[CERT-daily] Tageszusammenfassung - 18.01.2019

Fri Jan 18 18:06:33 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 17-01-2019 18:00 − Freitag 18-01-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Windows Zero-Day Bug that Overwrites Files Gets Interim Fix ∗∗∗
---------------------------------------------
A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-that-overwrites-files-gets-interim-fix/


∗∗∗ Hosting malicious sites on legitimate servers: How do threat actors get away with it? ∗∗∗
---------------------------------------------
Is money all hosting providers care about when it comes to allowing malicious sites on their servers? Or is there more at play? We embark on an investigation to discover their motives.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/malware/2019/01/hosting-malicious-sites-legitimate-servers-threat-actors-get-away/


∗∗∗ Datendiebstahl bei Umfragen auf gremski.org ∗∗∗
---------------------------------------------
Gremski.org gibt an, ein Marktforschungsinstitut zu sein, auf dem Konsument/innen bis zu 100 Euro pro abgeschlossener Umfrage verdienen können. Bei der Anmeldung müssen Interessent/innen auch ihre Ausweisdokumente wie Personalausweis oder Pass hochladen. Im Rahmen der ersten vermeintlichen Umfrage sollen sie plötzlich ein Konto bei der N26 Bank eröffnen. Achtung: es handelt sich um Identitätsdiebstahl!
---------------------------------------------
https://www.watchlist-internet.at/news/datendiebstahl-bei-umfragen-auf-gremskiorg/


∗∗∗ This malware spreading tool is back with some new tricks ∗∗∗
---------------------------------------------
The Fallout exploit kit is back delivering GandCrab ransomware after a brief hiatus.
---------------------------------------------
https://www.zdnet.com/article/this-malware-spreading-tool-is-back-with-some-new-tricks/#ftag=RSSbaffb68


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Omron CX-Supervisor ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for code injection, command injection, use after free, and type confusion vulnerabilities in Omrons CX-Supervisor software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01


∗∗∗ ABB CP400 Panel Builder TextEditor 2.0 ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an improper input validation vulnerability in ABBs CP400 Panel Builder TextEditor 2.0.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-017-02


∗∗∗ ControlByWeb X-320M ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for improper authentication and cross-site scripting vulnerabilities in the ControlByWeb X-320M, a web-enabled weather station.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-017-03


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (drupal7), Fedora (electrum and perl-Email-Address), Mageia (gthumb), openSUSE (gitolite, kernel, krb5, libunwind, LibVNCServer, live555, mutt, wget, and zeromq), SUSE (krb5, mariadb, nodejs4, nodejs8, soundtouch, and zeromq), and Ubuntu (irssi).
---------------------------------------------
https://lwn.net/Articles/777134/


∗∗∗ Security Advisory - Two Vulnerabilities in Huawei PCManager Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190109-01-pcmanager-en


∗∗∗ IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apic-is-affected-by-a-vulnerability-in-apache-commons-fileupload-cve-2016-1000031/


∗∗∗ IBM Security Bulletin: PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-powervc-is-affected-by-an-openstack-keystone-vulnerability-that-could-allow-a-remote-authenticated-attacker-to-discover-restricted-projects-cve-2018-14432/


∗∗∗ January 2019 OpenSSH security vulnerabilities ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K31781390


∗∗∗ OTRS: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0062

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily