End-of-Day report
Timeframe: Montag 26-11-2018 18:00 - Dienstag 27-11-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor
BLADABINDI, also known as njRAT/Njw0rm, is a remote access tool (RAT) with a myriad of backdoor capabilities - from keylogging to carrying out distributed denial of service (DDoS) - and has been rehashed and reused in various cyberespionage campaigns since it first emerged. Indeed, BLADABINDI's customizability and seeming availability in the underground make it a prevalent threat.
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/
NPM-Paket EventStream mit Bitcoin-Miner infiziert
In die Code-Bibliothek EventStream hat sich Schadcode eingeschlichen, der das Bitcoin Wallet Copay für Angreifer öffnet.
http://heise.de/-4233171
Lux-Codex nicht bestellen!
Auf lux-codex.com und wideally.com wird Ihnen der Lux-Codex - eine LED-Lampe in ausgefallenem Design - angeboten. Sie sollten hier nicht bestellen, denn Konsument/innen berichten uns von ausbleibender Lieferung trotz erfolgter Bezahlung!
https://www.watchlist-internet.at/news/lux-codex-nicht-bestellen/
Vulnerabilities
Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the current firmware version V2.6.0 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP. These GNU/Linux vulnerabilities have been externally identified and will be fixed with the next firmware version.
https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
Security updates for Tuesday
Security updates have been issued by Debian (gnuplot and samba), Fedora (flatpak, kernel-headers, kernel-tools, mariadb-connector-c, php-PHPMailer, php-phpmailer6, and xml-security-c), Gentoo (binutils, libav, mupdf, spice-gtk, strongswan, and tablib), Mageia (libpng(12), mariadb, and openssl), Oracle (ghostscript), Red Hat (.NET Core, ghostscript, java-1.7.1-ibm, kernel, kernel-alt, kernel-rt, NetworkManager, rh-nginx112-nginx, rh-nginx114-nginx, and sos-collector), Scientific Linux [...]
https://lwn.net/Articles/773100/
Vuln: Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability
http://www.securityfocus.com/bid/106019
Vuln: TIBCO Statistica Server CVE-2018-18807 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/106021
ZDI-18-1362: (ODay) Juuko DATA Packet Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1362/
IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-3139 and CVE-2018-3180)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-identified-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-cve-2018-3139-and-cve-201/
IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-liberty-for-java-for-ibm-cloud-2/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux - July 2018 Security Bulletin
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-developer-for-i-and-rational-developer-for-aix-and-linux-july-2018-security-bulletin/
IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by a vulnerability which could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node (CVE-2018-1723)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-for-ibm-elastic-storage-server-is-affected-by-a-vulnerability-which-could-allow-an-unprivileged-authenticated-user-with-access-to-a-gpfs-node-to-read-arbitra/
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross site scripting (CVE-2018-1584)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2018-1584/
Samba: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K18-1123