End-of-Day report
Timeframe: Mittwoch 05-12-2018 18:00 - Donnerstag 06-12-2018 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
News
Adventures in Video Conferencing Part 2: Fun with FaceTime
FaceTime is Apple-s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the ..
https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-2.html
Data Exfiltration in Penetration Tests
In many penetration tests, therell be a point where you need to exfiltrate some data. Sometimes this is a situation of "OK, we got the crown jewels, lets get the data off premise". Or sometimes in ..
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
Campaign evolution: Hancitor changes its Word macros
Todays diary reviews trends in recent malicious spam (malspam) pushing Hancitor.
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+changes+its+Word+macros/24376/
MikroTik: Hunderttausende Router schürfen heimlich Kryptogeld
Eine im August bekannt gewordenen Schwachstelle in den Geräten wird momentan öfter angegriffen denn je.
http://heise.de/-4243857
Linux: Besserer Spectre-V2-Schutz jetzt im Kernel, kaum Geschwindigkeitsverlust
Nach einem abgelehnten Patch haben die Linux-Entwickler den Schutz gegen die CPU-Lücke Spectre V2 in den Kerneln 4.14.86 und 4.19.7 verbessert.
http://heise.de/-4244052
Betrügerischer Sicherheitsalarm im Postfach
Konsument/innen finden in ihrem E-Mailpostfach eine Nachricht mit dem Betreff -Sicherheitsalarm. Hacker kennen das Passwort vom (E-Mailadresse)-. In dem Schreiben behaupten Kriminelle ..
https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3205&tx_news_pi1[controller]=News&tx_news_pi1[action]=detail&cHash=9fe17fde34bdd6472a61a89153d2c136
konsolensultan.de ist ein Fake-Shop
Bestellen Sie nicht bei konsolensultan.de, es handelt sich um einen unseriösen Anbieter. Die gewünschten Spielkonsolen und Controller werden Sie nie erreichen. Sie verlieren Ihr Geld.
https://www.watchlist-internet.at/news/konsolensultande-ist-ein-fake-shop/
A botnet of over 20,000 WordPress sites is attacking other WordPress sites
Botnet is still up and running but law enforcement has been notified.
https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-attacking-other-wordpress-sites/#ftag=RSSbaffb68
Vulnerabilities
Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-41)
A prenotification security advisory (APSB18-41) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, December 11, 2018. We will continue to provide updates on the ..
https://blogs.adobe.com/psirt/?p=1669
Security updates for Thursday
Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin).
https://lwn.net/Articles/774089/
MISP 2.4.99 released (aka API/UI fixes and critical security vulnerability fixed)
A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.Thanks to Francois-Xavier Stellamans from NCI Agency Cyber Security who reported a critical vulnerability in the STIX 1 import code. The vulnerability allows a malicious authenticated user to inject commands via ..
https://www.misp-project.org/2018/12/06/MISP.2.4.99.released.html
Apple Releases Multiple Security Updates
https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Multiple-Security-Updates
IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-service-is-affected-by-a-privilege-escalation-vulnerability-in-kubernetes-api-server/
IBM Security Bulletin: Vulnerabilities CVE-2018-5407 and CVE-2018-0734 in OpenSSL affect IBM i
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2018-5407-and-cve-2018-0734-in-openssl-affect-ibm-i/
IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1896)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-security-refresh-cve-2018-1896/
IBM Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-could-allow-an-attacker-to-execute-a-denial-of-service-attack-cve-2018-1883/
IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulnerability-with-openid-connect-in-websphere-application-server-liberty-affects-ibm-websphere-application-server-in-ibm-cloud-cve-2018-1851/
IBM Security Bulletin: IBM DataPower Gateways is affected by a downgrade vulnerability (CVE-2018-1663)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateways-is-affected-by-a-downgrade-vulnerability-cve-2018-1663/
IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerabilities-affect-the-ibm-spectrum-protect-server/