[CERT-daily] Tageszusammenfassung - 07.05.2019

Daily end-of-shift report team at cert.at
Tue May 7 18:25:19 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 06-05-2019 18:00 − Dienstag 07-05-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Confluence Servers Hacked to Install Miners and Rootkits ∗∗∗
---------------------------------------------
After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-install-miners-and-rootkits/


∗∗∗ "7 Tips For Planning ICS Plant Visits" ∗∗∗
---------------------------------------------
As you plan the next visit to your ICS plant(s) with your security team, consider these seven tips. They will maximize time on-site for accurate asset identification, effective cybersecurity awareness that will foster IT and OT relationships for smooth ICS incident response, and highlight new ways to ethically hack your digital and physical security perimeter.
---------------------------------------------
http://ics.sans.org/blog/2019/05/06/7-tips-for-planning-ics-plant-visits


∗∗∗ Entschlüsselungstool für Erpressungstrojaner MegaLocker/NamPoHyu verfügbar ∗∗∗
---------------------------------------------
Sicherheitsforscher haben ein Gratis-Entschlüsselungstool für eine aktuelle Ransomware veröffentlicht. Der Malware-Entwickler findet das gar nicht witzig.
---------------------------------------------
https://heise.de/-4415835


∗∗∗ Turla LightNeuron: An email too far ∗∗∗
---------------------------------------------
ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments
---------------------------------------------
https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/


∗∗∗ WordPress GraphQL plugin exploit ∗∗∗
---------------------------------------------
Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a plugin, undermining the security of the whole platform.
---------------------------------------------
https://www.pentestpartners.com/security-blog/wordpress-graphql-plugin-exploit/


∗∗∗ Surge of MegaCortex ransomware attacks detected ∗∗∗
---------------------------------------------
New MegaCortex ransomware strain detected targeting the enterprise sector.
---------------------------------------------
https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infections-detected/


∗∗∗ WordPress finally gets the security features a third of the Internet deserves ∗∗∗
---------------------------------------------
WordPress 5.2 released with support for cryptographically-signed updates, a modern cryptographic library.
---------------------------------------------
https://www.zdnet.com/article/wordpress-finally-gets-the-security-features-a-third-of-the-internet-deserves/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ [20190501] - Core - XSS in com_users ACL debug views ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.7.0 through 3.9.5 Exploit type: XSS Reported Date: 2019-April-29 Fixed Date: 2019-May-07 CVE Number: CVE-2019-11809  Description The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. Affected Installs Joomla! CMS versions 1.7.0 through 3.9.5 Solution Upgrade to version 3.9.6 Contact The JSST at the Joomla! Security Centre. Reported By: Jose Antonio
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-core-xss-in-com-users-acl-debug-view.html


∗∗∗ Android Security Bulletin - May 2019 ∗∗∗
---------------------------------------------
[...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2019-05-01.html


∗∗∗ USN-3969-1: wpa_supplicant and hostapd vulnerability ∗∗∗
---------------------------------------------
wpa vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 19.04Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarywpa_supplicant and hostapd could be made to crash if they receivedspecially crafted network traffic.
---------------------------------------------
https://usn.ubuntu.com/3969-1/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (389-ds-base, firefox-esr, and symfony), Fedora (poppler), SUSE (audit, ovmf, and webkit2gtk3), and Ubuntu (aria2, FFmpeg, gnome-shell, and sudo).
---------------------------------------------
https://lwn.net/Articles/787732/


∗∗∗ Security Bulletins for TYPO3 CMS ∗∗∗
---------------------------------------------
https://typo3.org/help/security-advisories/typo3-cms/


∗∗∗ Security Bulletins for TYPO3 Extensions ∗∗∗
---------------------------------------------
https://typo3.org/help/security-advisories/typo3-extensions/


∗∗∗ Public Services Announcements for TYPO3 ∗∗∗
---------------------------------------------
https://typo3.org/help/security-advisories/public-service-announcements/


∗∗∗ IBM Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center (CVE-2018-3180, CVE-2018-1890) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-java-vulnerabilities-impact-ibm-control-center-cve-2018-3180-cve-2018-1890/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list