[CERT-daily] Tageszusammenfassung - 29.12.2017

Fri Dec 29 18:10:45 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 28-12-2017 18:00 − Freitag 29-12-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Twenty-plus years on, SMTP callbacks are still pointless and need to die ∗∗∗
---------------------------------------------
A rarely used legacy misfeature of the main Internet email protocol
creeps back from irrelevance as a minor annoyance. You should ask your
mail and antispam provider about their approach to SMTP callbacks. Be
wary of any assertion that is not backed by evidence.Even if you are an
IT professional and run an email system, you could be forgiven for not
being immediately aware that there is such a thing as SMTP callbacks,
also referred to as callback verification. As you will see from the
Wikipedia [...]
---------------------------------------------
http://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.html


∗∗∗ Magento Sites Hacked via Helpdesk Widget ∗∗∗
---------------------------------------------
Hackers are actively targeting Magento sites running a popular helpdesk
extension, Dutch security researcher Willem de Groot has discovered.
[...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/magento-sites-hacked-via-helpdesk-widget/


∗∗∗ Hacker zeigen Lücken bei Tor-Funksteuerung auf ∗∗∗
---------------------------------------------
Wiener Sicherheitsforscher der Firma Trustworks zeigten am Chaos
Communication Congress, wie sie eine Funkfernsteuerung des deutschen
Herstellers Hörmann geknackt haben.
---------------------------------------------
https://futurezone.at/digital-life/hacker-zeigen-luecken-bei-tor-funksteuerung-auf/303.157.187


∗∗∗ Code Used in Zero Day Huawei Router Attack Made Public ∗∗∗
---------------------------------------------
Researchers warn of copycat type attacks as exploit code used in Mirai
variant goes public.
---------------------------------------------
http://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/


∗∗∗ Reverse Javascript Injection Redirects to Support Scam on WordPress ∗∗∗
---------------------------------------------
Over the last few weeks, we’ve noticed a JavaScript injection in a
number of WordPress databases, and we recently wrote about them in a
Sucuri Labs Note.  The campaign attempts to redirect visitors to a
bogus Windows support page claiming that their computers are infected
with 'riskware' and will be disabled unless they call what is an
obviously bogus support hotline.   Google and several other web
security vendors are currently blacklisting the domain; fortunately,
most [...]
---------------------------------------------
https://blog.sucuri.net/2017/12/reverse-javascript-injection-redirects-to-support-scam.html


∗∗∗ 34C3: Auch 4G-Mobilfunk ist einfach abzuhören und zu überwachen ∗∗∗
---------------------------------------------
GSM war sehr einfach zu knacken, 3G stand über das SS7-Protokoll offen
wie ein Scheunentor. Bei 4G sollte mit dem neuen Roaming- und
Abrechnungsprotokoll Diameter alles besser werden, doch viele
Angriffsflächen sind geblieben.
---------------------------------------------
https://heise.de/-3928496


∗∗∗ The State of Security in Industrial Control Systems ∗∗∗
---------------------------------------------
The main challenge for industrial control systems is that the processes
that control those systems are connected to critical infrastructure
such as power, water, gas, and transport. This means they require high
availability, and it is not easy to interrupt those systems to apply
security updates. Effects of any downtime means that it can affect
[...]
---------------------------------------------
https://www.tripwire.com/state-of-security/ics-security/state-security-industrial-control-systems/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-4074 imagemagick - security update ∗∗∗
---------------------------------------------
This update fixes several vulnerabilities in imagemagick: Various
memoryhandling problems and cases of missing or incomplete input
sanitising mayresult in denial of service, memory disclosure or the
execution ofarbitrary code if malformed image files are processed.
---------------------------------------------
https://www.debian.org/security/2017/dsa-4074


Next End-of-Day report: 2018-01-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily