End-of-Day report
Timeframe: Dienstag 07-08-2018 18:00 - Mittwoch 08-08-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Update Mechanism Flaws Allow Remote Attacks on UEFI Firmware
The glitch stems from a functionality intended to allow updates to the UEFI firmware.
https://threatpost.com/update-mechanism-flaws-allow-remote-attacks-on-uefi-firmware/134785/
Cookie Consent Script Used to Distribute Malware
Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU General Data Protection Regulation (GDPR). Even though cookie usage is mentioned only once in GDPR, any organization utilizing them to track users' browsing activity have had to add a warning about how they are using them and ask for the user consent.
https://blog.sucuri.net/2018/08/cookie-consent-script-used-to-distribute-malware.html
IT-Grundschutz: Neuer Online-Kurs veröffentlicht
Ein neues Online-Angebot für den modernisierten IT-Grundschutz erleichtert Anwendern den Einstieg in die Umsetzung der IT-Grundschutz-Methodik. Basierend auf dem IT-Grundschutz-Kompendium und den BSI-Standards 200-1,-2 und -3 führt die vom Bundesamt für Sicherheit in der Informationstechnik (BSI) entwickelte und veröffentlichte Web-Schulung die Anwender in unterschiedlichen Lektionen durch die IT-Grundschutz-Vorgehensweise.
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/IT-Grundschutz_Neuer_Online-Kurs_08082018.html
PayPal-Betrug mit eigener E-Mailadrese
Konsument/innen erhalten von PayPal eine Benachrichtigung darüber, dass sie ihre E-Mailadresse für die Eröffnung eines Kontos bestätigen sollen. Das Konto haben Kriminelle eröffnet. Sie kaufen mit der fremden E-Mailadresse und erfundenen Daten ein. Die Rechnungen und Mahnungen dafür erhalten die Opfer. Diese müssen die offenen PayPal-Forderungen nicht bezahlen.
https://www.watchlist-internet.at/news/paypal-betrug-mit-eigener-e-mailadrese/
Vulnerabilities
Medtronic MyCareLink 24950 Patient Monitor
This medical device advisory includes mitigation recommendations for insufficient verification of data authenticity and storing passwords in a recoverable format vulnerabilities in the Medtronic MyCareLink 24950 Patient Monitor.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01
Medtronic MiniMed 508 Insulin Pump
This medical device advisory includes mitigation recommendations for cleartext transmission of sensitive information and authentication bypass by capture-replay vulnerabilities in the Medtronic MiniMed 508 Insulin Pump.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
Delta Electronics CNCSoft and ScreenEditor
This advisory includes mitigation recommendations for stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics CNCSoft and ScreenEditor software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01
What Do I Need To Know about "SegmentSmack", (Wed, Aug 8th)
"SegmentSmack" is yet another branded vulnerability, also known as CVE-2018-5390. It hit the "news" yesterday. Succesful exploitation may lead to a denial of service against a targeted system. At this point, not a lot is known about this vulnerability. But here are some highlights: [...]
https://isc.sans.edu/forums/diary/What+Do+I+Need+To+Know+about+SegmentSmack/23964/
HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution
Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.
https://support.hp.com/us-en/document/c06097712
Android Security Bulletin - August 2018
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-08-05 or later address all of these issues. [...] The most severe of these issues is a critical vulnerability that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
https://source.android.com/security/bulletin/2018-08-01
2018-08 Out of Cycle Security Bulletin: Junos platforms vulnerable to SegmentSmack attack [VU#962459]
[...] Crafted sequences of TCP/IP packets may allow a remote attacker to create a denial of service (DoS) condition on routing engines (REs) running Junos OS. The attack requires a successfully established two-way TCP connection to an open port. The rate of attack traffic is lower than typical thresholds for built-in Junos OS distributed denial-of-service (DDoS) protection, so additional configuration is required to defend against these issues on affected platforms.
https://kb.juniper.net/InfoCenter/index/content&id=JSA10876
VMSA-2018-0019
Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
https://www.vmware.com/security/advisories/VMSA-2018-0019.html
Security updates for Tuesday
Security updates have been issued by Debian (kernel), Fedora (ceph, exiv2, myrepos, and seamonkey), openSUSE (libofx and znc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (clamav, kernel, and rubygem-sprockets-2_12), and Ubuntu (gnupg, lftp, libxcursor, linux-hwe, linux-azure, linux-gcp, linux-raspi2, and lxc).
https://lwn.net/Articles/762022/
Security updates for Wednesday
Security updates have been issued by Debian (slurm-llnl), Fedora (libmspack), openSUSE (cups, kernel, kernel-firmware, libcgroup, and ovmf), Oracle (kernel), and SUSE (cups, enigmail, libcdio, and pidgin).
https://lwn.net/Articles/762098/
eDirectory 9.1.1 Hot Patch 1
https://download.novell.com/Download?buildid=vP3nS-Hctkk~
IBM Security Bulletin: Security vulnerabilities in IBM® SDK for Node.js- affect IBM® SDK for Node.js- in IBM Cloud (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160)
http://www.ibm.com/support/docview.wss?uid=swg22011860
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction
https://www-01.ibm.com/support/docview.wss?uid=ibm10718421
HPESBHF03850 rev.3 - HPE -ProLiant, -Synergy, -and -Moonshot -Systems: Local Disclosure of Information, CVE-2018-3639 - Speculative Store Bypass and CVE-2018-3640 - Rogue System Register Read
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006
https://webkitgtk.org/security/WSA-2018-0006.html