End-of-Day report
Timeframe: Dienstag 18-09-2018 18:00 - Mittwoch 19-09-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Western Digitals My Cloud NAS Devices Turn Out to Be Easily Hacked
Security researchers have discovered an authentication bypass vulnerability in Western Digitals My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices.
https://thehackernews.com/2018/09/wd-my-cloud-nas-hacking.html
XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
It appears that on Windows, Xbash will focus on malicious cryptomining functions and self-propagation techniques, while on Linux systems, the malware will flaunt its data destructive tendencies; as the malware triggers a downloader to execute a coinminer on Windows, while on Linux it flaunts ransomware functions.
https://threatpost.com/xbash-malware-packs-double-punch-destroys-data-and-mines-for-crypto-coins/137543/
TIPs to Securely Deploy Industrial Control Systems
Schneider Electric has authored a whitepaper -Effective Implementation of Cybersecurity Countermeasures in Industrial Control Systems- that takes asset owners through the system deployment process. In this blog article, I will provide a brief overview of the concepts presented in the whitepaper.
https://blog.schneider-electric.com/cyber-security/2018/09/18/tips-to-securely-deploy-industrial-control-systems/
Fake finance apps on Google Play target users from around the world
Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phish for credit card details and/or login credentials to the impersonated legitimate services.
https://www.welivesecurity.com/2018/09/19/fake-finance-apps-google-play-target-around-world/
Multi-Vector WordPress Infection from Examhome
This September, we-ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database.
http://labs.sucuri.net/?note=2018-09-18
Vulnerabilities
Security Updates available for Adobe Acrobat and Reader (APSB18-34)
Adobe has published security bulletin for Adobe Acrobat and Reader (APSB18-34) for Windows and MacOS. These updates address critical and important vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
https://blogs.adobe.com/psirt/?p=1617
BSRT-2018-003 Directory traversal vulnerability impacts the Connect Service of the BlackBerry Enterprise Mobility Server
This advisory addresses a directory traversal vulnerability that has been discovered in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited ...
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051590
Google Chrome, Chromium: Eine Schwachstelle ermöglicht nicht spezifizierte Angriffe
Ein Angreifer kann aufgrund einer Schwachstelle welche mit dem Schweregrad 'high' bewertet wird nicht weiter spezifizierte Angriffe ausführen. In der Vergangenheit konnten derartige Schwachstellen zumeist von einem entfernten und nicht authentisierten Angreifer ausgenutzt werden.
Google stellt die Chrome und Chromium Version 69.0.3497.100 als Sicherheitsupdate bereit.
https://adv-archiv.dfn-cert.de/adv/2018-1886/
Xcode: Eine Schwachstelle ermöglicht die Übernahme des Systems
Ein lokaler, einfach authentifizierter Angreifer kann die Schwachstelle mit Hilfe einer speziell präparierten Anwendung ausnutzen, um beliebigen Programmcode mit Kernelprivilegien auszuführen und dadurch das komplette System zu übernehmen.
Apple stellt Xcode 10 für macOS High Sierra 10.13.6 und später zur Behebung der Schwachstelle bereit.
https://adv-archiv.dfn-cert.de/adv/2018-1885/
Security updates for Wednesday
Security updates have been issued by Debian (chromium-browser and libapache2-mod-perl2), Oracle (kernel), and Ubuntu (ghostscript, glib2.0, and php5).
https://lwn.net/Articles/765573/
WECON PLC Editor
https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01
Vuln: Apache Camel CVE-2018-8041 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/105352
Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180919-02-smartphone-en
IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1800)
https://www-01.ibm.com/support/docview.wss?uid=ibm10731379
IBM Security Bulletin: Blind SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (CVE-2018-1674)
https://www-01.ibm.com/support/docview.wss?uid=ibm10720035
IBM Security Bulletin: IBM Data Science Experience Local is affected by a cryptography vulnerability
http://www.ibm.com/support/docview.wss?uid=ibm10720161
The BIG-IP ASM system may stop enforcing attack signatures after activating a security policy that includes a new signature
https://support.f5.com/csp/article/K83093212