[CERT-daily] Tageszusammenfassung - 05.07.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 04-07-2018 18:00 − Donnerstag 05-07-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ First-Ever Person Sentenced for Malicious Use of Coinhive Library ∗∗∗
---------------------------------------------
Authorities in Japan have sentenced a man for the first time for using the Coinhive JavaScript library for malicious purposes. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/first-ever-person-sentenced-for-malicious-use-of-coinhive-library/


∗∗∗ Analysis: Downloader with a twist ∗∗∗
---------------------------------------------
In this latest analysis, we will stay on the topic of fileless malware. Having dissected the Rozena backdoor in the last article, we have taken a peek into another malware that uses “fileless” techniques. Case in point: a downloader.
---------------------------------------------
https://www.gdatasoftware.com/blog/07/30876-analysis-downloader-with-a-twist


∗∗∗ How to Check App Permissions on iOS, Android, Windows, and macOS ∗∗∗
---------------------------------------------
Its never a bad time to audit your app permissions. In fact, its more important than ever.
---------------------------------------------
https://www.wired.com/story/how-to-check-app-permissions-ios-android-macos-windows


∗∗∗ NSO-Mitarbeiter bietet iOS-Spyware Pegasus im Darknet an ∗∗∗
---------------------------------------------
Der geheimnisumwitterten israelischen Sicherheitsfirma NSO Group sind mächtige Spyware-Tools abhanden gekommen. Ein Insider wollte sie im Darknet verkaufen.
---------------------------------------------
http://heise.de/-4101187


∗∗∗ Gentoos GitHub mirror compromise incident report ∗∗∗
---------------------------------------------
LWN reported on June 29 that Gentoos GitHub mirror had been compromised. Gentoo now considers the incident resolved and the full report is available. "An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. They then proceeded to make ..
---------------------------------------------
https://lwn.net/Articles/759046/


∗∗∗ Warnung vor gefälschtem Microsoft-Sicherheitshinweis ∗∗∗
---------------------------------------------
Konsument/innen sehen in ihrem Browser eine gefälschte Microsoft-Sicherheitswarnung. Darin heißt es, dass ihr Computer mit Schadsoftware befallen sei. Aus diesem Grund sollen sie einen technischen Support anrufen und ein Programm auf ihrem Computer installieren. Es ermöglicht Kriminellen, bei Bezahlung von Rechnungen die Kreditkartendaten ihrer Opfern zu stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-gefaelschtem-microsoft-sicherheitshinweis/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Custom Tokens - Moderately critical - Arbitrary Code Execution - SA-CONTRIB-2018-046 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-046

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily