End-of-Day report
Timeframe: Dienstag 04-09-2018 18:00 - Mittwoch 05-09-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Verschlüsselung: NSA-Chiffre Speck fliegt aus dem Linux-Kernel
Mit der NSA-Chiffre Speck wollte Google ursprünglich den Speicher von Low-End-Android-Smartphones verschlüsseln, doch nun hat das Unternehmen seine Unterstützung dafür zurückgezogen. Die umstrittene Verschlüsselung wird deshalb wieder aus dem Linux-Kernel entfernt. (Linux-Kernel, Verschlüsselung)
https://www.golem.de/news/verschluesselung-nsa-chiffre-speck-fliegt-aus-dem-linux-kernel-1809-136402-rss.html
Multiple Remote Code-Execution Flaws Patched in Opsview Monitor
Five flaws were disclosed Tuesday in monitoring software Opsview Monitor.
https://threatpost.com/multiple-remote-code-execution-flaws-patched-in-opsview-monitor/137170/
WordPress Database Upgrade Phishing Campaign
We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this: The email-s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content is the deadline.
https://blog.sucuri.net/2018/09/wordpress-database-upgrade-phishing-campaign.html
PowerPool malware exploits ALPC LPE zero-day vulnerability
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Lets Trade: You Read My Email, Ill Read Your Password!
Its been a while, but my last few posts have been on password spraying, which is great approach if your customer has an userid / password interface that faces the internet. I also ran a walk-through on using responder and LLMNR. But what if you are on the outside, and your customer is wise enough to front all of those interfaces with two-factor authentication, or mutual certificate authentication?
https://isc.sans.edu/forums/diary/Lets+Trade+You+Read+My+Email+Ill+Read+Your+Password/24062/
Vulnerabilities
VU#598349: Problems with automatic DNS registration and autodiscovery
Problems with automatic DNS registration and autodiscovery. If an attacker with access to the network adds a malicious device to the network with the name WPAD, such an attacker may be able to utilize DNS autoregistration and autodiscovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and [...]
http://www.kb.cert.org/vuls/id/598349
Opto22 PAC Control Basic and PAC Control Professional
This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in Opto22s PAC Control software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01
Android Security Bulletin - September 2018
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
https://source.android.com/security/bulletin/2018-09-01
(0Day) Cisco WebEx Network Recording Player Improper Access Control Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Cisco WebEx Network Recording Player. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
https://www.zerodayinitiative.com/advisories/ZDI-18-998/
Remote Code Execution Vulnerabilities in WECON LeviStudioU
http://www.zerodayinitiative.com/advisories/ZDI-18-989/
http://www.zerodayinitiative.com/advisories/ZDI-18-990/
http://www.zerodayinitiative.com/advisories/ZDI-18-991/
http://www.zerodayinitiative.com/advisories/ZDI-18-992/
http://www.zerodayinitiative.com/advisories/ZDI-18-993/
http://www.zerodayinitiative.com/advisories/ZDI-18-994/
http://www.zerodayinitiative.com/advisories/ZDI-18-995/
http://www.zerodayinitiative.com/advisories/ZDI-18-996/
http://www.zerodayinitiative.com/advisories/ZDI-18-997/
Security updates for Wednesday
Security updates have been issued by Debian (lcms2), openSUSE (yubico-piv-tool), Oracle (kernel), and SUSE (cobbler and kvm).
https://lwn.net/Articles/764182/
Synology-SA-18:52 Android Moments
A vulnerability allows man-in-the-middle attackers to execute arbitrary code via a susceptible version of Android Moments.
https://www.synology.com/en-global/support/security/Synology_SA_18_52
Red Hat Gluster Storage Wed Administration, tendrl-api: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen
https://adv-archiv.dfn-cert.de/adv/2018-1790/
Red Hat Virtualization: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes
https://adv-archiv.dfn-cert.de/adv/2018-1798/
cURL: Eine Schwachstelle ermöglicht u. a. einen Denial-of-Service-Angriff
https://adv-archiv.dfn-cert.de/adv/2018-1796/
IBM Security Bulletins
https://www.ibm.com/blogs/psirt/
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-01-frpbypass-en
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-01-smartphone-en
Python vulnerability CVE-2014-9365
https://support.f5.com/csp/article/K11068141
HPESBST03884 rev.1 - HPE ConvergedSystem 700 Solutions Using HPE 3PAR Service Processor, Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us