[CERT-daily] Tageszusammenfassung - 31.07.2019
Daily end-of-shift report
team at cert.at
Wed Jul 31 18:40:32 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 30-07-2019 18:00 − Mittwoch 31-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Smart Home: Philips Hue und Kameras über unsichere Protokolle gehackt ∗∗∗
---------------------------------------------
Sicherheitsforschern ist es gelungen, Steuerungsbefehle an Überwachungskameras und Philips-Hue-Lampen zu schicken. Die Geräte übertragen Daten und Befehle standardmäßig auf eine unsichere Weise.
---------------------------------------------
https://www.golem.de/news/smart-home-philips-hue-und-kameras-ueber-unsichere-protokolle-gehackt-1907-142898-rss.html
∗∗∗ Keeping a Hidden Identity: Mirai C&Cs in Tor Network ∗∗∗
---------------------------------------------
We found new samples of Mirai targeting IP cameras and DVRs with exposed ports and default credentials. Like its predecessors, it allows attackers remote access and the use of infected devices to form a botnet for DDoS attacks. However, the C&Cs were traced back to the Tor network, keeping the cybercriminals identities anonymous and protecting the servers from being shut down despite discovery.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/keeping-a-hidden-identity-mirai-ccs-in-tor-network/
∗∗∗ IoT home security camera allows hackers to listen in over HTTP ∗∗∗
---------------------------------------------
"The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does not require authentication to access the HTTP endpoint /videotalk," the vulnerabilitys description reads. "An unauthenticated, remote person can connect to this endpoint and listen to the audio the camera is capturing."
---------------------------------------------
https://www.zdnet.com/article/iot-home-security-camera-allows-hackers-to-listen-in-over-http/
∗∗∗ Malvertising: Online Advertisings Darker Side ∗∗∗
---------------------------------------------
The days of installing a basic ad blocker on your web browser and expecting full protection are gone. Between the sites that require them to be disabled and the ability for advertisers to pay to evade them, ad blockers alone are not sufficient. As this blog will cover in detail, malvertising is a problem not strictly associated with basic web browsing. It can also come with other software programs including adware or potentially unwanted applications (PUA). These latter examples require the most attention.
---------------------------------------------
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
∗∗∗ Gefährliche PayPal Phishing-Nachrichten in Umlauf ∗∗∗
---------------------------------------------
Vorsicht vor betrügerischen Nachrichten im Namen PayPals, die an zahlreiche Konsument/innen verschickt werden. In der E-Mail wird behauptet, das Konto sei eingeschränkt worden und die Daten müssten bestätigt werden. Es handelt sich um einen Versuch Krimineller, an Zahlungsdaten zu kommen, um diese für weitere Verbrechen missbrauchen zu können!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaehrliche-paypal-phishing-nachrichten-in-umlauf/
∗∗∗ Gefälschte DHL-Mails enthalten gefährliche Schadsoftware ∗∗∗
---------------------------------------------
Kriminelle versenden massenhaft E-Mails, in denen sie sich als DHL ausgeben und behaupten, dass Ihr Paket nicht zugestellt werden konnte. Nähere Infos, über das weitere Vorgehen, finden Sie angeblich im Dateianhang. Öffnen Sie keinesfalls die Datei, es handelt sich um Schadsoftware!
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-dhl-mails-enthalten-gefaehrliche-schadsoftware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Updates verfügbar: OXID eShop repariert verwundbares Admin-Panel ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in mehreren OXID-eShop-Versionen ermöglichte das Einschleusen und Ausführen beliebiger SQL-Befehle mittels speziell präparierter URLs.
---------------------------------------------
https://heise.de/-4484390
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (389-ds-base, curl, and kernel), Debian (libssh2), Fedora (kernel, kernel-headers, and oniguruma), openSUSE (chromium, openexr, thunderbird, and virtualbox), Oracle (389-ds-base, curl, httpd, kernel, and libssh2), Red Hat (nss and nspr and ruby:2.5), Scientific Linux (httpd and kernel), SUSE (java-1_8_0-openjdk, mariadb, mariadb-connector-c, polkit, and python-requests), and Ubuntu (openjdk-8, openldap, and sox).
---------------------------------------------
https://lwn.net/Articles/795007/
∗∗∗ Prima Systems FlexAir ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
∗∗∗ IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by a Jetty vulnerability (CVE-2018-12545) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-service-manager-is-affected-by-a-jetty-vulnerability-cve-2018-12545/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-3/
∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2019-2684) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-identified-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-cve-2019-2684/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications-3/
∗∗∗ IBM Security Bulletin: Secure Gateway is affected by a Denial of Service vulnerability (CVE-2019-5428) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-affected-by-a-denial-of-service-vulnerability-cve-2019-5428/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-netcool-agile-service-manager/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list