End-of-Day report
Timeframe: Montag 12-11-2018 18:00 - Dienstag 13-11-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Trojaner: Der Banking-Trojaner Trickbot hat neue Tricks gelernt
Vor zwei Jahren hatte es Trickbot nur auf Bankdaten abgesehen. Nun ist eine neue Variante des Trojaners im Umlauf, die auch Passwörter aus anderen Anwendungen abgreifen kann. (Malware, Spam)
https://www.golem.de/news/trojaner-der-banking-trojaner-trickbot-hat-neue-tricks-gelernt-1811-137684-rss.html
Blockverschlüsselung: Verschlüsselungsmodus OCB2 gebrochen
Im Verschlüsselungsmodus OCB2 wurden in kurzer Abfolge zahlreiche Sicherheitsprobleme gefunden. Breite Verwendung findet dieser Modus nicht, obwohl er Teil eines ISO-Standards ist. (Verschlüsselung, Applikationen)
https://www.golem.de/news/blockverschluesselung-verschluesselungsmodus-ocb2-gebrochen-1811-137688-rss.html
Should You Send Your Pen Test Report to the MSRC?
Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the...
https://blogs.technet.microsoft.com/msrc/2018/11/12/should-you-send-your-pen-test-report-to-the-msrc/
Why Google Internet Traffic Rerouted Through China and Russia
For two hours Monday, Google internet traffic rerouted through China, Russia, and elsewhere. Heres why.
https://www.wired.com/story/google-internet-traffic-china-russia-rerouted
TLS-Aufschlüsselung: Malware und Angriffe in verschlüsselten Datenströmen erkennen
Die Schlacht um Aufschlüsselungs-Optionen für TLS haben Strafverfolger und Provider verloren. Eine Forschungsgruppe soll nun die Gefahrenabwehr ausloten.
http://heise.de/-4219047
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
https://blogs.adobe.com/psirt/?p=1648
SAP Security Patch Day - November 2018
On 13th of November 2018, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 3 updates to previously released security notes.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Security updates for Tuesday
Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd).
https://lwn.net/Articles/771697/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 )
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-cve-2018-1656-cve-2018-12539/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-5/
IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-in-installation-verification-tool-of-websphere-application-server-cve-2018-1643/
RSA BSAFE Micro Edition Suite Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1042057
SSA-113131 (Last Update: 2018-11-13): Denial-of-Service Vulnerabilities in S7-400 CPUs
https://cert-portal.siemens.com/productcert/txt/ssa-113131.txt
SSA-233109 (Last Update: 2018-11-13): Web Vulnerabilities in SIMATIC Panels
https://cert-portal.siemens.com/productcert/txt/ssa-233109.txt
SSA-242982 (Last Update: 2018-11-13): Cross-Site Scripting Vulnerability in SCALANCE S
https://cert-portal.siemens.com/productcert/txt/ssa-242982.txt
SSA-584286 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU
https://cert-portal.siemens.com/productcert/txt/ssa-584286.txt
SSA-621493 (Last Update: 2018-11-13): Password Storage Vulnerability in SIMATIC STEP7 (TIA Portal)
https://cert-portal.siemens.com/productcert/txt/ssa-621493.txt
SSA-886615 (Last Update: 2018-11-13): Vulnerability in SIMATIC IT Production Suite
https://cert-portal.siemens.com/productcert/txt/ssa-886615.txt
SSA-944083 (Last Update: 2018-11-13): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
https://cert-portal.siemens.com/productcert/txt/ssa-944083.txt
SSA-168644 (Last Update: 2018-11-13): Spectre and Meltdown Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt
SSA-179516 (Last Update: 2018-11-13): OpenSSL Vulnerability in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt
SSA-254686 (Last Update: 2018-11-13): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt
SSA-268644 (Last Update: 2018-11-13): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt
SSA-293562 (Last Update: 2018-11-13): Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-293562.txt
SSA-346262 (Last Update: 2018-11-13): Denial-of-Service in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt
SSA-348629 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software
https://cert-portal.siemens.com/productcert/txt/ssa-348629.txt
SSA-901333 (Last Update: 2018-11-13): KRACK Attacks Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/txt/ssa-901333.txt
SSA-159860 (Last Update: 2018-11-13): Access Control Vulnerability in IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC
https://cert-portal.siemens.com/productcert/txt/ssa-159860.txt