End-of-Day report
Timeframe: Dienstag 29-01-2019 18:00 - Mittwoch 30-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
New LockerGoga Ransomware Allegedly Used in Altran Attack
Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and its assets, Altran decided to shut down its network and applications.
https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/
Z1: Zahnarztsoftware installiert lückenhaften Adobe Reader
Eine Verwaltungssoftware für Zahnarztpraxen installiert beim Update automatisch einen Adobe Reader in einer sehr alten Version, der zahlreiche bekannte Sicherheitslücken hat. Der Hersteller meint, das Problem behoben zu haben, das stimmt aber offenbar nicht. (Adobe Reader, PDF)
https://www.golem.de/news/z1-zahnarztsoftware-installiert-lueckenhaften-adobe-reader-1901-139049-rss.html
CTF Writeup: Complex Drupal POP Chain
A recent Capture-The-Flag tournament hosted by Insomnihack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.
https://blog.ripstech.com/2019/complex-drupal-pop-chain/
Geldverlust und Datendiebstahl statt Traum-Immobilie!
Kriminelle inserieren günstige Miet- und Eigentumswohnungen, Häuser und Grundstücke auf bekannten Immobilienplattformen. Konsument/innen werden darüber informiert, dass eine Besichtigung über ein Treuhandunternehmen, also eine vertrauenswürdige Mittelsperson abgewickelt wird. Kautionen dürfen nicht bezahlt und Ausweisdokumente nicht übermittelt werden. Geld und Daten landen bei Verbrecher/innen.
https://www.watchlist-internet.at/news/geldverlust-und-datendiebstahl-statt-traum-immobilie/
Matrix has slowly evolved into a Swiss Army knife of the ransomware world
The Matrix ransomware is usually deployed after cyber-criminals use unsecured RDP endpoints to compromise companies internal networks.
https://www.zdnet.com/article/matrix-has-slowly-evolved-into-a-swiss-army-knife-of-the-ransomware-world/
Vulnerabilities
Stryker Medical Beds
This medical device advisory provides mitigation recommendations for a reusing a nonce vulnerability in Strykers medical beds.
https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-01
Yokogawa License Manager Service
This advisory provides mitigation recommendations for a Unrestricted Upload of Files with Dangerous Type vulnerability reported in the Yokogawa License Manager Service application.
https://ics-cert.us-cert.gov/advisories/ICSA-19-029-01
Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
Cisco Talos is disclosing several vulnerabilities in ACD Systems Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format thats used in Canvas Draw. PCX was a popular image format with early computers, and [...]
http://feedproxy.google.com/~r/feedburner/Talos/~3/4p-FF_Hp7xY/vulnerability-spotlight-multiple_30.html
Security updates for Wednesday
Security updates have been issued by Arch Linux (subversion), Debian (apache2, firefox-esr, qemu, rssh, and spice), Fedora (lua, mingw-python-qt5, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, [...]
https://lwn.net/Articles/777950/
Security Advisory - Double Free Vulnerability on Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190130-01-smartphone-en
Linux kernel vulnerability CVE-2018-18559
https://support.f5.com/csp/article/K28241423
IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-cloud-paks-are-vulnerable-to-multiple-vulnerabilities-in-perl-cve-2018-18312-cve-2018-18313-cve-2018-18314-cve-2018-18311/
IBM Security Bulletin: IBM Navigator for i is affected by CVE-2019-4040
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-navigator-for-i-is-affected-by-cve-2019-4040/
IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-code-execution-vulnerability-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2018-1851/
IBM Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bypass-security-vulnerability-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2014-7810/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-access-manager-4/
ZDI-19-157: Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-157/
ZDI-19-158: Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-158/
ZDI-19-159: Bitdefender SafePay launch Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-159/
ZDI: (0Day) Wecon LeviStudioU Remote Code Execution Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-19-143/
http://www.zerodayinitiative.com/advisories/ZDI-19-144/
http://www.zerodayinitiative.com/advisories/ZDI-19-145/
http://www.zerodayinitiative.com/advisories/ZDI-19-146/
http://www.zerodayinitiative.com/advisories/ZDI-19-147/
http://www.zerodayinitiative.com/advisories/ZDI-19-148/
http://www.zerodayinitiative.com/advisories/ZDI-19-149/
http://www.zerodayinitiative.com/advisories/ZDI-19-150/
http://www.zerodayinitiative.com/advisories/ZDI-19-151/
http://www.zerodayinitiative.com/advisories/ZDI-19-152/
http://www.zerodayinitiative.com/advisories/ZDI-19-153/
http://www.zerodayinitiative.com/advisories/ZDI-19-154/
http://www.zerodayinitiative.com/advisories/ZDI-19-155/
http://www.zerodayinitiative.com/advisories/ZDI-19-156/