End-of-Day report
Timeframe: Freitag 23-11-2018 18:00 - Montag 26-11-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
His phone went dark, then $1m was sucked out in SIM-swap crypto-heist
A 21-year-old allegedly SIM-swapped Silicon Valley execs' phones to steal cryptocurrency, including one mans $1m tuition fund for his kids.
https://nakedsecurity.sophos.com/2018/11/26/his-phone-went-dark-then-1m-was-sucked-out-in-sim-swap-crypto-heist/
Unseriöse Handwerker aus dem Internet
Konsument/innen, die in der Nacht Probleme mit ihren Heizkörpern, ihrem Schloss oder ihrer Elektronik haben, können über das Internet unseriöse Installateur/innen, Schlosser/innen oder Elektriker/innen finden. Sie werben auf Websites mit günstigen Angeboten. Vor Ort verlangen die Unternehmen jedoch ein Vielfaches des vereinbarten Preises. Nachträgliche Beanstandungen sind nicht möglich, weil sie Kund/innen erfundene Daten nennen.
https://www.watchlist-internet.at/news/unserioese-handwerker-aus-dem-internet/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (gnuplot5, icecast2, liblivemedia, otrs2, phpbb3, roundcube, squid3, and xml-security-c), Fedora (kio-extras, tmux, and xen), Gentoo (asterisk, chromium, exiv2, ghostscript-gpl, and thunderbird), openSUSE (libwpd, openssl, openssl-1_1, postgresql10, and SDL2_image), Red Hat (chromium-browser, rh-mysql57-mysql, rh-nginx110-nginx, and rh-nginx18-nginx), SUSE (exiv2, libgcrypt, rpm, and tiff), and Ubuntu (firefox and qemu).
https://lwn.net/Articles/772954/
ZDI-18-1361: (0Day) INVT Electric VT-Designer PM3 File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1361/
ZDI-18-1360: (0Day) INVT Electric VT-Designer File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1360/
IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2016-0705)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified-cve-2016-0705/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-1656, CVE-2018-12539)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2018-1656-cve-2018-12539/
IBM Security Bulletin: Content Collector for Email is affected by spoofing attack vulnerability in WAS Logout Form
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for-email-is-affected-by-spoofing-attack-vulnerability-in-was-logout-form/
IBM Security Bulletin: Content Collector for Email is affected by java deserialization vulnerability resulting in execution of untrusted data via the application server-s SOAP port
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for-email-is-affected-by-java-deserialization-vulnerability-resulting-in-execution-of-untrusted-data-via-the-application-servers-soap-port/
IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Snapshot for VMware (CVE-2018-1553)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-snapshot-for-vmware-cve-2018-1553/
git: Schwachstelle ermöglicht Privilegieneskalation
http://www.cert-bund.de/advisoryshort/CB-K18-1120