[CERT-daily] Tageszusammenfassung - 17.09.2018

Mon Sep 17 18:10:50 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 14-09-2018 18:00 − Montag 17-09-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-34) ∗∗∗
---------------------------------------------
A prenotification security advisory (APSB18-34) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Wednesday, September 19, 2018. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1609


∗∗∗ CSS-basierte Web-Attacke bringt iPhones zum Absturz ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher hat eine Schwachstelle in iOS entdeckt, mit der iPhones zum Absturz gebracht und neu gestartet werden können.
---------------------------------------------
https://futurezone.at/digital-life/css-basierte-web-attacke-bringt-iphones-zum-absturz/400119698


∗∗∗ Fbot, A Satori Related Botnet Using Block-chain DNS System ∗∗∗
---------------------------------------------
Since 2018-09-13 11:30 UTC, a new botnet (we call it Fbot) popped up in our radar which really caught our attention.There are 3 interesting aspects about this new botnet:First, so far the only purpose of this botnet looks to be just going after and removing another botnet
---------------------------------------------
http://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/


∗∗∗ Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows ∗∗∗
---------------------------------------------
Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/


∗∗∗ User Agent String "$ua.tools.random()" ? :-) ! ∗∗∗
---------------------------------------------
For many years I've observed requests for page license.php on my webservers, from various IPs and with various User Agent Strings: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/24102


∗∗∗ Outdated Duplicator Plugin RCE Abused ∗∗∗
---------------------------------------------
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin.  Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is able to run any arbitrary code on the target site.
---------------------------------------------
https://blog.sucuri.net/2018/09/outdated-duplicator-plugin-rce-abused.html


∗∗∗ Erlang Authenticated Remote Code Execution ∗∗∗
---------------------------------------------
Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently.Erlange is an interesting language because it has “built-in concurrency, distribution, and fault tolerence”. To me, this means that it does job queing and distributed tasks right out of the gate.
---------------------------------------------
https://malicious.link/post/2018/erlang-arce/


∗∗∗ Bewerbungsschreiben verbreiten Schadsoftware ∗∗∗
---------------------------------------------
Unternehmen erhalten von Arbeitssuchenden elektronische Bewerbungsschreiben. Für die ausführlichen und angehängten Bewerbungsunterlagen der Kandidat/innen sollen sie einen Dateianhang im ZIP-Format öffnen. Er beinhaltet ausführbare Microsoft Windows-Anwendungen, die Schadsoftware sind. Diese Anwendungen dürfen Mitarbeiter/innen nicht öffnen, denn damit installieren sie die Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/news/bewerbungsschreiben-verbreiten-schadsoftware-1/


∗∗∗ gymondi.com ist ein Fakeshop ∗∗∗
---------------------------------------------
Gymondi.com ist ein sehr aufwendig aufgesetzter Onlineshop, der das Herz von Sportler/innen höherschlagen lässt. Konsument/innen finden bei gymondi.com Fitnessgeräte zu günstigeren Preisen als bei der Konkurrenz. Zusätzlich zum Preisvorteil kann ein 20% Rabattgutschein eingelöst werden, was den Gesamtpreis erheblich mindert. Wir raten von einem Einkauf ab! Sie werden lediglich um einen hohen Geldbetrag betrogen und gehen leer aus.
---------------------------------------------
https://www.watchlist-internet.at/news/gymondicom-ist-ein-fakeshop/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (discount, ghostscript, intel-microcode, mbedtls, thunderbird, and zutils), Fedora (ghostscript, java-1.8.0-openjdk-aarch32, kernel-headers, kernel-tools, libzypp, matrix-synapse, nspr, nss, nss-softokn, nss-util, zsh, and zypper), Mageia (kernel, kernel-linus, and kernel-tmb), openSUSE (chromium, curl, ffmpeg-4, GraphicsMagick, kernel, libzypp, zypper, okular, python3, spice-gtk, tomcat, and zsh), Oracle (kernel), Slackware (php), SUSE (curl, [...]
---------------------------------------------
https://lwn.net/Articles/765048/


∗∗∗ BlackBerry Powered by Android Security Bulletin - September 2018 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618


∗∗∗ Moodle: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1871/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily