[CERT-daily] Tageszusammenfassung - 10.12.2018

Daily end-of-shift report team at cert.at
Mon Dec 10 18:16:04 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 07-12-2018 18:00 − Montag 10-12-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Gefälschte T-Mobile-Nachricht fordert Auskunft ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte T-Mobile-Nachricht. Darin behaupten sie, dass Kund/innen im Zusammenhang mit der Nutzung von Diensten persönliche Daten bekannt geben und ihre Telefonnummer bestätigen müssen. Das soll auf einer gefälschten T-Mobile-Website geschehen. Konsument/innen, die die von Ihnen verlangten Informationen bekannt geben, werden Opfer eines Datendiebstahls.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-t-mobile-nachricht-fordert-auskunft/


∗∗∗ Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans ∗∗∗
---------------------------------------------
Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sextortion-emails-now-leading-to-ransomware-and-info-stealing-trojans/


∗∗∗ How can businesses get the most out of pentesting? ∗∗∗
---------------------------------------------
More than 4.5 billion data records were compromised in the first half of this year. If you still feel like your enterprise is secure after reading that statistic, you’re one of the few. Hackers utilizing high-profile exploits to victimize organizations is becoming an almost daily occurrence, with 18,000 to 19,000 new vulnerabilities estimated to show up in 2018. Here’s the thing though – we can still address the situation and make the current threat landscape [...]
---------------------------------------------
https://www.helpnetsecurity.com/2018/12/10/get-the-most-out-of-pentesting/


∗∗∗ Mac malware combines EmPyre backdoor and XMRig miner ∗∗∗
---------------------------------------------
New Mac malware is using the EmPyre backdoor and the XMRig cryptominer to drain processor power—and possibly worse.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2018/12/mac-malware-combines-empyre-backdoor-and-xmrig-miner/


∗∗∗ Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix ∗∗∗
---------------------------------------------
Bug dealt with in Chrome and Edge, but still a problem for Firefox users.
---------------------------------------------
https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug-that-mozilla-failed-to-fix/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml).
---------------------------------------------
https://lwn.net/Articles/774489/


∗∗∗ WPForms <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/9164


∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-s, 1801-t and 1801-u ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-s-1801-t-and-1801-u/


∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-service-is-impacted-by-a-security-vulnerability-in-project-calico/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-october-2018-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-voice-gateway/


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apache-batik-affects-ibm-curam-social-program-management-cve-2018-8013/


∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a stored cross-site scripting vulnerability (CVE-2018-1900) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-program-management-contains-a-stored-cross-site-scripting-vulnerability-cve-2018-1900/


∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains an open redirect vulnerability (CVE-2018-1654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-program-management-contains-an-open-redirect-vulnerability-cve-2018-1654/


∗∗∗ IBM Security Bulletin: IBM DataPower Gateways is affected by a Denial of Service vulnerability (CVE-2018-1652) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateways-is-affected-by-a-denial-of-service-vulnerability-cve-2018-1652/


∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by a privilege escalation vulnerability in Kubernetes API server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-affected-by-a-privilege-escalation-vulnerability-in-kubernetes-api-server/


∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for libcURL (CVE-2018-14618) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-for-mail-security-has-released-fixes-in-response-to-the-public-disclosed-vulnerability-for-libcurl-cve-2018-14618/


∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from OpenSSL (CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-for-mail-security-has-released-fixes-in-response-to-the-public-disclosed-vulnerability-from-openssl-cve-2018-0732/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2018-1652) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2018-1652/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list