End-of-Day report
Timeframe: Dienstag 11-09-2018 18:00 - Mittwoch 12-09-2018 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
British Airways Breach Caused By the Same Group That Hit Ticketmaster
A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The groups regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered into store checkout pages, [...]
https://it.slashdot.org/story/18/09/11/1116221/british-airways-breach-caused-by-the-same-group-that-hit-ticketmaster
When is a patch not a patch? When its for this McAfee password bug
Vulnerability still open to all despite multiple fixes A privilege escalation flaw in McAfees True Key software remains open to exploitation despite multiple attempts to patch it.
http://go.theregister.com/feed/www.theregister.co.uk/2018/09/11/mcafee_flaw_fix/
Back up a minute: Veeam database config snafu exposed millions of customer records
Firm helps self with own disaster recovery A misconfigured server at data recovery and backup firm Veeam exposed millions of email addresses.
http://go.theregister.com/feed/www.theregister.co.uk/2018/09/12/veeam_database_config_snafu_exposed_millions_email_addresses/
Erpresserische E-Mail droht mit Masturbationsvideo
Unternehmen erhalten eine erpresserische E-Mail, die angeblich von ihrer eigenen Adresse stammt. Darin behaupten Kriminelle, dass sie Zugriff auf den fremden Computer haben und über Masturbationsvideos der Empfänger/innen verfügen. Opfer sollen Bitcoins zahlen, damit es zu keiner Veröffentlichung kommt. Der Inhalt der Nachricht ist erfunden. Eine Zahlung ist nicht erforderlich.
https://www.watchlist-internet.at/news/erpresserische-e-mail-droht-mit-masturbationsvideo/
Warnung vor telmo24.de
Der Fake-Shop telmo24.de vertreibt günstige Handys und Tablets. Trotz Bezahlung liefert er keine Ware. Konsument/innen können den Fake-Shop daran erkennen, dass er über sehr niedrige Preise verfügt und ausschließlich eine Bezahlung im Voraus akzeptiert. Vor einem Einkauf ist dringend abzuraten!
https://www.watchlist-internet.at/news/warnung-vor-telmo24de/
Sicherheit - Microsoft schließt drei gefährliche Zero-Day-Lücken bei Windows
Eine davon auch bereits aktiv ausgenutzt - Insgesamt 17 kritische Lücken behoben
https://derstandard.at/2000087198816/Microsoft-schliesst-drei-gefaehrliche-Zero-Day-Luecken-bei-Windows
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Debian (kamailio, libextractor, and mgetty), Fedora (community-mysql, ghostscript, glusterfs, iniparser, okular, and zsh), openSUSE (compat-openssl098, php5, and qemu), Red Hat (firefox), SUSE (libzypp, zypper, python3, spark, and zsh), and Ubuntu (zsh).
https://lwn.net/Articles/764645/
OpenAFS: Mehrere Schwachstellen ermöglichen u. a. die Manipulation von Daten
https://adv-archiv.dfn-cert.de/adv/2018-1854/
INTEL-SA-00125: A potential security vulnerability in Intel CSME, Intel Server Platform Services and Intel Trusted Execution Engine Firmware may allow information disclosure
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
Security Advisory - FRP Bypass Vulnerability on Smartphones
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180912-01-smartphone-en
IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU that is bundled with IBM WebSphere Application Server Patterns
https://www-01.ibm.com/support/docview.wss?uid=ibm10729745
IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated attacker to obtain sensitive information. (CVE-2018-1698)
https://www-01.ibm.com/support/docview.wss?uid=ibm10728857
IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1695)
http://www.ibm.com/support/docview.wss?uid=ibm10730979
IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js- in IBM Cloud
http://www.ibm.com/support/docview.wss?uid=swg22012749
IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1567)
http://www.ibm.com/support/docview.wss?uid=ibm10730983
IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware
http://www.ibm.com/support/docview.wss?uid=ibm10731205
libidn vulnerability CVE-2016-6263
https://support.f5.com/csp/article/K25353544
HPESBHF03893 rev.1 - HPE Intelligent Management Center (iMC) Wireless Services Manager Software, Remote Code Execution
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us
HPESBHF03876 rev.1 - HPE ProLiant ML10 Gen9 Servers with Intel-based Processors using Active Management Technology (AMT), Multiple Local Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
HPESBHF03873 rev.1 - Certain HPE Gen10 Servers with Intel-based Processors using Converged Security and Management Engine (CSME), and Power Management Controller (PMC) Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us