[CERT-daily] Tageszusammenfassung - 12.09.2018

Daily end-of-shift report team at cert.at
Wed Sep 12 18:52:31 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 11-09-2018 18:00 − Mittwoch 12-09-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ British Airways Breach Caused By the Same Group That Hit Ticketmaster ∗∗∗
---------------------------------------------
A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The groups regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered into store checkout pages, [...]
---------------------------------------------
https://it.slashdot.org/story/18/09/11/1116221/british-airways-breach-caused-by-the-same-group-that-hit-ticketmaster


∗∗∗ When is a patch not a patch? When its for this McAfee password bug ∗∗∗
---------------------------------------------
Vulnerability still open to all despite multiple fixes A privilege escalation flaw in McAfees True Key software remains open to exploitation despite multiple attempts to patch it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/09/11/mcafee_flaw_fix/


∗∗∗ Back up a minute: Veeam database config snafu exposed millions of customer records ∗∗∗
---------------------------------------------
Firm helps self with own disaster recovery A misconfigured server at data recovery and backup firm Veeam exposed millions of email addresses.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/09/12/veeam_database_config_snafu_exposed_millions_email_addresses/


∗∗∗ Erpresserische E-Mail droht mit Masturbationsvideo ∗∗∗
---------------------------------------------
Unternehmen erhalten eine erpresserische E-Mail, die angeblich von ihrer eigenen Adresse stammt. Darin behaupten Kriminelle, dass sie Zugriff auf den fremden Computer haben und über Masturbationsvideos der Empfänger/innen verfügen. Opfer sollen Bitcoins zahlen, damit es zu keiner Veröffentlichung kommt. Der Inhalt der Nachricht ist erfunden. Eine Zahlung ist nicht erforderlich.
---------------------------------------------
https://www.watchlist-internet.at/news/erpresserische-e-mail-droht-mit-masturbationsvideo/


∗∗∗ Warnung vor telmo24.de ∗∗∗
---------------------------------------------
Der Fake-Shop telmo24.de vertreibt günstige Handys und Tablets. Trotz Bezahlung liefert er keine Ware. Konsument/innen können den Fake-Shop daran erkennen, dass er über sehr niedrige Preise verfügt und ausschließlich eine Bezahlung im Voraus akzeptiert. Vor einem Einkauf ist dringend abzuraten!
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-telmo24de/


∗∗∗ Sicherheit - Microsoft schließt drei gefährliche Zero-Day-Lücken bei Windows ∗∗∗
---------------------------------------------
Eine davon auch bereits aktiv ausgenutzt - Insgesamt 17 kritische Lücken behoben
---------------------------------------------
https://derstandard.at/2000087198816/Microsoft-schliesst-drei-gefaehrliche-Zero-Day-Luecken-bei-Windows



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kamailio, libextractor, and mgetty), Fedora (community-mysql, ghostscript, glusterfs, iniparser, okular, and zsh), openSUSE (compat-openssl098, php5, and qemu), Red Hat (firefox), SUSE (libzypp, zypper, python3, spark, and zsh), and Ubuntu (zsh).
---------------------------------------------
https://lwn.net/Articles/764645/


∗∗∗ OpenAFS: Mehrere Schwachstellen ermöglichen u. a. die Manipulation von Daten ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1854/


∗∗∗ INTEL-SA-00125: A potential security vulnerability in Intel CSME, Intel Server Platform Services and Intel Trusted Execution Engine Firmware may allow information disclosure ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html


∗∗∗ Security Advisory - FRP Bypass Vulnerability on Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180912-01-smartphone-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10729745


∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated attacker to obtain sensitive information. (CVE-2018-1698) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728857


∗∗∗ IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1695) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10730979


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012749


∗∗∗ IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1567) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10730983


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10731205


∗∗∗ libidn vulnerability CVE-2016-6263 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K25353544


∗∗∗ HPESBHF03893 rev.1 - HPE Intelligent Management Center (iMC) Wireless Services Manager Software, Remote Code Execution ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us


∗∗∗ HPESBHF03876 rev.1 - HPE ProLiant ML10 Gen9 Servers with Intel-based Processors using Active Management Technology (AMT), Multiple Local Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us


∗∗∗ HPESBHF03873 rev.1 - Certain HPE Gen10 Servers with Intel-based Processors using Converged Security and Management Engine (CSME), and Power Management Controller (PMC) Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list