End-of-Day report
Timeframe: Mittwoch 13-06-2018 18:00 - Donnerstag 14-06-2018 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
News
SigSpoof: Signaturen fälschen mit GnuPG
In bestimmten Situationen lässt sich die Signaturprüfung von GnuPG in den Plugins für Thunderbird und Apple Mail austricksen. Der Grund: Über ungefilterte Ausgaben lassen sich Statusmeldungen des Kommandozeilentools fälschen. Doch der Angriff funktioniert nur unter sehr speziellen Bedingungen. (GPG, E-Mail)
https://www.golem.de/news/sigspoof-signaturen-faelschen-mit-gnupg-1806-134940-rss.html
Lazy FPU: Intels Floating Point Unit kann geheime Daten leaken
Register der Floating Point Unit in Core I und wohl auch von einigen Xeon-Prozessoren können Ergebnisse vertraulicher Berechnungen verraten. Dazu ist jedoch ein lokaler Angriff mit Malware erforderlich, außerdem ein veraltetes Betriebssystem. (Intel, Amazon)
https://www.golem.de/news/lazy-fpu-intels-floating-point-unit-kann-geheime-daten-leaken-1806-134957-rss.html
Microsoft Reveals Which Bugs It Won-t Patch
A draft document lays out its criteria for addressing various flaws and notes the exceptions.
https://threatpost.com/microsoft-reveals-which-bugs-it-wont-patch/132817/
A Bunch of Compromized Wordpress Sites, (Wed, Jun 13th)
A few days ago, one of our readers contacted reported an incident affecting his website based on Wordpress. He performed quick checks by himself and found some pieces of evidence: [...]
https://isc.sans.edu/diary/rss/23764
Tapplock Smart locks found to be physically and digitally vulnerable
Tapplock Smart locks contain several physical and digital vulnerabilities, each of which could allow an attacker to crack the lock with some attacks taking as little as two seconds to execute.
https://www.scmagazine.com/tapplock-smart-locks-found-to-be-physically-and-digitally-vulnerable/article/773348/
Malspam Campaigns Using IQY Attachments to Bypass AV Filters and Install RATs
Malspam campaigns, such as ones being distributed by Necurs, are utilizing a new attachment type that is doing a good job in bypassing antivirus and mail filters. These IQY attachments are called Excel Web Query files and when opened will attempt to pull data from external sources.
https://www.bleepingcomputer.com/news/security/malspam-campaigns-using-iqy-attachments-to-bypass-av-filters-and-install-rats/
Mac-Malware kann Sicherheits-Tools austricksen
Mit einer vermeintlichen Apple-Signatur ist es Schadsoftware möglich, bekannte Security-Tools zu umgehen. Das Problem besteht offenbar seit Jahren.
http://heise.de/-4077945
Ecos Secure Boot Stick: Forscher warnen vor Schwachstellen
Tests mit dem SBS-Stick 5.6.5 und der System-Management-Software 5.2.68 haben mehrere Angriffspunkte offenbart. Updates stehen bereit.
http://heise.de/-4078344
Schadcode per Git: Xcode-Update soll Schwachstelle beheben
Apple hat die Programmierumgebung aktualisiert, um Sicherheitslücken auszuräumen. Git-Nutzer sollten das Update zügig einspielen.
http://heise.de/-4078821
New CryptoMiner hijacks your Bitcoin transaction. Over 300,000 computers have been attacked.
Recently, 360 Security Center discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker. The Trojan monitors clipboard activity to detect if it contains the account [...]
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Arch Linux (chromium and gnupg), Debian (spip), Fedora (pdns-recursor), Gentoo (adobe-flash, burp, quassel, and wget), openSUSE (bouncycastle and taglib), Oracle (kernel), SUSE (java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, and samba), and Ubuntu (file, perl, and ruby1.9.1, ruby2.0, ruby2.3).
https://lwn.net/Articles/757531/
Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041
https://www.drupal.org/sa-contrib-2018-041
OpenSSL, Libgcrypt, LibreSSL: Zwei Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff
https://adv-archiv.dfn-cert.de/adv/2018-1138/
https://www.openssl.org/news/secadv/20180612.txt
Enigmail: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen
https://adv-archiv.dfn-cert.de/adv/2018-1155/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager
http://www.ibm.com/support/docview.wss?uid=swg22017118
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM® SPSS Statistics Server
http://www.ibm.com/support/docview.wss?uid=swg22016900
IBM Security Bulletin: A privilege escalation vulnerability in nzhwinfo that affects IBM Netezza Platform Software clients.
http://www-01.ibm.com/support/docview.wss?uid=swg22015701
IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal
http://www.ibm.com/support/docview.wss?uid=swg22016809
IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java- Technology Edition affect IBM Virtualization Engine TS7700 - October 2017, January 2018 and April 2018
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012379
IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Tomcat vulnerabilities
http://www.ibm.com/support/docview.wss?uid=swg22017032
SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020)
https://neopg.io/blog/gpg-signature-spoof/
SigSpoof 2: More ways to spoof signatures in GnuPG (CVE-2018-12019)
https://neopg.io/blog/enigmail-signature-spoof/
SigSpoof 3: Breaking signature verification in pass (Simple Password Store) (CVE-2018-12356)
https://neopg.io/blog/pass-signature-spoof/