[CERT-daily] Tageszusammenfassung - 11.02.2019
Daily end-of-shift report
team at cert.at
Mon Feb 11 18:07:44 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 08-02-2019 18:00 − Montag 11-02-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ First CryptoCurrency Clipboard Hijacker Found on Google Play Store ∗∗∗
---------------------------------------------
Researchers last week found the first Android app on the Google Play store that monitors a devices clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attackers control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/first-cryptocurrency-clipboard-hijacker-found-on-google-play-store/
∗∗∗ Vernetzte Kühlschränke lassen sich mit Passwort 1234 abschalten ∗∗∗
---------------------------------------------
Ein Hersteller von Systemen zur Temperaturkontrolle hat einen schweren Fehler begangen.
---------------------------------------------
https://futurezone.at/digital-life/vernetzte-kuehlschraenke-lassen-sich-mit-passwort-1234-abschalten/400403729
∗∗∗ Security: Qnap-NAS-Systeme von unbekannter Malware betroffen ∗∗∗
---------------------------------------------
Besitzer von TS-251+-NAS-Geräten berichten von merkwürdigen Einträgen in der Hosts-Datei durch Malware, die das Aktualisieren und Installieren von Antivirensoftware verhindern. Erst auf Nachfrage stellt Qnap einen Fix bereit. Nutzer wundern sich über dessen Trägheit in der Sache.
---------------------------------------------
https://www.golem.de/news/security-qnap-nas-systeme-von-unbekannter-malware-betroffen-1902-139307-rss.html
∗∗∗ Windows App Runs on Mac, Downloads Info Stealer and Adware ∗∗∗
---------------------------------------------
We found an EXE application that specifically runs on Mac to download an adware and info stealer, sidestepping built-in protection systems on the platform such as Gatekeeper. We suspect the cybercriminals developing this routine as an evasion technique for damaging infections and attacks in the future as our telemetry showed the highest numbers to be in the UK, Australia, Armenia, Luxembourg, South Africa and the US.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/
∗∗∗ Netzwerkhelferlein von Cisco: Mittels Standard-Kennwort zum Neustart ∗∗∗
---------------------------------------------
Cisco hat wichtige Sicherheitsupdates für verschiedene Produkte veröffentlicht. Keine Lücke gilt als kritisch.
---------------------------------------------
http://heise.de/-4303894
∗∗∗ The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More) ∗∗∗
---------------------------------------------
A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once theres so much of something all [...]
---------------------------------------------
https://www.troyhunt.com/the-race-to-the-bottom-of-credential-stuffing-lists-and-collections-2-through-5-and-more/
∗∗∗ Sorry, Adobe Reader, Were Not Letting You Phone Home Without Users Consent (0day) ∗∗∗
---------------------------------------------
by Mitja Kolsek, the 0patch TeamToday well look at a fairly simple vulnerability in Adobe Reader DC that allows a PDF document automatically send an SMB request to attackers server as soon as the document is opened. The vulnerability was published by Alex Inführ along with a proof-of-concept in a detailed report on Alexs blog and hasnt been patched at the time of this writing.
---------------------------------------------
https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html
∗∗∗ installateur-mg.at ist nicht vertrauenswürdig! ∗∗∗
---------------------------------------------
Konsument/innen, die auf der Suche nach einem Installateursunternehmen sind, stoßen womöglich auf installeur-mg.at. Dort bewerben Kriminelle ein schnelles und kostengünstiges 24h-Notservice. Konsument/innen sollten die Dienste nicht in Anspruch nehmen! Es entstehen extrem hohe Kosten, die entgegen Behauptungen auf der Website sofort in bar bezahlt werden müssen. Die vorgenommenen Arbeiten sind teils mangelhaft.
---------------------------------------------
https://www.watchlist-internet.at/news/installateur-mgat-ist-nicht-vertrauenswuerdig/
∗∗∗ New TLS encryption-busting attack also impacts the newer TLS 1.3 ∗∗∗
---------------------------------------------
Researchers discover yet another Bleichenbacher attack variation (yawn!).
---------------------------------------------
https://www.zdnet.com/article/new-tls-encryption-busting-attack-also-impacts-the-newer-tls-1-3/
=====================
= Vulnerabilities =
=====================
∗∗∗ Django security releases issued: 2.1.6, 2.0.11 and 1.11.19 ∗∗∗
---------------------------------------------
In accordance with our security release policy, the Django team is issuing Django 1.11.19, Django 2.1.6, and Django 2.0.11. These releases addresses the security issue detailed below. We encourage all users of Django to upgrade as soon as possible.
---------------------------------------------
https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (ghostscript, spice, spice-server, and thunderbird), Debian (coturn, freerdp, ghostscript, libreoffice, libu2f-host, mosquitto, and openssh), Fedora (buildbot, java-1.8.0-openjdk, java-11-openjdk, phpMyAdmin, slurm, and spice), openSUSE (python3 and rsyslog), Red Hat (docker and runc), SUSE (avahi, fuse, and LibVNCServer), and Ubuntu (poppler).
---------------------------------------------
https://lwn.net/Articles/779467/
∗∗∗ WebKitGTK+ and WPE WebKit Security Advisory WSA-2019-0001 ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2019-6212 Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before2.22.4. Credit to an anonymous researcher. Processing maliciously crafted web content may lead to arbitrary code execution.
---------------------------------------------
https://webkitgtk.org/security/WSA-2019-0001.html
∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change-data-capture-is-affected-by-an-apache-derby-open-source-library-vulnerability-cve-2015-1832/
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-oracle-outside-in-technology-affect-ibm-rational-doors-next-generation-4/
∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by a Reflected XSS (Cross-Site Scripting) vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-governance-catalog-is-affected-by-a-reflected-xss-cross-site-scripting-vulnerability/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2018 & October 2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-virtualization-engine-ts7700-july-2018-october-2018/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-java-sdk-affect-ibm-b-type-san-directors-and-switches-3/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-java-sdk-affect-ibm-b-type-san-directors-and-switches-2/
∗∗∗ IBM Security Bulletin: IBM MQ Advanced Cloud Paks are vulnerable to multiple issues with in the Systemd package (CVE-2018-16866 CVE-2018-16864 CVE-2018-16865) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud-paks-are-vulnerable-to-multiple-issues-with-in-the-systemd-package-cve-2018-16866-cve-2018-16864-cve-2018-16865/
∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-server-is-potentially-vulnerable-to-xml-external-entity-injection-xxe-2/
∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-solr-lucene-affects-ibm-infosphere-information-server-2/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-infosphere-information-server-2/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list