[CERT-daily] Tageszusammenfassung - 07.05.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 04-05-2018 18:00 − Montag 07-05-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Drupal Sites Fall Victims to Cryptojacking Campaigns ∗∗∗
---------------------------------------------
After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/drupal-sites-fall-victims-to-cryptojacking-campaigns/


∗∗∗ SynAck Ransomware Uses Process Doppelgänging Technique ∗∗∗
---------------------------------------------
A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/synack-ransomware-uses-process-doppelg-nging-technique/


∗∗∗ How to Protect Yourself From GDPR-Related Phishing Scams ∗∗∗
---------------------------------------------
Fourteen emails. That’s the amount of GDPR policy notification emails I’ve received in the past few weeks. The EU’s General Data Protection Regulation (GDPR) compliance deadline is May 25, requiring companies around the world to notify their contacts about data privacy changes under this new rule.
---------------------------------------------
http://resources.infosecinstitute.com/protect-gdpr-phishing-scams/


∗∗∗ Lenovo Patches Arbitrary Code Execution Flaw ∗∗∗
---------------------------------------------
Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line.
---------------------------------------------
https://threatpost.com/lenovo-patches-arbitrary-code-execution-flaw/131725/


∗∗∗ Umsetzung NIS-Richtlinie abgeschlossen - neue Pflichten für Anbieter digitaler Dienste ∗∗∗
---------------------------------------------
Im Zuge der Umsetzung der EU-Richtlinie zur Netzwerk- und Informationssicherheit (NIS-Richtlinie) müssen Anbieter von Suchmaschinen, Cloud-Computing-Diensten und Online-Marktplätzen mit Sitz in Deutschland ab 10. Mai 2018 IT-Sicherheitsvorfälle mit erheblichen Auswirkungen auf den betriebenen Dienst an das Bundesamt für Sicherheit in der Informationstechnik (BSI) melden. Gleichzeitig gelten dann europaweit einheitliche Mindestanforderungen [...]
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/NIS-Richtlinie_Digitale_Dienste_07042018.html


∗∗∗ MassMiner: Kryptogeld-Miner hat es auf Web-Server abgesehen ∗∗∗
---------------------------------------------
Unbekannte Angreifer attackieren Sicherheitsforschern zufolge derzeit gezielt Server mit verwundbaren Versionen von Apache Struts, Oracle WebLogic und Windows SMB. Sicherheitspatches sind schon länger verfügbar.
---------------------------------------------
https://heise.de/-4043366


∗∗∗ Spectre-NG: Intel verschiebt die ersten Patches – koordinierte Veröffentlichung aufgeschoben ∗∗∗
---------------------------------------------
Eigentlich war für Montag die Veröffentlichung der ersten Spectre-NG-Patches geplant. Doch Intel hat um Aufschub gebeten und diesen auch erhalten. Neue, exklusive Informationen zeigen, wie es mit Spectre-NG jetzt weiter gehensoll.
---------------------------------------------
https://www.heise.de/-4043790


∗∗∗ Windows Defender Exploit Guard – Attack Surface Reduction Rules aktivieren ∗∗∗
---------------------------------------------
Mit Windows 10 v1709 hat Microsoft der Defender-Plattform zusätzliche, interessante Features spendiert, die nun mit Win10-Release 1803 um weitere Möglichkeiten ergänzt wurden. So lassen sich zum Beispiel folgende Regeln aktivieren, welche das Risiko einer Malware-Infektion in einigen Szenarien deutlich reduzieren können: [...]
---------------------------------------------
https://hitco.at/blog/windows-defender-exploit-guard-attack-surface-reduction-rules/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch") ∗∗∗
---------------------------------------------
Some platforms with integrated GPUs, such as smartphones, may allow both side-channel and rowhammer attacks via WebGL, which may allow a remote attacker to compromise the browser on an affected platform. An attack technique that leverages these vulnerabilities is called "GLitch."
---------------------------------------------
https://www.kb.cert.org/vuls/id/283803


∗∗∗ Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability ∗∗∗
---------------------------------------------
Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM (Multi-Master Replication Manager for MySQL) it ensures that only one node is writeable at a time. Using MySQL MMM an end user can also choose to move their Virtual IP addresses to different servers depending on their replication [...]
---------------------------------------------
https://blog.talosintelligence.com/2018/05/vulnerability-spotlight-mysql-mmm.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libdatetime-timezone-perl, libmad, lucene-solr, tzdata, and wordpress), Fedora (drupal7, scummvm, scummvm-tools, and zsh), Mageia (boost, ghostscript, gsoap, java-1.8.0-openjdk, links, and php), openSUSE (pam_kwallet), and Slackware (python).
---------------------------------------------
https://lwn.net/Articles/753687/


∗∗∗ Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT208804


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016092


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22015944


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016039


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1011857


∗∗∗ RSA Authentication Manager Bugs Let Remote Users Inject HTTP Headers and Remote Authenticated Users Conduct XML External Entity Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1040835


∗∗∗ Side-channel processor vulnerability CVE-2018-9056 (BranchScope) ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35135935

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily