[CERT-daily] Tageszusammenfassung - 29.01.2019

Tue Jan 29 18:17:09 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 28-01-2019 18:00 − Dienstag 29-01-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ A Miner Decline: The Surprising Slowdown of Cryptomining ∗∗∗
---------------------------------------------
This is the first of a three-part report on the state of three malware categories: miners, ransomware and information stealers. In Webroot's 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being [...]
---------------------------------------------
https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slowdown-of-cryptomining/


∗∗∗ FaceTime als Wanze – Apple schaltet Gruppenfunktion des VoIP-Dienstes ab ∗∗∗
---------------------------------------------
Ein Bug in Apples Kommunikationsdienst ermöglicht, das Mikrofon von iPhone und Mac aus der Ferne zu aktivieren. Apple ergreift Notfallmaßnahmen.
---------------------------------------------
http://heise.de/-4290587


∗∗∗ Sicherheitslücken in Microsoft Exchange gewähren Domain-Admin-Berechtigungen ∗∗∗
---------------------------------------------
Schwachstellen in allen Exchange-Server-Versionen machen Angreifer zu Domain-Administratoren. Ein Patch steht noch aus.
---------------------------------------------
http://heise.de/-4290574


∗∗∗ Aktuelle Trojaner-Welle: Emotet lauert in gefälschten Rechnungsmails ∗∗∗
---------------------------------------------
Offensichtlich hat es der Emotet-Schädling nun auf Privatpersonen abgesehen. Derzeit sind gehäuft gefälschte Amazon-, Telekom- und Vodafone-Mails unterwegs.
---------------------------------------------
http://heise.de/-4291268


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in coTURN ∗∗∗
---------------------------------------------
Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called "DMZ" zones - any server reachable from the internet - to provide firewall traversal solutions.
---------------------------------------------
https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple.html


∗∗∗ Kleinanzeigen-Betrug boomt ∗∗∗
---------------------------------------------
Vorsicht beim Verkauf auf Kleinanzeigenplattformen wie willhaben, eBay, marketplace, quoka oder shpock. Aktuell häufen sich Anfragen von Interessent/innen, die das Geld angeblich einer Bank – die als Zwischenvermittler fungiert - "überweisen". Diese fragwürdige Bank hält den Betrag so lange zurück, bis Sie eine Versandbestätigung oder zu viel überwiesenes Geld übermitteln. Es handelt sich um eine Betrugsmasche!
---------------------------------------------
https://www.watchlist-internet.at/news/kleinanzeigen-betrug-boomt/


∗∗∗ Gefälschte Spar Umfrage: Versteckte Kosten statt gratis Technik! ∗∗∗
---------------------------------------------
Eine erfundene Umfrage wird momentan von Kriminellen massenhaft verschickt. Betroffene Personen, die den Links in der Nachricht folgen und die Umfrage durchführen, sollen mit einem gratis iPhone X, XS, Galaxy S9 oder einem MacBook belohnt werden. Ein versteckter Kostenhinweis bei der Eingabe der Kreditkartendaten zeigt aber: Statt Smartphone oder Laptop gibt's nur monatliche Kosten!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-spar-umfrage-versteckte-kosten-statt-gratis-technik/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (go-pie), Debian (wireshark), openSUSE (freerdp, libraw, openssh, pdns-recursor, singularity, and systemd), and Ubuntu (kernel, linux-hwe, and spice).
---------------------------------------------
https://lwn.net/Articles/777806/


∗∗∗ IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-has-addressed-multiple-vulnerabilities-in-developer-portals-dependencies-cumulative-list-from-june-28-2018-to-december-13-2018/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-check-services-is-affected-by-a-potential-directory-listing-of-internal-product-files-vulnerability-cve-2018-2026/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Check Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-check-services-for-multi-platform-is-affected-by-vulnerabilities-in-ibm-java-runtime/


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by an Application Error vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-an-application-error-vulnerability/


∗∗∗ IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-packet-capture-is-vulnerable-to-3rd-party-cpu-hardware-utilizing-speculative-execution-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-cve/


∗∗∗ IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-qradar-packet-capture-is-vulnerable-to-3rd-party-cpu-hardware-utilizing-speculative-execution-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-cv/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-3rd-party-cpu-hardware-utilizing-speculative-execution-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-cve-2018-3639-cve-20/


∗∗∗ The BIG-IP HTTP parser can incorrectly parse a tab character ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K18263026


∗∗∗ A virtual server with a Client SSL profile may accept non-SSL traffic ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K21942600


∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6591 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K32840424


∗∗∗ BIG-IP TMUI vulnerability CVE-2019-6589 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23566124


∗∗∗ TMM vulnerability CVE-2019-6590 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K55101404


∗∗∗ The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01226413


∗∗∗ The BIG-IP ASM system may redirect a client request to an incorrect URL ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23432927

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily