End-of-Day report
Timeframe: Montag 29-10-2018 18:00 - Dienstag 30-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
CommonRansom Ransomware Demands RDP Access to Decrypt Files
A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victims files.
https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/
Krankenkassen: Vivy-App gibt Daten preis
Sicherheitsforscher haben einige gravierende Lücken in der Krankenkassen-App Vivy gefunden. Unter anderem konnte auf Dokumente, die man mit dem Arzt teilte, unberechtigt zugegriffen werden. (Medizin, Verschlüsselung)
https://www.golem.de/news/krankenkassen-vivy-app-gibt-daten-preis-1810-137376-rss.html
Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
by Stephen Hilt, Numaan Huq, Vladimir Kropotov, Robert McArdle, Cedric Pernet, and Roel Reyes Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected [...]
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5LDw-xUlnAw/
Sicherheitsupdates: Multifunktionsgeräte von Lexmark anfällig für "böse" Faxe
Sicherheitspatches für Drucker-Fax-Kopier-Kombinationen von Lexmark schließen zwei Lücken. Eine davon gilt als kritisch.
http://heise.de/-4206719
Systemd: DHCPv6-Pakete können Linux-Rechner kapern
Eine Systemd-Komponente in vielen modernen Linux-Systemen kann missbraucht werden, um den Rechner übers Netz zu kapern.
http://heise.de/-4206800
Erpresserische E-Mails drohen mit Masturbationsvideo
Kriminelle versenden betrügerische Nachrichten. Darin behaupten sie, dass sie das Passwort der Empfänger/innen kennen, angeblich Zugriff auf ihren Computer haben und deshalb über Masturbationsvideos verfügen. Die Adressat/innen sollen Bitcoins bezahlen, damit es zu keiner Veröffentlichung der Aufnahmen kommt. Konsument/innen können das Schreiben ignorieren, denn es ist erfunden. Eine Reaktion ist nicht erforderlich.
https://www.watchlist-internet.at/news/erpresserische-e-mails-drohen-mit-masturbationsvideo/
Vulnerabilities
Squid Proxy Cache Security Update Advisory SQUID-2018:4
Due to incorrect input handling, Squid is vulnerable to a Cross-Site Scripting vulnerability when generating HTTPS response messages about TLS errors.
http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
Squid Proxy Cache Security Update Advisory SQUID-2018:5
Due to a memory leak in SNMP query rejection code, Squid is vulnerable to a denial of service attack.
http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
Security updates for Tuesday
Security updates have been issued by CentOS (xorg-x11-server), Debian (xen), Red Hat (389-ds-base, binutils, curl and nss-pem, fuse, glibc, glusterfs, GNOME, gnutls, jasper, java-1.7.0-openjdk, kernel, kernel-alt, kernel-rt, krb5, libcdio, libkdcraw, libmspack, libreoffice, libvirt, openssl, ovmf, python, python-paramiko, qemu-kvm, qemu-kvm-ma, samba, setup, sssd, wget, wpa_supplicant, X.org X11, xerces-c, zsh, and zziplib), and SUSE (ardana-monasca, ardana-spark, kafka, kafka-kit, [...]
https://lwn.net/Articles/770031/
Sandbox Bypass in Script Security and Pipeline Groovy Plugins
https://jenkins.io/security/advisory/2018-10-29/
GitLab Security Release: 11.4.3, 11.3.8, and 11.2.7
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851)
https://www-01.ibm.com/support/docview.wss?uid=ibm10735105
IBM Security Bulletin: Vulnerability in the IBM FlashSystem model V840
https://www-01.ibm.com/support/docview.wss?uid=ibm10732968
IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2018-10858)
https://www-01.ibm.com/support/docview.wss?uid=ibm10732876
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications
https://www-01.ibm.com/support/docview.wss?uid=ibm10737813
IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale
https://www-01.ibm.com/support/docview.wss?uid=ibm10735169
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Integration Designer
https://www-01.ibm.com/support/docview.wss?uid=ibm10733845
reposync vulnerability CVE-2018-10897
https://support.f5.com/csp/article/K23200408