End-of-Day report
Timeframe: Freitag 12-10-2018 18:00 - Montag 15-10-2018 18:00
Handler: Alexander Riepl
Co-Handler: Dimitri Robl
News
l+f: Krypto-Miner hegt und pflegt Flash
Ein Trojaner tut erst Gutes und dann Böses.
http://heise.de/-4190878
Patching, Re-Patching and Meta-Patching the Jet Database Engine RCE (CVE-2018-8423)
Flawed Patches Will Always Happen, But We Can Change How They Get Fixed by Mitja Kolsek, the 0patch TeamTL;DR: Microsoft patched CVE-2018-8423 eighteen days after we had micropatched it. Their official patch turned out to be incomplete so we re-micropatched it.This is a story about a Windows vulnerability that was reported to Microsoft, published as "0day" before the official patch was available, micropatched by us one day later, subsequently patched by Microsoft, found to be [...]
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
Datendiebstahl mit gefälschter WhatsApp-Rechnung
Datendiebe versenden eine gefälschte WhatsApp-Rechnung per E-Mail. Darin behaupten sie in betrügerischer Absicht, dass Konsument/innen für den Messenger bezahlen müssen. Dazu sollen sie auf einer Website ihre Kreditkartendaten und ihren TAN-Code bekannt geben. Das führt zur Übermittlung der Informationen an Kriminelle. Dadurch verlieren Opfer ihr Geld und ihre Identität an Datendiebe.
https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschter-whatsapp-rechnung/
IT-Security - "PHP-Zeitbombe": 62 Prozent aller Internetseiten sind bald unsicher
Mit Ende des Jahres endet der Support für PHP 5.6, das immer noch vielfach genutzt wird
https://derstandard.at/2000089376436/PHP-Zeitbombe-62-Prozent-aller-Internetseiten-sind-bald-unsicher
Vulnerabilities
MS-ISAC Releases Advisory on PHP Vulnerabilities
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2018/10/12/MS-ISAC-Releases-Advisory-PHP-Vulnerabilities
Security updates for Monday
Security updates have been issued by Arch Linux (wireshark-cli), Debian (imagemagick, otrs2, tomcat7, and wireshark), Fedora (ca-certificates, dislocker, dolphin-emu, kernel-headers, kernel-tools, libgit2, mbedtls, mingw-openjpeg2, nekovm, openjpeg2, patch, strongswan, and thunderbird), Mageia (firefox, git, nextcloud, and texlive), Oracle (kernel and openssl), Scientific Linux (spamassassin), SUSE (libtirpc), and Ubuntu (requests).
https://lwn.net/Articles/768406/
Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170306-01-smartphone-en
IBM Security Bulletin: Vulnerability CVE-2018-11763 in the IBM i HTTP Server affects IBM i.
http://www.ibm.com/support/docview.wss?uid=ibm10735045
IBM Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777)
https://www-01.ibm.com/support/docview.wss?uid=ibm10730631