[CERT-daily] Tageszusammenfassung - 13.09.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 12-09-2018 18:00 − Donnerstag 13-09-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Office VBA + AMSI: Parting the veil on malicious macros ∗∗∗
---------------------------------------------
As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior.
---------------------------------------------
https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/


∗∗∗ A New Mining Botnet Blends Its C2s into ngrok Service ∗∗∗
---------------------------------------------
These days, it feels like new mining malwares are popping up almost daily and we have pretty much stopped blogging the regular ones so we don’t flood our readers’ feed. With that being said, one did have our attention recently. This botnet hides its C2s(Downloader and Reporter [...]
---------------------------------------------
http://blog.netlab.360.com/a-new-mining-botnet-blends-its-c2s-into-ngrok-service/


∗∗∗ Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars ∗∗∗
---------------------------------------------
High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow to unlock and start the vehicle based on the physical proximity of a paired key fob; no user interaction is required.
---------------------------------------------
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/


∗∗∗ The 42M Record kayo.moe Credential Stuffing Data ∗∗∗
---------------------------------------------
This is going to be a brief blog post but its a necessary one because I cant load the data Im about to publish into Have I Been Pwned (HIBP) without providing more context than what I can in a single short breach description. Heres the story: [...]
---------------------------------------------
https://www.troyhunt.com/the-42m-record-kayo-moe-credential-stuffing-data/


∗∗∗ Keine 359,88 Euro an Streaming-Plattformen zahlen ∗∗∗
---------------------------------------------
Die Streaming-Plattformen borastream.de und matostream.de verlangen von Besucher/innen eine kostenlose Registrierung. Sie führt ohne Hinweis zu einer Premium-Mitgliedschaft um 359,88 Euro pro Jahr. Konsument/innen müssen die Rechnung der Website-Betreiberinnen Roxo Films Ltd bzw. Filmser Ltd27 nicht bezahlen, denn ihre Angebote sind unseriöse Abo-Fallen.
---------------------------------------------
https://www.watchlist-internet.at/news/keine-35988-euro-an-streaming-plattformen-zahlen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ghostscript and openssh), Oracle (firefox), Scientific Linux (firefox and OpenAFS), SUSE (tomcat), and Ubuntu (openjdk-lts).
---------------------------------------------
https://lwn.net/Articles/764713/


∗∗∗ ZDI-18-1046: (0Day) PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1046/


∗∗∗ Intel Baseboard Management Controller (BMC) Firmware: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1861/


∗∗∗ IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1791) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10731207


∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-1656 and CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10728399


∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10718837


∗∗∗ IBM Security Bulletin: A Vulnerability in the Java runtime environment that IBM provides affects WebSphere DataPower XC10 Appliance ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718653


∗∗∗ IBM Security Bulletin: A Vulnerability in Java runtime environment that IBM provides affects WebSphere eXtreme Scale ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718453


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10731317


∗∗∗ IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0739 ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=ibm10731019

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily