[CERT-daily] Tageszusammenfassung - 01.02.2019
Daily end-of-shift report
team at cert.at
Fri Feb 1 18:09:12 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 31-01-2019 18:00 − Freitag 01-02-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Sextortion: Follow the Money Part 3 - The cashout begins! ∗∗∗
---------------------------------------------
There hasnt been much to update in the several months since the Sexploitation: Follow the money updates in Diary 1 and Diary 2. For those of you who didnt read those diaries. When the Sextortion email campaign began in July, I asked for ISC reader submissions of the BTC addresses from that campaign so we could attempt to follow the Bitcoins created by the payments from this campaign.
---------------------------------------------
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
∗∗∗ Pants down: Sicherheitslücke in Server-Fernwartung ∗∗∗
---------------------------------------------
Server und Mainboards mit einigen Fernwartungschips von Aspeed sind angreifbar; auch die offene BMC-Firmware OpenBMC ist betroffen.
---------------------------------------------
http://heise.de/-4296144
∗∗∗ Most Magento shops get compromised via vulnerable extensions ∗∗∗
---------------------------------------------
Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. "The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to [...]
---------------------------------------------
https://www.helpnetsecurity.com/2019/02/01/magento-vulnerable-extensions/
∗∗∗ Surviving DNS Flag Day ∗∗∗
---------------------------------------------
DNS Flag Day is here and with it comes new changes that could impact your domain's availability. What do you need to know and how can you quickly identify its impacts on you and your users? Read on for our quick guide to what it's all about and how to avoid disruption to your digital services.
---------------------------------------------
https://blog.thousandeyes.com/surviving-dns-flag-day/
∗∗∗ This smart light bulb could leak your Wi-Fi password ∗∗∗
---------------------------------------------
LIFX smart bulbs contained vulnerabilities which could be exploited with a little ingenuity and the help of a hacksaw.
---------------------------------------------
https://www.zdnet.com/article/this-smart-light-bulb-could-leak-your-wi-fi-password/
=====================
= Vulnerabilities =
=====================
∗∗∗ IDenticard PremiSys ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for use of hard-coded credentials, use of hard-coded password, and inadequate encryption strength vulnerabilities reported in the IDenticard PremiSys access control system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-031-02
∗∗∗ Schneider Electric EVLink Parking ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for use of hard-coded credentials, code injection, and SQL injection vulnerabilities reported in Schneider Electric’s EVLink Parking, an electric vehicle charging station.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (agg, golang-1.7, golang-1.8, mariadb-10.0, and postgis), Fedora (kernel, kernel-headers, and kernel-tools), Mageia (gitolite and libvorbis), openSUSE (pdns-recursor and webkit2gtk3), Oracle (firefox, ghostscript, kernel, polkit, spice, and spice-server), Red Hat (etcd, ghostscript, polkit, spice, and spice-server), Scientific Linux (ghostscript, polkit, spice, and spice-server), SUSE (python3), and Ubuntu (libvncserver).
---------------------------------------------
https://lwn.net/Articles/778285/
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-directory-listing-of-internal-product-files-vulnerability-cve-2018-2026/
∗∗∗ IBM Security Bulletins: There is a security vulnerability in the XLXP-C component which is shipped in IBM Integration Bus and App Connect Enterprise (CVE-2018-1801) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletins-there-is-a-security-vulnerability-in-the-xlxp-c-component-which-is-shipped-in-ibm-integration-bus-and-app-connect-enterprise-cve-2018-1801/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-operations-center-and-client-management-service-cve-2016-0705-cve-2017-3732-cve-2017-3736-cve-2018-1/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center (CVE-2018-1553, CVE-2018-1683, CVE-2018-8039) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-cve-2018-1553-cve-2018-1683-cve-2018-8039/
∗∗∗ Linux kernel vulnerability CVE-2018-16658 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K40523020
∗∗∗ Java SE vulnerability CVE-2018-3183 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K95003704
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list