End-of-Day report
Timeframe: Mittwoch 16-01-2019 18:00 - Donnerstag 17-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Over 140 International Airlines Affected by Major Security Breach
Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system
https://www.bleepingcomputer.com/news/security/over-140-international-airlines-affected-by-major-security-breach/
Forest for the trees: an IoT security standards gap analysis
https://www.enisa.europa.eu/news/enisa-news/forest-for-the-trees-an-iot-security-standards-gap-analysis
Passwort-Sammlung mit 773 Millionen Online-Konten im Netz aufgetaucht
Eine riesige Sammlung mit Zugangsdaten zu Online-Diensten zirkuliert in Untergrund-Foren. Die Passwörter von Millionen Nutzern sind betroffen.
https://heise.de/-4279375
New Year-s resolutions: Routing done right
As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble [...]
https://www.welivesecurity.com/2019/01/17/new-years-resolutions-routing-done-right/
thermenservice-24.at ist unseriös
Bei thermenservice-24.at handelt es sich um einen Installateur, der 24 Stunden erreichbar ist. Die sogenannten -Thermenprofis-, sind bei jeder Tages- und Nachtzeit verfügbar, schnell vor Ort und locken mit günstigen Preisen. Es handelt sich jedoch um einen unseriösen Anbieter, der das Problem nicht behebt und nicht erfolgte Leistung überteuert verrechnet!
https://www.watchlist-internet.at/news/thermenservice-24at-ist-unserioes/
Betrügerischer Apple-Shop ios-world.de!
Auf ios-world.de werden Apple-Produkte wie iPhones, Apple Watch, MacBooks und iMacs angeboten. Die Preise liegen weit unter Marktwert und laden zu einem schnellen Kauf ein. Doch Vorsicht: Konsument/innen dürfen hier nichts kaufen! Es handelt sich um einen Fake-Shop, bei dem Sie per Vorkasse zahlen und keine Ware erhalten.
https://www.watchlist-internet.at/news/betruegerischer-apple-shop-ios-worldde/
Malware Used by "Rocke" Group Evolves to Evade Detection by Cloud Security Products
Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it-s also associated with the Xbash malware we reported on in September of 2018. The threat actor Rocke was originallyThe post Malware Used by -Rocke- Group Evolves to Evade Detection by Cloud Security Products appeared first on Unit42.
https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/
Vulnerabilities
Drupal Releases Security Updates
Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/01/16/Drupal-Releases-Security-Updates
Security updates for Thursday
Security updates have been issued by CentOS (libvncserver), Debian (sssd), Fedora (kernel and kernel-headers), Red Hat (ansible, openvswitch, pyOpenSSL, python-django, and redis), and Ubuntu (policykit-1).
https://lwn.net/Articles/777010/
IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-in-oracle-outside-in-technology-used-by-ibm-filenet-content-manager/
IBM Security Bulletin: IBM Integration Bus affected by Apache Tomcat vulnerability CVE-2018-8034
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-affected-by-apache-tomcat-vulnerability-cve-2018-8034/
IBM Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-manager-affected-by-apache-httpclient-security-vulnerability/
IBM Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-b2b-advanced-communications-is-affected-by-multiple-vulnerabilities-in-ibm-java-runtime/