End-of-Day report
Timeframe: Donnerstag 29-11-2018 18:00 - Freitag 30-11-2018 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Here are another 45,000 reasons to patch Windows systems against old NSA exploits
Its 2018 and UPnP is still opening up networks - this time to leaked SMB cyber-weapons Earlier this year, Akamai warned that vulnerabilities in Universal PlugNPlay (UPnP) had been exploited by scumbags to hijack 65,000 home routers. In follow-up research released this week, it revealed little has changed.-
https://www.theregister.co.uk/2018/11/30/akamai_routerwreckers_active/
Good practices for identifying and assessing cybersecurity interdependencies
A glance at the interdependency landscape reveals several emerging interdependencies between operators of essential services (OES) and digital service providers (DSP), at both system and service level. Due to these interdependencies, there is an increasing number of cybersecurity incidents that either propagated across organisations (often across borders), or had a cascading effect at the level of essential services.
https://www.enisa.europa.eu/news/enisa-news/good-practices-for-identifying-and-assessing-cybersecurity-interdependencies
Gezielte Angriffe gegen Firmen mit Trojaner in AutoCAD-Dateien
Echte CAD-Pläne mit beigefügten Skripten kopieren unbemerkt Firmengeheimnisse, warnen Sicherheitsforscher.
http://heise.de/-4236488
Hackers in Hot Water. Pwning smart hot tubs, yes really
We were given a tip by the awesome Ceri Coburn that something was amiss with the Balboa Water App, a mobile app used for controlling >30,000 hot tubs. You can remotely control your tub, so you can heat it up for when you-re ready, saving [-]
https://www.pentestpartners.com/security-blog/hackers-in-hot-water-pwning-smart-hot-tubs-yes-really/
Vulnerabilities
Critical Zoom Flaw Lets Hackers Hijack Conference Meetings
Hackers can spoof messages, hijack screen controls and kick others out of meetings.
https://threatpost.com/critical-zoom-flaw-lets-hackers-hijack-conference-meetings/139489/
GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075
Project: GatherContent
Date: 2018-November-28
Security risk: Moderately critical 13-25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass
Description: This module enables you to import and export data from the GatherContent service.The module didnt properly protect its administrative paths.
Solution: Install the latest version:If you use the gathercontent module for Drupal 7.x, upgrade to gathercontent 7.x-3.5Also see the GatherContent project page.
https://www.drupal.org/sa-contrib-2018-075
DSA-4347 perl - security update
https://www.debian.org/security/2018/dsa-4347
INVT Electric VT-Designer
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01
IBM Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-privilege-escalation-vulnerability-in-websphere-application-server-cve-2018-1840/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-6/
OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407
https://support.f5.com/csp/article/K49711130
USN-3833-1: Linux kernel (AWS) vulnerabilities
https://usn.ubuntu.com/3833-1/
USN-3832-1: Linux kernel (AWS) vulnerabilities
https://usn.ubuntu.com/3832-1/
HPESBHF03906 rev.1 - HPE Intelligent Management Center (IMC), Remote Buffer Overflow, Code Execution, Denial of Service
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us