End-of-Day report
Timeframe: Freitag 21-12-2018 18:00 - Donnerstag 27-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-02)
A prenotification security advisory (APSB19-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, January 03, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...]
https://blogs.adobe.com/psirt/?p=1680
5 Steps to Mitigate Endpoint Security Incidents
Endpoint security may be the best investment you have ever made. According to a Ponemon survey - The 2017 State of Endpoint Security Risk - the average cost to an organization of attacks that managed to breach endpoint security was $5 million. In this article, we will look at what you need to know about [...]
https://resources.infosecinstitute.com/5-steps-to-mitigate-endpoint-security-incidents/
Warnung vor Auresoil Sensi & Secure
Auf einem erfundenen österreichischen Medizinportal behaupten Unbekannte, dass es mit Auresoil Sensi & Secure möglich sei, -das Hörvermögen zu 100% wiederherzustellen-. Das Produkt können Interessent/innen um 57 Euro auf bestmarkethub.com/43/auresoil-med/gps erwerben. Davon raten wir ab, denn die medizinische Wirkung von Auresoil Sensi & Secure ist unklar und kann schädlich sein.
https://www.watchlist-internet.at/news/warnung-vor-auresoil-sensi-secure/
Nicht bei der Knurf GmbH & Co. KG bewerben
Die betrügerische Knurf GmbH & Co. KG sucht über knurf.net Proband/innen, die Produkte oder Dienstleitungen testen sollen. Die Aufgabe von Interessent/innen besteht letzen Endes darin, dass sie ein Online-Konto eröffnen und ihre Zugangsdaten an das erfundene Unternehmen senden. Damit ist es den Kriminellen möglich, Verbrechen und Geldwäscherei unter dem Namen ihrer Opfer zu begehen.
https://www.watchlist-internet.at/news/nicht-bei-der-knurf-gmbh-co-kg-bewerben/
Vulnerabilities
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials
An authenticated user can visit the page spaces.htm, for example,
http://victime_ip/spaces.htm, and obtain clear text password of user admin [...]
https://seclists.org/fulldisclosure/2018/Dec/45
Security updates for Monday
Security updates have been issued by CentOS (firefox), Debian (ghostscript, libarchive, openjpeg2, and sqlite3), Fedora (krb5, mariadb, mariadb-connector-c, mingw-openjpeg2, openjpeg2, phpMyAdmin, python-lxml, spatialite-tools, sqlite, and squid), Mageia (kernel), openSUSE (bluez, git, go1.10, libnettle, libqt5-qtbase, ovmf, pdns, perl, tcpdump, tiff, tryton, and yast2-rmt), Slackware (netatalk), and SUSE (buildah, caasp-cli, caasp-dex, cni-plugins, container-feeder, containerd-kubic, cri-o, [...]
https://lwn.net/Articles/775549/
Security updates for Tuesday
Security updates have been issued by Debian (libextractor and nagios3) and Fedora (adplug, mingw-podofo, and podofo).
https://lwn.net/Articles/775584/
Synology-SA-18:63 DS File
A vulnerability allows local users to obtain sensitive information via a susceptible version of Android DS File.
https://www.synology.com/en-global/support/security/Synology_SA_18_63
Synology-SA-18:64 DSM
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM).
https://www.synology.com/en-global/support/security/Synology_SA_18_64
Synology-SA-18:65 SRM
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_18_65
Vuln: McAfee Application and Change Control Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/106282
Vuln: Kibana CVE-2018-17246 Local File Include Vulnerability
http://www.securityfocus.com/bid/106285
diverse Router: Schwachstelle ermöglicht Erlangen von Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K18-1200
IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-the-java-runtime-environment-that-ibm-provides-affect-websphere-datapower-xc10-appliance/
IBM Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-java-runtime-environment-that-ibm-provides-affect-websphere-extreme-scale/
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-workload-scheduler-4/
IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-12882)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-for-mail-security-has-released-fixes-in-response-to-the-public-disclosed-vulnerability-for-php-cve-2018-12882/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact-4/
IBM Security Bulletin: IBM Content Classification is affected by IBM SDK, Java Technology Edition Quarterly CPU - Jul 2018 - Includes Oracle Jul 2018 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-classification-is-affected-by-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2018-includes-oracle-jul-2018-cpu/