End-of-Day report
Timeframe: Freitag 02-11-2018 18:00 - Montag 05-11-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
New Microsoft Edge Browser Zero-Day RCE Exploit in the Works
Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...]
https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-zero-day-rce-exploit-in-the-works/
Neue Schwachstelle in Intel-CPUs: Hyper-Threading anfällig für Datenleck
Forscher demonstrieren einen neuen CPU-Bug bei aktuellen Intel-Prozessoren, über den sich Daten aus einem benachbarten Thread auslesen lassen.
http://heise.de/-4210282
Streaming-Server Icecast: Angreifer könnten Online-Radiosender ausknipsen
In der aktuellen Version von Icecast haben die Entwickler eine Sicherheitslücke geschlossen.
http://heise.de/-4210875
Heres Why [Insert Thing Here] Is Not a Password Killer
These days, I get a lot of messages from people on security related things. Often its related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. But on a fairly regular basis, [...]
https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/
Finger weg vom Fake-Shop gaming-ez.com!
Kaufen Sie nicht auf gaming-ez.com ein. Die Playstation 4 Pro-, Xbox One- oder Nintendo Switch- Angebote sind zwar verlockend, werden aber nie geliefert. Überwiesenes Geld ist verloren.
https://www.watchlist-internet.at/news/finger-weg-vom-fake-shop-gaming-ezcom/
Datendiebstahl mit gefälschtem AirAsia-Ticket
Konsument/innen erhalten ein gefälschtes AirAsia-Ticket für einen Flug von Hong Kong nach Kuala Lumpur. Sie können es stornieren, indem sie die Website eines Payment Center aufrufen. Dieses fragt PayPal-Zugangsdaten sowie Kreditkarten- und Bankinformationen ab. Ebenfalls ist eine persönliche Identifizierung vorgesehen. Kund/innen, die die gewünschten Informationen bekannt geben, werden Opfer eines Daten- und Identitätsdiebstahls.
https://www.watchlist-internet.at/news/datendiebstahl-mit-gefaelschtem-airasia-ticket/
Vulnerabilities
IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products
Affected product(s) and affected version(s):IBM Cloud Application Performance Management, Base Private IBM Cloud Application Performance Management, Advanced Private IBM Cloud Application Performance Management
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affect-ibm-performance-management-products-2/
IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability found by vFinder (CVE-2018-14883 and CVE-2018-14851)
Affected product(s) and affected version(s):Affected Product NameAffected VersionsIBM Lotus Protector for Mail Security2.8.3.0IBM Lotus Protector for Mail Security2.8.1.0
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-for-mail-security-has-released-fixes-in-response-to-the-public-disclosed-vulnerability-found-by-vfinder-cve-2018-14883-and-cve-2018-14851/
IBM Security Bulletin: A vulnerability in Apache Zookeeper could affect IBM Performance Management products (CVE-2018-8012)
Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-zookeeper-could-affect-ibm-performance-management-products-cve-2018-8012/
IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine
Affected product(s) and affected version(s):Rational Publishing Engine 2.1.0 Rational Publishing Engine 2.1.1 Rational Publishing Engine 2.1.2 Rational Publishing Engine 6.0.5 Rational Publishing Engine 6.0.6
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-rational-publishing-engine/
IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology
Security vulnerabilities affect multiple products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and Rational Software Architect Design Manager (RSA DM).
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-affect-multiple-ibm-rational-products-based-on-ibm-jazz-technology/
Security updates for Monday
Security updates have been issued by Debian (curl, icecast2, mupdf, and ruby2.3), Fedora (lldpad, NetworkManager, python-django, roundcubemail, thunderbird, webkit2gtk3, xen, and xorg-x11-server), Mageia (axis, cimg, gmic, dnsmasq, gitolite, gnutls, java-1.8.0-openjdk, lighttpd, mbedtls, mediawiki, perl-Dancer2, python-cryptography, and virtualbox), Red Hat (openvswitch, Red Hat Virtualization, and thunderbird), SUSE (curl, ffmpeg, and soundtouch), and Ubuntu (network-manager and systemd).
https://lwn.net/Articles/770744/
ZDI-18-1336: (0Day) Juuko JK-800 Replay Attack Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1336/
Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181105-01-smartphone-en