[CERT-daily] Tageszusammenfassung - 27.02.2019
Daily end-of-shift report
team at cert.at
Wed Feb 27 18:11:02 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 26-02-2019 18:00 − Mittwoch 27-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Google Analytics and Angular in Magento Credit Card Stealing Scripts ∗∗∗
---------------------------------------------
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from www.google-analytics[.]cm/analytics.js. Continue reading
---------------------------------------------
https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html
∗∗∗ Top ten most popular docker images each contain at least 30 vulnerabilities ∗∗∗
---------------------------------------------
[...] The findings show that in every docker image we scanned, we found vulnerable versions of system libraries. The official Node.js image ships 580 vulnerable system libraries, followed by the others each of which ship at least 30 publicly known vulnerabilities.
---------------------------------------------
https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/
∗∗∗ Thunderclap: Macs und PCs anfällig für bösartige Thunderbolt-Peripherie ∗∗∗
---------------------------------------------
Bestehende Schutzmechanismen reichen laut Sicherheitsforschern nicht aus, um Angriffe über USB-C-Peripherie abzuwehren.
---------------------------------------------
http://heise.de/-4321946
∗∗∗ Chrome Zero-Day Exploited to Harvest User Data via PDF Files ∗∗∗
---------------------------------------------
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser. read more
---------------------------------------------
https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pdf-files
∗∗∗ Ärger mit vermeintlich kostenlosen Bestellungen! ∗∗∗
---------------------------------------------
Zahlreiche Konsument/innen beschweren sich über Online-Shops wie vermano.de, vimabel.de, deinschmuckladen.com oder lieblings-mensch.com bei uns. Diese werben mit kostenlosen Produkten, für die lediglich Versandkosten anfallen. Die Bestellungen können viel Ärger mit sich bringen. So sind die sie beispielsweise minderwertig, kommen nicht an, führen zu hohen Mahngebühren oder Rücktritte sind nicht möglich. Wir raten von Einkäufen ab.
---------------------------------------------
https://www.watchlist-internet.at/news/aerger-mit-vermeintlich-kostenlosen-bestellungen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Moxa IKS, EDS ∗∗∗
---------------------------------------------
This advisory includes mitigations for classic buffer overflow, cross-site request forgery, cross-site scripting, improper access controls, improper restriction of excessive authentication attempts, missing encryption of sensitive data, out-of-bounds read, unprotected storage of credentials, predictable from observable state, and uncontrolled resource consumption vulnerabilities reported in the Moxa IKS and EDS industrial switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
∗∗∗ Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
∗∗∗ Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-wmda-cmdinj
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (elasticsearch and logstash), CentOS (java-1.8.0-openjdk, kernel, and polkit), Debian (chromium, exiv2, and phpmyadmin), Fedora (java-1.8.0-openjdk-aarch32 and mgetty), openSUSE (docker-runc, gvfs, qemu, systemd, and thunderbird), Oracle (java-1.8.0-openjdk, kernel, and polkit), Red Hat (polkit), Scientific Linux (java-1.8.0-openjdk, kernel, and polkit), Slackware (openssl), SUSE (amavisd-new, apache2, ceph, containerd, docker, docker-runc, [...]
---------------------------------------------
https://lwn.net/Articles/780859/
∗∗∗ IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-the-linux-kernel-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products-cve-2018-5391/
∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM Spectrum Protect Plus (CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-samba-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2018-1139-cve-2018-1140-cve-2018-10858-cve-2018-10918-cve-2018-10919/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list