[CERT-daily] Tageszusammenfassung - 17.01.2019
Daily end-of-shift report
team at cert.at
Thu Jan 17 18:26:20 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 16-01-2019 18:00 − Donnerstag 17-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Over 140 International Airlines Affected by Major Security Breach ∗∗∗
---------------------------------------------
Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system
---------------------------------------------
https://www.bleepingcomputer.com/news/security/over-140-international-airlines-affected-by-major-security-breach/
∗∗∗ Forest for the trees: an IoT security standards gap analysis ∗∗∗
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/forest-for-the-trees-an-iot-security-standards-gap-analysis
∗∗∗ Passwort-Sammlung mit 773 Millionen Online-Konten im Netz aufgetaucht ∗∗∗
---------------------------------------------
Eine riesige Sammlung mit Zugangsdaten zu Online-Diensten zirkuliert in Untergrund-Foren. Die Passwörter von Millionen Nutzern sind betroffen.
---------------------------------------------
https://heise.de/-4279375
∗∗∗ New Year’s resolutions: Routing done right ∗∗∗
---------------------------------------------
As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble [...]
---------------------------------------------
https://www.welivesecurity.com/2019/01/17/new-years-resolutions-routing-done-right/
∗∗∗ thermenservice-24.at ist unseriös ∗∗∗
---------------------------------------------
Bei thermenservice-24.at handelt es sich um einen Installateur, der 24 Stunden erreichbar ist. Die sogenannten „Thermenprofis“, sind bei jeder Tages- und Nachtzeit verfügbar, schnell vor Ort und locken mit günstigen Preisen. Es handelt sich jedoch um einen unseriösen Anbieter, der das Problem nicht behebt und nicht erfolgte Leistung überteuert verrechnet!
---------------------------------------------
https://www.watchlist-internet.at/news/thermenservice-24at-ist-unserioes/
∗∗∗ Betrügerischer Apple-Shop ios-world.de! ∗∗∗
---------------------------------------------
Auf ios-world.de werden Apple-Produkte wie iPhones, Apple Watch, MacBooks und iMacs angeboten. Die Preise liegen weit unter Marktwert und laden zu einem schnellen Kauf ein. Doch Vorsicht: Konsument/innen dürfen hier nichts kaufen! Es handelt sich um einen Fake-Shop, bei dem Sie per Vorkasse zahlen und keine Ware erhalten.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerischer-apple-shop-ios-worldde/
∗∗∗ Malware Used by "Rocke" Group Evolves to Evade Detection by Cloud Security Products ∗∗∗
---------------------------------------------
Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it’s also associated with the Xbash malware we reported on in September of 2018. The threat actor Rocke was originallyThe post Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products appeared first on Unit42.
---------------------------------------------
https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/
=====================
= Vulnerabilities =
=====================
∗∗∗ Drupal Releases Security Updates ∗∗∗
---------------------------------------------
Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/01/16/Drupal-Releases-Security-Updates
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1).
---------------------------------------------
https://lwn.net/Articles/777010/
∗∗∗ IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-in-oracle-outside-in-technology-used-by-ibm-filenet-content-manager/
∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by Apache Tomcat vulnerability CVE-2018-8034 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-affected-by-apache-tomcat-vulnerability-cve-2018-8034/
∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-manager-affected-by-apache-httpclient-security-vulnerability/
∗∗∗ IBM Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-b2b-advanced-communications-is-affected-by-multiple-vulnerabilities-in-ibm-java-runtime/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list