End-of-Day report
Timeframe: Donnerstag 06-12-2018 18:00 - Freitag 07-12-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Using Fuzzing to Mine for Zero-Days
Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in todays security landscape.
https://threatpost.com/using-fuzzing-to-mine-for-zero-days/139683/
Is it Time to Uninstall Flash? (If you havent already)
If you havent uninstalled Flash yet, maybe today should be that day. The update posted yesterday has a remote code exec proof-of-concept already here: [...]
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
Array string obfuscation
We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method has been increasingly utilized: [...]
http://labs.sucuri.net/?note=2018-12-06
Vulnerabilities
Philips HealthSuite Health Android App
This advisory includes mitigations for an inadequate encryption strength vulnerability in Philips HealthSuite Health Android App.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01
GE Proficy GDS
This advisory contains mitigations for an improper restriction of XML external entity reference vulnerability in GEs Proficy GDS.
https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules
This advisory contains mitigations for a missing authentication vulnerability in the Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules.
https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02
watchOS 5.1.2
This document describes the security content of watchOS 5.1.2.
https://support.apple.com/en-us/HT209343
Security updates for Friday
Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack).
https://lwn.net/Articles/774270/
Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners
https://jvn.jp/en/jp/JVN89767228/
IBM Security Bulletin: Potential information disclosure in WebSphere Application Server (CVE-2018-1957)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-information-disclosure-in-websphere-application-server-cve-2018-1957/
IBM Security Bulletin: IBM QRadar Network Security is affected by multiple openssl vulnerabilities.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-openssl-vulnerabilities/
IBM Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-security-is-affected-by-a-cpu-vulnerability-cve-2018-3620/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-security-siteprotector-system-5/
IBM Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-social-program-management-design-system-contains-an-html-injection-vulnerability-cve-2018-1671/