End-of-Day report
Timeframe: Donnerstag 20-09-2018 18:00 - Freitag 21-09-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
News
Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist
Servers and storage disks filled with millions of unencrypted confidential records of employees, customers ..
https://www.bleepingcomputer.com/news/security/unwiped-drives-and-servers-from-ncix-retailer-for-sale-on-craigslist/
Pre-Pwned AMI Images in Amazons AWS public instance store, (Fri, Sep 21st)
I keep getting reports about AMI images in Amazon&#;x26;#;39;s AWS, which come "pre-pwned." These images ..
https://isc.sans.edu/diary/rss/24126
AES Resulted in a $250-Billion Economic Benefit
NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the ..
https://www.schneier.com/blog/archives/2018/09/aes_resulted_in.html
DanaBot shifts its targeting to Europe, adds new features
Recently, we have spotted a surge in activity of DanaBot, a stealthy banking Trojan discovered earlier this year. The malware, first observed in campaigns targeting Australia and later Poland, has apparently ..
https://www.welivesecurity.com/2018/09/21/danabot-targeting-europe-adds-new-features/
Cyber - USA und Großbritannien rüsten im Cyberspace auf
Größerer Fokus auf eigene Offensiven gegen Angreifer von außen
https://derstandard.at/2000087842532/USA-und-Grossbritannien-ruesten-im-Cyberspace-auf
Vulnerabilities
Tec4Data SmartCooler
This advisory includes mitigations for a missing authentication for critical function vulnerability in Tec4Datas SmartCooler, a cooling appliance.
https://ics-cert.us-cert.gov/advisories/ICSA-18-263-01
Rockwell Automation RSLinx Classic
This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and resource exhaustion vulnerabilities in Rockwell Automation-s RSLinx Classic.
https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02
Security Advisory 2018-05: Security Update for OTRS Framework
https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
Security Advisory 2018-04: Security Update for OTRS Framework
https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/
Vuln: Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/105376
Wireshark Bugs in Multiple Dissectors Let Remote Users Cause the Application to Crash or Consume Excessive CPU Resources
http://www.securitytracker.com/id/1041608
MediaWiki Multiple Flaws Let Remote Authenticated Users Bypass Security Restrictions and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1041695
Asterisk Stack Overflow in HTTP Websocket Upgrade Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1041694
RSA Authentication Manager Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1041697
HPESBST03881 rev.1 - HPE Command View Advanced Edition (CVAE), Local and Remote Access Restriction Bypass
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us
HPESBST03879 rev.1 - HPE StorageWorks XP7 Automation Director (AutoDir), Local and Remote Authentication Bypass
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us
HPESBST03882 rev.1 - HPE Command View Advance Edition (CVAE) using JDK, Local and Remote Authentication Bypass
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us