[CERT-daily] Tageszusammenfassung - 22.01.2018

Mon Jan 22 18:05:55 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 19-01-2018 18:00 − Montag 22-01-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hacker One: Nur 20 Prozent der Bounty-Jäger hacken in Vollzeit ∗∗∗
---------------------------------------------
Das US-Unternehmen Hacker One hat aktuelle Zahlen vorgestellt: Die meisten Bounties werden nach wie vor von US-Unternehmen gezahlt. Die Daten zeigen außerdem, dass das Finden von Schwachstellen für die meisten ein Nebenberuf oder Hobby ist.
---------------------------------------------
https://www.golem.de/news/hacker-one-nur-20-prozent-der-bounty-jaeger-hacken-in-vollzeit-1801-132286.html


∗∗∗ Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017 ∗∗∗
---------------------------------------------
The Skygofree spyware analyzed by Kaspersky today was first spotted by the researcher Lukas Stefanko and the first analysis was published last year by the experts of CSE Cybsec ZLab. The Skygofree ..
---------------------------------------------
http://resources.infosecinstitute.com/powerful-skygofree-spyware-already-reported-analyzed-2016/


∗∗∗ Apple Preps ChaiOS iMessage Bug Fix, Report ∗∗∗
---------------------------------------------
A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources.
---------------------------------------------
http://threatpost.com/apple-preps-chaios-imessage-bug-fix-report/129544/


∗∗∗ Followup to IPv6 brute force and IPv6 blocking ∗∗∗
---------------------------------------------
My diary earlier this week led to some good discussion in the comments and on twitter. I want to, first off, apologize for not responding as much or as quickly as I would have liked, I&#;x26;#;39;ve actually been ill most of this week since posting the previous diary (and signing up for this slot as handler on duty). Having said that, ..
---------------------------------------------
https://isc.sans.edu/diary/23253


∗∗∗ Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining ∗∗∗
---------------------------------------------
Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain ..
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/struts-dotnetnuke-server-exploits-used-cryptocurrency-mining/


∗∗∗ Dark Caracal: Good News and Bad News ∗∗∗
---------------------------------------------
Yesterday, EFF and Lookout announced a new report, Dark Caracal, that uncovers a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Some readers had questions about what this means for them. This blog post is here to answer ..
---------------------------------------------
https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news


∗∗∗ DarkComet upload vulnerability ∗∗∗
---------------------------------------------
This post will introduce a file upload vulnerability in DarkComet’s C&C server. While a flaw that allows an attacker to download files has already been known for many years there is no mention of this very similar vulnerability. A quick disclaimer before we go into the actual matter: Hacking a C&C server might seem morally justified but it is still illegal. Don’t do it.
---------------------------------------------
https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/


∗∗∗ Zweiter Faktor: Nur wenige User sichern ihren Google-Account zusätzlich ab ∗∗∗
---------------------------------------------
Laut Google wird Zwei-Faktor-Authentifizierung gerade einmal von zehn Prozent alle Nutzer eingesetzt
---------------------------------------------
http://derstandard.at/2000072757014


∗∗∗ 2018 ICS Security Predictions ∗∗∗
---------------------------------------------
We just closed another year in the ICS security industry, one filled with advanced (and exciting) product developments. We also saw an increased market awareness, with growing a emphasis on protecting industrial infrastructure.
---------------------------------------------
https://www.bayshorenetworks.com/blog/ics-security-2018-predictions


∗∗∗ Cryptocurrency Hacks and Heists in 2017 ∗∗∗
---------------------------------------------
The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the ..
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/cryptocurrency-hacks-heists/


=====================
=  Vulnerabilities  =
=====================
∗∗∗ Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF) ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/9013

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily