Tageszusammenfassung - 29.01.2019

End-of-Day report

Timeframe: Montag 28-01-2019 18:00 - Dienstag 29-01-2019 18:00 Handler: Stephan Richter Co-Handler: n/a

News

A Miner Decline: The Surprising Slowdown of Cryptomining

This is the first of a three-part report on the state of three malware categories: miners, ransomware and information stealers. In Webroot's 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being [...]

https://www.webroot.com/blog/2019/01/28/a-miner-decline-the-surprising-slowdown-of-cryptomining/

FaceTime als Wanze - Apple schaltet Gruppenfunktion des VoIP-Dienstes ab

Ein Bug in Apples Kommunikationsdienst ermöglicht, das Mikrofon von iPhone und Mac aus der Ferne zu aktivieren. Apple ergreift Notfallmaßnahmen.

http://heise.de/-4290587

Sicherheitslücken in Microsoft Exchange gewähren Domain-Admin-Berechtigungen

Schwachstellen in allen Exchange-Server-Versionen machen Angreifer zu Domain-Administratoren. Ein Patch steht noch aus.

http://heise.de/-4290574

Aktuelle Trojaner-Welle: Emotet lauert in gefälschten Rechnungsmails

Offensichtlich hat es der Emotet-Schädling nun auf Privatpersonen abgesehen. Derzeit sind gehäuft gefälschte Amazon-, Telekom- und Vodafone-Mails unterwegs.

http://heise.de/-4291268

Vulnerability Spotlight: Multiple vulnerabilities in coTURN

Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called "DMZ" zones - any server reachable from the internet - to provide firewall traversal solutions.

https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-multiple.html

Kleinanzeigen-Betrug boomt

Vorsicht beim Verkauf auf Kleinanzeigenplattformen wie willhaben, eBay, marketplace, quoka oder shpock. Aktuell häufen sich Anfragen von Interessent/innen, die das Geld angeblich einer Bank - die als Zwischenvermittler fungiert - "überweisen". Diese fragwürdige Bank hält den Betrag so lange zurück, bis Sie eine Versandbestätigung oder zu viel überwiesenes Geld übermitteln. Es handelt sich um eine Betrugsmasche!

https://www.watchlist-internet.at/news/kleinanzeigen-betrug-boomt/

Gefälschte Spar Umfrage: Versteckte Kosten statt gratis Technik!

Eine erfundene Umfrage wird momentan von Kriminellen massenhaft verschickt. Betroffene Personen, die den Links in der Nachricht folgen und die Umfrage durchführen, sollen mit einem gratis iPhone X, XS, Galaxy S9 oder einem MacBook belohnt werden. Ein versteckter Kostenhinweis bei der Eingabe der Kreditkartendaten zeigt aber: Statt Smartphone oder Laptop gibt's nur monatliche Kosten!

https://www.watchlist-internet.at/news/gefaelschte-spar-umfrage-versteckte-kosten-statt-gratis-technik/

Vulnerabilities

Security updates for Tuesday

Security updates have been issued by Arch Linux (go-pie), Debian (wireshark), openSUSE (freerdp, libraw, openssh, pdns-recursor, singularity, and systemd), and Ubuntu (kernel, linux-hwe, and spice).

https://lwn.net/Articles/777806/

IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal-s dependencies - Cumulative list from June 28, 2018 to December 13, 2018

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-has-addressed-multiple-vulnerabilities-in-developer-portals-dependencies-cumulative-list-from-june-28-2018-to-december-13-2018/

IBM Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-check-services-is-affected-by-a-potential-directory-listing-of-internal-product-files-vulnerability-cve-2018-2026/

IBM Security Bulletin: Financial Transaction Manager for Check Services for Multi-Platform is affected by vulnerabilities in IBM Java Runtime

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-check-services-for-multi-platform-is-affected-by-vulnerabilities-in-ibm-java-runtime/

IBM Security Bulletin: IBM Security Guardium is affected by an Application Error vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-an-application-error-vulnerability/

IBM Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-network-packet-capture-is-vulnerable-to-3rd-party-cpu-hardware-utilizing-speculative-execution-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-cve/

IBM Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-qradar-packet-capture-is-vulnerable-to-3rd-party-cpu-hardware-utilizing-speculative-execution-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-cv/

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-3rd-party-cpu-hardware-utilizing-speculative-execution-cache-timing-side-channel-analysis-known-as-variant-4-or-spectreng-cve-2018-3639-cve-20/

The BIG-IP APM PingAccess component caching vulnerability may lead to user impersonation

https://support.f5.com/csp/article/K01226413

The BIG-IP ASM system may redirect a client request to an incorrect URL

https://support.f5.com/csp/article/K23432927