[CERT-daily] Tageszusammenfassung - 25.10.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 24-10-2018 18:00 − Donnerstag 25-10-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting ∗∗∗
---------------------------------------------
The sLoad downloader is an example of the stealthy, smart malware trend.
---------------------------------------------
https://threatpost.com/sload-banking-trojan-downloader-displays-sophisticated-recon-and-targeting/138542/


∗∗∗ Magecart Cybergang Targets 0days in Third-Party Magento Extensions ∗∗∗
---------------------------------------------
Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign.
---------------------------------------------
https://threatpost.com/magecart-cybergang-targets-0days-in-third-party-magento-extensions/138547/


∗∗∗ BSI-Mindeststandard zur Protokollierung und Detektion von Cyber-Angriffen ∗∗∗
---------------------------------------------
Cyber-Angriffe auf die IT-Systeme der Bundesverwaltung finden täglich statt. Neben ungezielten Massenangriffen sind die Netze des Bundes auch gezielten Angriffskampagnen ausgesetzt. Um die Detektion von Cyber-Angriffen zu verbessern, hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) einen Mindeststandard zur Protokollierung und der darauf basierenden Erkennung von Cyber-Angriffen definiert.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Mindeststandard_Detektion_25102018.html


∗∗∗ EU-Kommission will Zertifizierung für sichere Internetgeräte schaffen ∗∗∗
---------------------------------------------
Die EU arbeitet an einer Verordnung zur Sicherheitszertifizierung, die insbesondere die Geräte im Internet of Things in den Blick nimmt.
---------------------------------------------
http://heise.de/-4202642


∗∗∗ Sicherheitsupdate: Gefährliche Lücke in Cisco Webex Meetings ∗∗∗
---------------------------------------------
Angreifer könnten den Update-Mechanismus von Webex missbrauchen, um eigenen Code auszuführen. Ein Sicherheitsupdate schließt die Schwachstelle.
---------------------------------------------
http://heise.de/-4202886


∗∗∗ Gandcrab: Aktualisiertes Entschlüsselungstool für Erpressungstrojaner ∗∗∗
---------------------------------------------
Opfer der Ransomware Gandcrab in den Versionen 1, 4 und 5 können ihre Daten nun kostenlos entschlüsseln.
---------------------------------------------
http://heise.de/-4203283


∗∗∗ Sextortion emails: They're probably not watching you ∗∗∗
---------------------------------------------
Yes, those sextortion email scams using old passwords are still making the rounds. How can you spot a real sextortion attempt from an empty threat? And when should you report to authorities? Read on to find out.
---------------------------------------------
https://blog.malwarebytes.com/101/2018/10/sextortion-emails-theyre-probably-not-watching/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection


∗∗∗ Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled ∗∗∗
---------------------------------------------
When running HVM guests, virtual extensions are enabled in hardware because Xen is using them. As a result, a guest can blindly execute the virtualisation instructions, and will exit to Xen for processing.
---------------------------------------------
https://lists.xenproject.org/archives/html/xen-announce/2018-10/msg00000.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (389-ds-base, clamav, firefox-esr, and mosquitto), openSUSE (Chromium and firefox), Oracle (firefox and kernel), Red Hat (chromium-browser, firefox, java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), SUSE (dom4j, exempi, mercurial, ntp, python-cryptography, tiff, tomcat, and webkit2gtk3), and Ubuntu (audiofile and firefox).
---------------------------------------------
https://lwn.net/Articles/769529/


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2018-15473) Security Bulletin ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10733751


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Image for Red Hat Linux Systems on IBM PureApplication ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728607


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10732846


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Admin Console affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1770, CVE-2018-1777) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10737065


∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=ibm10735863


∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728649


∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by multiple GSKit vulnerabilities in GPFS ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10734249


∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by multiple vulnerabilities in GSKit ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016890


∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow some server-side code injection (CVE-2018-1808) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10735905


∗∗∗ Reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K41704442


Next End-of-Day report: 2018-10-29

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily