End-of-Day report
Timeframe: Dienstag 13-11-2018 18:00 - Mittwoch 14-11-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Hackers Change WordPress Siteurl to Pastebin
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn't work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend [...]
https://blog.sucuri.net/2018/11/hackers-change-wordpress-siteurl-to-pastebin.html
Want to hack an ATM for free cash? Its as easy as Windows XP
Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash.
https://www.theregister.co.uk/2018/11/14/atm_security_lousy/
November 2018 Microsoft Patch Tuesday
This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. [...] The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. [...] Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild.
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Patchday bei Adobe: Nicht kritisch, aber wichtig
Sicherheitsupdates von Adobe schließen Lücken in Acrobat, Flash, Photoshop CC und Reader. Keine Schwachstelle gilt als "kritisch".
http://heise.de/-4220586
Generalschlüssel für Fingerabdruckscanner: Master-Prints entsperren Smartphones
Mit KI-Methoden erstellten Forscher Fingerabdrücke, die als eine Art Generalschlüssel für Fingerabdruckscanner fungieren und damit etwa Smartphones entsperren.
http://heise.de/-4220782
Prozessor-Sicherheit: Sieben neue Varianten von Spectre-Lücken
Die Spectre-Sicherheitslücken in Prozessoren lassen sich angeblich noch anders nutzen, als bisher bekannt; Intel gibt allerdings Entwarnung.
http://heise.de/-4220854
Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies
You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really dont like? Logging on to Report URI and being greeted with something like this: [...]
https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice-with-content-security-policies/
Vulnerabilities
Security Advisory 2018-10: Security Update for OTRS Framework
This advisory covers a problem with a data migration discovered in the OTRS framework.
https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/
VMSA-2018-0028
VMware vRealize Log Insight updates address an authorization bypass vulnerability
https://www.vmware.com/security/advisories/VMSA-2018-0028.html
November 2018 Office Update Release
The November 2018 Public Update releases for Office are now available! This month, there are 29 security updates and 16 non-security updates. All of the security and non-security updates are listed in KB article 4469617.
https://blogs.technet.microsoft.com/office_sustained_engineering/2018/11/13/november-2018-office-update-release/
Security updates for Wednesday
Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), Debian (ceph and spamassassin), Fedora (feh, flatpak, and xen), Red Hat (kernel, kernel-rt, openstack-cinder, python-cryptography, and Red Hat Single Sign-On 7.2.5), and Ubuntu (python2.7, python3.4, python3.5).
https://lwn.net/Articles/771881/
Security Advisory - Information Leakage Vulnerability on Several Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-01-fusionsphere-en
Security Advisory - Two Vulnerabilities in Huawei eSpace Product
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-02-espace-en
Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-01-espace-en
Security Advisory - FRP Bypass Vulnerability on Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181114-01-smartphone-en
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-cve-2018-1656-cve-2018-12539/
IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-planning-analytics-local-is-affected-by-multiple-node-js-vulnerabilities/
Denial of Service Vulnerability in Microsoft Skype for Business / Lync
https://www.sec-consult.com/en/blog/advisories/vulnerability-in-skype-for-business-lync-might-lead-to-denial-of-service-attack/