[CERT-daily] Tageszusammenfassung - 10.01.2019

Daily end-of-shift report team at cert.at
Thu Jan 10 18:28:15 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 09-01-2019 18:00 − Donnerstag 10-01-2019 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ WordPress-Related Vulnerabilities Tripled in 2018 ∗∗∗
---------------------------------------------
WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/wordpress-related-vulnerabilities-tripled-in-2018/


∗∗∗ Global DNS Hijacking Campaign: DNS Record Manipulation at Scale ∗∗∗
---------------------------------------------
Introduction FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html


∗∗∗ North Korea APT(?) and recent Ryuk Ransomware attacks ∗∗∗
---------------------------------------------
Our Threat Intelligence team has been tracking the Emotet botnet throughout 2018. In our previous post we reported a large scale Emotet campaign focused on e-mail content exfiltration.Today, we review the evidence gathered from our Telltale Threat Intelligence Service, which suggests the involvement of Emotet as the delivery mechanism for the latest wave of Ryuk ransomware attacks being dubbed as North Korean state-sponsored cyber-attacks.The evidence from the dataset completes the missing
---------------------------------------------
https://blog.kryptoslogic.com/malware/2019/01/10/dprk-emotet.html


∗∗∗ E-Mail von mir selbst-erklärt ∗∗∗
---------------------------------------------
Sie erhalten vermeintlich von sich selbst eine E-Mail und fragen sich, wie das möglich ist? Die Antwort darauf ist, dass Kriminelle eine E-Mail so verändern können, dass die Absender/innen- mit der Empfänger/innen-Adresse ident ist. Das bedeutet jedoch nicht, dass Unbekannte Zugriff auf Ihr Konto haben und über dieses betrügerische Nachrichten an Sie versenden.
---------------------------------------------
https://www.watchlist-internet.at/news/erklaerung-fuer-e-mail-von-mir-selbst/


∗∗∗ Gehälter durch Datenklau bei Wohnungssuche gestohlen! ∗∗∗
---------------------------------------------
Konsument/innen, die auf Mietwohnungssuche sind, stoßen mitunter auf gefälschte Wohnungsinserate. Bei Interesse an einer Immobilie senden sie, wie üblich, ihre Gehaltsabrechnungen der letzten Monate an die angeblichen Vermieter/innen. Kriminelle nutzen die Daten, um die Arbeitgeber/innen der Wohnungssuchenden über einen Kontowechsel zu informieren und Gehälter abzuzweigen!
---------------------------------------------
https://www.watchlist-internet.at/news/gehaelter-durch-datenklau-bei-wohnungssuche-gestohlen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001 ∗∗∗
---------------------------------------------
Description: This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unused function.
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-001


∗∗∗ Sicherheitslücken mit Höchstwertung in Juniper ATP ∗∗∗
---------------------------------------------
Angreifer könnten mit vergleichsweise wenig Aufwand die volle Kontrolle über das Schutzprodukt Advanced Threat Prevention (ATP) übernehmen. Darüber hinaus sind verschiedene Versionen des Betriebssystems Junos OS und die Management-Plattform für Netzwerke Junos Space angreifbar.
Zwei Lücken (CVE-2019-0022, CVE-2019-0025) sind mit dem höchstmöglichen CVSS 3 Score 10 von 10 eingestuft.
---------------------------------------------
http://heise.de/-4271009


∗∗∗ Multiple Vulnerabilities in Cisco VOIP Phones, e.g. models 88XX ∗∗∗
---------------------------------------------
SEC Consult was able to identify a JavaScript like code injection in the Cisco VoIP Phone 8800 Series via the built-in T9 keyboard. Moreover, multiple outdated libraries and hard coded credentials got identified by conducting a static firmware analysis using the IoT Inspector platform. Patches are already available by Cisco.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/vulnerabilities-in-cisco-voip-phones-cve-2018-0461/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libcaca), Fedora (beep and libgxps), Mageia (krb5, live, ffmpeg, mplayer, and vlc, and mbedtls), SUSE (helm-mirror, java-1_7_0-openjdk, and systemd), and Ubuntu (nss and python-django).
---------------------------------------------
https://lwn.net/Articles/776397/


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-a-publicly-disclosed-vulnerability-from-oracle-mysql-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list