End-of-Day report
Timeframe: Montag 05-11-2018 18:00 - Dienstag 06-11-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
SSD: Forscher umgehen Passwörter bei verschlüsselten Festplatten
Bei manchen SSDs mit Hardwareverschlüsselung konnten Forscher die Firmware so manipulieren, dass sie beliebige Passwörter akzeptierte. Das war nicht das einzige Problem, das sie fanden. (Solid State Drive, Speichermedien)
https://www.golem.de/news/ssd-forscher-umgehen-passwoerter-bei-verschluesselten-festplatten-1811-137527.html
Malicious Powershell Script Dissection, (Tue, Nov 6th)
Here is another example of malicious Powershell script found while hunting. Such scripts remain a common attack vector and many of them can be easily detected just by looking for some specific strings. Here is an example of YARA rule [...]
https://isc.sans.edu/diary/rss/24282
Struts 2.3 Vulnerable to Two Year old File Upload Flaw
Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2 version of commons-fileupload. In November of 2016, a deserialization vulnerability was disclosed and patched in commons-fileupload [2]. The vulnerability can lead to arbitrary remote code execution.
https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/
GPU side channel attacks can enable spying on web activity, password stealing
Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer-s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications.
https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/
Gefälschte Zahlungsanweisung an die Buchhaltung
Kriminelle geben sich als Geschäftsführung eines Unternehmens aus und versenden eine E-Mail an die Buchhaltung. Darin fordern sie die Mitarbeiter/innen dazu auf, dass sie einen hohen Geldbetrag ins Ausland überweisen. Angestellte, die die Zahlungsanweisung nicht als betrügerisch erkennen, transferieren die geforderte Summe an Kriminelle.
https://www.watchlist-internet.at/news/gefaelschte-zahlungsanweisung-an-die-buchhaltung/
Vulnerabilities
Android Security Bulletin - November 2018
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-11-05 or later address all of these issues. [...] The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
https://source.android.com/security/bulletin/2018-11-01.html
libssh Authentication Bypass Vulnerability Affecting Cisco Products: October 2018
Cisco has investigated its product line and has determined that no products or services are known to be affected by this vulnerability.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh
Security updates for Tuesday
Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5).
https://lwn.net/Articles/770856/
IBM Security Bulletin: IBM API Connect is vulnerable to CSV Injection (CVE-2018-1774)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-vulnerable-to-csv-injection-cve-2018-1774/
IBM Security Bulletin: IBM MQ can cause a Denial of Service attack to connecting MQTT clients (CVE-2018-1684)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-can-cause-a-denial-of-service-attack-to-connecting-mqtt-clients-cve-2018-1684/
IBM Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-experience-local-is-affected-by-a-use-of-hard-coded-password-vulnerability-2/
IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability-affects-ibm-sterling-connectexpress-for-unix-cve-2018-0737/
IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-cognos-analytics-2/
IBM Security Bulletin: A Server Side Input Validation Vulnerability Affects IBM Campaign (CVE-2016-9749)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-server-side-input-validation-vulnerability-affects-ibm-campaign-cve-2016-9749/