[CERT-daily] Tageszusammenfassung - 21.03.2019

Daily end-of-shift report team at cert.at
Thu Mar 21 18:22:18 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-03-2019 18:00 − Donnerstag 21-03-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Mac-Focused Malvertising Campaign Abuses Google Firebase DBs ∗∗∗
---------------------------------------------
Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.
---------------------------------------------
https://threatpost.com/mac-focused-malvertising-campaign-abuses-google-firebase-dbs/143010/


∗∗∗ Kritische Lücken im Git-Client Sourcetree gefährden Computer ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für Sourcetree von Atlassian. MacOS- und Windows-Nutzer sollten die abgesicherten Ausgaben zügig installieren.
---------------------------------------------
http://heise.de/-4341489


∗∗∗ D-Link wappnet ältere NAS-Systeme gegen Erpressungstrojaner Cr1ptTor ∗∗∗
---------------------------------------------
D-Link hat Sicherheitsupdates für NAS-Systeme angekündigt. Bis zur Veröffentlichung sollten sie nicht online sein. Für einige Geräte gibt es schon Patches.
---------------------------------------------
http://heise.de/-4341586


∗∗∗ Ransomware or Wiper? LockerGoga Straddles the Line ∗∗∗
---------------------------------------------
Executive SummaryRansomware attacks have been in the news with increased frequency over the past few years. This type of malware can be extremely disruptive and even cause operational impacts in critical systems that may be infected. LockerGoga is yet another example of this sort of malware. It is a ransomware variant that, while lacking in sophistication, can still cause extensive damage when leveraged against organizations or individuals.
---------------------------------------------
https://blog.talosintelligence.com/2019/03/lockergoga.html


∗∗∗ Many Vulnerabilities Found in Oracles Java Card Technology ∗∗∗
---------------------------------------------
Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology.
---------------------------------------------
https://www.securityweek.com/many-vulnerabilities-found-oracles-java-card-technology


∗∗∗ Remote command injection through an endpoint security product ∗∗∗
---------------------------------------------
TL;DR? We discovered command injection in a popular endpoint security product, Heimdal Thor. By using the product, customers PCs were exposed to compromise. Irony++ Heimdal fixed the issue quickly and responded well, but it appears that the vulnerability had been present in ~650,000 PCs for around one year! Heimdal blogged about it today, but er... [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/remote-command-injection-through-an-endpoint-security-product/


∗∗∗ Gefälschte Apple-Rechnungen im Umlauf ∗∗∗
---------------------------------------------
Internetnutzer/innen finden vermehrt gefälschte Apple-Rechnungen in ihrem E-Mail-Postfach. Angeblich wurde etwas im App-Store per Kreditkartenzahlung gekauft. Für weitere Details werden Empfänger/innen aufgefordert, einem Link zu folgen oder eine Datei herunterzuladen. Folgen Sie nicht dem Link oder laden Anhänge herunter, denn es handelt sich um einen Phishing-Versuch!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-apple-rechnungen-im-umlauf/


∗∗∗ Zero-day in WordPress SMTP plugin abused by two hacker groups ∗∗∗
---------------------------------------------
Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams.
---------------------------------------------
https://www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-by-two-hacker-groups/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Medtronic Conexus Radio Frequency Telemetry Protocol ∗∗∗
---------------------------------------------
This medical advisory includes mitigations for improper access control and cleartext transmission of sensitive information vulnerabilities reported in Medtronics proprietary Conexus telemetry system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01


∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 ∗∗∗
---------------------------------------------
Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution: If you are using Drupal 8.6, update to Drupal 8.6.13.If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.If you are using Drupal 7, [...]
---------------------------------------------
https://www.drupal.org/sa-core-2019-004


∗∗∗ RESTful - Critical - Remote code execution - SA-CONTRIB-2019-041 ∗∗∗
---------------------------------------------
Project: RESTfulVersion: 7.x-2.x-dev7.x-1.x-devDate: 2019-March-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Remote code executionDescription: This resolves issues described in SA-CORE-2019-003 for this module.Solution: If you use the RESTful module for Drupal 7.x, upgrade to RESTful 7.x-1.10 or RESTful 7.x-2.17 [...]
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-041


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (drupal7, firefox-esr, and openjdk-8), Fedora (ghostscript, python2-django1.11, and SDL), Red Hat (firefox), Scientific Linux (firefox), SUSE (nodejs4 and openssl-1_1), and Ubuntu (gdk-pixbuf).
---------------------------------------------
https://lwn.net/Articles/783652/


∗∗∗ IBM Security Bulletin: Vulnerability in Python affects IBM OS Images for Red Hat Linux Systems ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-python-affects-ibm-os-images-for-red-hat-linux-systems/


∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-impacted-by-information-leak-cve-2019-4052/


∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a spoofing vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator-is-affected-by-a-spoofing-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-openssh-cve-2018-15473-cve-2018-15919/


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerability-in-ntp-cve-2018-12327/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list