End-of-Day report
Timeframe: Dienstag 21-08-2018 18:00 - Mittwoch 22-08-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
New Android Triout Malware Can Record Phone Calls, Steal Pictures
Security researchers from Bitdefender have discovered a new Android malware strain named Triout that comes equipped with intrusive spyware capabilities, such as the ability to record phone calls and steal pictures taken with the device.
https://www.bleepingcomputer.com/news/security/new-android-triout-malware-can-record-phone-calls-steal-pictures/
Unterkunft nicht bei benaco-ferienwohnungen.de buchen
Auf benaco-ferienwohunungen.de findet man günstige Unterkünfte am Gardasee. Die Inserate wurden jedoch zu betrügerischen Zwecken von echten Portalen kopiert. Die gebotenen Unterkünfte können nicht gebucht werden und Kunden werden um ihr Geld betrogen.
https://www.watchlist-internet.at/news/unterkunft-nicht-bei-benaco-ferienwohnungende-buchen/
Vulnerabilities
Bislang kein Patch: Gefährliche Sicherheitslücken im PDF/Postscript-Interpreter Ghostscript
Angreifer könnten über Schwachstellen im weit verbreiteten Ghostscript-Interpreter Schadcode ausführen. Derzeit gibt es nur einen Workaround zum Schutz.
http://heise.de/-4143153
Kritische Sicherheitslücke in Apache Struts 2 - Patches verfügbar
Es wurde eine kritische Sicherheitslücke in Apache Struts 2 gefunden, die schwerwiegende Folgen für die Sicherheit von Webservern, die dieses Framework einsetzen, haben kann.
http://www.cert.at/warnings/all/20180822.html
Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades
A vulnerability affects all versions of the OpenSSH client released in the past two decades, ever since the application was released in 1999. [...]
This bug allows a remote attacker to guess the usernames registered on an OpenSSH server.
https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-openssh-versions-released-in-the-past-two-decades/
Philips IntelliVue Information Center iX
This medical device advisory includes mitigation recommendations for a resource exhaustion vulnerability in Philips IntelliVue Information Center iX real-time central monitoring system.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01
Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows
This advisory includes mitigation recommendations for stack-based buffer overflow vulnerabilities in Yokogawas iDefine, STARDOM, ASTPLANNER, and TriFellows products.
https://ics-cert.us-cert.gov/advisories/ICSA-18-233-01
PMASA-2018-5
A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file.
Assigned CVE ids: CVE-2018-15605
https://www.phpmyadmin.net/security/PMASA-2018-5/
Adobe Photoshop CC: Zwei Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes
Zwei Schwachstellen in Adobe Photoshop CC 2017 18.1.5 und CC 2018 19.1.5 sowie den jeweils früheren Versionen für Windows und macOS ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes im Sicherheitskontext des aktiven Benutzers.
https://adv-archiv.dfn-cert.de/adv/2018-1697/
Security updates for Wednesday
Security updates have been issued by Debian (openssh and otrs2), Fedora (gifsicle, lighttpd, quazip, and samba), Red Hat (openstack-keystone), Scientific Linux (mutt), Slackware (libX11), SUSE (gtk2, ImageMagick, libcgroup, and libgit2), and Ubuntu (base-files).
https://lwn.net/Articles/763157/
IBM Security Bulletin: Vulnerabilities in GSKit affects IBM Sterling Connect:Direct for UNIX
http://www.ibm.com/support/docview.wss?uid=ibm10726077
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager
http://www.ibm.com/support/docview.wss?uid=swg22016774
IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for UNIX
https://www-01.ibm.com/support/docview.wss?uid=ibm10726081
IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in IBM WebSphere Application Server (CVE-2017-1788)
http://www.ibm.com/support/docview.wss?uid=ibm10728345
IBM Security Bulletin: IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack (CVE-2018-1739)
https://www-01.ibm.com/support/docview.wss?uid=ibm10725439
IBM Security Bulletin: IBM Security Access Manager Appliance is affected by NTP vulnerabilities (CVE-2017-6462, CVE-2017-6463, CVE-2017-6464)
http://www.ibm.com/support/docview.wss?uid=ibm10728215
IBM Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security Access Manager releases are affected by a Kerberos vulnerability (CVE-2017-11462)
http://www.ibm.com/support/docview.wss?uid=swg22015092