End-of-Day report
Timeframe: Freitag 26-04-2019 18:00 - Montag 29-04-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores
Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub.
https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-skimmer-found-on-hundreds-of-stores/
Old Vulnerabilities Are Still Good Tricks for Todays Attacks
The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort.
https://www.bleepingcomputer.com/news/security/old-vulnerabilities-are-still-good-tricks-for-todays-attacks/
Typo 3 Spam Infection
Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now and then we come across something a little different. Blackhat SEO Infection in Typo3 Just recently, I discovered a website using the Typo3 CMS that had been infected with a blackhat SEO spam infection: [...]
https://blog.sucuri.net/2019/04/typo-3-spam-infection.html
Schwachstellen in P2P-Komponente: Zwei Millionen IoT-Geräte angreifbar
Angreifer könnten sich Fernzugriff auf IP-Kameras, smarte Türklingeln und Co. verschaffen. Ein Forscher rät zum Wegwerfen, nennt aber auch einen Workaround.
https://heise.de/-4409298
A Crash-Course in Card Shops
The notorious Joker's Stash is perhaps the best-known of many illicit shops in the deep & dark web (DDW) that specialize in, and serve as a primary means through which cybercriminals obtain, stolen payment card data. Commonly referred to as card shops, these shops can also be invaluable resources for those seeking to better understand and combat fraud and cybercrime. read more
https://www.securityweek.com/crash-course-card-shops
So schützen Sie sich vor Phishing-Versuchen
Beim Phishing versuchen Kriminelle mittels gefälschter E-Mails, Websites und Chat-Nachrichten, sensible Daten von Internetuser/innen abzugreifen. Durch einfach zu treffende Vorkehrungen und ein wachsames Auge kann vermieden werden, auf derartige Betrugsmaschen hereinzufallen. Dies ist wichtig, denn durch falsches Handeln können mitunter hohe finzielle Verluste entstehen.
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-phishing-versuchen/
Vulnerabilities
Oracle patcht kritische Lücke in WebLogic Server außer der Reihe
Angreifer könnten WebLogic Server mit vergleichsweise wenig Aufwand attackieren und übernehmen. Nun hat Oracle Sicherheitsupdates veröffentlicht.
https://heise.de/-4409153
Security updates for Monday
Security updates have been issued by Arch Linux (chromium, libpng, and openssh), Debian (checkstyle, evolution, gst-plugins-base0.10, gst-plugins-base1.0, imagemagick, libpng1.6, monit, and systemd), Fedora (aria2, php-symfony, php-symfony3, php-symfony4, and python-jinja2), openSUSE (ceph, libssh2_org, libvirt, php7, python3, samba, wget, and xerces-c), Red Hat (rh-python35-python), Slackware (bind), SUSE (libssh2_org), and Ubuntu (evince, gst-plugins-base0.10, gst-plugins-base1.0, and [...]
https://lwn.net/Articles/787052/
IBM Security Bulletin: IBM StoredIQ is affected by potential Host Header Injection (CVE-2019-4166)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affected-by-potential-host-header-injection-cve-2019-4166/
IBM Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-spring-framework-affects-ibm-tivoli-application-dependency-discovery-manager-taddm-cve-2018-15756/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified-3/
IBM Security Bulletin : IBM Storwize V7000 Unified is affected by denial of service vulnerability in GPFS (CVE-2018-1783)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storwize-v7000-unified-is-affected-by-denial-of-service-vulnerability-in-gpfs-cve-2018-1783/
IBM Security Bulletin : IBM Storwize V7000 Unified is affected by arbitry file read vulnerability in GPFS
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storwize-v7000-unified-is-affected-by-arbitry-file-read-vulnerability-in-gpfs/
IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect Rational Method Composer March 2019 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-java-sdk-affect-rational-method-composer-march-2019-cpu/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-4/