[CERT-daily] Tageszusammenfassung - 05.07.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 04-07-2019 18:00 − Freitag 05-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Automated Magecart Campaign Hits Over 960 Breached Stores ∗∗∗
---------------------------------------------
A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/automated-magecart-campaign-hits-over-960-breached-stores/


∗∗∗ Understanding Elliptic Curve Cryptography And Embedded Security ∗∗∗
---------------------------------------------
All About Circuits is publishing a series of articles on embedded security, with a strong focus on network security. In addition to the primer article, so far they have covered the Diffie-Hellman exchange (using prime numbers, exponentiation and modular arithmetic) and the evolution of this exchange using elliptic curve cryptography (ECC)
---------------------------------------------
https://hackaday.com/2019/07/04/understanding-elliptic-curve-cryptography-and-embedded-security/


∗∗∗ Tor Project to fix bug used for DDoS attacks on Onion sites for years ∗∗∗
---------------------------------------------
Tor vulnerability has been exploited for years and has been used for censorship, sabotage, and extortion of Onion sites.
---------------------------------------------
https://www.zdnet.com/article/tor-project-to-fix-bug-used-for-ddos-attacks-on-onion-sites-for-years/


∗∗∗ Croatian government targeted by mysterious hackers ∗∗∗
---------------------------------------------
Government agencies targeted with never before seen malware payload — named SilentTrinity.
---------------------------------------------
https://www.zdnet.com/article/croatian-government-targeted-by-mysterious-hackers/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi).
---------------------------------------------
https://lwn.net/Articles/792890/


∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management stores sensitive information in URL parameters (CVE-2019-4193) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-management-stores-sensitive-information-in-url-parameters-cve-2019-4193/


∗∗∗ IBM Security Bulletin: Vulnerability in Google Guava affects IBM Cúram Social Program Management (CVE-2018-10237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-google-guava-affects-ibm-curam-social-program-management-cve-2018-10237/


∗∗∗ Foxit Reader und Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0574

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily