Tageszusammenfassung - 16.08.2018

End-of-Day report

Timeframe: Dienstag 14-08-2018 18:00 - Donnerstag 16-08-2018 18:00 Handler: Stephan Richter Co-Handler: n/a

News

VORACLE Attack Can Recover HTTP Data From VPN Connections

A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions. [...]

https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.

https://threatpost.com/microsoft-flaw-allows-full-multi-factor-authentication-bypass/135086/

Linux: Kernel und Distributionen schützen vor Prozessorlücke Foreshadow/L1TF

Mit neuen Kernel-Updates kann man sich vor den als Foreshadow oder L1TF genannten Prozessorlücken schützen, die viele moderne Intel-Prozessoren betreffen.

http://heise.de/-4137264

Patchday Microsoft: Angreifer attackieren Internet Explorer

In diesem Monat veröffentlicht Microsoft Sicherheitsupdates für 60 Lücken in Windows & Co. Zwei Schwachstellen sind derzeit im Fokus von Angreifern.

http://heise.de/-4137351 https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/

August 2018 Office Update Release

The August 2018 Public Update releases for Office are now available! This month, there are 23 security updates and 23 non-security updates. All of the security and non-security updates are listed in KB article 4346823. A new version of Office 2013 Click-To-Run is available: 15.0.5059.1000 A new version of Office 2010 Click-To-Run is available: 14.0.7212.5000

https://blogs.technet.microsoft.com/office_sustained_engineering/2018/08/14/august-2018-office-update-release/

Betrügerische E-Mail der Internet Domain Services Austria (IDSA)

Selbstständige, Vereine und Unternehmen erhalten von den Internet Domain Services Austria (IDSA) eine E-Mail. Sie sollen 197,50 Euro an idsa.at zahlen, damit Fremde keine Domain registrieren, die ihrer ähnelt. Empfänger/innen können die Nachricht ignorieren, denn ihr Inhalt ist betrügerisch und erfunden. Ebenso wenig gibt es die Internet Domain Services Austria.

https://www.watchlist-internet.at/news/betruegerische-e-mail-der-internet-domain-services-austria-idsa/

Pfändungstermine wegen Urheberrechtsverletzung ignorieren

KonsumentInnen erhalten von der ADVOKAT RECHTSANWALT AG eine Nachricht, in der ein Pfändungstermin wegen nicht Bezahlens einer Abmahnung zu einer Urheberrechtsverletzung genannt wird. Grund sei das illegale Streamen von Filmen auf kinox.to. KonsumentInnen müssen die 426,55 Euro nicht bezahlen und die angedrohte Pfändung findet nie statt.

https://www.watchlist-internet.at/news/pfaendungstermine-wegen-urheberrechtsverletzung-ignorieren/

Vulnerabilities

Philips IntelliSpace Cardiovascular Vulnerabilities

This medical advisory includes mitigation recommendations for improper privilege management and unquoted search path vulnerabilities in Philips IntelliSpace Cardiovascular (ISCV) software.

https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01

File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056

Project: File (Field) PathsDate: 2018-August-15Security risk: Critical 15-25 AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: This module enables you to automatically sort and rename your uploaded files using token based replacement patterns to maintain a nice clean filesystem.The module doesnt sufficiently sanitize the path while a new file is uploading, allowing a remote attacker to execute arbitrary PHP code.

https://www.drupal.org/sa-contrib-2018-056

VMSA-2018-0020

VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.

https://www.vmware.com/security/advisories/VMSA-2018-0020.html

VMSA-2018-0021

Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.

https://www.vmware.com/security/advisories/VMSA-2018-0021.html

Security updates for Wednesday

Security updates have been issued by CentOS (kernel), Debian (kernel, linux-4.9, postgresql-9.4, and ruby-zip), Fedora (cgit, firefox, knot-resolver, mingw-LibRaw, php-symfony, php-symfony3, php-symfony4, php-zendframework-zend-diactoros, php-zendframework-zend-feed, php-zendframework-zend-http, python2-django1.11, quazip, sox, and thunderbird-enigmail), openSUSE (python-Django and seamonkey), Oracle (kernel), Red Hat (kernel, kernel-rt, and redhat-virtualization-host), Scientific Linux [...]

https://lwn.net/Articles/762706/

Security updates for Thursday

Security updates have been issued by Debian (fuse), Fedora (cri-o, gdm, kernel-headers, postgresql, units, and wpa_supplicant), Mageia (iceaepe, kernel-linus, kernel-tmb, and libtomcrypt), openSUSE (aubio, libheimdal, nemo-extensions, and python-Django1), Red Hat (flash-plugin), SUSE (apache2, kernel, php7, qemu, samba, and ucode-intel), and Ubuntu (gnupg).

https://lwn.net/Articles/762804/

ZDI-18-939: Foxit Reader PDF File Parsing Type Confusion Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-18-939/

Security Notice - Statement About the Side Channel Vulnerability "L1TF" of Chips

http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180815-01-cpu-en

VMSA-2018-0022

https://www.vmware.com/security/advisories/VMSA-2018-0022.html

VMSA-2018-0019.1

https://www.vmware.com/security/advisories/VMSA-2018-0019.html

HPESBHF03874 rev.1 - Certain HPE Products using Intel-based Processors, L1 Terminal Fault (L1TF) Speculative Side-channel Vulnerabilities, Local Disclosure of Information

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

HPESBHF03875 rev.1 - HPE Integrated Lights Out 4 and 5, (iLO 4, 5), Remote Denial of Service

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03875en_us