engineering/2018/10/09/october-2018-office-update-release/
Security updates for Wednesday
Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).
https://lwn.net/Articles/768041/
BSRT 2018-004 Information Disclosure Vulnerability in Management Console Impacts UEM
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000052161
Security Advisory - Improper Authentication Vulnerability on Smartphones
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181010-01-applock-en
IBM Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server in IBM Cloud July 2018 CPU
https://www-01.ibm.com/support/docview.wss?uid=ibm10734161
IBM Security Bulletin: IBM FileNet Content Manager affected by Apache PDFBox security vulnerability
https://www.ibm.com/support/docview.wss?uid=ibm10716315
IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud
https://www-01.ibm.com/support/docview.wss?uid=ibm10734167
IBM Security Bulletin: Server Automation is affected by the following GSKit vulnerabilities (CVE-2018-1447, CVE-2018-1427, CVE-2018-1428)
http://www.ibm.com/support/docview.wss?uid=ibm10718773