Tageszusammenfassung - 01.04.2019
End-of-Day report
Timeframe: Freitag 29-03-2019 18:00 - Montag 01-04-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan RichterNews
Mira Ransomware Decryptor
We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it's feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the [...]https://labsblog.f-secure.com/2019/04/01/mira-ransomware-decryptor/
Zero-Day-Lücke in Smart-Home-Router SR20 von TP-Link
Unter gewissen Umständen könnte ein Angreifer Schadcode mit Root-Rechten auf dem TP-Link-Router SR20 ausführen.Sicherheitsupdates: Nagios XI für vielfältige Angriffe anfällig
Die Serverüberwachungssoftware Nagios IX ist über mehrere Sicherheitslücken attackierbar. Abgesicherte Ausgaben sind verfügbar.Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin
This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin's developer can grant themselves administrative access to sites using the plugin, or even delete affected [...]https://www.wordfence.com/blog/2019/03/peculiar-php-present-in-popular-pipdig-power-pack-plugin/
Hilfreiche Infos zu Finanzbetrug der Finanzmarktaufsicht
Bei Investments, die hohe Gewinne versprechen, ist Vorsicht geboten. Insbesondere im Bereich Bitcoins und Kryptowährungen kursieren zahlreiche betrügerische Angebote im Netz, bei denen Inverstor/innen ihr eingesetztes Geld verlieren. Die Finanzmarktaufsicht Österreich stellt mit ihrem Finanz ABC nun Hilfreiches rund um Finanzen, Geldanlagen sowie dem Erkennen von Finanzbetrug zur Verfügung.https://www.watchlist-internet.at/news/hilfreiche-infos-zu-finanzbetrug-der-finanzmarktaufsicht/
Vulnerabilities
CVE-2019-9193: Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest
PostgreSQL, commonly known as Postgres is one of the largest and most popular database systems in the world. It is the primary database of Mac OSX but also has Linux and Windows versions available.Pydio 8 Multiple Vulnerabilities
Multiple vulnerabilities were found in Pydio 8 (latest version 8.2.2), which allows an attacker with regular user access to the application and by tricking an administrator account to open a shared URL bookmark through the application, to obtain the victims session identifiers in order to impersonate him/her and to perform actions such as create a new user administrator account.https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (chromium, drupal7, gpsd, libav, libdatetime-timezone-perl, php5, rails, thunderbird, twig, tzdata, and wordpress), Fedora (edk2, flatpak, fuse, ghostscript, gnutls, golang-googlecode-go-crypto, grub2, mxml, poppler, and systemd), Mageia (file, kernel, live, mplayer, vlc, openjpeg2, pdns, and poppler), openSUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, kernel, ovmf, and ucode-intel), SUSE (adcli, sssd, GraphicsMagick, [...]https://lwn.net/Articles/784563/
Vuln: Redhat Atomic OpenShift CVE-2019-3884 Spoofing Vulnerability
http://www.securityfocus.com/bid/107649
Apple Mac OS: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0243%20UPDATE%201