[CERT-daily] Tageszusammenfassung - 08.11.2019

Fri Nov 8 18:15:15 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 07-11-2019 18:00 − Freitag 08-11-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now ∗∗∗
---------------------------------------------
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/


∗∗∗ QNAP Warns Users to Secure Devices Against QSnatch Malware ∗∗∗
---------------------------------------------
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-devices-against-qsnatch-malware/


∗∗∗ Amazon Kindle, Embedded Devices Open to Code-Execution ∗∗∗
---------------------------------------------
Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component.
---------------------------------------------
https://threatpost.com/amazon-kindle-embedded-devices-code-execution/150003/


∗∗∗ Pwn2Own Tokyo Roundup: Amazon Echo, Routers and Smart TVs Fall to Hackers ∗∗∗
---------------------------------------------
The latest edition of the bi-annual hacking contest saw creative exploits in new device categories.
---------------------------------------------
https://threatpost.com/pwn2own-tokyo-2019-amazon-echo-hackers/150033/


∗∗∗ Microsoft Apps Diverted from Their Main Use, (Fri, Nov 8th) ∗∗∗
---------------------------------------------
This week, the CERT.eu[1] organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the "catnmouse" game that Blue and Red teams are playing continuously. When the Blue team has detected an attack technique, they write a rule or implement a new control to detect or block it. Then, the Red team has to find an alternative attack path, [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/25502


∗∗∗ Skimmers for Both Magento and WordPress ∗∗∗
---------------------------------------------
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn a WordPress site into a full-featured online store. In fact, Woocommerce alone has over 5 million installations.
---------------------------------------------
https://blog.sucuri.net/2019/11/skimmers-for-both-magento-and-wordpress.html


∗∗∗ Wireshark Tutorial: Examining Trickbot Infections ∗∗∗
---------------------------------------------
A tutorial offering tips on how to identify Trickbot, an information stealer and banking malware that has been infecting victims since 2016.
---------------------------------------------
https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Medtronic Valleylab FT10 and LS10 ∗∗∗
---------------------------------------------
This medical advisory contains mitigations for improper authentication and protection mechanism failure vulnerabilities in Medtronic’s Valleylab FT10 and LS10 energy and electrosurgery products.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-311-01


∗∗∗ Medtronic Valleylab FT10 and FX8 ∗∗∗
---------------------------------------------
This medical advisory contains mitigations for use of hard-coded credentials, reversible one-way hash, and improper input validation vulnerabilities in Medtronic’s Valleylab FT10 and FX8 products.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-311-02


∗∗∗ Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules ∗∗∗
---------------------------------------------
This advisory contains mitigations for an uncontrolled resource consumption vulnerability in select Mitsubishi Electrics CPU modules.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-311-01


∗∗∗ Fuji Electric V-Server ∗∗∗
---------------------------------------------
This advisory contains mitigations for a heap-based buffer overflow vulnerability in Fuji Electrics V-Server data collection and management service.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-311-02


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (linux-hardened), Debian (fribidi), Gentoo (oniguruma, openssh/openssh, openssl, and pump), Mageia (chromium-browser-stable, expat, firefox, freetds, proftpd, python, thunderbird, and unbound), Oracle (sudo), Scientific Linux (thunderbird), Slackware (kernel), SUSE (rubygem-haml), and Ubuntu (fribidi and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/804202/


∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-affect-multiple-ibm-rational-products-based-on-ibm-jazz-technology-5/


∗∗∗ tcpdump vulnerability CVE-2018-14879 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K51512510


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006 ∗∗∗
---------------------------------------------
https://webkitgtk.org/security/WSA-2019-0006.html


∗∗∗ Squid: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0966

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily