End-of-Day report
Timeframe: Mittwoch 16-05-2018 18:00 - Donnerstag 17-05-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Oh, great, now theres a SECOND remote Rowhammer exploit
Send enough crafted packets to a NIC to put nasties into RAM, then the fun really starts Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests.
http://go.theregister.com/feed/www.theregister.co.uk/2018/05/17/nethammer_second_remote_rowhammer_exploit/
The Rowhammer: the Evolution of a Dangerous Attack
The Rowhammer Attack Back in 2015, security researchers at Google's Project Zero team demonstrated how to hijack an Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips. The attack technique devised by the experts was dubbed "Rowhammer" [...]
http://resources.infosecinstitute.com/rowhammer-evolution-dangerous-attack-years/
TeleGrab - Grizzly Attacks on Secure Messaging
This post was written by Vitor Ventura with contributions from Azim KhodjibaevIntroductionOver the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. This malware was first seen on April 4, 2018, with a second variant emerging on April 10.
https://blog.talosintelligence.com/2018/05/telegrab.html
Mahnungen über 479,16 Euro der DEBTSOLUTIONS LTD ignorieren!
Betroffene Internetnutzer/innen finden eine angebliche letzte Zahlungsaufforderung vor einem Mahnverfahren von der Debtsolutions LTD in Ihrem Posteingang. Als Begründung wird genannt, dass eine betrügerische Rechnung der MOVIES DARLING LTD nicht bezahlt wurde. Aus diesem Grund sollen die Empfänger/innen 479,16 Euro an die Debtsolutions LTD überweisen. Doch Vorsicht! Auch dieses Schreiben ist betrügerisch und der Geldbetrag sollte auf keinen Fall bezahlt werden.
https://www.watchlist-internet.at/news/mahnungen-ueber-47916-euro-der-debtsolutions-ltd-ignorieren/
Vulnerabilities
Sicherheitsupdates: Cisco vergisst mal wieder Standard-Passwort in Netzwerk-Software
Cisco hat wichtige Patches veröffentlicht und stopft damit Sicherheitslücken in seinem Produktportfolio. Drei Lücken gelten als äußerst kritisch.
https://www.heise.de/meldung/Sicherheitsupdates-Cisco-vergisst-mal-wieder-Standard-Passwort-in-Netzwerk-Software-4051003.html?wt_mc=rss.security.beitrag.atom
SECURITY BULLETIN: Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability
Trend Micro has released a new critical patch (CP) for Trend Micro Endpoint Application Control 2.0 SP1. This CP resolves a FileDrop directory traversal remote code execution (RCE) vulnerability.
https://success.trendmicro.com/solution/1119811
[R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability
Industrial Security leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers.
https://www.tenable.com/security/tns-2018-06
[R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability
Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers.
https://www.tenable.com/security/tns-2018-07
Security updates for Thursday
Security updates have been issued by Arch Linux (runc), Debian (curl), Fedora (xdg-utils), Mageia (firefox), openSUSE (libreoffice, librsvg, and php5), Slackware (curl and php), SUSE (curl, firefox, kernel, kvm, libapr1, libvorbis, and memcached), and Ubuntu (curl, dpdk, php5, and qemu).
https://lwn.net/Articles/754773/
Vuln: Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/104164
Vuln: Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/104163
2018-05-15: Vulnerability in Welcome IP-Gateway - Command Injection, Missing Session Management, Clear Text Passwords in Cookies
http://search.abb.com/library/Download.aspx?DocumentID=ABB-VU-EPBP-R-2505&LanguageCode=en&DocumentPartId=&Action=Launch
FortiWeb Recursive URL Decoding is not enabled by default
https://fortiguard.com/psirt/FG-IR-18-058
FortiOS SSL Deep-Inspection badssl.com Compliance
https://fortiguard.com/psirt/FG-IR-17-160
IBM Security Bulletin: Vulnerabilities in Linux Kernel affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099805
IBM Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099804
IBM Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)
http://www-01.ibm.com/support/docview.wss?uid=swg22015305
IBM Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring
http://www.ibm.com/support/docview.wss?uid=swg22016198
IBM Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22015347
IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement
http://www.ibm.com/support/docview.wss?uid=swg22016159
IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement
http://www-01.ibm.com/support/docview.wss?uid=swg22014553
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
http://www-01.ibm.com/support/docview.wss?uid=swg22016029
IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities
http://www.ibm.com/support/docview.wss?uid=swg2C1000380