End-of-Day report
Timeframe: Freitag 07-09-2018 18:00 - Montag 10-09-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
VLAN Hopping and Mitigation
We'll start with a few concepts: VLAN A VLAN is used to share the physical network while creating virtual segmentations to divide specific groups. For example, a host on VLAN 1 is separated from any host on VLAN 2. Any packets sent between VLANs must go through a router or other layer 3 devices. Security is one of the many reasons network administrators configure VLANs. However, with an exploit known as VLAN Hopping, an attacker is able to bypass these security implementations.
https://www.alienvault.com/blogs/security-essentials/vlan-hopping-and-mitigation
Keybase Browser Extension Could Allow Sites to See Messages
The browser extension for the Keybase app fails to keep the end-to-end encryption promised by its desktop variant as sites could see the text being types into the chat area.
https://www.bleepingcomputer.com/news/security/keybase-browser-extension-could-allow-sites-to-see-messages/
Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall
Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since.
https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/
Knuddels.de: Millionen Nutzerdaten mit Passwörtern geleakt
Bei der deutschen Chat-Community Knuddels.de gab es ein immenses Datenleck: Die Accountdaten fast aller Nutzer standen im Netz.
https://heise.de/-4158265
Apps that steal users' browser histories kicked out of the Mac App store
Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasnt the only popular app stealing users private information.
https://www.tripwire.com/state-of-security/featured/apps-that-steal-users-browser-histories-kicked-out-of-the-mac-app-store/
Irreführende Rechnung von ITR Register
Unternehmen, die ihre Marke oder ihr Geschmacksmuster beim Amt der Europäischen Union für Geistiges Eigentum (EuIPO) registrieren, erhalten eine Rechnung von ITR Register. Sie sollen 1.380 Euro für einen Eintrag auf itr-service.com bezahlen. Die Zahlungsaufforderung von ITR Register ist ein irreführendes Vertragsangebot. Unternehmen müssen den Geldbetrag nicht bezahlen.
https://www.watchlist-internet.at/news/irrefuehrende-rechnung-von-itr-register/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (chromium-browser, curl, discount, firefox-esr, ghostscript, and openssh), Fedora (curl, firefox, ghostscript, glibc, mod_perl, thunderbird, and unixODBC), openSUSE (chromium, firefox, GraphicsMagick, nodejs4, and thunderbird), Oracle (kernel), and SUSE (java-1_7_1-ibm and kvm).
https://lwn.net/Articles/764511/
IBM Security Bulletin: WebSphere DataPower Appliances is affected by multiple issues
https://www-01.ibm.com/support/docview.wss?uid=ibm10726039
IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0732)
https://www-01.ibm.com/support/docview.wss?uid=ibm10730341
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DataPower Gateways
https://www-01.ibm.com/support/docview.wss?uid=ibm10726009
IBM Security Bulletin: WebSphere DataPower Appliances is affected by a vulnerability in OpenSSL (CVE-2018-0737)
https://www-01.ibm.com/support/docview.wss?uid=ibm10730515
IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal
https://www-01.ibm.com/support/docview.wss?uid=ibm10728351
IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affects Netezza Performance Portal
http://www.ibm.com/support/docview.wss?uid=ibm10718249
RSA BSAFE Crypto-J Crypto Timing Error Lets Remote Users Obtain Keys
http://www.securitytracker.com/id/1041615
RSA BSAFE SSL-J Crypto Timing and Memory Access Errors Let Remote or Physically Local Users Obtain Keys
http://www.securitytracker.com/id/1041614
QNAP Storage Devices PHP Buffer Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1041607