End-of-Day report
Timeframe: Montag 06-05-2019 18:00 - Dienstag 07-05-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Confluence Servers Hacked to Install Miners and Rootkits
After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency.
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-install-miners-and-rootkits/
"7 Tips For Planning ICS Plant Visits"
As you plan the next visit to your ICS plant(s) with your security team, consider these seven tips. They will maximize time on-site for accurate asset identification, effective cybersecurity awareness that will foster IT and OT relationships for smooth ICS incident response, and highlight new ways to ethically hack your digital and physical security perimeter.
http://ics.sans.org/blog/2019/05/06/7-tips-for-planning-ics-plant-visits
Entschlüsselungstool für Erpressungstrojaner MegaLocker/NamPoHyu verfügbar
Sicherheitsforscher haben ein Gratis-Entschlüsselungstool für eine aktuelle Ransomware veröffentlicht. Der Malware-Entwickler findet das gar nicht witzig.
https://heise.de/-4415835
Turla LightNeuron: An email too far
ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments
https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/
WordPress GraphQL plugin exploit
Third-party plugins are often the security Achilles heel of Content Management Systems (CMS). It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a plugin, undermining the security of the whole platform.
https://www.pentestpartners.com/security-blog/wordpress-graphql-plugin-exploit/
Surge of MegaCortex ransomware attacks detected
New MegaCortex ransomware strain detected targeting the enterprise sector.
https://www.zdnet.com/article/sudden-surge-of-megacortex-ransomware-infections-detected/
WordPress finally gets the security features a third of the Internet deserves
WordPress 5.2 released with support for cryptographically-signed updates, a modern cryptographic library.
https://www.zdnet.com/article/wordpress-finally-gets-the-security-features-a-third-of-the-internet-deserves/
Vulnerabilities
[20190501] - Core - XSS in com_users ACL debug views
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.7.0 through 3.9.5 Exploit type: XSS Reported Date: 2019-April-29 Fixed Date: 2019-May-07 CVE Number: CVE-2019-11809 Description The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. Affected Installs Joomla! CMS versions 1.7.0 through 3.9.5 Solution Upgrade to version 3.9.6 Contact The JSST at the Joomla! Security Centre. Reported By: Jose Antonio
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/xio2qb8Db2U/780-20190501-core-xss-in-com-users-acl-debug-view.html
Android Security Bulletin - May 2019
[...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
https://source.android.com/security/bulletin/2019-05-01.html
USN-3969-1: wpa_supplicant and hostapd vulnerability
wpa vulnerabilityA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 19.04Ubuntu 18.10Ubuntu 18.04 LTSUbuntu 16.04 LTSSummarywpa_supplicant and hostapd could be made to crash if they receivedspecially crafted network traffic.
https://usn.ubuntu.com/3969-1/
Security updates for Tuesday
Security updates have been issued by Debian (389-ds-base, firefox-esr, and symfony), Fedora (poppler), SUSE (audit, ovmf, and webkit2gtk3), and Ubuntu (aria2, FFmpeg, gnome-shell, and sudo).
https://lwn.net/Articles/787732/
Security Bulletins for TYPO3 CMS
https://typo3.org/help/security-advisories/typo3-cms/
Security Bulletins for TYPO3 Extensions
https://typo3.org/help/security-advisories/typo3-extensions/
Public Services Announcements for TYPO3
https://typo3.org/help/security-advisories/public-service-announcements/
IBM Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center (CVE-2018-3180, CVE-2018-1890)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-java-vulnerabilities-impact-ibm-control-center-cve-2018-3180-cve-2018-1890/