End-of-Day report
Timeframe: Dienstag 31-07-2018 18:00 - Mittwoch 01-08-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
News
Facebook Phishing via SMS, (Wed, Aug 1st)
Facebook accounts are still a pretty hot commodity to spread malware. No ruse works better than having a "Friend" offer you some new software or browser extension. As a result, we keep seeing attempts to phish Facebook credentials. Late last week I came across a simple example of such an attempt that in particular targeted users of mobile ..
https://isc.sans.edu/diary/23940
When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869, (Wed, Aug 1st)
Universal Plug an Play (UPnP) is the gift that keeps on giving. One interesting issue with UPnP (aside from the fact that it never ever should be exposed to the Internet, but often is), is the ..
https://isc.sans.edu/diary/23942
Österreichischer Hoster: E-Mail-Addressen bei EDIS abhanden gekommen
Die E-Mail-Adressen zu Kundenkonten des Hosters EDIS sind bei Have I Been Pwned aufgetaucht. Kunden der Firma wurden per E-Mail vor einem Zwischenfall gewarnt.
http://heise.de/-4125214
-Efail: HTML Mails have no Security Concept and are to blame
I recently wrote down my thoughts about why I think deprecated cryptographic standards are to blame for the Efail vulnerability in OpenPGP and S/MIME. However I promised that Ill also cover the other ..
https://blog.hboeck.de:443/archives/894-Efail-HTML-Mails-have-no-Security-Concept-and-are-to-blame.html
Vulnerabilities
Johnson Controls Metasys and BCPro
This advisory includes mitigation recommendations for an information exposure through an error message vulnerability in Johnson Controls Metasys and BCPro products.
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-02
WECON LeviStudioU
This advisory includes mitigation recommendations for stack-based buffer overflow and heap-based buffer overflow vulnerabilities in WECONs LeviStudioU HMI editor.
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03
AVEVA InTouch Access Anywhere
This advisory includes mitigation recommendations for a cross-site scripting vulnerability in the outdated and insecure third-party jQuery library used in the AVEVA InTouch Access Anywhere remote access software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04
AVEVA Wonderware License Server
This advisory includes mitigation recommendations for an improper restriction of operations within the bounds of a memory buffer vulnerability in the Flexera lmgrd third-party component used by the AVEVA Wonderware License Server.
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05
Vuln: Apache Camel CVE-2018-8027 XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/104933
IBM Security Bulletin: IBM Maximo Asset Management is affected by a cross-site scripting vulnerability. (CVE-2018-1554)
https://www-01.ibm.com/support/docview.wss?uid=ibm10713695
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-2783)
https://www-01.ibm.com/support/docview.wss?uid=ibm10717143
IBM Security Bulletin: IBM MQ Appliance affected by an OpenSSL vulnerability (CVE-2018-0739)
https://www-01.ibm.com/support/docview.wss?uid=ibm10717517
IBM Security Bulletin: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could affect IBM InfoSphere Optim Performance Manager. CVE-2018-2633 CVE-2018-2603 CVE-2018-2579
https://www-01.ibm.com/support/docview.wss?uid=swg22014113
July 31, 2018 TNS-2018-11 [R1] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities
http://www.tenable.com/security/tns-2018-11