End-of-Day report
Timeframe: Montag 10-09-2018 18:00 - Dienstag 11-09-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Mongo Lock Attack Ransoming Deleted MongoDB Databases
An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.
https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/
OpenSSL 1.1.1 Is Released
Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible. For most applications this should be straight forward if they are written to work with OpenSSL 1.1.0.
https://www.openssl.org/blog/blog/2018/09/11/release111/
"Google Fonts" popup leads to malware
A recent malware injection in a client's WordPress file was found to be targeting website visitors that were using the Google Chrome browser to access the infected website. It uses Javascript to detect the visitor's use of Google Chrome and then upon the visitor clicking it generates a popup notification which falsely claims that the visitor's Google Chrome is missing the "HoeflerText" font ...
http://labs.sucuri.net/?note=2018-09-10
Nicht auf gamingkoenig.org reinfallen
Bei gamingkoenig.org wird Computerzubehör zu Schnäppchenpreisen angeboten. Konsument/innen dürfen bei dem Anbieter auf keinen Fall bestellen, denn es handelt sich um einen Fakeshop. Die bestellte Ware wird sie nie erreichen und Konsument/innen verlieren einen hohen Geldbetrag.
https://www.watchlist-internet.at/news/nicht-auf-gamingkoenigorg-reinfallen/
Anwaltsschreiben mit Schadsoftware im Umlauf
Kriminelle versenden unter dem Namen von erfundenden Anwaltskanzleien betrügerische E-Mails. Darin behauten sie, dass Empfänger/innen einen pornografischen Film angesehen und damit eine Urheberrechtsverletzung begangen haben. Weiterführende Informationen dazu finden sich angeblich in einem Dateianhang. Er verbirgt Schadsoftware und darf nicht geöffnet werden.
https://www.watchlist-internet.at/news/anwaltsschreiben-mit-schadsoftware-im-umlauf/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe ColdFusion(APSB18-33) and Adobe Flash Player (APSB18-31). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
https://blogs.adobe.com/psirt/?p=1607
eDirectory 9.1.1 Hot Patch 1
This update is being provided to resolve potential critical issues found since the latest patch:
- Open unvalidated redirect vulnerability in iMonitor (Bug 1082040) (CVE-2018-7692)
https://download.novell.com/Download?buildid=vP3nS-Hctkk~
Security updates for Tuesday
Security updates have been issued by Debian (libextractor), Fedora (godot and iniparser), Oracle (kernel), Red Hat (chromium-browser and Fuse 7.1), SUSE (compat-openssl098, openssh, php5, php53, qemu, and tiff), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, and linux-hwe, linux-azure, linux-gcp).
https://lwn.net/Articles/764575/
Vuln: SAP Business One For Android CVE-2018-2460 Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/105309
Vuln: SAP NetWeaver WebDynpro Java CVE-2018-2464 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/105308
Vuln: SAP Business One CVE-2018-2458 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/105307
Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
Security Advisory - Two Insufficient Input Validation Vulnerabilities in Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180911-01-smartphone-en
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1656, CVE-2018-12539)
http://www.ibm.com/support/docview.wss?uid=ibm10730799
IBM Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)
https://www-01.ibm.com/support/docview.wss?uid=ibm10719697
IBM Security Bulletin: Datacap Taskmaster Capture, Datacap Fastdoc Capture and Datacap Navigator is affected by vulnerability due to unexpected authentication behavior
https://www-01.ibm.com/support/docview.wss?uid=ibm10729013
IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS Liberty vulnerability
https://www-01.ibm.com/support/docview.wss?uid=ibm10720295
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM
https://www-01.ibm.com/support/docview.wss?uid=ibm10729699
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0732, CVE-2018-0737)
http://www.ibm.com/support/docview.wss?uid=ibm10730811
IBM Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0739)
http://www.ibm.com/support/docview.wss?uid=ibm10726053
IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in bind (CVE-2017-3145)
http://www.ibm.com/support/docview.wss?uid=ibm10719051
IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator
https://www-01.ibm.com/support/docview.wss?uid=ibm10728841
SSA-268644 (Last Update: 2018-09-11): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
SSA-346256 (Last Update: 2018-09-11): Vulnerability in SIMATIC WinCC OA V3.14 and prior
https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf
SSA-198330 (Last Update: 2018-09-11): Local Privilege Escalation in TD Keypad Designer
https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf
SSA-447396 (Last Update: 2018-09-11): Denial-of-Service in SCALANCE X300, SCALANCE X408 and SCALANCE X414
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf