[CERT-daily] Tageszusammenfassung - 04.12.2018

Daily end-of-shift report team at cert.at
Tue Dec 4 18:11:50 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 03-12-2018 18:00 − Dienstag 04-12-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ KoffeyMaker: notebook vs. ATM ∗∗∗
---------------------------------------------
Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack.
---------------------------------------------
https://securelist.com/koffeymaker-notebook-vs-atm/89161/


∗∗∗ SamSam Ransomware ∗∗∗
---------------------------------------------
Original release date: December 03, 2018 The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide.NCCIC encourages users and administrators to review Alert AA18-337A: SamSam Ransomware and Malware Analysis Reports AR18-337A, AR18-337B, AR18-337C, and AR18-337D for more information.  This product is provided subject to this
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/12/03/SamSam-Ransomware


∗∗∗ App-Store-Betrug mit Touch-ID-Geräten ∗∗∗
---------------------------------------------
Verschiedene Entwickler versuchen, Nutzer zum Kauf teurer In-App-Angebote zu bringen – mittels "Fingerabdruckklau". Apple reagiert.
---------------------------------------------
http://heise.de/-4239342


∗∗∗ Kubernetes: Kritisches Update für Container-Verwaltung ∗∗∗
---------------------------------------------
In Kubernetes steckt eine gefährliche Sicherheitslücke, über die unangemeldete Angreifer Code mit Admin-Rechten im Cluster ausführen können.
---------------------------------------------
http://heise.de/-4240804


∗∗∗ Gebietskörperschaften erhalten gefälschte Geschäftskorrespondenz ∗∗∗
---------------------------------------------
Betrüger/innen schreiben Gebietskörperschaften an und geben sich als Geschäftspartner/innen des Bundes, der Länder oder der Gemeinden aus. Sie erfinden einen Grund, der es angeblich notwendig macht, dass sie die Vertragskopie für ein Rechtsgeschäft erhalten. In diese fügen sie neue Bankdaten ein und fordern die Geldüberweisung auf ein neues Konto. Beamt/innen und Vertragsbedienstete, die die Transaktion durchführen, überweisen Geld an Kriminelle.
---------------------------------------------
https://www.watchlist-internet.at/news/gebietskoerperschaften-erhalten-gefaelschte-geschaeftskorrespondenz/


∗∗∗ In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct ∗∗∗
---------------------------------------------
Since we began reporting on online card skimming, we have noted consistent evolutions in modus operandi of the various Magecart groups, and even the Magecart phenomenon itself. The web-skimming ecosystem has exploded, spawning multiple groups that want a piece of the action, many of which we reported on in our recent report “Inside Magecart.” […]The post In Latest Magecart Evolution, Group 11 Stole More Than Just Card Data From Vision Direct appeared first on RiskIQ.
---------------------------------------------
https://www.riskiq.com/blog/labs/magecart-vision-direct/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Android Security Bulletin - December 2018 ∗∗∗
---------------------------------------------
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-12-05 or later address all of these issues.
---------------------------------------------
https://source.android.com/security/bulletin/2018-12-01.html


∗∗∗ Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability ∗∗∗
---------------------------------------------
Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is [...]
---------------------------------------------
https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injection-vulns.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, [...]
---------------------------------------------
https://lwn.net/Articles/773826/


∗∗∗ Cisco Energy Management Suite Default PostgreSQL Password Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181204-ems-sql-passwrd


∗∗∗ TMM vulnerability CVE-2018-5535 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K19634255


∗∗∗ IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2018-includes-oracle-oct-2018-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/


∗∗∗ IBM Security Bulletin: IBM WebSphere Portal ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-15/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-cloud-app-management-v2018/


∗∗∗ IBM Security Bulletin: Transparent Cloud Tiering ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-14/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-xml-external-entity-injection-cve-2018-1730/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-cve-2018-1728/


∗∗∗ IBM Security Bulletin: QRadar Advisor with Watson ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-13/


∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used-in-ibm-qradar-siem-is-vulnerable-to-publicly-disclosed-vulnerability-cve-2018-8034-cve-2018-8037/


∗∗∗ IBM Security Bulletin: Apache PDFBox as used in IBM QRadar Incident Forensics is vulnerable to Publicly disclosed vulnerability. (CVE-2018-8036) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-pdfbox-as-used-in-ibm-qradar-incident-forensics-is-vulnerable-to-publicly-disclosed-vulnerability-cve-2018-8036/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list