[CERT-daily] Tageszusammenfassung - 01.10.2018
Daily end-of-shift report
team at cert.at
Mon Oct 1 18:30:25 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 28-09-2018 18:00 − Montag 01-10-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ IC3 Issues Alert Regarding Remote Desktop Protocol (RDP) Attacks ∗∗∗
---------------------------------------------
The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, have issued a security alert regarding attacks being conducted through the Windows Remote Desktop Protocol.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ic3-issues-alert-regarding-remote-desktop-protocol-rdp-attacks/
∗∗∗ FBI löst Rätsel um 15 Jahre alte Malware ∗∗∗
---------------------------------------------
Jahrelang spionierte die Fruitfly-Malware unbemerkt Mac-User aus. Nun wurde bekannt, wie die Schadsoftware verbreitet wurde.
---------------------------------------------
https://futurezone.at/digital-life/fbi-loest-raetsel-um-15-jahre-alte-malware/400133273
∗∗∗ Dark Web Azorult Generator Offers Free Binaries to Cybercrooks ∗∗∗
---------------------------------------------
The Gazorp online builder makes it easy to start stealing passwords, credit-card information, cryptocurrency wallet data and more.
---------------------------------------------
https://threatpost.com/dark-web-azorult-generator-offers-free-binaries-to-cybercrooks/137812/
∗∗∗ 70+ different types of home routers(all together 100,000+) are being hijacked by GhostDNS ∗∗∗
---------------------------------------------
note:We have informed various ISPs on the IoC list, and OVH, ORACLE, Google have taken down the related IPs and some others are working on it (Thanks!)Background introductionDNSchanger is not something new and was quite active years ago [1], we occasionally encountered one every once in a [...]
---------------------------------------------
http://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
∗∗∗ Oktober ist Cyber Security-Monat! ∗∗∗
---------------------------------------------
Unter dem Titel "Cyber Security is a Shared Responsibility" findet im Oktober die inzwischen 7. Kampagne der EU zur Verbesserung der allgemeinen Informationssicherheit statt: Der Europäische Cybersicherheitsmonat (ECSM) ist ein breit koordiniertes und umfangreich aufgestelltes Veranstaltungsformat, das Bewusstsein fördern und Kenntnisse vermitteln will. So werden Schritte aufzeigt, die alle Bürger*innen und Organisationen zum Schutz von persönlichen, finanziellen [...]
---------------------------------------------
https://www.ikarussecurity.com/at/ueber-ikarus/security-blog/oktober-ist-cyber-security-monat/
∗∗∗ Facebook-Hack: Kombination aus mehreren Software-Lücken war schuld ∗∗∗
---------------------------------------------
Drei Lücken exponierten Millionen Facebook-Konten, darunter das von Mark Zuckerberg. Womöglich waren auch Drittanbieter-Dienste per Facebook-Login betroffen.
---------------------------------------------
https://heise.de/-4178569
∗∗∗ Explosion of look-alike domains aims to steal sensitive data from online shoppers ∗∗∗
---------------------------------------------
Venafi released research on the explosion of look-alike domains, which are routinely used to steal sensitive data from online shoppers. Venafi's research analyzed suspicious domains targeting the top 20 retailers in five key markets: the U.S., U.K., France, Germany and Australia.
---------------------------------------------
https://www.helpnetsecurity.com/2018/10/01/look-alike-domains/
∗∗∗ Erpressung mit intimen Videomaterial ∗∗∗
---------------------------------------------
Kriminelle versenden eine E-Mail, in der es heißt, dass sie das Empfänger/innen-Konto übernommen haben und sein Passwort kennen. Opfer sollen 600 US-Dollar in Bitcoins zahlen, damit die Verbrecher/innen kein intimes Videomaterial veröffentlichen. Konsument/innen können die Nachricht ignorieren und müssen nur ihr Passwort ändern. Eine Zahlung ist nicht erforderlich.
---------------------------------------------
https://www.watchlist-internet.at/news/erpressung-mit-intimen-videomaterial/
=====================
= Vulnerabilities =
=====================
∗∗∗ Skype On Debian Microsoft Apt Repo Addition ∗∗∗
---------------------------------------------
Topic: Skype On Debian Microsoft Apt Repo Addition Risk: High Text:Level: Critical Description: The Skype debian packege for Skype (even when not installed via their offical repo) [...]
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018090274
∗∗∗ UPDATED: Security Bulletins Posted ∗∗∗
---------------------------------------------
[...] UPDATE: As of September 28, Adobe is aware of a report that CVE-2018-15961 is being actively exploited in the wild. The updates for ColdFusion 2018 and ColdFusion 2016 announced in APSB18-33 have been elevated to Priority 1, and Adobe recommends customers update to the latest version as soon as possible.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1607
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (mediawiki), CentOS (389-ds-base, firefox, flatpak, kernel, mod_perl, nss, spice and spice-gtk, and spice-gtk and spice-server), Debian (389-ds-base, ghostscript, mosquitto, and python3.5), Fedora (ca-certificates, firefox, glusterfs, kernel-headers, kernel-tools, libxkbcommon, udisks2, and zchunk), Mageia (firefox), openSUSE (gd, gnutls, mgetty, openssl, and yast2-smt), Oracle (firefox and kernel), Scientific Linux (firefox), SUSE (libX11 and [...]
---------------------------------------------
https://lwn.net/Articles/767373/
∗∗∗ Security Advisory - FRP Bypass Vulnerability in MyCloud APP of Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180930-01-mycloud-en
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Publicly disclosed Apache Struts vulnerability ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10732783
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10731329
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10732785
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10732477
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10733457
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730313
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Improper Certificate Validation vulnerability ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10730321
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerabilities ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730329
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Missing Security Control vulnerability ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730323
∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by a Password in Clear Text vulnerability ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10730317
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list