End-of-Day report
Timeframe: Freitag 23-02-2018 18:00 − Montag 26-02-2018 18:00
Handler: Nina Bieringer
Co-Handler: Robert Waldner
News
∗∗∗ Incident Response: Social Engineering funktioniert als Angriffsvektor weiterhin ∗∗∗
Was passiert, nachdem ein Unternehmen gehackt wurde - und welche Mechanismen werden dafür genutzt? Das Sicherheitsunternehmen F-Secure hat Zahlen des eigenen Incident-Response-Teams veröffentlicht und stellt fest: Besonders im Gaming-Sektor und bei Behörden gibt es gezielte Angriffe.
https://www.golem.de/news/incident-response-social-engineering-funktioniert-als-angriffsvektor-weiterhin-1802-132972-rss.html
Vulnerabilities
∗∗∗ DFN-CERT-2018-0384/">Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht authentisierten Angreifer für verschiedene Denial-of-Service (DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen erfordert die Verarbeitung speziell präparierter Datenpakete oder Packet-Trace-Dateien.
Der Hersteller stellt Wireshark 2.2.13 und 2.4.5 als Sicherheitsupdates zur Verfügung.
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0384/
∗∗∗ Security Advisory - CPU Vulnerabilities Meltdown and Spectre ∗∗∗
Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel.
...
Huawei has released software updates to fix these vulnerabilities.
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20180106-01-cpu-en
∗∗∗ Security updates for Monday ∗∗∗
Security updates have been issued by Arch Linux (lib32-wavpack, phpmyadmin, unixodbc, and wavpack), Debian (drupal7, golang, imagemagick, libdatetime-timezone-perl, libvpx, and tzdata), Fedora (exim, irssi, kernel, milkytracker, qt5-qtwebengine, seamonkey, and suricata), Mageia (advancecomp, apache-commons-email, freetype2, ghostscript, glpi, jackson-databind, kernel, mariadb, and postgresql), openSUSE (dhcp, GraphicsMagick, lame, php5, phpMyAdmin, timidity, and wireshark), and Oracle (kernel).
https://lwn.net/Articles/748073/
∗∗∗ Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ∗∗∗
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe
∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1416) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013706
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013753
∗∗∗ IBM Security Bulletin:IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities (CVE-2016-1000220, CVE-2017-11479) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013921
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Inadequate Encryption Strength vulnerability (CVE-2018-1425) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013751
∗∗∗ IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Weak password policy vulnerability (CVE-2018-1372) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013832
∗∗∗ IBM Security Bulletin: Daeja ViewONE Virtual is affected by a Cross-Site Scripting vulnerability ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013094
∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security is affected by a publicly disclosed vulnerability in BIND ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013558
∗∗∗ IBM Security Bulletin: IBM Protector is affected by Open Source XMLsoft Libxml2 Vulnerabilities ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22013890