[CERT-daily] Tageszusammenfassung - 19.09.2018
Daily end-of-shift report
team at cert.at
Wed Sep 19 18:08:15 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 18-09-2018 18:00 − Mittwoch 19-09-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Western Digitals My Cloud NAS Devices Turn Out to Be Easily Hacked ∗∗∗
---------------------------------------------
Security researchers have discovered an authentication bypass vulnerability in Western Digitals My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices.
---------------------------------------------
https://thehackernews.com/2018/09/wd-my-cloud-nas-hacking.html
∗∗∗ XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins ∗∗∗
---------------------------------------------
It appears that on Windows, Xbash will focus on malicious cryptomining functions and self-propagation techniques, while on Linux systems, the malware will flaunt its data destructive tendencies; as the malware triggers a downloader to execute a coinminer on Windows, while on Linux it flaunts ransomware functions.
---------------------------------------------
https://threatpost.com/xbash-malware-packs-double-punch-destroys-data-and-mines-for-crypto-coins/137543/
∗∗∗ TIPs to Securely Deploy Industrial Control Systems ∗∗∗
---------------------------------------------
Schneider Electric has authored a whitepaper “Effective Implementation of Cybersecurity Countermeasures in Industrial Control Systems” that takes asset owners through the system deployment process. In this blog article, I will provide a brief overview of the concepts presented in the whitepaper.
---------------------------------------------
https://blog.schneider-electric.com/cyber-security/2018/09/18/tips-to-securely-deploy-industrial-control-systems/
∗∗∗ Fake finance apps on Google Play target users from around the world ∗∗∗
---------------------------------------------
Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the impersonated legitimate services.
---------------------------------------------
https://www.welivesecurity.com/2018/09/19/fake-finance-apps-google-play-target-around-world/
∗∗∗ Multi-Vector WordPress Infection from Examhome ∗∗∗
---------------------------------------------
This September, we’ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database.
---------------------------------------------
http://labs.sucuri.net/?note=2018-09-18
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Updates available for Adobe Acrobat and Reader (APSB18-34) ∗∗∗
---------------------------------------------
Adobe has published security bulletin for Adobe Acrobat and Reader (APSB18-34) for Windows and MacOS. These updates address critical and important vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1617
∗∗∗ BSRT-2018-003 Directory traversal vulnerability impacts the Connect Service of the BlackBerry Enterprise Mobility Server ∗∗∗
---------------------------------------------
This advisory addresses a directory traversal vulnerability that has been discovered in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited ...
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051590
∗∗∗ Google Chrome, Chromium: Eine Schwachstelle ermöglicht nicht spezifizierte Angriffe ∗∗∗
---------------------------------------------
Ein Angreifer kann aufgrund einer Schwachstelle welche mit dem Schweregrad 'high' bewertet wird nicht weiter spezifizierte Angriffe ausführen. In der Vergangenheit konnten derartige Schwachstellen zumeist von einem entfernten und nicht authentisierten Angreifer ausgenutzt werden.
Google stellt die Chrome und Chromium Version 69.0.3497.100 als Sicherheitsupdate bereit.
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1886/
∗∗∗ Xcode: Eine Schwachstelle ermöglicht die Übernahme des Systems ∗∗∗
---------------------------------------------
Ein lokaler, einfach authentifizierter Angreifer kann die Schwachstelle mit Hilfe einer speziell präparierten Anwendung ausnutzen, um beliebigen Programmcode mit Kernelprivilegien auszuführen und dadurch das komplette System zu übernehmen.
Apple stellt Xcode 10 für macOS High Sierra 10.13.6 und später zur Behebung der Schwachstelle bereit.
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1885/
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium-browser and libapache2-mod-perl2), Oracle (kernel), and Ubuntu (ghostscript, glib2.0, and php5).
---------------------------------------------
https://lwn.net/Articles/765573/
∗∗∗ WECON PLC Editor ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01
∗∗∗ Vuln: Apache Camel CVE-2018-8041 Directory Traversal Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/105352
∗∗∗ Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180919-02-smartphone-en
∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1800) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10731379
∗∗∗ IBM Security Bulletin: Blind SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (CVE-2018-1674) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10720035
∗∗∗ IBM Security Bulletin: IBM Data Science Experience Local is affected by a cryptography vulnerability ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10720161
∗∗∗ The BIG-IP ASM system may stop enforcing attack signatures after activating a security policy that includes a new signature ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K83093212
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list