End-of-Day report
Timeframe: Freitag 14-12-2018 18:00 - Montag 17-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Shamoon Disk Wiper Returns with Second Sample Uncovered this Month
Shamoons comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack. [...]
https://www.bleepingcomputer.com/news/security/shamoon-disk-wiper-returns-with-second-sample-uncovered-this-month/
Datenbank: Fehler in SQLite ermöglichte Codeausführung
Anwendungen, die SQLite einsetzen und von außen SQL-Zugriff darauf bieten, sind offenbar von einem Fehler betroffen, der eine beliebige Codeausführung ermöglicht. Dazu gehören unter anderem Browser auf Chromium-Basis, für die inzwischen Updates bereitstehen. (Security, Browser)
https://www.golem.de/news/datenbank-fehler-in-sqlite-ermoeglichte-codeausfuehrung-1812-138280-rss.html
Worst passwords list is out, but this time we-re not scolding users
This is on you, makers of sites and services that allow users to create passwords like "password." You can do better!
https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but-this-time-were-not-scolding-users/
The GPS 2019 Week Rollover - What You Need to Know
The Global Positioning System provides accurate timing information to many of our critical systems - power grid, communications, financial markets, emergency services, and industrial control to name a few. [...] The next time the counter will reach week 1023 and rollover to zero is on April 6, 2019.
https://spectracom.com/resources/blog/lisa-perdue/2018/gps-2019-week-rollover-what-you-need-know
Intels NUCs: Viele Mini-PCs mit fehlerhaftem BIOS-Schutz
Bei einigen Mini-PCs aus Intels NUC-Reihe lässt sich das BIOS mit manipuliertem Code überschreiben, etwa um eine Backdoor einzupflanzen.
http://heise.de/-4251738
Betrügerische Androhung von Pfändungsterminen
Konsument/innen erhalten von erfundenen Inkassobüros und Rechtsanwält/innen letzte Zahlungsaufforderungen in Höhe von 479,16 Euro. Darin heißt es, dass es zu einer Pfändung ihrer Wertgegenstände komme, wenn sie den geforderten Geldbetrag nicht bezahlen. Empfänger/innen können das Schreiben ignorieren und müssen keine Überweisung tätigen.
https://www.watchlist-internet.at/news/betruegerische-androhung-von-pfaendungsterminen/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (php5, poppler, and samba), Fedora (firefox, mbedtls, nbdkit, pdns-recursor, php, php-symfony, php-symfony3, and php-symfony4), Gentoo (CouchDB, scala, and spamassassin), Mageia (firefox, libwpd, nss, and thunderbird), openSUSE (Chromium, cups, ghostscript, kernel, openvswitch, phpMyAdmin, qemu, and tcpdump), Red Hat (RHGS WA), and SUSE (ansible, openldap2, openvswitch, qemu, and tcpdump).
https://lwn.net/Articles/775102/
IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gskit-affect-ibm-tivoli-directory-server-and-ibm-security-directory-server-for-aix-security-bulletin/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-security-bulletin-2/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-doors-web-access-7/
IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology Oct 2018 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-java-sdk-affect-multiple-ibm-rational-products-based-on-ibm-jazz-technology-oct-2018-cpu/
IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty.
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-vulnerability-in-was-liberty/
IBM Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) Security Bulletin
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ntpv4-affect-aix-cve-2018-12327-cve-2018-7170-security-bulletin/
IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability. (CVE-2018-1667)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-cross-site-scripting-vulnerability-cve-2018-1667/
IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1643)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2018-1643/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-software-architect-and-rational-software-architect-for-websphere-software-4/
IBM Security Bulletin: Potential redirection to external site when using the the IBM Event Streams API (CVE-2018-1833)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-redirection-to-external-site-when-using-the-the-ibm-event-streams-api-cve-2018-1833/
NodeJS vulnerability CVE-2018-12120
https://support.f5.com/csp/article/K37111863
OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735
https://support.f5.com/csp/article/K43741620