[CERT-daily] Tageszusammenfassung - 23.10.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 22-10-2018 18:00 − Dienstag 23-10-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Malicious Powershell using a Decoy Picture ∗∗∗
---------------------------------------------
I found another interesting piece of malicious Powershell while hunting. The file size is 1.3MB and most of the file is a PE file Base64 encoded. You can immediately detect it by checking the first characters of the string: [...]
---------------------------------------------
https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/


∗∗∗ Jetzt patchen! Scanner und Exploits für kritische libssh-Lücke aufgetaucht ∗∗∗
---------------------------------------------
Da das Angriffsrisiko wächst, sollten Admins zügig die aktuelle libssh-Version auf Servern installieren.
---------------------------------------------
http://heise.de/-4198976


∗∗∗ Serverless botnets could soon become reality ∗∗∗
---------------------------------------------
We have been accustomed to think about botnets as a network of compromised machines – personal devices, IoT devices, servers – waiting for their masters' orders to begin their attack, but Protego researchers say that many compromised machines are definitely not a requirement: botnets can quite as easily be comprised of serverless functions.
---------------------------------------------
https://www.helpnetsecurity.com/2018/10/23/serverless-botnets/


∗∗∗ Who Is Agent Tesla? ∗∗∗
---------------------------------------------
A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity - attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malwares apparent creator seems to have done little to hide his real-life identity.
---------------------------------------------
https://krebsonsecurity.com/2018/10/who-is-agent-tesla/


∗∗∗ Betrug mit Euro-Lottosystem & Goggins-Transport ∗∗∗
---------------------------------------------
Konsument/innen erhalten eine betrügerische E-Mail, in der es heißt, dass sie bei einem Euro-Lottosystem 97.000 Euro gewonnen haben. Sie sollen Geld an Goggings-Transport bezahlen, damit sie den Preis ausbezahlt bekommen. Es folgen weitere Zahlungsaufforderungen. Mit jeder Bezahlung verliert das Opfer Geld, denn den Gewinn gibt es nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-mit-euro-lottosystem-goggins-transport/


∗∗∗ Konsolen-kobold.de liefert keine Ware! ∗∗∗
---------------------------------------------
Kaufen Sie nicht auf konsolen-kobold.de ein. Die dort angebotenen Playstations, Xboxen, Nintendos und Spiele sind zwar verlockend günstig, werden aber auch nicht geliefert! Bezahlt wird per Vorkasse und Ihr Geld ist somit weg.
---------------------------------------------
https://www.watchlist-internet.at/news/konsolen-koboldde-liefert-keine-ware/


∗∗∗ CVE-2018–8414: A Case Study in Responsible Disclosure ∗∗∗
---------------------------------------------
The process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had tons of bugs go well. I have had tons of bugs go poorly.
---------------------------------------------
https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-disclosure-ff74c39615ba



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.8.0-openjdk), Fedora (mosquitto), openSUSE (binutils, clamav, exiv2, fuse, haproxy, singularity, and zziplib), Slackware (firefox), SUSE (apache-pdfbox, net-snmp, pam_pkcs11, postgresql94, rpm, tiff, and wireshark), and Ubuntu (kernel, libssh, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, net-snmp, paramiko, requests, and texlive-bin).
---------------------------------------------
https://lwn.net/Articles/769300/


∗∗∗ IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by information disclosure vulnerability (CVE-2014-8730) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10736107


∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10735359


∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU OpenSSL affect IBM Netezza Analytics ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10734825


∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow a remote attacker to obtain sensitive information (CVE-2018-1811) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10735589


∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability affects WebSphere Commerce (CVE-2018-1809) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10732972


∗∗∗ IBM Security Bulletin: A authenticated open redirect vulnerability affects IBM WebSphere Commerce Accelerator Tool (CVE-2018-1807) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10735581


∗∗∗ IBM Security Bulletin: An Information Disclosure Vulnerability affects WebSphere Commerce (CVE-2018-1806) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10733149


∗∗∗ IBM Security Bulletin: A cross site scripting vulnerability affects IBM WebSphere Commerce Accelerator tool (CVE-2018-1541) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10731225


∗∗∗ IPsec IKEv1 vulnerability CVE-2018-5389 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42378447


∗∗∗ Linux kernel vulnerability CVE-2018-14634 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K20934447

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily