[CERT-daily] Tageszusammenfassung - 07.10.2019

Mon Oct 7 18:05:09 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 04-10-2019 18:00 − Montag 07-10-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Betrügerische Mahnungen von Streaming-Seiten ignorieren! ∗∗∗
---------------------------------------------
Auf der Suche nach den neuesten Hollywood-Blockbustern im Internet stolpern zahlreiche KonsumentInnen über kinox.su. Beim Versuch, kostenlos Filme anzusehen, werden sie auf Websites wie streamovo.de, streamado.de, streamamy.de oder streamjuju.de weitergeleitet. Achtung: Die gratis Anmeldung auf diesen Websites führt nicht zu unbegrenztem Filmgenuss, sondern zu Rechnungen und Mahnungen über 395,88 Euro. Es besteht kein Grund zur Zahlung!
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-mahnungen-von-streaming-seiten-ignorieren/


∗∗∗ visNetwork for Network Data, (Sun, Oct 6th) ∗∗∗
---------------------------------------------
DFIR Redefined Part 3 - Deeper Functionality for Investigators with R series continued
---------------------------------------------
https://isc.sans.edu/diary/rss/25390


∗∗∗ Factsheet DNS monitoring will get harder ∗∗∗
---------------------------------------------
New DNS transport protocols make it harder to monitor or modify DNS requests. This is beneficial on today’s untrusted networks. At the same time the shift may render your organisation’s security controls ineffective, expose internal naming or break connectivity. These negative side effects are hard to mitigate at a network level and require mitigation at DNS infrastructure and individual devices.
---------------------------------------------
https://english.ncsc.nl/publications/factsheets/2019/oktober/2/factsheet-dns-monitoring-will-get-harder


∗∗∗ NISTs Zero Trust Taxonomy Introduces Components, Threats and Migration Routes ∗∗∗
---------------------------------------------
NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats.
---------------------------------------------
https://www.securityweek.com/nists-zero-trust-taxonomy-introduces-components-threats-and-migration-routes


∗∗∗ A year after patch, Drupalgeddon2 is still being employed in cybercriminal attacks ∗∗∗
---------------------------------------------
The remote code execution bug is being used in attacks against high-profile websites.
---------------------------------------------
https://www.zdnet.com/article/old-drupalgeddon2-rce-is-still-being-employed-in-cybercriminal-attacks/


∗∗∗ White-hat hacks Muhstik ransomware gang and releases decryption keys ∗∗∗
---------------------------------------------
Annoyed victim hacks back ransomware gang and releases all their decryption keys, along with a free decrypter.
---------------------------------------------
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerabilities exploited in VPN products used worldwide ∗∗∗
---------------------------------------------
The NCSC is investigating the exploitation, by Advanced Persistent Threat (APT) actors, of known vulnerabilities affecting Virtual Private Network (VPN) products from vendors Pulse secure, Palo Alto and Fortinet.
---------------------------------------------
https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities


∗∗∗ Großer Lausch-Anruf: Signal für Android nimmt selbsttätig Anrufe an ∗∗∗
---------------------------------------------
Eine Lücke im Messenger Signal führt unter Android dazu, dass Nutzer belauscht werden könnten. Die App nimmt Sprachanrufe ohne Nutzerinteraktion entgegen.
---------------------------------------------
https://heise.de/-4546500


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jackson-databind, libapreq2, libreoffice, novnc, phpbb3, and ruby-mini-magick), Fedora (mbedtls and mosquitto), Mageia (xpdf), openSUSE (bind, firefox, nginx, openssl-1_0_0, php7, python-numpy, and thunderbird), Oracle (kernel), SUSE (ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, [...]
---------------------------------------------
https://lwn.net/Articles/801469/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-rational-quality-manager-7/


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by an openssh vulnerability (CVE-2018-15473) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-security-is-affected-by-an-openssh-vulnerability-cve-2018-15473/


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-security-is-affected-by-openssl-vulnerabilities-cve-2019-1559-cve-2018-0734/


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-security-is-affected-by-linux-kernel-vulnerabilities-cve-2019-11479-cve-2019-11478-cve-2019-11477/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily