End-of-Day report
Timeframe: Dienstag 22-05-2018 18:00 - Mittwoch 23-05-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Backdoor Account Found in D-Link DIR-620 Routers
Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet.
https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/
Six Vulnerabilities Found in Dell EMC's Disaster Recovery System, One Critical
A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise.
https://threatpost.com/six-vulnerabilities-found-in-dell-emcs-disaster-recovery-system-one-critical/132179/
VPNFilter - is a malware timebomb lurking on your router?
A Cisco paper reports on zombie malware that has apparently infected more than 500,000 home routers.
https://nakedsecurity.sophos.com/2018/05/23/vpnfilter-is-a-malware-timebomb-lurking-on-your-router/
An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners
As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the ease of mining at the expense of system administrators, website owners, and their visitors. Another Way Hackers are Tricking Website Visitors into Stealth Cryptomining [...]
https://blog.sucuri.net/2018/05/cryptomining-through-disguised-url-shorteners.html
CPU-Sicherheitslücken Spectre-NG: Updates und Info-Links
Hersteller von Hardware, Betriebssystemen und Software stellen Webseiten mit Informationen und Sicherheitsupdates für die neuen Spectre-Lücken Spectre V3a und Spectre V4 bereit: Ein Überblick.
https://www.heise.de/ct/artikel/CPU-Sicherheitsluecken-Spectre-NG-Updates-und-Info-Links-4053268.html
Angreifer könnten aktuelle BMW-Modelle über Mobilfunk kapern
Sicherheitsforscher haben Sicherheitslücken im Infotainment-System von verschiedenen BMW-Modellen ausgenutzt und so die Kontrolle übernommen. Ein Angriff aus der Ferne ist aber ziemlich aufwendig.
https://www.heise.de/security/meldung/Angreifer-koennten-aktuelle-BMW-Modelle-ueber-Mobilfunk-kapern-4055235.html
Efail: Welche E-Mail-Clients sind wie sicher?
Nach Veröffentlichung der Efail-Lücken in PGP und S/MIME herrscht unter Anwendern, die ihre E-Mails verschlüsseln viel Verunsicherung. Wir haben uns im Detail angeschaut, welche E-Mail-Programme bisher wie abgesichert wurden.
https://www.heise.de/security/meldung/Efail-Welche-E-Mail-Clients-sind-wie-sicher-4053873.html
Angebliche Lilihill DevCon GmbH versendet Schadsoftware
Betrüger versenden als angebliche Lilihill DevCon GmbH massenhaft Schadsoftware an Unternehmen. EmpfängerInnen finden eine E-Mail von
sales at european-gmbh.pw mit dem Betreff "AW: Zahlung - EWT" in ihrem Posteingang. Darin werden Betroffene dazu aufgefordert eine ZIP-Datei aus dem Anhang der Mail zu öffnen. Doch Vorsicht! Die Datei enthält Schadsoftware und darf nicht geöffnet werden.
https://www.watchlist-internet.at/news/angebliche-lilihill-devcon-gmbh-versendet-schadsoftware/
Vulnerabilities
VMware Workstation und Fusion: Mehrere Schwachstellen
Die Virtualisierungssoftware von VMware ermöglicht die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System.
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/05/warnmeldung_tw-t18-0069.html
[20180505] - Core - XSS Vulnerabilities & additional hardening
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Versions: 3.0.0 through 3.8.7
https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerabilities-additional-hardening.html
Synology-SA-18:25 SRM
A vulnerability allows remote attackers to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_18_25
Security updates for Wednesday
Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Debian (procps), Fedora (curl, mariadb, and procps-ng), Gentoo (samba, shadow, and virtualbox), openSUSE (opencv, openjpeg2, pdns, qemu, and wget), Oracle (java-1.8.0-openjdk and kernel), Red Hat (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, redhat-virtualization-host, and vdsm), Scientific Linux (java-1.7.0-openjdk, [...]
https://lwn.net/Articles/755386/
Vuln: Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/104239
Security Advisory - Three JSON Injection Vulnerabilities in Huawei Some Products
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180523-01-json-en
Security Advisory - Information Exposure Vulnerability in Some Smart Phones
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180523-01-phone-en
Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180523-01-server-en
Security Advisory - Numeric Errors Vulnerability in Some Huawei Products
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180502-01-sccp-en
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Netezza Firmware Diagnostics.
http://www-01.ibm.com/support/docview.wss?uid=swg22012498
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9
http://www-01.ibm.com/support/docview.wss?uid=swg22015655
IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15706)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012273
IBM Security Bulletin: Multiple vulnerabilities affect the IBM Storwize V7000 Unified
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012293
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012274
IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential spoofing attack in IBM WebSphere Application Server vulnerability (CVE-2017-1788)
http://www-01.ibm.com/support/docview.wss?uid=swg22016546
IBM Security Bulletin: Multiple Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-15275, CVE-2017-14746 )
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012289
IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential denial of service used by IBM WebSphere Application Server vulnerability (CVE-2017-12624)
http://www-01.ibm.com/support/docview.wss?uid=swg22016545
IBM Security Bulletin: Authenticated Users in IBM UrbanCode Deploy can Obtain Secure Properties (CVE-2017-1752)
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000376
IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects Tivoli Netcool/OMNIbus WebGUI (CVE-2016-1000031)
http://www.ibm.com/support/docview.wss?uid=swg22016488