[CERT-daily] Tageszusammenfassung - 15.02.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-02-2019 18:00 − Freitag 15-02-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Cryptojacking Coinhive Miners Land on the Microsoft Store For the First Time ∗∗∗
---------------------------------------------
A batch of eight potentially unwanted applications (PUAs) were found on the Microsoft Store dropping malicious Monero (XMR) Coinhive cryptomining scripts, delivered with the help of Googles legitimate Google Tag Manager (GTM) library.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cryptojacking-coinhive-miners-land-on-the-microsoft-store-for-the-first-time/


∗∗∗ Demystifying the crypter used in Emotet, Qbot, and Dridex ∗∗∗
---------------------------------------------
A crypter is software that can encrypt, obfuscate, and manipulate malware to make it harder to detect by security programs. The Zscaler ThreatLabZ research team recently spotted a common crypter being used in the recent Emotet, Qbot, and Dridex campaigns. This same crypter was observed in some of the Ursnif and BitPaymer campaigns as well.
---------------------------------------------
https://www.zscaler.com/blogs/research/demystifying-crypter-used-emotet-qbot-and-dridex


∗∗∗ Many ICS Vulnerability Advisories Contain Errors: Report ∗∗∗
---------------------------------------------
Roughly one-third of the ICS-specific vulnerability advisories published in 2018 contained basic factual errors, including when describing and rating the severity of a flaw, according to the 2018 Year in Review report published on Thursday by industrial cybersecurity firm Dragos.
---------------------------------------------
https://www.securityweek.com/many-ics-vulnerability-advisories-contain-errors-report


∗∗∗ Facebook Login Phishing Campaign ∗∗∗
---------------------------------------------
A falsely reported bug in the Myki Auto-Fill functionality led us to discover a phishing campaign that even the most vigilant users could fall for.
---------------------------------------------
https://myki.com/blog/facebook-login-phishing-campaign/


∗∗∗ Sicherheitsupdate schließt Angriffspunkte in Thunderbird ∗∗∗
---------------------------------------------
Schwachstellen in der Grafik-Bibliothek Skia gefährden Thunderbird. Die aktuelle Version ist abgesichert.
---------------------------------------------
http://heise.de/-4310283


∗∗∗ Dirty Sock: Canonical schließt Sicherheitslücke in Paketverwaltung Snap ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in Canonicals Paketverwaltung Snap ermöglichte normalen Benutzern Root-Rechte. Eine abgesicherte Version ist mittlerweile verfügbar.
---------------------------------------------
http://heise.de/-4309424


∗∗∗ Vulnerabilities Patched in WP Cost Estimation Plugin ∗∗∗
---------------------------------------------
At the end of January, Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of the commercial plugin WP Cost Estimation & Payment Forms Builder, or WP Cost Estimation for short. These flaws were found and patched by the developer a few months ago, but no official public disclosure was made at the time.
---------------------------------------------
https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/


∗∗∗ Oracle MAF store bypass, a how-to ∗∗∗
---------------------------------------------
On a recent assignment I was asked to look at the security of a cloud-based solution for expenses, the Oracle® ExpensesCloud with Fusion applications. It was being used for employees to create/save/edit/submit claims to the employer. TL;DR Having default hardcoded credentials allows an attacker effortless compromise of the credentialed action.
---------------------------------------------
https://www.pentestpartners.com/security-blog/oracle-maf-store-bypass-a-how-to/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and unbound), Fedora (docker, libexif, and runc), openSUSE (mozilla-nss, python, rmt-server, and thunderbird), Slackware (mozilla), and SUSE (couchdb, dovecot23, kvm, nodejs6, php53, podofo, python-PyKMIP, rubygem-loofah, util-linux, and velum).
---------------------------------------------
https://lwn.net/Articles/779933/


∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weaker-than-expected-security-in-websphere-application-server-with-sp800-131-transition-mode-cve-2018-1996/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility/


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Java vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-a-java-vulnerability/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-were-identified-in-node-js-that-affect-ibm-cloud-app-management-v2018/


∗∗∗ Linux kernel vulnerability CVE-2018-15594 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K26301924


∗∗∗ Schwachstelle in gpsd und microjson erlaubt Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0144

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily