[CERT-daily] Tageszusammenfassung - 18.12.2018
Daily end-of-shift report
team at cert.at
Tue Dec 18 18:15:47 CET 2018
=====================
= End-of-Day report =
=====================
Timeframe: Montag 17-12-2018 18:00 − Dienstag 18-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Hidden Code in Memes Instruct Malware via Twitter ∗∗∗
---------------------------------------------
Analysts discover malicious code embedded in tweeted images.
---------------------------------------------
https://threatpost.com/hidden-code-in-memes-instruct-malware-via-twitter/140047/
∗∗∗ Sneaky phishing campaign beats two-factor authentication ∗∗∗
---------------------------------------------
Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn’t mean every method for doing this is equally secure.
---------------------------------------------
https://nakedsecurity.sophos.com/2018/12/18/sneaky-phishing-campaign-beats-two-factor-authentication/
∗∗∗ Your trust, our signature ∗∗∗
---------------------------------------------
Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario [...]
---------------------------------------------
https://blog.fox-it.com/2018/12/18/your-trust-our-signature/
∗∗∗ Clever SEO Spam Injection ∗∗∗
---------------------------------------------
It's very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I'll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website.
---------------------------------------------
https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html
∗∗∗ Erpressungstrojaner Everbe, Hidden Tear und InsaneCrypt kostenlos entschlüsseln ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher hat für verschiedene Verschlüsselungstrojaner Gratis-Entschlüsselungstools veröffentlicht.
---------------------------------------------
http://heise.de/-4254364
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitsupdate, 14.12.18 ∗∗∗
---------------------------------------------
[...] haben wir eine potenzielle Sicherheitsschwachstelle in unserer iCal-Feed-Funktion festgestellt, in dem durch vom Benutzer manuelles Manipulieren von Teilen der Feed-URL es theoretisch möglich gewesen wäre, zufällig auf die iCal-Feeds anderer TimeTac-Benutzer zugreifen zu können. [...] Dieses Problem wurde unmittelbar nach Bekanntwerden durch ein Sicherheitsupdate behoben und bei allen theoretisch betroffenen TimeTac-Kundenkonten ausgerollt.
---------------------------------------------
https://support.timetac.com/de/changelog-de/sicherheitsupdate-14-12-18/
∗∗∗ Razer Cortex Debugger Remote Command Execution ∗∗∗
---------------------------------------------
Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018120170
∗∗∗ VMSA-2018-0031 ∗∗∗
---------------------------------------------
vRealize Operations updates address a local privilege escalation vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0031.html
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libapache-mod-jk and sleuthkit), Fedora (kernel, kernel-headers, mbedtls, php, php-symfony, php-symfony3, php-symfony4, and wireshark), openSUSE (pdns, pdns-recursor, and salt), Oracle (firefox and ghostscript), Red Hat (ansible, firefox, ghostscript, and kernel), Scientific Linux (firefox and ghostscript), and SUSE (ovmf).
---------------------------------------------
https://lwn.net/Articles/775172/
∗∗∗ Synology-SA-18:61 Magellan ∗∗∗
---------------------------------------------
Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_61
∗∗∗ libexif: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1182
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K18-1180
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-i-2/
∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-curl-affect-powerkvm-2/
∗∗∗ IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-krb5-affect-powerkvm-2/
∗∗∗ IBM Security Bulletin: A vulnerability in git affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-git-affects-powerkvm-2/
∗∗∗ IBM Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnutls-affect-powerkvm-2/
∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnu-binutils-affect-powerkvm/
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-openssl-affect-powerkvm-4/
∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-python-affect-powerkvm-2/
∗∗∗ IBM Security Bulletin: A vulnerability in wpa_supplicant affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-wpa_supplicant-affects-powerkvm/
∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-affected-by-curl-vulnerabilities/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list