Tageszusammenfassung - 05.11.2019

End-of-Day report

Timeframe: Montag 04-11-2019 18:00 - Dienstag 05-11-2019 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Alexa und Siri: Sprachbefehle unhörbar per Laser übertragen

Sprachbefehle müssen nicht unbedingt per Sprache übertragen werden: Forschern ist es gelungen, smarte Lautsprecher wie Amazon Echo oder Google Home mit einem Laser aus bis zu 110 Metern Entfernung zu steuern - und so beispielsweise ein Garagentor zu öffnen.

https://www.golem.de/news/alexa-und-siri-sprachbefehle-unhoerbar-per-laser-uebertragen-1911-144805-rss.html


Magecart Groups Attack Simultaneous Sites in Card-Theft Frenzy

Stealing payment-card data and PII from e-commerce sites has become so lucrative that some are being targeted by multiple groups at the same time.

https://threatpost.com/magecart-groups-attack-simultaneous-sites-in-card-theft-frenzy/149872/


Bluekeep exploitation causing Bluekeep vulnerability scan to fail, (Tue, Nov 5th)

I woke up this morning to the long anticipated news that Bluekeep exploitation is happening in the wild. As some of you may recall, back in August I wrote a diary demonstrating a way to scan for Bluekeep vulnerable devices. So the next thing I did was check my Bluekeep scan results and was presented with this graph.

https://isc.sans.edu/diary/rss/25488


Pwning a Smart Car Charger, Building a Bot-Net

...or Why We Don-t Build Commercial IoT on a Raspberry Pi. A positive story of disclosure and remediation. We-re quite in to our electric vehicles at PTP, so we started hunting for a smart car charger. There are plenty of industrial chargers out there and some research has been done in the past. We got [...]

https://www.pentestpartners.com/security-blog/pwning-a-smart-car-charger-building-a-bot-net/


Bestellen Sie nicht bei kafrosa.de

kafrosa.de vertreibt Kaffeemaschinen, Kaffeevollautomaten und sogar Kaffee zu günstigen Preisen. Der Aufbau von kafrosa.de wirkt seriös, verpflichtende Angaben über das Unternehmen werden angeführt und die Auszeichnungen des Shops stiften Vertrauen. Doch Vorsicht: Der Schein trügt. Es handelt sich um einen Fake-Shop, der keine Ware liefert!

https://www.watchlist-internet.at/news/bestellen-sie-nicht-bei-kafrosade/


A look at WP-VCD, todays largest WordPress hacking operation

Exclusive look into the WP-VCD gang operations!

https://www.zdnet.com/article/a-look-at-wp-vcd-todays-largest-wordpress-hacking-operation/

Vulnerabilities

Windows-Kernel-Lücke in Netzwerküberwachsungssoftware PRTG geschlossen

Die in Paessler PRTG integrierte Paket-Sniffer-Bibliothek Npcap ist verwundbar. Das haben die Entwickler nun repariert.

https://heise.de/-4577699


Security updates for Tuesday

Security updates have been issued by Arch Linux (electron, ghostscript, glibc, python2, and samba), Debian (webkit2gtk), Slackware (libtiff), SUSE (ImageMagick, python-ecdsa, and samba), and Ubuntu (apport, haproxy, ruby-nokogiri, and whoopsie).

https://lwn.net/Articles/803885/


Synology-SA-19:37 DSM

Multiple vulnerabilities allow remote authenticated users to execute arbitrary commands or conduct denial-of-service attacks, or allow remote attackers to delete arbitrary files via a susceptible version of DiskStation Manager (DSM).

https://www.synology.com/en-global/support/security/Synology_SA_19_37


Microsoft Office365 Integrity Validation / Remote Code Execution

https://cxsecurity.com/issue/WLB-2019110022


[20191002] - Core - Path Disclosure in phpuft8 mapping files

http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/Zi-lVuM4KoY/795-20191002-core-path-disclosure-in-phpuft8-mapping-files.html


[20191001] - Core - CSRF in com_template overrides view

http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/LaIC5kOPGB0/794-20191001-core-csrf-in-com-template-overrides-view.html


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway/


Security Bulletin: IBM QRadar Advisor With Watson is vulnerable to Hazardous Input Validation in some cases

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-watson-is-vulnerable-to-hazardous-input-validation-in-some-cases/


November 4, 2019 TNS-2019-07 [R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x to 5.11.x

http://www.tenable.com/security/tns-2019-07


FRF.16 parser vulnerability CVE-2018-14468

https://support.f5.com/csp/article/K04367730


Dell integrated Dell Remote Access Controller: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

http://www.cert-bund.de/advisoryshort/CB-K19-0957


Google Android: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K19-0958