End-of-Day report
Timeframe: Freitag 31-08-2018 18:00 - Montag 03-09-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
CryptoNar Ransomware Discovered and Quickly Decrypted
This week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free.
https://www.bleepingcomputer.com/news/security/cryptonar-ransomware-discovered-and-quickly-decrypted/
Kostenpflichtige Gratisproben von BeautyShop International
Konsument/innen bestellen von BeautyShop International Kosmetika als kostenlose Produktproben. Diese erhalten sie mit einer Rechnung von AB Commerce Collect. Bezahlen sie den geforderten Geldbetrag nicht, folgen hohe Mahnungen. Nachdem zwischen Konsument/innen und BeautyShop International kein kostenpflichtiger Vertrag zustande kommt, müssen sie den geforderten Betrag nicht bezahlen.
https://www.watchlist-internet.at/news/kostenpflichtige-gratisproben-von-beautyshop-international/
Vulnerabilities
[20180802] - Core - Stored XSS vulnerability in the frontend profile
Project: Joomla! SubProject: CMS
Impact: Low
Severity: Low
Versions: 1.5.0 through 3.8.11
Exploit type: XSS
CVE Number: CVE-2018-15880
Inadequate output filtering on the user profile page could lead to a stored XSS attack. Affected Installs Joomla! CMS versions 1.5.0 through 3.8.11 Solution Upgrade to version 3.8.12 Contact The JSST at the Joomla! Security Centre. Reported By: Fouad Maakor
https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html
CA Release Automation Object Deserialization Error Lets Remote Users Execute Arbitrary Code on the Target System
Version(s): 6.3, 6.4, 6.5; possibly older versions
Description: A vulnerability was reported in CA Release Automation. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted data to trigger an object deserialization error and execute arbitrary code on the target system.
http://www.securitytracker.com/id/1041591
Security updates for Monday
Security updates have been issued by Debian (dojo, libtirpc, mariadb-10.0, php5, ruby-json-jwt, spice, spice-gtk, tomcat8, and trafficserver), Fedora (ghc-hakyll, ghc-hs-bibutils, ghostscript, mariadb, pandoc-citeproc, phpMyAdmin, and xen), Mageia (java-1.8.0-openjdk, libarchive, libgd, libraw, libxcursor, mariadb, mercurial, openssh, openssl, poppler, quazip, squirrelmail, and virtualbox), openSUSE (cobbler, libressl, wireshark, and zutils), and SUSE (couchdb, java-1_7_0-ibm, java-1_7_1-ibm, spice).
https://lwn.net/Articles/764046/
Cisco: CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel
Security Notice - Statement About the Vulnerability in Huawei B315s-22 Products Disclosed by Security Researcher
http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180903-01-b315s-en