Tageszusammenfassung - 21.12.2018

End-of-Day report

Timeframe: Donnerstag 20-12-2018 18:00 - Freitag 21-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers

Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts.

https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmations-push-banking-trojans-on-holiday-shoppers/

Warnung vor Phishing-Mails mit Adresse help at orf.at

Seit einigen Stunden sind Phishing-Mails in Umlauf, die als Reply-Adresse help at orf.at eingetragen haben. ORF.at weist ausdrücklich darauf hin, dass von der Konsumentenredaktion des ORF-Radio keinerlei Mails ausgeschickt werden und warnt davor, solche Mails zu öffnen.

https://orf.at/stories/3105176

Betrügerische WhatsApp-Nachrichten beim Privatverkauf

Privatverkäufer/innen erhalten von einer Nummer mit der Vorwahl -+1- eine WhatsApp-Nachricht. Darin erkundigen sich Kriminelle nach dem Produktpreis und schlagen die Kaufabwicklung mit der EMS Shipping Company vor. Sie bestätigt einen überhöhten Zahlungseingang. Verkäufer/innen sollen den Differenzbetrag und die Ware ins Ausland senden. Dadurch verlieren sie beides.

https://www.watchlist-internet.at/news/betruegerische-whatsapp-nachrichten-beim-privatverkauf/

Vulnerabilities

Horner Automation Cscape

This advisory provides mitigation recommendations for an improper input validation vulnerability in Horner Automation-s Cscape, a Control System Application programming software.

https://ics-cert.us-cert.gov/advisories/ICSA-18-354-01

Schneider Electric EcoStruxure

This advisory provides mitigation recommendations for an open redirect vulnerability in Schneider Electric-s EcoStruxure, an IoT-enabled architecture and platform.

https://ics-cert.us-cert.gov/advisories/ICSA-18-354-02

JSON:API - Moderately critical - Access bypass - SA-CONTRIB-2018-081

Project: JSON:APIDate: 2018-December-19Security risk: Moderately critical 13-25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities.The module doesnt sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability.

https://www.drupal.org/sa-contrib-2018-081

Security updates for Friday

Security updates have been issued by Debian (libapache-mod-jk, libav, and netatalk), Fedora (kernel-headers, kernel-tools, and phpMyAdmin), Gentoo (go), Mageia (netty, jctools, php, and phpmyadmin), openSUSE (keepalived), Scientific Linux (ntp), SUSE (enigmail, libqt5-qtbase, mariadb, netatalk, and yast2-rmt), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-azure, linux-hwe, linux-aws-hwe, [...]

https://lwn.net/Articles/775420/

Synology-SA-18:62 Netatalk

A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM) and Synology Router Manager (SRM).

https://www.synology.com/en-global/support/security/Synology_SA_18_62

Vuln: Ghostscript CVE-2018-19134 Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/106278

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-api-connect-3/

IBM Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-cpu-hardware-utilizing-speculative-execution-may-be-vulnerable-to-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-vulnerability-affects-ibm/

December 20, 2018 TNS-2018-17 [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

http://www.tenable.com/security/tns-2018-17