End-of-Day report
Timeframe: Dienstag 05-11-2019 18:00 - Mittwoch 06-11-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Emotet, Trickbot, Ryuk - ein explosiver Malware-Cocktail
Der aktuell "zerstörerischste" Schädling Emotet besteht aus einer Kaskade mehrerer Schadprogramme, die zusammen vielstellige Millionenschäden verursachen.
https://heise.de/-4573848
Überteuerte Visums- und Einreisegenehmigungsangebote im Internet
Ihr nächstes Urlaubsziel verlangt ein Visum? Dann nehmen Sie sich vor unseriösen Websites in Acht, die ein Vielfaches der tatsächlich anfallenden Gebühr für die Einreisegenehmigungen verlangen. Besondere Vorsicht ist beispielsweise bei Reisen nach Australien, Ägypten, Vietnam, Indien sowie Kanada oder in die USA und die Türkei geboten - theoretisch ist die Masche aber bei allen Destinationen mit Visumspflicht möglich.
https://www.watchlist-internet.at/news/ueberteuerte-visums-und-einreisegenehmigungsangebote-im-internet/
German Dridex spam campaign is unfashionably large
VB has analysed a malicious spam campaign targeting German-speaking users with obfuscated Excel malware that would likely download Dridex but that mostly stood out through its size.
https://www.virusbulletin.com:443/blog/2019/11/german-malspam-campaign-unfashionably-large/
Scammers Are Exploiting a Firefox Bug to Freeze Your Browser
Fraudulent tech-support sites are causing the browser to lock up and display a disturbing message. Force quitting is the only way out.
https://www.wired.com/story/scammers-are-exploiting-a-firefox-bug-to-freeze-your-browser
Siemens PLC Feature Can Be Exploited for Evil - and for Good
A hidden feature in some newer models of the vendors programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.
https://www.darkreading.com/vulnerabilitiesthreats/siemens-plc-feature-can-be-exploited-for-eviland-for-good/d/d-id/1336277
Kamerka OSINT tool shows your countrys internet-connected critical infrastructure
Kamerka lets you see what a hacker sees. It plots maps with SCADA equipment, webcams, and printers that have been left exposed on the internet inside any given country.
https://www.zdnet.com/article/kamerka-osint-tool-shows-your-countrys-internet-connected-critical-infrastructure/
Vulnerabilities
Omron CX-Supervisor
This advisory contains mitigations for a use of obsolete function vulnerability in Omrons CX-Supervisor SCADA and HMI package.
https://www.us-cert.gov/ics/advisories/icsa-19-309-01
Security updates for Wednesday
Security updates have been issued by Debian (cpio, openafs, proftpd-dfsg, simplesamlphp, and wordpress), Fedora (thunderbird), openSUSE (binutils, docker-runc, kernel, nfs-utils, php7, python3, and samba), Red Hat (389-ds:1.4, ansible, bind, container-tools:1.0, container-tools:rhel8, curl, dbus, dhcp, dovecot, edk2, elfutils, evolution, freeradius:3.0, gdb, gettext, glib2, glibc, GNOME, gnutls, go-toolset:rhel8, http-parser, httpd:2.4, kernel, kernel-rt, libarchive, libjpeg-turbo, libqb, [...]
https://lwn.net/Articles/804018/
Smartwares HOME easy v1.0.9 Database Backup Information Disclosure Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php
Smartwares HOME easy v1.0.9 Client-Side Authentication Bypass
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php
Cisco Security Advisories
https://tools.cisco.com/security/center/publicationListing.x
Security Advisory - Insufficient Authentication Vulnerability in Several Band Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191106-01-band-en
libpcap vulnerability CVE-2018-16301
https://support.f5.com/csp/article/K86252029
Red Hat Enterprise Linux: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0959