End-of-Day report
Timeframe: Montag 28-05-2018 18:00 - Dienstag 29-05-2018 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
News
Cobalt Hacking Group Still Active Despite Leaders Arrest
Despite their leaders arrest in Spain two months ago, the Cobalt hacker group thats specialized in stealing money from banks and financial institutions has remained active, even launching a new campaign.
https://www.bleepingcomputer.com/news/security/cobalt-hacking-group-still-active-despite-leaders-arrest/
2018 Fraud World Cup
There are only two weeks to go before the start of the massive soccer event - FIFA World Cup. This championship has already attracted the attention of millions worldwide, including a fair few cybercriminals. Long before kick-off, email accounts began bulging with soccer-related spam, and scammers started exploiting the topic in mailings and creating World Cup-themed phishing pages.
https://securelist.com/2018-fraud-world-cup/85878/
Qihoo 360 discovers high-risk security issues in EOS, says 80% digital wallets have problems
Blockchain platform EOS is facing a series of high-risk security vulnerabilities, according to Chinese cybersecurity company Qihoo 360 which published a report on May 29. The company's Vulcan team discovered that attacks can be remotely executed on the EOS node, TechNode's Chinese sister site reports.
https://technode.com/2018/05/29/qihoo-360-security-issues-eos/
New LTS Release
Back around the end of 2014 we posted our release strategy. This was the first time we defined support timelines for our releases, and added the concept of an LTS (long-term support) release. At our OMC meeting earlier this month, we picked our next LTS release. This post walks through that announcement, and tries to explain all the implications of it.
https://www.openssl.org/blog/blog/2018/05/18/new-lts/
Kritische Lücken in IBMs Sicherheits-Lösung QRadar
Ausgerechnet in der Sicherheitslösung QRadar, die Angriffe aufdecken und verhindern soll, klafften kritische Lücken, die externen Angreifern vollen Zugriff gewährten.
http://heise.de/-4060177
Keine 359,88 Euro an MEDIA ADVICE LIMITED bezahlen!
Die betrügerische Media Advice Limited betreibt verschiedene Streaming-Plattformen, wie tutoflix.de, soloflix.de oder megaflix.de. InteressentInnen sollen sich auf den Websites registrieren, um Zugriff auf das Film-Angebot zu bekommen. Wer den Anweisungen folgt, wird böse überrascht, denn die Registrierung führt zu einer Premium-Mitgliedschaft, die Kosten von 359,88 Euro pro Jahr verursacht. Der Betrag sollte auf keinen Fall bezahlt werden, denn ein gültiger Vertrag kam
https://www.watchlist-internet.at/news/keine-35988-euro-an-media-advice-limited-bezahlen/
Vulnerabilities
GNU Barcode 0.99 Memory Leak
GNU Barcode suffers from a memory leak vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the cmdline.c, which can be exploited to cause a memory leak via a specially crafted file. The vulnerability is confirmed in version 0.99. Other versions may also be affected.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5471.php
GNU Barcode 0.99 Buffer Overflow
The vulnerability is caused due to a boundary error in the processing of an input file, which can be exploited to cause a buffer overflow when a user processes e.g. a specially crafted file. Successful exploitation could allow execution of arbitrary code on the affected machine.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5470.php
Security updates for Tuesday
Security updates have been issued by Debian (wireshark), Fedora (kernel), openSUSE (enigmail), Red Hat (kernel), SUSE (cairo, java-1_7_0-ibm, libvirt, perl-DBD-mysql, and xen), and Ubuntu (batik and isc-dhcp).
https://lwn.net/Articles/755884/
WordPress plugin "Site Reviews" vulnerable to cross-site scripting
https://jvn.jp/en/jp/JVN60978548/
WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting
https://jvn.jp/en/jp/JVN16471686/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications
https://www-01.ibm.com/support/docview.wss?uid=swg22014445
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker
http://www-01.ibm.com/support/docview.wss?uid=swg22016387
Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle
https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/
Spring Framework vulnerability CVE-2018-1258
https://support.f5.com/csp/article/K18193959
HPESBHF03852 rev.1 - HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software, Remote Code Execution
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03852en_us