End-of-Day report
Timeframe: Freitag 29-11-2019 18:00 - Montag 02-12-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Cybercrime-Bericht 2018: Kriminalität im Netz bleibt große Herausforderung
Auch im Jahr 2018 verzeichnete das Cybercrime Competence Center (C4) des Bundeskriminalamtes eine Zunahme von Cybercrime Delikten. Im Vergleich zum Vorjahr wurde ein Anstieg von 16,8 Prozent registriert, vorwiegend im Bereich Internetbetrug.
http://www.bmi.gv.at/news.aspx?id=6D4D326A543767595673593D
Analysis of Malicious ElectrumX Servers Source Code
Recently I have found some malicious ElectrumX nodes in the Electrum network that are still being connected by the Electrum software. In this post I share some information about these nodes and the ElectrumX patched code that they execute.
http://www.peppermalware.com/2019/12/analysis-of-malicious-electrumx-servers.html
Polizei warnt vor professionellen Fake-Shops im Internet
In der Weihnachtszeit wird kräftig online eingekauft. Das machen sich auch Betrüger zunutze. Experten der Polizei warnen gerade jetzt vor deren Maschen.
https://heise.de/-4600046
Insight into NIS Directive sectoral incident response capabilities
The report provides a deeper insight into NISD sectoral Incident Response capabilities, procedures, processes and tools to identify the trends and possible gaps and overlaps.
https://www.helpnetsecurity.com/2019/12/02/nis-directive-incident-response/
Vulnerabilities
Multiple Critical Vulnerabilities in SALTO ProAccess SPACE
In the software SALTO ProAccess Space ... multiple typical web application vulnerabilities got identified. An authenticated attacker was able to exploit a path traversal vulnerability to backup arbitrary files into the web root. This allowed an attacker to export the database into the web root and download it.
Furthermore, it was possible to combine another export feature with the path traversal vulnerability to write arbitrary contents to arbitrary locations on the backend Windows server.
https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-salto-proaccess-space/
Security updates for Monday
Security updates have been issued by Debian (389-ds-base, asterisk, file, nss, proftpd-dfsg, ssvnc, and tnef), Fedora (chromium, djvulibre, freeradius, ImageMagick, jhead, kernel, phpMyAdmin, python-pillow, and rubygem-rmagick), Mageia (bzip2, chromium-browser-stable, curl, dbus, djvulibre, glib2.0, glibc, gnupg2, httpie, libreoffice, libssh2, mosquitto, nginx, python-sqlalchemy, unbound, and zipios++), openSUSE (bluez, clamav, cpio, freerdp, openafs, phpMyAdmin, strongswan, and webkit2gtk3),
https://lwn.net/Articles/806079/
Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-spa-rce
Cisco Webex Teams and Cisco Webex Meetings Client DLL Hijacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-teams-dll