End-of-Day report
Timeframe: Mittwoch 30-01-2019 18:00 - Donnerstag 31-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Mac "CookieMiner" Malware Aims to Gobble Crypto Funds
A newly discovered malware steals cookies, credentials and more to break into victims cryptocurrency exchange accounts.
https://threatpost.com/mac-cookieminer-malware-crypto/141334/
The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild
Capsule8 demos takeover technique to help sysadmins check for vulnerabilities Those who havent already patched a trio of recent vulnerabilities in the Linux worlds SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes.
https://www.theregister.co.uk/2019/01/31/systemd_exploit/
Tracking Unexpected DNS Changes
DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning[1] about recent DNS hijacking attacks[2]. [...] it's not easy to detect unexpected changes but you can implement your own checks to tracks changes for your most visited websites. But from a website owner or network admin perspective, it is indeed a good practice to ensure that DNS servers authoritative for our domain zones are providing the
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
Top 10 Most Vulnerable WordPress Plugins
Kept properly updated, WordPress - including its plugins - is one of the most secure CMS available on the web. Provided the plugins are actively updated, most vulnerabilities are discovered and patched without widespread malicious exploitation. [...] In most cases, it's down to the users to make sure they apply the latest security updates to all their plugins.
https://www.htbridge.com/blog/top-10-most-vulnerable-wordpress-plugins.html
IQ-Tests auf testific.com locken in Abo-Falle
Auf testific.com werden IQ- und Persönlichkeitstests angeboten. Konsument/innen, die an den Testungen teilnehmen, sollen ein Zertifikat erhalten, auf dem der IQ-Wert angegeben ist. Personen die den Intelligenztest durchführen, müssen im Anschluss 2,99 Euro bezahlen, um ihr Ergebnis zu erhalten. Ein versteckter Kostenhinweis zeigt: Es handelt sich um eine Abo-Falle, die 79,99 Euro pro Monat kostet.
https://www.watchlist-internet.at/news/iq-tests-auf-testificcom-locken-in-abo-falle/
IoT botnet used in YouTube ad fraud scheme
TheMoons DDoS days are long gone. The botnet is now a proxy network for other criminal groups.
https://www.zdnet.com/article/iot-botnet-used-in-youtube-ad-fraud-scheme/#ftag=RSSbaffb68
New security flaw impacts 5G, 4G, and 3G telephony protocols
Researchers have reported their findings and fixes should be deployed by the end of 2019.
https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/#ftag=RSSbaffb68
Vulnerabilities
Sicherheitspatch: Dell Networking OS10 anfällig für Lauschattacken
Ein wichtiges Update schließt eine Sicherheitslücke im Switch-Betriebssystem Networking OS10 von Dell.
http://heise.de/-4294467
Security updates for Thursday
Security updates have been issued by Arch Linux (ghostscript), Debian (firefox-esr, libgd2, libvncserver, php-pear, rssh, and spice), Fedora (docker, docker-latest, firefox, moodle, and wireshark), Mageia (bluez, ghostscript, php-tcpdf, phpmyadmin, virtualbox, and zeromq), openSUSE (ghostscript), Red Hat (firefox), Scientific Linux (firefox), Slackware (kernel), and Ubuntu (avahi, firefox, and openjdk-8, openjdk-lts).
https://lwn.net/Articles/778107/
BlackBerry powered by Android Security Bulletin - January 2019
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000054984
Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190131-01-phone-en
IBM Security Bulletin: IBM Security Identity Manager is affected by a limited code injection vulnerability (CVE-2019-4038)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-is-affected-by-a-limited-code-injection-vulnerability-cve-2019-4038/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-3139, CVE-2018-3180)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-tivoli-storage-manager-fastback-cve-2018-3139-cve-2018-3180/
IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-application-dependency-discovery-manager-taddm-could-expose-password-hashes-stored-in-system-memory-on-target-windows-systems-that-are-discovered-by-taddm/
Linux kernel vulnerability CVE-2018-10901
https://support.f5.com/csp/article/K07721343