[CERT-daily] Tageszusammenfassung - 11.03.2019
Daily end-of-shift report
team at cert.at
Mon Mar 11 18:09:24 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 08-03-2019 18:00 − Montag 11-03-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ E-Mail-Marketing: Datenbank mit 800 Millionen E-Mail-Adressen online ∗∗∗
---------------------------------------------
Wozu sammelt ein völlig unbekanntes Unternehmen Hunderte Millionen E-Mail-Adressen und weitere Nutzerdaten? Dahinter steckt eine Dienstleistung, die für Spammer nützlich ist.
---------------------------------------------
https://www.golem.de/news/e-mail-marketing-datenbank-mit-800-millionen-e-mail-adressen-online-1903-139896-rss.html
∗∗∗ Free decrypters for BigBobRoss ransomware released ∗∗∗
---------------------------------------------
Here’s some good news for users whose files have been encrypted by the BigBobRoss ransomware: both Avast and Emsisoft have released decrypters. How do you know that you've been hit with BigBobRoss? The ransomware gets its name from the email address included in the ransom note, which comes in a file named Read Me.txt. Another indication that the user's files have been encrypted by this particular malware is the .obfuscated extension added to the encrypted [...]
---------------------------------------------
https://www.helpnetsecurity.com/2019/03/11/decrypt-bigbobross-ransomware/
∗∗∗ A quick lesson in confirmation bias ∗∗∗
---------------------------------------------
In my experience, hacking investigations are driven by ignorance and confirmation bias. We regularly see things we cannot explain. We respond by coming up with a story where our pet theory explains it. Since there is no alternative explanation, this then becomes evidence of our theory, where this otherwise inexplicable thing becomes proof.For example, take that "Trump-AlfaBank" theory. One of the oddities noted by researchers is lookups for [...]
---------------------------------------------
https://blog.erratasec.com/2019/03/a-quick-lesson-in-confirmation-bias.html
∗∗∗ Vorsicht vor überteuerten Einreisegenehmigungen und E-Visa ∗∗∗
---------------------------------------------
Momentan stecken viele Konsument/innen mitten in der Planung ihrer nächsten Reise. Bei einigen Urlaubszielen, beispielsweise den USA, Kanada, der Türkei oder Ägypten, ist die Beantragung eines E-Visums oder einer Einreisegenehmigung vorab notwendig. Hierbei ist Vorsicht geboten, denn neben den offiziellen behördlichen Websites sind auch zahlreiche Dienstleister im Internet zu finden, die für die gleiche Leistung stark überhöhte Gebühren verrechnen.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-ueberteuerten-einreisegenehmigungen-und-e-visa/
∗∗∗ The Hitchhiker's Guide To Initial Access ∗∗∗
---------------------------------------------
Abusing Bias - Part 2
---------------------------------------------
https://posts.specterops.io/the-hitchhikers-guide-to-initial-access-57b66aa80dd6
=====================
= Vulnerabilities =
=====================
∗∗∗ NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution ∗∗∗
---------------------------------------------
BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share.
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5513.php
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (polkit), Debian (chromium, openjpeg2, php7.0, poppler, and symfony), Fedora (evolution, kernel, and kernel-headers), Gentoo (curl, firefox, keepalived, rdesktop, systemd, tar, wget, and zsh), openSUSE (gdm and hiawatha), Slackware (ntp), SUSE (audit, containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, file, java-1_8_0-openjdk, mariadb, openssl-1_0_0, and sssd), and Ubuntu (poppler).
---------------------------------------------
https://lwn.net/Articles/782780/
∗∗∗ Vuln: NTP CVE-2019-8936 Denial of Service Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/107337
∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Metering ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-metering/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities have been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-1000873) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-have-been-identified-in-fasterxml-jackson-library-shipped-with-ibm-tivoli-netcool-omnibus-common-integration-libraries-cve-2018-19360-cve-2018-19361/
∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Service Catalog ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-service-catalog/
∗∗∗ glibc vulnerability CVE-2016-10739 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35040315
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list