[CERT-daily] Tageszusammenfassung - 02.09.2019
Daily end-of-shift report
team at cert.at
Mon Sep 2 18:12:28 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 30-08-2019 18:00 − Montag 02-09-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Sodinokibi Ransomware Spreads via Fake Forums on Hacked Sites ∗∗∗
---------------------------------------------
A distributor for the Sodinokibi Ransomware is hacking into WordPress sites and injecting JavaScript that displays a fake Q & A forum post over the content of the original site. This fake post contains an "answer" from the sites "admin" that contains a link to the ransomware installer.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-spreads-via-fake-forums-on-hacked-sites/
∗∗∗ Oh there it is, Facebook shrugs as Free Basics private key found to be signing unrelated apps ∗∗∗
---------------------------------------------
Walled-garden Android platform security easily copied Facebook has insisted that losing control of the private key used to sign its Facebook Basics app is no biggie despite totally unrelated apps from other vendors, signed with the same key, popping up in unofficial repositories.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/09/02/facebook_basics_app_key_compromised/
∗∗∗ Analyse: Was bedeutet der iPhone-Massen-Hack? ∗∗∗
---------------------------------------------
Tausende iPhones wurden beim Besuch scheinbar harmloser Web-Sites gehackt. Wer steckt dahinter und wie schütze ich mich?
---------------------------------------------
https://heise.de/-4511921
∗∗∗ TrickBot Tricks U.S. Users into Sharing their PIN Codes ∗∗∗
---------------------------------------------
The threat actor behind the infamous TrickBot botnet has added new functionality to their malware to request PIN codes from mobile users, Secureworks reports.
---------------------------------------------
https://www.securityweek.com/trickbot-tricks-us-users-sharing-their-pin-codes
∗∗∗ WordPress sites under attack as hacker group tries to create rogue admin accounts ∗∗∗
---------------------------------------------
Hackers exploit vulnerabilities in more than ten WordPress plugins to plant backdoor accounts on unpatched sites.
---------------------------------------------
https://www.zdnet.com/article/wordpress-sites-under-attack-as-hacker-group-tries-to-create-rogue-admin-accounts/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gosa, libav, libextractor, nghttp2, pump, and python2.7), Fedora (dovecot, mod_http2, and pango), Gentoo (dovecot, gnome-desktop, libofx, and nautilus), Mageia (ansible, ghostscript, graphicsmagick, memcached, mpg123, pango, vlc, wavpack, webmin, wireshark, and wpa_supplicant, hostapd), openSUSE (flatpak, libmirage, podman, slirp4netns and libcontainers-common, python-SQLAlchemy, and qemu), Red Hat (ghostscript, java-1.8.0-ibm, and squid:4), and SUSE [...]
---------------------------------------------
https://lwn.net/Articles/798143/
∗∗∗ Panasonic Video Insight VMS vulnerable to SQL injection ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN93833849/
∗∗∗ [webapps] Alkacon OpenCMS 10.5.x - Local File inclusion ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47340
∗∗∗ [webapps] Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47339
∗∗∗ [webapps] Alkacon OpenCMS 10.5.x - Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47338
∗∗∗ IBM Security Bulletin: Password vulnerability in IBM® Intelligent Operations Center (CVE-2019-4321) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-vulnerability-in-ibm-intelligent-operations-center-cve-2019-4321/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list