End-of-Day report
Timeframe: Mittwoch 10-10-2018 18:00 - Donnerstag 11-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
5 Endpoint Threats Impacting Security
Introduction Endpoint threats pose serious security risks to many organizations. Companies are reporting attacks ranging from ransomware to phishing attacks. These attacks lead to the loss of customer data, resulting in massive damage to the company-s reputation, finances and structure.
https://resources.infosecinstitute.com/5-endpoint-threats-impacting-security/
ICS Tactical Security Trends: Analysis of the Most Frequent SecurityRisks Observed in the Field
Introduction FireEye iSIGHT Intelligence compiled extensive data from dozens of ICS security health assessment engagements (ICS Healthcheck) performed by Mandiant, FireEyes consulting team, to identify the most pervasive and highest priority security risks in industrial facilities. The information was acquired from hands-on assessments carried out over the last few years across a broad range of industries [...]
http://www.fireeye.com/blog/threat-research/2018/10/ics-tactical-security-trends-analysis-of-security-risks-observed-in-field.html
DNS-Schlüsselwechsel: Wie man DNS-Ausfälle erkennt, was dagegen hilft
Am 11.10. wechselt die ICANN den DNS-Vertrauensanker. Dabei kann es zu Ausfällen von Internet-Diensten kommen. Wir fassen zusammen, was dagegen hilft.
https://heise.de/-4187064
Sicherheitsupdates: Junipers Junos OS offen für Fernzugriff ohne Passwort
In Junos OS klaffen zum Teil kritische Sicherheitslücken. Aktualisierte Versionen des Betriebssystems schließen die Schwachstellen.
http://heise.de/-4188397
Nicht bei saturn-media.net einkaufen
Saturn-media.net lockt mit günstigen Technikangeboten und versucht durch den Domain eine Verbindung zu den seriösen Anbietern Media Markt und Saturn herzustellen. Saturn-media.net hat jedoch nichts mit den genannten Anbietern zu tun, es handelt sich um einen Fakeshop. Sie erhalten keine Ware und verlieren ihr Geld!
https://www.watchlist-internet.at/news/nicht-bei-saturn-medianet-einkaufen/
Vulnerabilities
Juniper Networks Releases Security Updates
Original release date: October 10, 2018 Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the Juniper Security Advisories website and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
https://www.us-cert.gov/ncas/current-activity/2018/10/10/Juniper-Networks-Releases-Security-Updates
NVP field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-066
Project: NVP fieldDate: 2018-October-10Security risk: Moderately critical 14-25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: NVP field module allows you to create a field type of name/value pairs, with customtitles and easily editable rendering with customizable HTML/text surrounding the pairs.The module doesnt sufficiently handle sanitization of its field formatters output.
https://www.drupal.org/sa-contrib-2018-066
Search API Solr Search - Moderately critical - Access bypass - SA-CONTRIB-2018-065
Project: Search API Solr SearchVersion: 7.x-1.13Date: 2018-October-10Security risk: Moderately critical 10-25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypassDescription: This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module.The module doesnt sufficiently take the searched fulltext fields into account when creating a search excerpt.
https://www.drupal.org/sa-contrib-2018-065
Lightbox2 - Critical - Cross Site Scripting - SA-CONTRIB-2018-064
Project: Lightbox2Version: 7.x-2.x-devDate: 2018-October-10Security risk: Critical 18-25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: The Lightbox2 module enables you to overlay images on the current page.The module did not sanitize some inputs when used in combination with a custom view leading to potential Cross Site Scripting (XSS).Solution: Install the latest version [...]
https://www.drupal.org/sa-contrib-2018-064
Teltonika RUT9XX Unauthenticated OS Command Injection
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection
Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting
Teltonika RUT9XX Missing Access Control to UART Root Terminal
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_Teltonika_Incorrect_Access_Control
Security updates for Thursday
Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).
https://lwn.net/Articles/768145/
IBM Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
http://www.ibm.com/support/docview.wss?uid=ibm10728795
IBM Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801q
https://www-01.ibm.com/support/docview.wss?uid=ibm10731217
IBM Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server (CVE-2014-7810)
https://www-01.ibm.com/support/docview.wss?uid=ibm10729557
IBM Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770)
https://www-01.ibm.com/support/docview.wss?uid=ibm10729521
IBM Security Bulletin: IBM FileNet Content Manager component FileNet Deployment Manager security vulnerability
https://www.ibm.com/support/docview.wss?uid=ibm10732755
IBM Security Bulletin: Remote code execution vulnerability (CVE-2018-1260) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1
http://www.ibm.com/support/docview.wss?uid=ibm10731859
IBM Security Bulletin: Cross-site scripting vulnerabilities affect Rational Publishing Engine
http://www.ibm.com/support/docview.wss?uid=ibm10734697