[CERT-daily] Tageszusammenfassung - 02.02.2018

Daily end-of-shift report team at cert.at
Fri Feb 2 18:06:42 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 01-02-2018 18:00 − Freitag 02-02-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Nina Bieringer

=====================
=       News        =
=====================

∗∗∗ Crypto Miners May Be the 'New Payload of Choice' for Attackers ∗∗∗
---------------------------------------------
Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware.
---------------------------------------------
http://threatpost.com/crypto-miners-may-be-the-new-payload-of-choice-for-attackers/129734/


∗∗∗ Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd) ∗∗∗
---------------------------------------------
Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Janes 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body.
---------------------------------------------
https://isc.sans.edu/diary/rss/23305


∗∗∗ Multiple Vulnerabilities in WD MyCloud ∗∗∗
---------------------------------------------
While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details.
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilities-in-WD-MyCloud/


∗∗∗ There is no evidence in-the-wild malware is using Meltdown or Spectre ∗∗∗
---------------------------------------------
Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/02/there-no-evidence-wild-malware-using-meltdown-or-spectre/


∗∗∗ Service-Router von Cisco können sich an IPv6-Paketen verschlucken ∗∗∗
---------------------------------------------
Ein Sicherheitsupdate schließt eine DoS-Schwachstelle in Cisco ASR 9000.
---------------------------------------------
https://www.heise.de/security/meldung/Service-Router-von-Cisco-koennen-sich-an-IPv6-Paketen-verschlucken-3959367.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (systemd and thunderbird), Debian (squid and squid3), Fedora (firefox), Mageia (java-1.8.0-openjdk and sox), openSUSE (ecryptfs-utils and libXfont), Oracle (systemd and thunderbird), Scientific Linux (thunderbird), and Ubuntu (dovecot and w3m).
---------------------------------------------
https://lwn.net/Articles/746326/rss



=====================
=  Vulnerabilities  =
=====================

∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar ∗∗∗
---------------------------------------------
"Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar 1. Februar 2018  Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird.  CVE-Nummer: CVE-2018-4878  Es ist noch keine entsprechend gefixte Version verfügbar - Adobe hat eine solche für nächste Woche (beginnend mit 5. Februar 2018) in Aussicht
---------------------------------------------
http://www.cert.at/warnings/all/20180201.html


∗∗∗ IBM Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012719


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Kernel, libvirt and qemu-kvm affect IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012641

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list