[CERT-daily] Tageszusammenfassung - 26.07.2018

Thu Jul 26 18:03:47 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 25-07-2018 18:00 − Donnerstag 26-07-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ A mining multitool ∗∗∗
---------------------------------------------
Recently, an interesting miner implementation appeared on Kaspersky Lab’s radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.
---------------------------------------------
https://securelist.com/a-mining-multitool/86950/


∗∗∗ Attack inception: Compromised supply chain within a supply chain poses new risks ∗∗∗
---------------------------------------------
A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a Read more
---------------------------------------------
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/


∗∗∗ New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel ∗∗∗
---------------------------------------------
We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6eLtSVD7Bqc/


∗∗∗ Zwei Jahre alter Mac-Trojaner kursiert wieder ∗∗∗
---------------------------------------------
Die Malware Calisto soll Vorläufer des Proton-Schädlings sein, der sich über gefälschte Apps verbreitete.
---------------------------------------------
http://heise.de/-4120597


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Xen Security Advisory 274 - Linux: Uninitialized state in PV syscall return path ∗∗∗
---------------------------------------------
A rogue user-space program could crash a guest kernel. Privilege escalation cannot be ruled out.
---------------------------------------------
https://lists.xenproject.org/archives/html/xen-announce/2018-07/msg00004.html


∗∗∗ Sicherheitslücken in ClamAV: Angreifer können Rechner lahmlegen ∗∗∗
---------------------------------------------
Der Open-Souce-Virenscanner ermöglicht Denial-of-Service-Angriffe aus der Ferne. Das BSI rät zum umgehenden Update.
---------------------------------------------
http://heise.de/-4120917


∗∗∗ Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub ∗∗∗
---------------------------------------------
Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung to ensure that these issues have been resolved and that a firmware update has been made available for affected customers. 
---------------------------------------------
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (jenkins), CentOS (java-1.8.0-openjdk, openslp, and thunderbird), Fedora (dcraw and httpd), Oracle (java-1.8.0-openjdk and thunderbird), Red Hat (procps), Scientific Linux (thunderbird), SUSE (kernel), and Ubuntu (clamav and tomcat7, tomcat8).
---------------------------------------------
https://lwn.net/Articles/760956/


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by GNU C library (glibc) vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10716377


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10718395


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in libidn2 (CVE-2017-14062) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718807


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in GNU C Library (CVE-2017-12133) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718801


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in NTP ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718877


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in freetype2 (CVE-2017-8287 CVE-2017-8105 CVE-2016-10244) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718879


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libxml2 (CVE-2017-5130 CVE-2017-15412 CVE-2016-5131) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718881


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in dhcp (CVE-2017-3144) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10718803


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in ncurses (CVE-2017-13733) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718805


∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014442


∗∗∗ HPESBHF03836 rev.1 - HPE Routers and Switches running Linux-based Comware 5 and Comware 7 Software, Remote Unauthorized Disclosure of Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily