End-of-Day report
Timeframe: Mittwoch 01-08-2018 18:00 - Donnerstag 02-08-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Crime and Crypto: An Evolution in Cyber Threats
Cybercriminals are constantly experimenting with new ways to take money from their victims. Their tactics evolve quickly to maximize returns and minimize risk. The emergence of cryptocurrency has opened up new opportunities to do just that. To better understand today-s threat landscape, it-s worth exploring the origins of cryptocurrencies and the progress cybercriminals have made in using it to advance their own interests.
https://www.webroot.com/blog/2018/08/02/crime-crypto-evolution-cyber-threats/
Save the Date: 4th e-Health Security Conference
ENISA is organising the 4th eHealth Security workshop in cooperation with the Dutch Ministry of Health, Welfare and Sport, on the 14th of November.
https://www.enisa.europa.eu/news/enisa-news/save-the-date-4th-e-health-security-conference
Reddit Breach Highlights Limits of SMS-Based Authentication
Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesnt seem too severe. Whats interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.
https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/
The Year Targeted Phishing Went Mainstream
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason -- sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and
https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/
Vulnerabilities
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.The same vulnerability also exists in the Zend Feed and Diactoros libraries included in Drupal core; however, Drupal core does not use the vulnerable functionality.
https://www.drupal.org/SA-CORE-2018-005
Telegram: Passport-Dokumentenspeicher des Krypto-Messengers hat Schwachstellen
Geraten die von Telegram verwahrten Passwort-Hashes für Passport in falsche Hände, ließen sie sich leichter knacken, als man das eigentlich haben will.
http://heise.de/-4127755
Django Open Redirect Flaw in CommonMiddleware Lets Remote Users Redirect the Target Users Browser to an Arbitrary Site
On systems with django.middleware.common.CommonMiddleware and the APPEND_SLASH setting enabled and with a project that has a URL pattern that accepts any path ending in a slash, a remote user can create a URL that, when loaded by the target user, will redirect the target user's browser to an arbitrary site.
http://www.securitytracker.com/id/1041403
Security updates for Thursday
Security updates have been issued by Debian (busybox and mutt), Fedora (bibutils and wireshark), openSUSE (glibc and rsyslog), Slackware (blueman), SUSE (cups, ovmf, and polkit), and Ubuntu (bouncycastle, libmspack, and python-django).
https://lwn.net/Articles/761625/
Vuln: Symfony CVE-2018-14773 Security Bypass Vulnerability
http://www.securityfocus.com/bid/104943
Cisco AMP for Endpoints Mac Connector Software Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-fampmac
Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-wsa-xss
Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss
Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss
Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss
Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf
IBM Security Bulletin: IBM Security Identity Manager is affected by an Apache vulnerability.
http://www.ibm.com/support/docview.wss?uid=ibm10719413
IBM Security Bulletin: API Connect Developer Portal is affected by multiple PHP vulnerabilities
https://www-01.ibm.com/support/docview.wss?uid=ibm10713449
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility
https://www-01.ibm.com/support/docview.wss?uid=swg22016803
IBM Security Bulletin: IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system.(CVE-2018-1524)
https://www-01.ibm.com/support/docview.wss?uid=swg22017452
IBM Security Bulletin : Multiple vulnerabilities in IBM GSKit affect IBM Host On-Demand.
http://www.ibm.com/support/docview.wss?uid=ibm10716977
IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2017-3737, CVE-2017-3738).
https://www-01.ibm.com/support/docview.wss?uid=ibm10717007
HPESBST03857 rev.1 - HPE XP7 Command View Advanced Edition Products using JDK, Local and Remote Authentication Bypass
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us
HPESBST03859 rev.1 - HPE XP P9000 Command View Advanced Edition Software (CVAE) - Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us
HPESBST03860 rev.1 - HPE XP P9000 Command View Advanced Edition (CVAE) Software, Local and Remote Unauthorized Access to Sensitive Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03860en_us