End-of-Day report
Timeframe: Dienstag 30-07-2019 18:00 - Mittwoch 31-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Smart Home: Philips Hue und Kameras über unsichere Protokolle gehackt
Sicherheitsforschern ist es gelungen, Steuerungsbefehle an Überwachungskameras und Philips-Hue-Lampen zu schicken. Die Geräte übertragen Daten und Befehle standardmäßig auf eine unsichere Weise.
https://www.golem.de/news/smart-home-philips-hue-und-kameras-ueber-unsichere-protokolle-gehackt-1907-142898-rss.html
Keeping a Hidden Identity: Mirai C&Cs in Tor Network
We found new samples of Mirai targeting IP cameras and DVRs with exposed ports and default credentials. Like its predecessors, it allows attackers remote access and the use of infected devices to form a botnet for DDoS attacks. However, the C&Cs were traced back to the Tor network, keeping the cybercriminals identities anonymous and protecting the servers from being shut down despite discovery.
https://blog.trendmicro.com/trendlabs-security-intelligence/keeping-a-hidden-identity-mirai-ccs-in-tor-network/
IoT home security camera allows hackers to listen in over HTTP
"The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does not require authentication to access the HTTP endpoint /videotalk," the vulnerabilitys description reads. "An unauthenticated, remote person can connect to this endpoint and listen to the audio the camera is capturing."
https://www.zdnet.com/article/iot-home-security-camera-allows-hackers-to-listen-in-over-http/
Malvertising: Online Advertisings Darker Side
The days of installing a basic ad blocker on your web browser and expecting full protection are gone. Between the sites that require them to be disabled and the ability for advertisers to pay to evade them, ad blockers alone are not sufficient. As this blog will cover in detail, malvertising is a problem not strictly associated with basic web browsing. It can also come with other software programs including adware or potentially unwanted applications (PUA). These latter examples require the most attention.
https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
Gefährliche PayPal Phishing-Nachrichten in Umlauf
Vorsicht vor betrügerischen Nachrichten im Namen PayPals, die an zahlreiche Konsument/innen verschickt werden. In der E-Mail wird behauptet, das Konto sei eingeschränkt worden und die Daten müssten bestätigt werden. Es handelt sich um einen Versuch Krimineller, an Zahlungsdaten zu kommen, um diese für weitere Verbrechen missbrauchen zu können!
https://www.watchlist-internet.at/news/gefaehrliche-paypal-phishing-nachrichten-in-umlauf/
Gefälschte DHL-Mails enthalten gefährliche Schadsoftware
Kriminelle versenden massenhaft E-Mails, in denen sie sich als DHL ausgeben und behaupten, dass Ihr Paket nicht zugestellt werden konnte. Nähere Infos, über das weitere Vorgehen, finden Sie angeblich im Dateianhang. Öffnen Sie keinesfalls die Datei, es handelt sich um Schadsoftware!
https://www.watchlist-internet.at/news/gefaelschte-dhl-mails-enthalten-gefaehrliche-schadsoftware/
Vulnerabilities
Updates verfügbar: OXID eShop repariert verwundbares Admin-Panel
Eine Sicherheitslücke in mehreren OXID-eShop-Versionen ermöglichte das Einschleusen und Ausführen beliebiger SQL-Befehle mittels speziell präparierter URLs.
https://heise.de/-4484390
Security updates for Wednesday
Security updates have been issued by CentOS (389-ds-base, curl, and kernel), Debian (libssh2), Fedora (kernel, kernel-headers, and oniguruma), openSUSE (chromium, openexr, thunderbird, and virtualbox), Oracle (389-ds-base, curl, httpd, kernel, and libssh2), Red Hat (nss and nspr and ruby:2.5), Scientific Linux (httpd and kernel), SUSE (java-1_8_0-openjdk, mariadb, mariadb-connector-c, polkit, and python-requests), and Ubuntu (openjdk-8, openldap, and sox).
https://lwn.net/Articles/795007/
Prima Systems FlexAir
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by a Jetty vulnerability (CVE-2018-12545)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-netcool-agile-service-manager-is-affected-by-a-jetty-vulnerability-cve-2018-12545/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-3/
IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2019-2684)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-identified-in-ibm-java-sdk-affect-websphere-service-registry-and-repository-and-websphere-service-registry-and-repository-studio-cve-2019-2684/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-collector-for-sap-applications-3/
IBM Security Bulletin: Secure Gateway is affected by a Denial of Service vulnerability (CVE-2019-5428)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-secure-gateway-is-affected-by-a-denial-of-service-vulnerability-cve-2019-5428/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-netcool-agile-service-manager/