[CERT-daily] Tageszusammenfassung - 30.01.2019
Daily end-of-shift report
team at cert.at
Wed Jan 30 18:17:02 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 29-01-2019 18:00 − Mittwoch 30-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ New LockerGoga Ransomware Allegedly Used in Altran Attack ∗∗∗
---------------------------------------------
Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/
∗∗∗ Z1: Zahnarztsoftware installiert lückenhaften Adobe Reader ∗∗∗
---------------------------------------------
Eine Verwaltungssoftware für Zahnarztpraxen installiert beim Update automatisch einen Adobe Reader in einer sehr alten Version, der zahlreiche bekannte Sicherheitslücken hat. Der Hersteller meint, das Problem behoben zu haben, das stimmt aber offenbar nicht. (Adobe Reader, PDF)
---------------------------------------------
https://www.golem.de/news/z1-zahnarztsoftware-installiert-lueckenhaften-adobe-reader-1901-139049-rss.html
∗∗∗ CTF Writeup: Complex Drupal POP Chain ∗∗∗
---------------------------------------------
A recent Capture-The-Flag tournament hosted by Insomnihack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.
---------------------------------------------
https://blog.ripstech.com/2019/complex-drupal-pop-chain/
∗∗∗ Geldverlust und Datendiebstahl statt Traum-Immobilie! ∗∗∗
---------------------------------------------
Kriminelle inserieren günstige Miet- und Eigentumswohnungen, Häuser und Grundstücke auf bekannten Immobilienplattformen. Konsument/innen werden darüber informiert, dass eine Besichtigung über ein Treuhandunternehmen, also eine vertrauenswürdige Mittelsperson abgewickelt wird. Kautionen dürfen nicht bezahlt und Ausweisdokumente nicht übermittelt werden. Geld und Daten landen bei Verbrecher/innen.
---------------------------------------------
https://www.watchlist-internet.at/news/geldverlust-und-datendiebstahl-statt-traum-immobilie/
∗∗∗ Matrix has slowly evolved into a Swiss Army knife of the ransomware world ∗∗∗
---------------------------------------------
The Matrix ransomware is usually deployed after cyber-criminals use unsecured RDP endpoints to compromise companies internal networks.
---------------------------------------------
https://www.zdnet.com/article/matrix-has-slowly-evolved-into-a-swiss-army-knife-of-the-ransomware-world/
=====================
= Vulnerabilities =
=====================
∗∗∗ Stryker Medical Beds ∗∗∗
---------------------------------------------
This medical device advisory provides mitigation recommendations for a reusing a nonce vulnerability in Strykers medical beds.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-01
∗∗∗ Yokogawa License Manager Service ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for a Unrestricted Upload of Files with Dangerous Type vulnerability reported in the Yokogawa License Manager Service application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-029-01
∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5 ∗∗∗
---------------------------------------------
Cisco Talos is disclosing several vulnerabilities in ACD Systems Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format thats used in Canvas Draw. PCX was a popular image format with early computers, and [...]
---------------------------------------------
http://feedproxy.google.com/~r/feedburner/Talos/~3/4p-FF_Hp7xY/vulnerability-spotlight-multiple_30.html
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (subversion), Debian (apache2, firefox-esr, qemu, rssh, and spice), Fedora (lua, mingw-python-qt5, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, [...]
---------------------------------------------
https://lwn.net/Articles/777950/
∗∗∗ Security Advisory - Double Free Vulnerability on Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190130-01-smartphone-en
∗∗∗ Linux kernel vulnerability CVE-2018-18559 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28241423
∗∗∗ IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-cloud-paks-are-vulnerable-to-multiple-vulnerabilities-in-perl-cve-2018-18312-cve-2018-18313-cve-2018-18314-cve-2018-18311/
∗∗∗ IBM Security Bulletin: IBM Navigator for i is affected by CVE-2019-4040 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-navigator-for-i-is-affected-by-cve-2019-4040/
∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulnerability-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2018-1851/
∗∗∗ IBM Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bypass-security-vulnerability-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2014-7810/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-access-manager-4/
∗∗∗ ZDI-19-157: Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-157/
∗∗∗ ZDI-19-158: Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-158/
∗∗∗ ZDI-19-159: Bitdefender SafePay launch Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-159/
∗∗∗ ZDI: (0Day) Wecon LeviStudioU Remote Code Execution Vulnerabilities ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-143/
http://www.zerodayinitiative.com/advisories/ZDI-19-144/
http://www.zerodayinitiative.com/advisories/ZDI-19-145/
http://www.zerodayinitiative.com/advisories/ZDI-19-146/
http://www.zerodayinitiative.com/advisories/ZDI-19-147/
http://www.zerodayinitiative.com/advisories/ZDI-19-148/
http://www.zerodayinitiative.com/advisories/ZDI-19-149/
http://www.zerodayinitiative.com/advisories/ZDI-19-150/
http://www.zerodayinitiative.com/advisories/ZDI-19-151/
http://www.zerodayinitiative.com/advisories/ZDI-19-152/
http://www.zerodayinitiative.com/advisories/ZDI-19-153/
http://www.zerodayinitiative.com/advisories/ZDI-19-154/
http://www.zerodayinitiative.com/advisories/ZDI-19-155/
http://www.zerodayinitiative.com/advisories/ZDI-19-156/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list