End-of-Day report
Timeframe: Dienstag 04-12-2018 18:00 - Mittwoch 05-12-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Adventures in Video Conferencing Part 1: The Wild World of WebRTC
Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. While a lot of research has been done into the cryptographic and privacy properties of video conferencing, there is limited information available about the attack surface of these platforms [...]
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html
Notfallpatch: Exploit-Code für kritische Flash-Lücke im Umlauf
Es gibt ein wichtiges Sicherheitsupdate für Adobes Flash Player. Nutzer sollten es dringend installieren.
http://heise.de/-4242328
SplitSpectre: Neue Methode macht Prozessor-Angriffe einfacher
Eine neue Abwandlung des Spectre-V1-Angriffs macht solche Attacken auf CPUs realistischer. Sie lässt sich über die JavaScript-Engine eines Browsers ausführen.
http://heise.de/-4241478
Achtung Dynamit-Phishing: Gefährliche Trojaner-Welle legt ganze Firmen lahm
BSI, CERT-Bund und Cybercrime-Spezialisten der LKAs sehen eine akute Welle von Infektionen mit Emotet, die Millionenschäden anrichtet.
http://heise.de/-4241424
The Dark Side of the ForSSHe
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, "The Dark Side of the ForSSHe", they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats
https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/
Achtung: Gefälschte PayPal-Rechnungen im Umlauf
Konsument/innen wird per E-Mail eine angebliche Rechnung von PayPal zugesandt - für ein Produkt, das nie bestellt wurde. Um die Rechnung zu stornieren, soll man einem Link folgen und dort seine persönlichen Daten und Zahlungsinformationen bekannt geben. Wer der Aufforderung nachkommt, wird Opfer eines Datendiebstahls und ermöglicht Kriminellen Zahlungen im eigenen Namen!
https://www.watchlist-internet.at/news/achtung-gefaelschte-paypal-rechnungen-im-umlauf/
It looked like a Citrix ShareFile phishing attack, but wasn-t
Guest contributor Bob Covello isn-t happy about a password reset email that Citrix has been sending its customers.If you-re a company contacting your customers via email, please make sure it doesn-t look phishy.
https://www.grahamcluley.com/citrix-sharefile-not-phishing-email/
Vulnerabilities
Omron CX-One
This advisory includes mitigations for stack-based buffer overflow and use after free vulnerabilities in Omrons CX-One software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01
SpiderControl SCADA WebServer
This advisory includes mitigations for a reflected cross-site scripting vulnerability in SpiderControls SCADA WebServer software management platform.
https://ics-cert.us-cert.gov/advisories/ICSA-18-338-02
Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018
Version 1.15: Final
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload
Inadequate cryptography implementation in Kerio Control VPN protocol
A vulnerability in the Kerio Control VPN protocol allowed an attacker to modify data transferred through the VPN.
https://www.sec-consult.com/en/blog/advisories/inadequate-cryptography-implementation-in-kerio-control/
Security updates for Wednesday
Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby).
https://lwn.net/Articles/773964/
IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1935)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-security-refresh-cve-2018-1935/
IBM Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-for-multi-platform-is-affected-by-vulnerabilities-in-ibm-java-runtime/
IBM Security Bulletin: A vulnerability in IBM Java Runtime affect Rational Asset Analyzer (RAA).
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-rational-asset-analyzer-raa/
IBM Security Bulletin: IBM Financial Transaction Manager for Check Services
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-17/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-2/
IBM Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-impacts-ibm-control-center-cve-2018-1656/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer (RAA).
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer-raa-2/
IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a XSS vulnerability.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-xss-vulnerability/
IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-was-liberty-vulnerability-2/
IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-exist-in-ibm-cognos-tm1-cve-2018-1656-cve-2018-0732-cve-2018-12539/