End-of-Day report
Timeframe: Montag 09-07-2018 18:00 - Dienstag 10-07-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
APT Trends Report Q2 2018
These summaries are a representative snapshot of what has been discussed in greater detail in our private reports during Q2 2018. They aim to highlight the significant events and findings that we feel people should be aware of.
https://securelist.com/apt-trends-report-q2-2018/86487/
Researchers Reveal Bypass for Apple-s USB Restricted Mode
Researchers released a workaround for Apples USB Restricted Mode security feature the same day it was rolled out.
https://threatpost.com/researchers-reveal-bypass-for-apples-usb-restricted-mode/133819/
Apple Patches Everything Again., (Tue, Jul 10th)
As usual for Apple patches, vulnerabilities tend to affect all/most Apple operating systems. One notable security issue that was addressed, but is not listed here, is the "USB accessory unlock" issue. This allowed systems like Greylock to unlock phones by brute forcing the passcode via the lightning port / USB. iOS 11.4.1 only allows USB devices to connect within 1 hour after the phone/tablet is locked. This is enabled by default but can be disabled by the user. OS X also fixes the [...]
https://isc.sans.edu/diary/rss/23852
Worm (Mirai?) Exploiting Android Debug Bridge (Port 5555/tcp), (Tue, Jul 10th)
Today, I noticed a marked increase in %%port:5555%% scans.
https://isc.sans.edu/diary/rss/23856
What-s New in the Xen Project Hypervisor 4.11
This release contains mitigations for the Meltdown and Spectre vulnerabilities. It is worth noting that we spent a significant amount of time on completing and optimizing fixes for Meltdown and Spectre vulnerabilities.
https://blog.xenproject.org/2018/07/10/whats-new-in-the-xen-project-hypervisor-4-11/
Betrügerische Urlaubsnachricht von Kriminellen
Internet-Nutzer/innen erhalten von ihren Kontakten die Nachricht, dass sie im Ausland seien und Hilfe benötigen, denn sie haben ihre "Tasche verloren samt Reispass und kreditkarte". Aus diesem Grund sollen Empfänger/innen Geld mit Western Union ins Ausland überweisen. Es wird für ein "ticket und die hotelrechnungen" benötigt. In Wahrheit stammt die Nachricht von Kriminellen. Das Geld ist bei einer Auslandsüberweisung verloren.
https://www.watchlist-internet.at/news/betruegerische-urlaubsnachricht-von-kriminellen/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-21), Adobe Connect (APSB18-22), Adobe Experience Manager (APSB18-23) and Adobe Flash Player (APSB18-24). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the [...]
https://blogs.adobe.com/psirt/?p=1581
Security updates for Tuesday
Security updates have been issued by Debian (ruby-sprockets), Red Hat (ansible and rh-git29-git), Scientific Linux (firefox), SUSE (ceph), and Ubuntu (libjpeg-turbo, ntp, and openslp-dfsg).
https://lwn.net/Articles/759436/
[webapps] D-Link DIR601 2.02 - Credential Disclosure
https://www.exploit-db.com/exploits/45002/?rss
IBM Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
https://www-01.ibm.com/support/docview.wss?uid=ibm10716319
IBM Security Bulletin: OpenSSL vulnerabilties affect IBM NeXtScale Fan Power Controller (FPC)
http://www.ibm.com/support/docview.wss?uid=ibm10716741
IBM Security Bulletin: Vulnerability in Apache CXF affects IBM TRIRIGA Application Platform (CVE-2017-12624)
http://www-01.ibm.com/support/docview.wss?uid=ibm10716291
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)
http://www-01.ibm.com/support/docview.wss?uid=ibm10715747
WAGO Multiple vulnerabilities in e!DISPLAY products
https://cert.vde.com/de-de/advisories/vde-2018-010