[CERT-daily] Tageszusammenfassung - 27.11.2018

Tue Nov 27 18:06:25 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 26-11-2018 18:00 − Dienstag 27-11-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor ∗∗∗
---------------------------------------------
BLADABINDI, also known as njRAT/Njw0rm, is a remote access tool (RAT) with a myriad of backdoor capabilities - from keylogging to carrying out distributed denial of service (DDoS) — and has been rehashed and reused in various cyberespionage campaigns since it first emerged. Indeed, BLADABINDI's customizability and seeming availability in the underground make it a prevalent threat.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/


∗∗∗ NPM-Paket EventStream mit Bitcoin-Miner infiziert ∗∗∗
---------------------------------------------
In die Code-Bibliothek EventStream hat sich Schadcode eingeschlichen, der das Bitcoin Wallet Copay für Angreifer öffnet.
---------------------------------------------
http://heise.de/-4233171


∗∗∗ Lux-Codex nicht bestellen! ∗∗∗
---------------------------------------------
Auf lux-codex.com und wideally.com wird Ihnen der Lux-Codex - eine LED-Lampe in ausgefallenem Design - angeboten. Sie sollten hier nicht bestellen, denn Konsument/innen berichten uns von ausbleibender Lieferung trotz erfolgter Bezahlung!
---------------------------------------------
https://www.watchlist-internet.at/news/lux-codex-nicht-bestellen/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection


∗∗∗ SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the current firmware version V2.6.0 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP. These GNU/Linux vulnerabilities have been externally identified and will be fixed with the next firmware version.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gnuplot and samba), Fedora (flatpak, kernel-headers, kernel-tools, mariadb-connector-c, php-PHPMailer, php-phpmailer6, and xml-security-c), Gentoo (binutils, libav, mupdf, spice-gtk, strongswan, and tablib), Mageia (libpng(12), mariadb, and openssl), Oracle (ghostscript), Red Hat (.NET Core, ghostscript, java-1.7.1-ibm, kernel, kernel-alt, kernel-rt, NetworkManager, rh-nginx112-nginx, rh-nginx114-nginx, and sos-collector), Scientific Linux [...]
---------------------------------------------
https://lwn.net/Articles/773100/


∗∗∗ Vuln: Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106019


∗∗∗ Vuln: TIBCO Statistica Server CVE-2018-18807 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106021


∗∗∗ ZDI-18-1362: (ODay) Juuko DATA Packet Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1362/


∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-3139 and CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-identified-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-cve-2018-3139-and-cve-201/


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-liberty-for-java-for-ibm-cloud-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux – July 2018 Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-developer-for-i-and-rational-developer-for-aix-and-linux-july-2018-security-bulletin/


∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-for-ibm-elastic-storage-server-is-affected-by-a-vulnerability-which-could-allow-an-unprivileged-authenticated-user-with-access-to-a-gpfs-node-to-read-arbitra/


∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross site scripting (CVE-2018-1584) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2018-1584/


∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1123

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily