[CERT-daily] Tageszusammenfassung - 06.11.2019

Daily end-of-shift report team at cert.at
Wed Nov 6 18:15:07 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 05-11-2019 18:00 − Mittwoch 06-11-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail ∗∗∗
---------------------------------------------
Der aktuell "zerstörerischste" Schädling Emotet besteht aus einer Kaskade mehrerer Schadprogramme, die zusammen vielstellige Millionenschäden verursachen.
---------------------------------------------
https://heise.de/-4573848


∗∗∗ Überteuerte Visums- und Einreisegenehmigungsangebote im Internet ∗∗∗
---------------------------------------------
Ihr nächstes Urlaubsziel verlangt ein Visum? Dann nehmen Sie sich vor unseriösen Websites in Acht, die ein Vielfaches der tatsächlich anfallenden Gebühr für die Einreisegenehmigungen verlangen. Besondere Vorsicht ist beispielsweise bei Reisen nach Australien, Ägypten, Vietnam, Indien sowie Kanada oder in die USA und die Türkei geboten – theoretisch ist die Masche aber bei allen Destinationen mit Visumspflicht möglich.
---------------------------------------------
https://www.watchlist-internet.at/news/ueberteuerte-visums-und-einreisegenehmigungsangebote-im-internet/


∗∗∗ German Dridex spam campaign is unfashionably large ∗∗∗
---------------------------------------------
VB has analysed a malicious spam campaign targeting German-speaking users with obfuscated Excel malware that would likely download Dridex but that mostly stood out through its size.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2019/11/german-malspam-campaign-unfashionably-large/


∗∗∗ Scammers Are Exploiting a Firefox Bug to Freeze Your Browser ∗∗∗
---------------------------------------------
Fraudulent tech-support sites are causing the browser to lock up and display a disturbing message. Force quitting is the only way out.
---------------------------------------------
https://www.wired.com/story/scammers-are-exploiting-a-firefox-bug-to-freeze-your-browser


∗∗∗ Siemens PLC Feature Can Be Exploited for Evil - and for Good ∗∗∗
---------------------------------------------
A hidden feature in some newer models of the vendors programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.
---------------------------------------------
https://www.darkreading.com/vulnerabilities---threats/siemens-plc-feature-can-be-exploited-for-evil---and-for-good/d/d-id/1336277


∗∗∗ Kamerka OSINT tool shows your countrys internet-connected critical infrastructure ∗∗∗
---------------------------------------------
Kamerka lets you see what a hacker sees. It plots maps with SCADA equipment, webcams, and printers that have been left exposed on the internet inside any given country.
---------------------------------------------
https://www.zdnet.com/article/kamerka-osint-tool-shows-your-countrys-internet-connected-critical-infrastructure/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Omron CX-Supervisor ∗∗∗
---------------------------------------------
This advisory contains mitigations for a use of obsolete function vulnerability in Omrons CX-Supervisor SCADA and HMI package.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-309-01


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cpio, openafs, proftpd-dfsg, simplesamlphp, and wordpress), Fedora (thunderbird), openSUSE (binutils, docker-runc, kernel, nfs-utils, php7, python3, and samba), Red Hat (389-ds:1.4, ansible, bind, container-tools:1.0, container-tools:rhel8, curl, dbus, dhcp, dovecot, edk2, elfutils, evolution, freeradius:3.0, gdb, gettext, glib2, glibc, GNOME, gnutls, go-toolset:rhel8, http-parser, httpd:2.4, kernel, kernel-rt, libarchive, libjpeg-turbo, libqb, [...]
---------------------------------------------
https://lwn.net/Articles/804018/


∗∗∗ Smartwares HOME easy v1.0.9 Database Backup Information Disclosure Exploit ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php


∗∗∗ Smartwares HOME easy v1.0.9 Client-Side Authentication Bypass ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php


∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x


∗∗∗ Security Advisory - Insufficient Authentication Vulnerability in Several Band Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191106-01-band-en


∗∗∗ libpcap vulnerability CVE-2018-16301 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K86252029


∗∗∗ Red Hat Enterprise Linux: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0959

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list