End-of-Day report
Timeframe: Montag 17-09-2018 18:00 - Dienstag 18-09-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Public Shaming of Companies for Bad Security
Troy Hunt makes some good points, with good examples.
https://www.schneier.com/blog/archives/2018/09/public_shaming_.html
New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms Security researchers at Palo Alto Networks have ..
https://securityaffairs.co/wordpress/76305/malware/xbash-malware.html
Extended Validation Certificates are Dead
Thats it - Im calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from ..
https://www.troyhunt.com/extended-validation-certificates-are-dead/
Vulnerabilities
Security Advisory: CVE-2018-13982: Smarty 3.1.32 or below Trusted-Directory Bypass via Path Traversal
Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security restriction and read arbitrary files. Full security advisory
https://www.sba-research.org/2018/09/18/security-advisory-cve-2018-13982-smarty-3-1-32-or-below-trusted-directory-bypass-via-path-traversal/
VMSA-2018-0015.1
VMware AirWatch Agent updates resolve remote code execution vulnerability.
https://www.vmware.com/security/advisories/VMSA-2018-0015.html
iOS 12 is out today - Updates for Safari, watchOS, tvOS, iOS. Full details here https://support.apple.com/en-ca/HT201222, (Tue, Sep 18th)
https://isc.sans.edu/diary/rss/24112
IBM Security Bulletin: IBM Connections Security Refresh for Apache Struts Remote Code Execution (RCE) Vulnerability (CVE-2018-11776)
http://www.ibm.com/support/docview.wss?uid=ibm10731343
IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0739)
https://www-01.ibm.com/support/docview.wss?uid=ibm10725849
Remote Code Execution in Moodle
https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/