End-of-Day report
Timeframe: Dienstag 30-10-2018 18:00 - Mittwoch 31-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
Next End-of-Day report: 2018-11-02
News
Square, PayPal POS Hardware Open to Multiple Attack Vectors
Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft.
https://threatpost.com/square-paypal-pos-hardware-open-to-multiple-attack-vectors/138681/
Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future-s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that [...]
https://securingtomorrow.mcafee.com/mcafee-labs/fallout-exploit-kit-releases-the-kraken-ransomware-on-its-victims/
Using PHP 5 Becomes Dangerous in 2 Months
WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older.
https://www.wordfence.com/blog/2018/10/php5-dangerous/
5 Types of Malware Currently Affecting macOS
Mac malware, or macOS malware, exists contrary to the popular belief that Apple-s operating system is immune to online threats. Cybersecurity researchers have been closely observing the threat landscape only to conclude that malware infections targeting Mac devices have increased in 2018.
https://www.tripwire.com/state-of-security/security-awareness/5-types-of-malware-currently-affecting-macos/
Wenn Sie in eine Abo-Falle getappt sind-
Auf der Suche nach kostenlosen Angeboten und gratis Dienstleistungen werden Sie im Internet schnell fündig. Doch Vorsicht: Hier ist nicht alles Gold, was glänzt! Oft handelt es sich nämlich um Abo-Fallen, bei denen Ihnen unbegründet Rechnungen zugeschickt werden und man Ihnen mit Inkassobüro oder Rechtsanwaltsschreiben droht. Die Lösung? Auf gar keinen Fall bezahlen!
https://www.watchlist-internet.at/news/wenn-sie-in-eine-abo-falle-getappt-sind-1/
Warnung vor sierrasport-berlin.de
Der Online-Shop sierrasport-berlin.de vertreibt Markenfälschungen. Das können Konsument/innen daran erkennen, dass sämtliche Produkte stark rabattiert und lagernd sind. Kaufen sie bei sierrasport-berlin.de ein, müssen sie mit hohen Zusatzkosten, rechtlichen Konsequenzen und einem Identitätsdiebstahl rechnen. Von einem Einkauf bei sierrasport-berlin.de wird dringend abgeraten!
https://www.watchlist-internet.at/news/warnung-vor-sierrasport-berlinde/
Vulnerabilities
DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability
Integrated Data Protection Appliance (iDPA) contains undocumented accounts with limited access which may potentially be used by a malicious user to compromise the affected system.
https://seclists.org/fulldisclosure/2018/Oct/53
Security updates for Wednesday
Security updates have been issued by Arch Linux (gitlab), Debian (gnutls28), Fedora (audiofile, coreutils, firefox, hesiod, kernel, kernel-headers, kernel-tools, libssh, lighttpd, mosquitto, opencc, patch, php-horde-nag, sos-collector, strongswan, and thunderbird), Gentoo (libxkbcommon, mutt-1.10, postgresql, systemd, xen, and xorg-server), Mageia (curl, libtiff, samba, spamassassin, and unzip), Oracle (java-1.7.0-openjdk and python-paramiko), Red Hat (git, glusterfs, java-1.7.0-openjdk, [...]
https://lwn.net/Articles/770203/
VMSA-2015-0008.2
VMware product updates address information disclosure issue.
Updated advisory to add vCloud Director fixes for 9.0.0.x and 9.1.0.x versions that now address CVE-2015-3269.
https://www.vmware.com/security/advisories/VMSA-2015-0008.html
HPESBHF03894 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) Firmware Updates, Local Bypass of Security Restrictions
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us
ElegantThemes (divi, extra, divi-builder) - Authenticated Stored Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/9140
Apple security updates
https://support.apple.com/en-us/HT201222
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-01-linux-en
Security Advisory - Improper Authorization Vulnerability in Huawei Watches
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181031-01-watch-en
IBM Security Bulletin: IBM Robotic Process Automation could disclose sensitive information in a web request (CVE-2018-1878)
https://www-01.ibm.com/support/docview.wss?uid=ibm10735977
IBM Security Bulletin: Passwords are unencrypted locally in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1877)
http://www.ibm.com/support/docview.wss?uid=ibm10735973
IBM Security Bulletin: Passwords printed to log files in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1876)
https://www-01.ibm.com/support/docview.wss?uid=ibm10735967
IBM Security Bulletin: ViewONE is vulnerable to XXE attack when opening PDF documents
http://www.ibm.com/support/docview.wss?uid=ibm10733815
IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158)
http://www.ibm.com/support/docview.wss?uid=ibm10737147
IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158)
http://www.ibm.com/support/docview.wss?uid=ibm10737125
IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by vulnerabilities in python (CVE-2016-5636 CVE-2017-1000158)
http://www.ibm.com/support/docview.wss?uid=ibm10736105
IBM Security Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1552)
http://www.ibm.com/support/docview.wss?uid=swg22016247
XSS vulnerability in undisclosed TMUI page CVE-2018-15314
https://support.f5.com/csp/article/K04524282
XSS vulnerability in undisclosed TMUI page CVE-2018-15313
https://support.f5.com/csp/article/K21042153
TMM vulnerability CVE-2018-15320
https://support.f5.com/csp/article/K72442354
BIG-IP tmsh vulnerability CVE-2018-15321
https://support.f5.com/csp/article/K01067037
MQTT vulnerability CVE-2018-15323
https://support.f5.com/csp/article/K26583415
BIG-IP Configuration utility vulnerability CVE-2018-15327
https://support.f5.com/csp/article/K20222812
tmsh utility vulnerability CVE-2018-15322
https://support.f5.com/csp/article/K28003839
BIG-IP APM portal access vulnerability CVE-2018-15324
https://support.f5.com/csp/article/K52206731
TMM vulnerability CVE-2018-15319
https://support.f5.com/csp/article/K64208870
BIG-IP iControl & tmsh vulnerability CVE-2018-15325
https://support.f5.com/csp/article/K77313277
BIG-IP APM CRL vulnerability CVE-2018-15326
https://support.f5.com/csp/article/K34652116
TMM vulnerability CVE-2018-15318
https://support.f5.com/csp/article/K16248201
TMM vulnerability CVE-2018-15317
https://support.f5.com/csp/article/K43625118