End-of-Day report
Timeframe: Dienstag 10-07-2018 18:00 - Mittwoch 11-07-2018 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
News
CoinRocket GmbH sucht Finanzverwalter für strafbare Arbeit
Die CoinRocket GmbH mit Sitz in Hard in der Steiermark betreibt die Website coinrocket.at. Auf Jobportalen inseriert die angebliche Firma Stellenausschreibungen für die Position eines/r FinanzverwaltungsassistentIn in Heimarbeit. InteressentInnen müssen bei dieser Arbeit ihre Kontodaten bekannt geben und sollen eingehende Zahlungen weiterleiten. Das Geld stammt dabei von Verbrechen und die FinanzverwalterInnen machen sich durch ihr Zutun strafbar.
https://www.watchlist-internet.at/news/coinrocket-gmbh-sucht-finanzverwalter-fuer-strafbare-arbeit/
New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed
Two security researchers have revealed details about two new Spectre-class vulnerabilities, which theyve named Spectre 1.1 and Spectre 1.2. [...]
https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/
Internet: Viele ISPs geben BGP-Probleme einfach weiter
Immer wieder kommt es per BGP-Hijacking zum Umleiten von Internetverkehr. Ebenso werden falsche BGP-Routen auch einfach weitergeleitet. Eine Auswertung zeigt, dass die großen ISPs hier zu wenig agieren. Es gibt aber auch Abhilfe gegen besonders bösartige Akteure. (BGP, DE-CIX)
https://www.golem.de/news/internet-viele-isps-geben-bgp-probleme-einfach-weiter-1807-135419-rss.html
July 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month-s security updates can be found on the Security Update Guide.
https://blogs.technet.microsoft.com/msrc/2018/07/10/july-2018-security-update-release/
Department of Commerce Report on the Botnet Threat
Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic.T
https://www.schneier.com/blog/archives/2018/07/department_of_c.html
Intel, Microsoft, Adobe release a swarm of bug fixes to ruin your week
Massive patch dump with 112 fixes... and thats just for the Photoshop giant
IT admins face a busy week ahead as Microsoft, Intel, and Adobe have issued bundles of scheduled security fixes addressing more than 150 CVE-listed vulnerabilities.-
http://go.theregister.com/feed/www.theregister.co.uk/2018/07/11/july_patch_tuesday/
Spectre-NG: Intel dokumentiert "spekulativen Buffer Overflow"
Wie sich jetzt herausstellt, können Spectre-NG-Exploits nicht nur geschützten Speicher auslesen, sondern auch schreiben, wo sie wollen - vorläufig zumindest.
http://heise.de/-4108008
Vulnerabilities
Arch Linux PDF reader package poisoned
Trust nobody: abandoned code was adopted by a miscreant Arch Linux has pulled a user-provided AUR (Arch User Repository) package, because it contained malware.
http://go.theregister.com/feed/www.theregister.co.uk/2018/07/11/someone_modified_arch_linuxs_acrobat_reader_adds_security_warning/
Patchday: Kritische Lücke in SAP Bussines Client
Im Juli hat SAP 11 neue Sicherheitswarnungen veröffentlicht. Davon gilt aber nur eine als kritisch. Sicherheitsupdates sind verfügbar.
http://heise.de/-4108062
SSA-635129 (Last Update: 2018-07-11): Denial-of-Service Vulnerabilities in EN100 Ethernet Communication Module and SIPROTEC 5 relays
The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by security vulnerabilities which could allow an attacker to conduct a Denial-of-Service attack over the network.Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
Security updates for Wednesday
Security updates have been issued by Debian (cups), Oracle (kernel and qemu-kvm), Red Hat (ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux (kernel and qemu-kvm), Slackware (thunderbird), and Ubuntu (curl, firefox, imagemagick, and xapian-core).
https://lwn.net/Articles/759525/
IBM Security Bulletin: Vulnerability in IPSec-Tools affects IBM Integrated Management Module II (IMM2)
http://www-01.ibm.com/support/docview.wss?uid=ibm10716865
IBM Security Bulletin: IBM BladeCenter Virtual Fabric 10Gb Switch Module is affected by vulnerabilites in libxml2
http://www.ibm.com/support/docview.wss?uid=ibm10715837
IBM Security Bulletin: Vulnerability in bind affects IBM Integrated Management Module II (IMM2)
http://www.ibm.com/support/docview.wss?uid=ibm10716769
IBM Security Bulletin: FileNet Content Management Interoperability Services (CMIS), which ships with IBM Content Navigator, is affected by the ability to parse untrusted XML input containing a reference to an external entity
http://www-01.ibm.com/support/docview.wss?uid=swg22017354
IBM Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
http://www-01.ibm.com/support/docview.wss?uid=swg22016643
IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=swg22016869
HPESBHF03856 rev.1 - Comware v7 and Intelligent Management Center Products, Remote Denial of Service
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us