Tageszusammenfassung - 09.02.2018

End-of-Day report

Timeframe: Donnerstag 08-02-2018 18:00 − Freitag 09-02-2018 18:00 Handler: Robert Waldner Co-Handler: Nina Bieringer


∗∗∗ Free Decryption Tool Released for Cryakl Ransomware ∗∗∗ Belgian Federal Police together with Kaspersky Lab have released a free decryption tool for some versions of the Cryakl ransomware.

https://www.bleepingcomputer.com/news/security/free-decryption-tool-released-for-cryakl-ransomware/ ∗∗∗ X.509 Certificates Can Be Abused for Data Exfiltration ∗∗∗ Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected.

https://www.bleepingcomputer.com/news/security/x-509-certificates-can-be-abused-for-data-exfiltration/ ∗∗∗ Verschlüsselung: Github testet Abschaltung alter Krypto ∗∗∗ Github-Nutzer sollten ihre Clients auf Kompatibilität prüfen: Ab dem 22. Februar werden alte TLS-Versionen und einige Diffie-Hellman-Gruppen deaktiviert. Am Donnerstagabend wurde die Abschaltung schon einmal getestet.

https://www.golem.de/news/verschluesselung-github-testet-abschaltung-alter-krypto-1802-132684-rss.html ∗∗∗ Living in a Smart Home ∗∗∗ In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results.

https://www.schneier.com/blog/archives/2018/02/living_in_a_sma.html ∗∗∗ WannaMine: Cryptocurrency Mining Malware That Uses An NSA Exploit ∗∗∗ The recent months have seen an increase in cyberattacks using cryptocurrency-mining tools, which has now become one of the main security threats.

https://www.techworm.net/2018/02/wannamine-cryptocurrency-mining-malware-uses-nsa-exploit.html ∗∗∗ Einige Netgear-Router lassen sich mit simplem URL-Trick übernehmen ∗∗∗ In vielen Routern von Netgear klaffen Sicherheitslücken, die Angreifern mitunter Tür und Tor öffnen können. Updates schaffen Abhilfe.

https://www.heise.de/security/meldung/Einige-Netgear-Router-lassen-sich-mit-simplem-URL-Trick-uebernehmen-3964050.html ∗∗∗ WordPress 4.9.3 schießt automatische Update-Funktion ab ∗∗∗ Die WordPress-Ausgabe 4.9.3 hat zwar in erster Linie Bugs gefixt, aber auch einen neuen mitgebracht: Die automatische Aktualisierung funktioniert nicht mehr. Eine neue Version löst das Problem.

https://www.heise.de/security/meldung/WordPress-4-9-3-schiesst-automatische-Update-Funktion-ab-3964191.html ∗∗∗ Spectre-2-Lücke: Intel verspricht Updates auch für ältere Prozessoren ∗∗∗ Für Skylake-Prozessoren, zahlreiche Atoms und damit verwandte Celerons gibt es nun wieder Microcode-Updates – zunächst nur für OEM-Partner; doch Intel will auch ältere Prozessoren patchen.



∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-02) ∗∗∗ A prenotification security advisory (APSB18-02) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, February 13, 2018. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...]

https://blogs.adobe.com/psirt/?p=1527 ∗∗∗ DSA-4108 mailman - security update ∗∗∗ Calum Hutton and the Mailman team discovered a cross site scripting andinformation leak vulnerability in the user options page. A remoteattacker could use a crafted URL to steal cookie information or tofish for whether a user is subscribed to a list with a private roster.

https://www.debian.org/security/2018/dsa-4108 ∗∗∗ Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro ∗∗∗ Sonatype Nexus Repository Manager OSS/Pro is affected by multiple cross-site scripting vulnerabilities (both reflected and stored) in both version 2 and 3 of the product which could be used by an attacker to execute JavaScript code in the user’s browser.

https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html ∗∗∗ Privileged Account Manager 3.1 Patch Update 3 ( ∗∗∗ Abstract: NetIQ Privileged Account Manager 3.1 Patch Update 3 ( The purpose of the patch is to provide an upgrade of OpenSSL for eliminating potential security vulnerabilities and a few software fixes. This release does not contain any new features.

https://download.novell.com/Download?buildid=MtsbTyzebZw~ ∗∗∗ JRE vulnerability CVE-2012-5081 ∗∗∗ JRE vulnerability CVE-2012-5081. Security Advisory. Security Advisory Description. Unspecified vulnerability in the Java ...

https://support.f5.com/csp/article/K21018505 ∗∗∗ Security updates for Friday ∗∗∗ Security updates have been issued by Arch Linux (clamav), Debian (mailman, mpv, and simplesamlphp), Fedora (tomcat-native), openSUSE (docker, docker-runc, containerd,, kernel, mupdf, and python-mistune), Red Hat (kernel), and Ubuntu (mailman and postgresql-9.3, postgresql-9.5, postgresql-9.6).

https://lwn.net/Articles/746988/rss ∗∗∗ DFN-CERT-2018-0278: Nextcloud Server: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2018-0278/ ∗∗∗ IBM Security Bulletin: IBM i is affected by GSKIT vulnerability CVE-2018-1388 ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=nas8N1022451 ∗∗∗ IBM Security Bulletin: Vulnerability impacts AIX and VIOS (CVE-2018-1383) ∗∗∗

http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc ∗∗∗ IBM Security Bulletin: Open Source Apache CXF Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12624) ∗∗∗
