End-of-Day report
Timeframe: Freitag 10-08-2018 18:00 - Montag 13-08-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Popular Android Apps Vulnerable to Man-in-the-Disk Attacks
Some of the most popular Android applications installed on your phone may be vulnerable to a new type of attack named "Man-in-the-Disk" that can grant a third-party app the ability to crash them and/or run malicious code.
https://www.bleepingcomputer.com/news/security/popular-android-apps-vulnerable-to-man-in-the-disk-attacks/
KeyPass ransomware
In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. According to our information, the malware is propagated by means of fake installers that download the ransomware module.
https://securelist.com/keypass-ransomware/87412/
DEF CON 2018: Hacking Medical Protocols to Change Vital Signs
LAS VEGAS - In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other gadgets found in hospital rooms use aging protocol to communicate with nurses' [...]
https://threatpost.com/def-con-2018-hacking-medical-protocols-to-change-vital-signs/134967/
Angreifer können per Fax in Firmennetze eindringen
Sicherheitsexperten haben in Multifunktionsdruckern, wie sie in vielen Büros vorhanden sind, eine Sicherheitslücke entdeckt. Angreifer könnten sich durch Senden eines manipulierten Fax Zugang zum Firmennetzwerk verschaffen.
https://help.orf.at/stories/2929974/
Apple macOS vulnerability paves the way for system compromise with a single click
A security researcher uncovered a zero-day in Apple software by tweaking a few lines of code. Speaking at Defcon in Las Vegas last week, Patrick Wardle, Chief Research Officer of Digita Security, described his research into "synthetic" interactions with a user interface (UI) that can lead to severe macOS system security issues.
https://www.zdnet.com/article/apple-zero-day-vulnerability-permits-attacker-compromise-with-the-click-of-a-mouse/
Erpresser-Mails: Online-Gauner kassieren jetzt mit Handynummern ab
Online-Abzocker verschicken Mails, in denen sie behaupten, das Handy des Empfängers gehackt zu haben. Sie untermauern dies mit einem Auszug der Handynummer.
https://heise.de/-4134298
Gebäudeautomatisierung wird zur Wanze: Bugs in Crestron-Systemen
Büros, Unis, Flughäfen, Hotels, Privathäuser - Bugs in Crestron-Produkten lassen die Komponenten zu Wanzen werden - übers Internet, Kamerabilder inklusive.
http://heise.de/-4133763
Vulnerabilities in smart card drivers open systems to attackers
Security researcher Eric Sesterhenn of X41 D-SEC GmbH has unearthed a number of vulnerabilities in several smart card drivers, some of which can allow attackers to log into the target system without valid credentials and achieve root/admin privileges. "A lot of attacks against smart cards have been performed in the past but not much work has focused on hacking the driver side of the smart card stack [the piece of software that interacts with chip [...]
https://www.helpnetsecurity.com/2018/08/13/vulnerabilities-smart-card-drivers/
FBI Warns of 'Unlimited' ATM Cashout Blitz
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/
Warnung vor betrügerischen Maschinenangeboten
Auf Kleinanzeigen-Plattformen finden Interessent/innen günstige Nutzfahrzeuge und Landmaschinen. Sie führen zu den Anbietern insolvenzamt.com, maschinen-insolvenzamt.com und anbud-spzoo.eu. Bei den Händlern handelt es sich um Fake-Shops. Sie liefern trotz Bezahlung keine Ware.
https://www.watchlist-internet.at/news/warnung-vor-betruegerischen-maschinenangeboten/
Vulnerabilities
2018-1581: Oracle Datenbankserver: Eine Schwachstelle ermöglicht die vollständige Kompromittierung der Software
[...] Die Schwachstelle betrifft auch Oracle Database 12.1.0.2 für Windows und jede Version der Software auf Linux- und Unix-Systemen. Die Patches für diese Systeme wurden bereits mit dem letzten Oracle Critical Patch Update im Juli 2018 ausgeliefert. Anwender, die bisher keine Patches eingespielt haben, sollten dies unverzüglich nachholen.
https://adv-archiv.dfn-cert.de/adv/2018-1581/
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
2018-1582: NextCloud: Zwei Schwachstellen ermöglichen Stored Cross-Site-Scripting-Angriffe
Zwei Schwachstellen in Nextcloud Server sowie Nextcloud Talk ermöglichen einem entfernten, einfach authentisierten Angreifer die Durchführung von Stored Cross-Site-Scripting (XSS)-Angriffen.
https://adv-archiv.dfn-cert.de/adv/2018-1582/
https://nextcloud.com/security/advisory/?id=NC-SA-2018-008
https://nextcloud.com/security/advisory/?id=NC-SA-2018-009
Security updates for Monday
Security updates have been issued by Debian (blender, openjdk-8, postgresql-9.6, and sam2p), Fedora (libmspack, mingw-glib2, mingw-glibmm24, and rsyslog), Mageia (blender, glpi, godot, kernel, lftp, libjpeg, libsndfile, libsoup, mariadb, mp3gain, openvpn, and soundtouch), openSUSE (cgit, libvirt, mailman, NetworkManager-vpnc, and sddm), Slackware (bind), and SUSE (ffmpeg, glibc, and libvirt).
https://lwn.net/Articles/762502/
2018-08-10: Vulnerability in eSOMS LDAP Integration
https://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch
IBM Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi
http://www.ibm.com/support/docview.wss?uid=ibm10719481
HPESBST03861 rev.1 - HPE 3PAR Service Processor (SP), Multiple Local and Remote Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us
HPESBST03870 rev.1 - HPE 3PAR Service Processor (SP), Local Disclosure of Privileged Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03870en_us
HPESBHF03858 rev.1 - HPE OfficeConnect 1810 Switch Series Local Disclosure of Sensitive Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us