[CERT-daily] Tageszusammenfassung - 31.01.2019
Daily end-of-shift report
team at cert.at
Thu Jan 31 18:09:51 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 30-01-2019 18:00 − Donnerstag 31-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Mac "CookieMiner" Malware Aims to Gobble Crypto Funds ∗∗∗
---------------------------------------------
A newly discovered malware steals cookies, credentials and more to break into victims cryptocurrency exchange accounts.
---------------------------------------------
https://threatpost.com/mac-cookieminer-malware-crypto/141334/
∗∗∗ The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild ∗∗∗
---------------------------------------------
Capsule8 demos takeover technique to help sysadmins check for vulnerabilities Those who havent already patched a trio of recent vulnerabilities in the Linux worlds SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes.
---------------------------------------------
https://www.theregister.co.uk/2019/01/31/systemd_exploit/
∗∗∗ Tracking Unexpected DNS Changes ∗∗∗
---------------------------------------------
DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning[1] about recent DNS hijacking attacks[2]. [...] it's not easy to detect unexpected changes but you can implement your own checks to tracks changes for your most visited websites. But from a website owner or network admin perspective, it is indeed a good practice to ensure that DNS servers authoritative for our domain zones are providing the
---------------------------------------------
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
∗∗∗ Top 10 Most Vulnerable WordPress Plugins ∗∗∗
---------------------------------------------
Kept properly updated, WordPress - including its plugins - is one of the most secure CMS available on the web. Provided the plugins are actively updated, most vulnerabilities are discovered and patched without widespread malicious exploitation. [...] In most cases, it's down to the users to make sure they apply the latest security updates to all their plugins.
---------------------------------------------
https://www.htbridge.com/blog/top-10-most-vulnerable-wordpress-plugins.html
∗∗∗ IQ-Tests auf testific.com locken in Abo-Falle ∗∗∗
---------------------------------------------
Auf testific.com werden IQ- und Persönlichkeitstests angeboten. Konsument/innen, die an den Testungen teilnehmen, sollen ein Zertifikat erhalten, auf dem der IQ-Wert angegeben ist. Personen die den Intelligenztest durchführen, müssen im Anschluss 2,99 Euro bezahlen, um ihr Ergebnis zu erhalten. Ein versteckter Kostenhinweis zeigt: Es handelt sich um eine Abo-Falle, die 79,99 Euro pro Monat kostet.
---------------------------------------------
https://www.watchlist-internet.at/news/iq-tests-auf-testificcom-locken-in-abo-falle/
∗∗∗ IoT botnet used in YouTube ad fraud scheme ∗∗∗
---------------------------------------------
TheMoons DDoS days are long gone. The botnet is now a proxy network for other criminal groups.
---------------------------------------------
https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#ftag=RSSbaffb68
∗∗∗ New security flaw impacts 5G, 4G, and 3G telephony protocols ∗∗∗
---------------------------------------------
Researchers have reported their findings and fixes should be deployed by the end of 2019.
---------------------------------------------
https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/#ftag=RSSbaffb68
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitspatch: Dell Networking OS10 anfällig für Lauschattacken ∗∗∗
---------------------------------------------
Ein wichtiges Update schließt eine Sicherheitslücke im Switch-Betriebssystem Networking OS10 von Dell.
---------------------------------------------
http://heise.de/-4294467
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts).
---------------------------------------------
https://lwn.net/Articles/778107/
∗∗∗ BlackBerry powered by Android Security Bulletin - January 2019 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000054984
∗∗∗ Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190131-01-phone-en
∗∗∗ IBM Security Bulletin: IBM Security Identity Manager is affected by a limited code injection vulnerability (CVE-2019-4038) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-is-affected-by-a-limited-code-injection-vulnerability-cve-2019-4038/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-3139, CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-tivoli-storage-manager-fastback-cve-2018-3139-cve-2018-3180/
∗∗∗ IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-application-dependency-discovery-manager-taddm-could-expose-password-hashes-stored-in-system-memory-on-target-windows-systems-that-are-discovered-by-taddm/
∗∗∗ Linux kernel vulnerability CVE-2018-10901 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K07721343
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list