End-of-Day report
Timeframe: Donnerstag 11-10-2018 18:00 - Freitag 12-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Jetzt patchen! Proof-of-Concept-Code für Windows-Lücke veröffentlicht
Ein Sicherheitsforscher zeigt, wie er mit einem vergleichsweise simplen Skript aus dem Browser Edge heraus eine andere Anwendung startet.
http://heise.de/-4189565
Adaptable, All-in-One Android Trojan Shows the Future of Malware
GPlayed may be the new face of malware -- flexible and adaptable, with a Swiss Army knife-like toolbox that can be used to target pretty much anyone.
https://threatpost.com/adaptable-all-in-one-android-trojan-shows-the-future-of-malware/138215/
New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors
Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot.
https://threatpost.com/new-drupalgeddon-attacks-enlist-shellbot-to-open-backdoors/138230/
Google Adds Control-Flow Integrity to Beef up Android Kernel Security
Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities.
https://thehackernews.com/2018/10/android-linux-kernel-cfi.html
AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States. In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world.
https://www.us-cert.gov/ncas/alerts/AA18-284A
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin).
https://lwn.net/Articles/768244/
NUUO NVRmini2 and NVRsolo
This advisory includes mitigations for stack-based buffer overflow and leftover debug code vulnerabilities in NUUOs NVRmini2 and NVRsolo network video recorders.
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-01
NUUO CMS
This advisory includes mitigations for use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical resource, and use of hard-coded credentials vulnerabilities in a NUUOs CMS software management platform.
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02-NUUO-CMS
Delta Industrial Automation TPEditor
This advisory includes mitigations for out-of-bounds write and stack-based buffer overflow vulnerabilities in the Delta Industrial Automation TPEditor software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-03
Critical Patch Update - October 2018 - Pre-Release Announcement
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in glibc (CVE-2018-11236)
http://www.ibm.com/support/docview.wss?uid=ibm10734721
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH
http://www.ibm.com/support/docview.wss?uid=ibm10734739
IBM Security Bulletin: Vulnerabilities in procps affect IBM BladeCenter Advanced Management Module (AMM)
http://www.ibm.com/support/docview.wss?uid=ibm10733895
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in procps
https://www-01.ibm.com/support/docview.wss?uid=ibm10734741
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in OpenSLP (CVE-2017-17833)
http://www.ibm.com/support/docview.wss?uid=ibm10734657
IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Path Traversal (CVE-2018-1744)
https://www-01.ibm.com/support/docview.wss?uid=ibm10733353
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libjpeg
http://www.ibm.com/support/docview.wss?uid=ibm10734731
IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to a XML External Entity Injection (XXE) attack (CVE-2018-1747)
https://www-01.ibm.com/support/docview.wss?uid=ibm10733429
IBM Security Bulletin: Vulnerabilities in Python affect IBM BladeCenter Advanced Management Module (AMM)
http://www.ibm.com/support/docview.wss?uid=ibm10733909
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in ICU
http://www.ibm.com/support/docview.wss?uid=ibm10734727