End-of-Day report
Timeframe: Dienstag 12-02-2019 18:00 - Mittwoch 13-02-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
13 Popular Wireless Hacking Tools [Updated for 2019]
Introduction to 13 Popular Wireless Hacking Tools Internet is now the basic need of our daily life. With the increasing use of smartphones, most of the things are now online. Every time we have to do something, we just use our smartphone or desktop. This is the reason wi-fi hotspots can be found everywhere. People also [...]
https://resources.infosecinstitute.com/13-popular-wireless-hacking-tools/
Siemens Warns of Critical Remote-Code Execution ICS Flaw
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.
https://threatpost.com/siemens-critical-remote-code-execution/141768/
Fake Updates campaign still active in 2019
Last week on 2019-02-06, @baberpervez2 tweeted about a compromised website used by the Fake Updates campaign (link to tweet). The Fake Updates campaign uses compromised websites that generate traffic to a fake update page. The type of fake update page depends on your web browser. Victims would see a fake Flash update page when using Internet Explorer, a fake Chrome update page when using Google Chrome, or a fake Firefox update page when using Firefox.
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
Patchday: Attacken gegen Internet Explorer
Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Mehre Schwachstellen gelten als kritisch.
http://heise.de/-4307548
Patchday: Adobe schützt ColdFusion und Reader vor Schadcode
Adobe Acrobat, ColdFusion und Reader sind über kritische Sicherheitslücken angreifbar. Updates schaffen Abhilfe.
http://heise.de/-4307619
Patchday: SAP stopft kritische Lücken im Software-Portfolio
Der deutsche Softwarehersteller SAP hat wichtige Sicherheitsupdates für zum Beispiel Commerce und BW/4HANA veröffentlicht.
http://heise.de/-4308113
Xiaomi-Scooter lässt sich über Bluetooth kapern
Unbefugte können den Xiaomi M365 stoppen oder beschleunigen, was für den Fahrer lebensgefährlich ist. Auch andere Marken könnten betroffen sein.
http://heise.de/-4307588
Phishing-Welle: Warnung vor falschen Microsoft-Mails und Telekom-Rechnungen
Gefälschte Microsoft-E-Mails, die den Trojaner Emotet verbreiten, sowie vermeintliche Telekom-Rechnungen sind im Umlauf.
http://heise.de/-4308122
Kein Geld an vermeintliche Airbnb-Agent/innen ins Ausland zahlen!
Wohnungssuchende stoßen bei Immobilienplattformen auf unglaublich günstige Inserate. Konsument/innen, die Kontakt aufnehmen, erhalten von Vermieter/innen schnell positive Rückmeldung. Da diese sich im Ausland befinden, soll Airbnb für Schlüsselübergabe und Besichtigungstermin als Treuhand fungieren. Konsument/innen dürfen nichts überweisen! Die Inserate sind gefälscht und das Geld ist verloren.
https://www.watchlist-internet.at/news/kein-geld-an-vermeintliche-airbnb-agentinnen-ins-ausland-zahlen/
Vulnerabilities
OSIsoft PI Vision
This advisory includes mitigations for a cross-site scripting vulnerability in OSIsofts PI Vision web page application.
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-01
Security Advisory for Malware on QTS
A recently reported malware is known to affect QNAP NAS devices. We are currently analyzing the malware and will provide the solution as soon as possible.
https://www.qnap.com/en/security-advisory/nas-201902-13
Security updates for Wednesday
Security updates have been issued by Arch Linux (aubio, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-gnutls, libu2f-host, python-django, python2-django, rdesktop, and runc), Debian (flatpak), Fedora (flatpak, pdns-recursor, rdesktop, tomcat, and xerces-c27), Mageia (cinnamon, docker, dovecot, golang, java-1.8.0-openjdk, jruby, libarchive, libgd, libtiff, libvncserver, opencontainers-runc, openssh, python-marshmallow, thunderbird, and transfig), openSUSE (python-slixmpp), Oracle (kernel), Red Hat (redhat-virtualization-host), Slackware (lxc), SUSE (curl, firefox, LibVNCServer, nginx, php7, python-numpy, runc, SMS3.2, and thunderbird), and Ubuntu (gvfs, python-django, snapd, and webkit2gtk).
https://lwn.net/Articles/779719/
D-LINK Router: Schwachstelle ermöglicht Erlangen von Administratorrechten
http://www.cert-bund.de/advisoryshort/CB-K19-0140
IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private - fluentd
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-cloud-private-fluentd/
IBM Security Bulletin: IBM Rational ClearCase GIT connector password exposure (CVE-2019-4059)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-rational-clearcase-git-connector-password-exposure-cve-2019-4059/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Agile Service Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-agile-service-manager/
IBM Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java- Technology Edition
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-in-ibm-sdk-java-technology-edition/
IBM Security Bulletin: IBM PureApplication Service is affected by a GPFS vulnerability (CVE-2018-1783)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-service-is-affected-by-a-gpfs-vulnerability-cve-2018-1783/
IBM Security Bulletin: IBM PureApplication System is affected by a GPFS vulnerability (CVE-2018-1783)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-pureapplication-system-is-affected-by-a-gpfs-vulnerability-cve-2018-1783/
IBM Security Bulletin: A security vulnerability has been identified in Ansible shipped with Data Science Experience Local
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-identified-in-ansible-shipped-with-data-science-experience-local/
IBM Security Bulletin: IBM Data Science Experience Local is affected by continuous traffic to a US Softlayer server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-data-science-experience-local-is-affected-by-continuous-traffic-to-a-us-softlayer-server/