[CERT-daily] Tageszusammenfassung - 18.04.2019
Daily end-of-shift report
team at cert.at
Thu Apr 18 18:04:59 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 17-04-2019 18:00 − Donnerstag 18-04-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ RevengeRAT Distributed via Bit.ly, BlogSpot, and Pastebin C2 Infrastructure ∗∗∗
---------------------------------------------
A malicious campaign targeting entities from North America, Europe, Asia, and the Middle East during March used a combination of pages hosted on Bit.ly, BlogSpot, and Pastebin to create a command-and-control (C2) infrastructure designed to avoid getting blocked by security solutions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/revengerat-distributed-via-bitly-blogspot-and-pastebin-c2-infrastructure/
∗∗∗ Malware Sample Delivered Through UDF Image ∗∗∗
---------------------------------------------
So be careful with .img files! They should also be added to the list of prohibited file extensions in your mail relays or change the file association in your Windows environments to NOT open them Windowd Explorer.
---------------------------------------------
https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
∗∗∗ keysmix.com stiehlt Steam-Accounts ∗∗∗
---------------------------------------------
Gamer/innen aufgepasst: Auf Steam kommt es momentan zu Phishing-Versuchen. Accounts aus dem eigenen Freundeskreis versenden Nachrichten, die ein gratis Spiel für Neuanmeldungen versprechen. Die Links führen zu keysmix.com. Wer sich auf der Website mit dem Steam-Login anmeldet, wird Opfer eines Datendiebstahls und verliert den eigenen Steam-Account.
---------------------------------------------
https://www.watchlist-internet.at/news/keysmixcom-stiehlt-steam-accounts/
∗∗∗ media-shopping.org – zu schön, um wahr zu sein ∗∗∗
---------------------------------------------
Im Online-Shop media-shopping.org finden Sie Elektroartikel zu unschlagbaren Preisen. Zusätzlich erhalten Sie auf Ihre Bestellung angeblich einen Rabatt von 30 Euro. Ein Angebot dieser Art ist leider zu schön, um wahr zu sein! media-shopping.org ist ein Fake-Shop, der keine Ware liefert.
---------------------------------------------
https://www.watchlist-internet.at/news/media-shoppingorg-zu-schoen-um-wahr-zu-sein/
=====================
= Vulnerabilities =
=====================
∗∗∗ Broadcom WiFi chipset drivers contain multiple vulnerabilities ∗∗∗
---------------------------------------------
The Broadcom wl driver and the open-source brcmfmac driver for Broadcom WiFi chipsets contain multiple vulnerabilities. The Broadcom wl driver is vulnerable to two heap buffer overflows, and the open-source brcmfmac driver is vulnerable to a frame validation bypass and a heap buffer overflow.
In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, these vulnerabilities
---------------------------------------------
https://www.kb.cert.org/vuls/id/166939/
∗∗∗ OpenSSH 8.0 released ∗∗∗
---------------------------------------------
This release contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content.
---------------------------------------------
https://lwn.net/Articles/786236/
∗∗∗ Sicherheitsupdates: Mehrere Lücken in Drupal geschlossen ∗∗∗
---------------------------------------------
In aktualisierten Versionen haben die Drupal-Entwickler Schwachstellen geschlossen. Der Bedrohungsgrad gilt als "mittelschwer".
---------------------------------------------
https://heise.de/-4402364
∗∗∗ Wichtige Sicherheitsupdates für Cisco Wireless LAN Controller & Co. ∗∗∗
---------------------------------------------
Cisco hat jede Menge Patches für verschiedene Netzwerkgeräte veröffentlicht. Nur eine Schwachstelle gilt als "kritisch".
---------------------------------------------
https://heise.de/-4402425
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (polkit), Gentoo (dovecot, libseccomp, and patch), openSUSE (aubio, blktrace, flac, lxc, lxcfs, pspp, SDL, sqlite3, and xen), Red Hat (java-1.8.0-openjdk, java-11-openjdk, and rh-maven35-jackson-databind), Scientific Linux (java-1.8.0-openjdk), Slackware (libpng), SUSE (python, python3, sqlite3, and xerces-c), and Ubuntu (ntfs-3g).
---------------------------------------------
https://lwn.net/Articles/786235/
∗∗∗ BSRT-2019-002 Vulnerability in UEM Core Impacts BlackBerry UEM ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000056241
∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM Java Runtime could affect DB2 Query Management Facility (CVE-2018-12547, CVE-2019-2426, CVE-2018-1890, CVE-2018-12549, CVE-2018-11212) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-java-runtime-could-affect-db2-query-management-facility-cve-2018-12547-cve-2019-2426-cve-2018-1890-cve-2018-12549-cve-20/
∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM Java Runtime which affects DataQuant for z/OS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-java-runtime-which-affects-dataquant-for-z-os/
∗∗∗ IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2018-0734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-nextscale-fan-power-controller-fpc-is-affected-by-vulnerability-in-openssl-cve-2018-0734/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-sterling-connectexpress-for-unix-cve-2018-0734-and-cve-2018-5407/
∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-vulnerability-in-openssl-cve-2018-0737/
∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in GNU glibc (CVE-2018-11236) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerability-in-gnu-glibc-cve-2018-11236/
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Information Exposure (CVE-2018-1729) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-information-exposure-cve-2018-1729/
∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to publicly disclosed vulnerabilities from [All] Python (CVE-2018-1060, CVE-2018-1061) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-packet-capture-is-vulnerable-to-publicly-disclosed-vulnerabilities-from-all-python-cve-2018-1060-cve-2018-1061/
∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to a Publicly disclosed vulnerability from GNU glibc (CVE-2018-11237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-packet-capture-is-vulnerable-to-a-publicly-disclosed-vulnerability-from-gnu-glibc-cve-2018-11237/
∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-packet-capture-is-vulnerable-to-publicly-disclosed-vulnerabilities-from-openssl-cve-2018-0739-cve-2018-0732/
∗∗∗ BIG-IP URL classification vulnerability CVE-2019-6610 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42465020
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list