End-of-Day report
Timeframe: Donnerstag 07-11-2019 18:00 - Freitag 08-11-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/
QNAP Warns Users to Secure Devices Against QSnatch Malware
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.
https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-devices-against-qsnatch-malware/
Amazon Kindle, Embedded Devices Open to Code-Execution
Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component.
https://threatpost.com/amazon-kindle-embedded-devices-code-execution/150003/
Pwn2Own Tokyo Roundup: Amazon Echo, Routers and Smart TVs Fall to Hackers
The latest edition of the bi-annual hacking contest saw creative exploits in new device categories.
https://threatpost.com/pwn2own-tokyo-2019-amazon-echo-hackers/150033/
Microsoft Apps Diverted from Their Main Use, (Fri, Nov 8th)
This week, the CERT.eu[1] organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the "catnmouse" game that Blue and Red teams are playing continuously. When the Blue team has detected an attack technique, they write a rule or implement a new control to detect or block it. Then, the Red team has to find an alternative attack path, [...]
https://isc.sans.edu/diary/rss/25502
Skimmers for Both Magento and WordPress
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it-s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn a WordPress site into a full-featured online store. In fact, Woocommerce alone has over 5 million installations.
https://blog.sucuri.net/2019/11/skimmers-for-both-magento-and-wordpress.html
Wireshark Tutorial: Examining Trickbot Infections
A tutorial offering tips on how to identify Trickbot, an information stealer and banking malware that has been infecting victims since 2016.
https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/
Vulnerabilities
Medtronic Valleylab FT10 and LS10
This medical advisory contains mitigations for improper authentication and protection mechanism failure vulnerabilities in Medtronic-s Valleylab FT10 and LS10 energy and electrosurgery products.
https://www.us-cert.gov/ics/advisories/icsma-19-311-01
Medtronic Valleylab FT10 and FX8
This medical advisory contains mitigations for use of hard-coded credentials, reversible one-way hash, and improper input validation vulnerabilities in Medtronic-s Valleylab FT10 and FX8 products.
https://www.us-cert.gov/ics/advisories/icsma-19-311-02
Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules
This advisory contains mitigations for an uncontrolled resource consumption vulnerability in select Mitsubishi Electrics CPU modules.
https://www.us-cert.gov/ics/advisories/icsa-19-311-01
Fuji Electric V-Server
This advisory contains mitigations for a heap-based buffer overflow vulnerability in Fuji Electrics V-Server data collection and management service.
https://www.us-cert.gov/ics/advisories/icsa-19-311-02
Security updates for Friday
Security updates have been issued by Arch Linux (linux-hardened), Debian (fribidi), Gentoo (oniguruma, openssh/openssh, openssl, and pump), Mageia (chromium-browser-stable, expat, firefox, freetds, proftpd, python, thunderbird, and unbound), Oracle (sudo), Scientific Linux (thunderbird), Slackware (kernel), SUSE (rubygem-haml), and Ubuntu (fribidi and webkit2gtk).
https://lwn.net/Articles/804202/
IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-affect-multiple-ibm-rational-products-based-on-ibm-jazz-technology-5/
tcpdump vulnerability CVE-2018-14879
https://support.f5.com/csp/article/K51512510
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006
https://webkitgtk.org/security/WSA-2019-0006.html
Squid: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0966