Tageszusammenfassung - 14.08.2018

End-of-Day report

Timeframe: Montag 13-08-2018 18:00 - Dienstag 14-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Badness, Enumerated by Robots

A condensed summary of the blacklist data generated from traffic hitting bsdly.net and cooperating sites.

https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html


Brazilian banking customers targeted by IoT DNS hijacking attacks

Attackers launched a DNS hijacking campaign targeting Brazilian bank customer credentials through the end-user IoT devices.

https://www.scmagazine.com/brazilian-banking-customers-targeted-by-iot-dns-hijacking-attacks/article/788160/


CVE? Nope. NVD? Nope. Serious must-patch type flaws skipping mainstream vuln lists - report

Infosec firm fingers decentralised reporting The first half of 2018 saw a record haul of reported software vulnerabilities yet a high proportion of these won't appear in any mainstream flaw-tracking lists, researcher Risk Based Security (RBS) has claimed.

http://go.theregister.com/feed/www.theregister.co.uk/2018/08/14/record_software_vulnerabilities/


Patchday: SAP kümmert sich um seine Software

Im August hat SAP zwölf neue Sicherheitshinweise für verschiedene Anwendungen veröffentlicht.

http://heise.de/-4137050


Erpresserische E-Mail nennt Telefonnummer

Kriminelle versenden eine erpresserische E-Mail. Darin nennen sie die letzten vier Ziffern einer Telefonnummer und behaupten, dass sie über intimite Aufnahmen verfügen. Empfänger/innen sollen innerhalb von 48 Stunden 1000 US-Dollar in Bitcoins bezahlen, damit es zu keiner Veröffentlichung kommt. Konsument/innen müssen keine Reaktion zeigen.

https://www.watchlist-internet.at/news/erpresserische-e-mail-nennt-telefonnummer/

Vulnerabilities

Security Bulletins Posted

Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-20), Adobe Flash Player (APSB18-25), Adobe Experience Manager (APSB18-26) and Adobe Acrobat and Reader (APSB18-29).

https://blogs.adobe.com/psirt/?p=1594


SQL Injection, XSS & CSRF vulnerabilities in Pimcore software

Pimcore is affected by several security vulnerabilities, which can be exploited by an attacker to read data records from the database, attack other users of the web application with JavaScript code, browser exploits or Trojan horses, and perform arbitrary actions in the context of the logged-in user (CSRF).

https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/


Cisco IOS, IOS XE: Eine Schwachstelle ermöglicht das Ausspähen von Informationen

Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle in Cisco IOS und IOS XE ausnutzen, indem er einen speziell präparierten Ciphertext an ein mit IKEv1 (Internet Key Exchange Version 1) konfiguriertes Gerät sendet. Dieses Gerät reagiert fehlerhaft auf dabei auftretende Entschlüsselungsfehler, wodurch verschlüsselte Nonces ausgespäht werden können.

https://adv-archiv.dfn-cert.de/adv/2018-1591/ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce


Security updates for Tuesday

Security updates have been issued by Arch Linux (thunderbird), Debian (gdm3 and samba), openSUSE (cgit and lxc), SUSE (grafana, kafka, logstash, openstack-monasca-installer and samba), and Ubuntu (gdm3 and libarchive).

https://lwn.net/Articles/762556/


Synology-SA-18:43 MailPlus Server

A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of MailPlus Server.

https://www.synology.com/en-global/support/security/Synology_SA_18_43


Security Advisory - Multiple Vulnerabilities in IPsec IKE of Huawei Firewall Products

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180813-01-Bleichenbacher-en


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark

https://www-01.ibm.com/support/docview.wss?uid=ibm10720115


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-2783, CVE-2018-2800, CVE-2018-2790).

https://www-01.ibm.com/support/docview.wss?uid=ibm10720313


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

http://www.ibm.com/support/docview.wss?uid=ibm10718949


IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to cross-site request forgery (CVE-2018-1455)

https://www-01.ibm.com/support/docview.wss?uid=swg22016659


HPESBHF03868 rev.1 - HPE ML10 Gen9 using Intel Xeon Processor E3-1200 v5 with Intel Active Management Technology, multiple local and remote vulnerabilities

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us