End-of-Day report
Timeframe: Dienstag 28-08-2018 18:00 - Mittwoch 29-08-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week.
https://www.bleepingcomputer.com/news/security/active-attacks-detected-using-apache-struts-vulnerability-cve-2018-11776/
OpenSSH Versions Since 2011 Vulnerable to Oracle Attack
OpenSSH continues to be vulnerable to oracle attacks, and the issue affects all versions of the suite since September 2011. Developers fixed a similar bug less than a week ago.
https://www.bleepingcomputer.com/news/security/openssh-versions-since-2011-vulnerable-to-oracle-attack/
Loki Bot: On a hunt for corporate passwords
Starting in early July, we have seen malicious spam activity that has targeted corporate mailboxes. Messages ..
https://securelist.com/loki-bot-stealing-corporate-passwords/87595/
3D Printers in The Wild, What Can Go Wrong?, (Wed, Aug 29th)
Richard wrote a quick diary yesterday about an interesting information that we received from one of our readers. It&#;x26;#;39;s about a huge amount of OctoPrint interfaces that are publicly facing the Internet. Octoprint[1] is a web interface for ..
https://isc.sans.edu/diary/rss/24044
PHP-Paket-Repository Packagist.org war für Schadcode anfällig
In der Webseite Packagist.org klaffte eine gefährliche Sicherheitslücke. Angreifer hätten mit vergleichsweise wenig Aufwand Schadcode ausführen können.
http://heise.de/-4149216
Vulnerabilities
DSA-4281 tomcat8 - security update
Several issues were discovered in the Tomcat servlet and JSPengine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.
https://www.debian.org/security/2018/dsa-4281
Cisco Data Center Network Manager Path Traversal Vulnerability
A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system.The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending ..
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal