[CERT-daily] Tageszusammenfassung - 23.01.2018

Tue Jan 23 18:13:35 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 22-01-2018 18:00 − Dienstag 23-01-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Newsletter-Dienst: Mailchimp verrät E-Mail-Adressen von Newsletter-Abonnenten ∗∗∗
---------------------------------------------
Spezifische Referrer für jeden Newsletter-Nutzer haben dazu geführt, dass Webseitenbetreiber die E-Mail-Adressen von Mailchimp-Nutzern herausfinden konnten. Das Problem wurde nach Meldung an den Anbieter mittlerweile behoben.
---------------------------------------------
https://www.golem.de/news/newsletter-dienst-mailchimp-verraet-e-mail-adressen-von-newsletter-abonnenten-1801-132317.html


∗∗∗ Just Keep Swimming: How to Avoid Phishing on Social Media ∗∗∗
---------------------------------------------
>From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell? Phishing attacks attempt to steal ..
---------------------------------------------
https://www.webroot.com/blog/2018/01/22/how-to-avoid-phishing-social-media/


∗∗∗ "MaMi": MacOS-Malware hört User ab und manipuliert Datenverkehr ∗∗∗
---------------------------------------------
Schädling leitet Traffic über von Unbekannten kontrollierte DNS-Server um
---------------------------------------------
http://derstandard.at/2000072382780


∗∗∗ Millionen PCs verwundbar: Forscher deckt Lücke in allen Blizzard-Games auf ∗∗∗
---------------------------------------------
Konzern arbeitet bereits an Lösung – Problem bei Client
---------------------------------------------
http://derstandard.at/2000072835431


∗∗∗ Achtung: Whatsapp Abo-Betrug kursiert derzeit per Mail ∗∗∗
---------------------------------------------
"Konto ist abgelaufen" – ehemaliges Abomodell von Whatsapp wird instrumentalisiert um Kreditkartendaten zu ergattern
---------------------------------------------
http://derstandard.at/2000072831670


∗∗∗ SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks ∗∗∗
---------------------------------------------
This post was written by Vitor VenturaIntroductionTalos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do not appear to be highly targeted, and appear to be more opportunistic in nature.Given SamSams victimology, its impacts are not just felt within the business world, they are also impacting people,
---------------------------------------------
http://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ HTTP Host header attacks against web proxy disclaimer response webpage ∗∗∗
---------------------------------------------
The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim.In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-262


∗∗∗ VMSA-2018-0002.3 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0002.html


∗∗∗ JSA10836 - 2018-01 Security Bulletin: SRX Series: Firewall bypass vulnerability when UUID with leading zeros is configured. (CVE-2018-0009) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10836


∗∗∗ XXE & Reflected XSS in Oracle Financial Services Analytical Applications ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/xxe-reflected-xss-in-oracle-financial-services-analytical-applications/index.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily