Tageszusammenfassung - 18.10.2018

End-of-Day report

Timeframe: Mittwoch 17-10-2018 18:00 - Donnerstag 18-10-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Hack.lu 2018 Wrap-Up Day #2

The second day started early with an eye-opener talk: -IPC - the broken dream of inherent security- by Thanh Bui. IPC or -Inter-Process Communications- are everywhere. You can compare them as a network connection between a ..

https://blog.rootshell.be/2018/10/17/hack-lu-2018-wrap-up-day-2/

Sicherheitslücken-Cocktail bringt D-Link-Router zu Fall

Ein Sicherheitsforscher kombiniert drei Sicherheitslücken und erlangt die volle Kontrolle über D-Link-Router. Patches gibt es noch nicht.

http://heise.de/-4195134

Distrust of the Symantec PKI: Immediate action needed by site operators

Chrome 70 has now been released to the Stable Channel, and users will start to see full screen interstitials on sites which still use certificates issues by the Legacy Symantec ..

https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

VestaCP compromised in a new supply-chain attack

Customers see their admin credentials stolen and their servers infected with ..

https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed

Vulnerabilities

TYPO3-PSA-2018-001: By-passing Protection of PharStreamWrapper Interceptor

It has been discovered that the protection against insecure deserialization can be by-passed in PharStreamWrapper component.

https://typo3.org/security/advisory/typo3-psa-2018-001/

Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

https://www.drupal.org/sa-core-2018-006

Drupal Core - 3rd-party libraries -SA-CORE-2018-005

https://www.drupal.org/SA-CORE-2018-005

HTML Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-069

https://www.drupal.org/sa-contrib-2018-069

Mime Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-068

https://www.drupal.org/sa-contrib-2018-068

Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlan-xss