End-of-Day report
Timeframe: Montag 19-11-2018 18:00 - Dienstag 20-11-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Datendiebstahl durch FinanzOnline-Phishing-Mails
Kriminelle versenden im Namen des Bundesministeriums für Finanzen (BMF) betrügerische Phishing-Mails. Darin werden Sie dazu aufgefordert, Ihre Daten zu aktualisieren, um eine Steuerrückzahlung zu ermöglichen. Folgen Sie den Anweisungen nicht, denn Sie könnten erheblichen finanziellen Schaden erleiden! Es handelt sich um einen Versuch, Ihre persönlichen Daten und Kontoinformationen zu stehlen.
https://www.watchlist-internet.at/news/datendiebstahl-durch-finanzonline-phishing-mails/
Internet Domain Services Austria-Mahnung nicht bezahlen
Unternehmen erhalten von Internet Domain Services Austria (IDSA) einen Payment Reminder. Darin heißt es, dass es unbeglichene Rechnungen gebe und der Betrag in Höhe von 237 Euro innerhalb von 5 Tagen bezahlt werden müsse. Empfänger/innen müssen den Betrag nicht bezahlen, denn dafür gibt es keinen Rechtsgrund.
https://www.watchlist-internet.at/news/internet-domain-services-austria-mahnung-nicht-bezahlen/
TP-Link-Router TL-R600VPN vielfältig angreifbar
Es gibt wichtige Sicherheitsupdates für einen VPN-Router von TP-Link.
http://heise.de/-4225979
Notfall-Patch: Adobe sichert Flash außer der Reihe ab
Eigentlich veröffentlicht Adobe nur ein Mal im Monat Sicherheitsupdates für seine Produkte. Für eine gefährliche Flash-Lücke macht der Hersteller eine Ausnahme.
http://heise.de/-4227033
Vulnerabilities
VMSA-2018-0029
vSphere Data Protection (VDP) updates address multiple security issues.
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor
Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software.
https://blog.talosintelligence.com/2018/11/Atlantis-Word-Processor-RCE-vulns.html
Security updates for Tuesday
Security updates have been issued by Arch Linux (chromium), Debian (mariadb-10.1, openjpeg2, systemd, and uriparser), Mageia (389-ds-base, apache, and soundtouch), SUSE (libwpd, py26-compat-salt, salt, and SMS3.1), and Ubuntu (systemd).
https://lwn.net/Articles/772621/
x86: DoS from attempting to use INVPCID with a non-canonical addresses
A buggy or malicious PV guest can crash the host.
https://xenbits.xen.org/xsa/advisory-279.html
Fix for XSA-240 conflicts with shadow paging
A malicious or buggy x86 PV guest may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out.
https://xenbits.xen.org/xsa/advisory-280.html
Insufficient TLB flushing / improper large page mappings with AMD IOMMUs
A malicious or buggy guest may be able to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access (information leak).
https://xenbits.xen.org/xsa/advisory-275.html
Resource accounting issues in x86 IOREQ server handling
A compromised DM stubdomain may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out.
https://xenbits.xen.org/xsa/advisory-276.html
x86: incorrect error handling for guest p2m page removals
A malicious or buggy guest may cause a deadlock, resulting in a DoS (Denial of Service) affecting the entire host.
https://xenbits.xen.org/xsa/advisory-277.html
Ricoh myPrint Hardcoded Credentials / Information Disclosure
https://cxsecurity.com/issue/WLB-2018110154
IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2018 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-october-2018-cpu/
IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private Cloud Foundry (CVE-2018-14645)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cloud-foundry-cve-2018-14645/
IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2018-1843)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cve-2018-1843/
IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cve-2015-9251/
IBM Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2017-7526)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-could-affect-ibm-cloud-private-cve-2017-7526/
IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private Cloud Foundry (CVE-2018-3646, CVE-2018-3615, CVE-2018-3620)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-cloud-private-cloud-foundry-cve-2018-3646-cve-2018-3615-cve-2018-3620/
IBM Security Bulletin: Vulnerabilities in IBM Java SDK (July 2018) affecting IBM Application Delivery Intelligence V5.0.5 and V5.0.4 (CVE-2016-0705, CVE 2017-3732, CVE 2017-3736, and CVE-2018-2973)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-java-sdk-july-2018-affecting-ibm-application-delivery-intelligence-v5-0-5-and-v5-0-4-cve-2016-0705-cve-2017-3732-cve-2017-3736-and-cve-2018-2973/
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-ftp-4/
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix/
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for Microsoft Windows
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-microsoft-windows/