[CERT-daily] Tageszusammenfassung - 21.12.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 20-12-2018 18:00 − Freitag 21-12-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers ∗∗∗
---------------------------------------------
Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmations-push-banking-trojans-on-holiday-shoppers/


∗∗∗ Warnung vor Phishing-Mails mit Adresse help at orf.at ∗∗∗
---------------------------------------------
Seit einigen Stunden sind Phishing-Mails in Umlauf, die als Reply-Adresse help at orf.at eingetragen haben. ORF.at weist ausdrücklich darauf hin, dass von der Konsumentenredaktion des ORF-Radio keinerlei Mails ausgeschickt werden und warnt davor, solche Mails zu öffnen.
---------------------------------------------
https://orf.at/stories/3105176


∗∗∗ Betrügerische WhatsApp-Nachrichten beim Privatverkauf ∗∗∗
---------------------------------------------
Privatverkäufer/innen erhalten von einer Nummer mit der Vorwahl „+1“ eine WhatsApp-Nachricht. Darin erkundigen sich Kriminelle nach dem Produktpreis und schlagen die Kaufabwicklung mit der EMS Shipping Company vor. Sie bestätigt einen überhöhten Zahlungseingang. Verkäufer/innen sollen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie beides.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-beim-privatverkauf/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Horner Automation Cscape ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an improper input validation vulnerability in Horner Automation’s Cscape, a Control System Application programming software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01


∗∗∗ Schneider Electric EcoStruxure ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an open redirect vulnerability in Schneider Electric’s EcoStruxure, an IoT-enabled architecture and platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-354-02


∗∗∗ JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081 ∗∗∗
---------------------------------------------
Project: JSON:APIDate: 2018-December-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities.The module doesnt sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability.
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-081


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libapache-mod-jk, libav, and netatalk), Fedora (kernel-headers, kernel-tools, and phpMyAdmin), Gentoo (go), Mageia (netty, jctools, php, and phpmyadmin), openSUSE (keepalived), Scientific Linux (ntp), SUSE (enigmail, libqt5-qtbase, mariadb, netatalk, and yast2-rmt), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-aws-hwe, [...]
---------------------------------------------
https://lwn.net/Articles/775420/


∗∗∗ Synology-SA-18:62 Netatalk ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM) and Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_62


∗∗∗ Vuln: Ghostscript CVE-2018-19134 Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106278


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-api-connect-3/


∗∗∗ IBM Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-cpu-hardware-utilizing-speculative-execution-may-be-vulnerable-to-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-vulnerability-affects-ibm/


∗∗∗ December 20, 2018   TNS-2018-17   [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2018-17


∗∗∗ TMM vulnerability CVE-2018-15330 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23328310


∗∗∗ BIG-IP AAM DCDB vulnerability CVE-2018-15331 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54843525


∗∗∗ TMUI vulnerability CVE-2018-15329 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61620494


Next End-of-Day report: 2018-12-27

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily