End-of-Day report
Timeframe: Freitag 15-06-2018 18:00 - Montag 18-06-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives
Apples macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Regu-a and Patrick Wardle, two macOS security experts.
https://www.bleepingcomputer.com/news/apple/macos-breaks-your-opsec-by-caching-data-from-encrypted-hard-drives/
Rootkit-Based Adware Wreaks Havoc Among Windows 10 Users in the US
Security researchers from Romania-based antivirus vendor Bitdefender have detailed the operations of an adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component thats even effective against Windows 10 installations.
https://www.bleepingcomputer.com/news/security/rootkit-based-adware-wreaks-havoc-among-windows-10-users-in-the-us/
Vendor Patches Seven Vulnerabilities Across 392 Camera Models
Axis Communications AB, a Swedish manufacturer of network cameras for physical security and video surveillance, has patched seven security flaws across nearly 400 security camera models.
https://www.bleepingcomputer.com/news/security/vendor-patches-seven-vulnerabilities-across-392-camera-models/
Betrügerische Pfändungstermine ignorieren
Kriminelle versenden gefälschte Inkassoschreiben und erklären den Empfänger/innen, dass sie ein Mahnverfahren erwirkt haben und ein Gerichtsvollzieher die vermeintlichen Schuldner/innen besuchen werde. Das könne einzig und allein eine Geldzahlung verhindern. Konsument/innen können die E-Mail ignorieren und müssen keine Geldzahlung leisten.
https://www.watchlist-internet.at/news/betruegerische-pfaendungstermine-ignorieren/
Vulnerabilities
Xen Security Advisory CVE-2018-3665 / XSA-267
Speculative register leakage from lazy FPU context switching
https://xenbits.xen.org/xsa/advisory-267.html
MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization & Cross-site Request forgery (CSRF).
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180066
Security updates for Monday
Security updates have been issued by CentOS (kernel), Debian (libgcrypt20, redis, and strongswan), Fedora (epiphany, freedink-dfarc, gnupg, LibRaw, nodejs-JSV, nodejs-uri-js, singularity, strongswan, and webkit2gtk3), Mageia (flash-player-plugin, freedink-dfarc, and imagemagick), openSUSE (enigmail, gpg2, java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, postgresql96, python-python-gnupg, and samba), Oracle (kernel), SUSE (gpg2 and xen), and Ubuntu (gnupg and webkit2gtk).
https://lwn.net/Articles/757758/
BlackBerry powered by Android Security Bulletin - June 2018
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462
FFmpeg: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe
https://adv-archiv.dfn-cert.de/adv/2018-1177/
IBM Security Bulletin: IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru is affected by vulnerability in OpenSLP (CVE-2017-17833)
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099813
IBM Security Bulletin: Vulnerabilities in OpenSSL Affect Sterling Connect:Direct for HP NonStop (CVE-2018-0739)
http://www-01.ibm.com/support/docview.wss?uid=swg22016399
IBM Security Bulletin: Vulnerabilities in cURL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru (CVE-2017-8816 CVE-2017-8817 CVE-2017-8818)
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099811
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru (CVE-2017-3737 CVE-2017-3738)
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099812