[CERT-daily] Tageszusammenfassung - 24.09.2018

Daily end-of-shift report team at cert.at
Mon Sep 24 18:11:22 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 21-09-2018 18:00 − Montag 24-09-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Malware Disguised as Job Offers Distributed on Freelance Sites ∗∗∗
---------------------------------------------
Attackers are using freelance job sites such as fiverr and Freelancer to distribute malware disguised as job offers. These job offers contain attachments that pretends to be the job brief, but are actually ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/


∗∗∗ Security: Curl bekommt eigenes Bug-Bounty-Programm ∗∗∗
---------------------------------------------
Das kleine Kommandozeilenwerkzeug Curl und dessen Bibliothek finden sich in nahezu allen vernetzten Geräten. Sicherheitsforscher erhalten künftig eine Bug-Bounty, also Geld für das Auffinden von Sicherheitslücken in der ..
---------------------------------------------
https://www.golem.de/news/security-curl-bekommt-eigenes-bug-bounty-programm-1809-136704.html


∗∗∗ Adwind Dodges AV via DDE ∗∗∗
---------------------------------------------
Cisco Talos, along with fellow cybersecurity firm ReversingLabs, recently discovered a ..
---------------------------------------------
https://blog.talosintelligence.com/2018/09/adwind-dodgesav-dde.html


∗∗∗ Security - Android: Immer mehr Hersteller liefern Sicherheits-Updates ∗∗∗
---------------------------------------------
Mittlerweile 250 Modelle mit Patch Level aus den letzten 90 Tagen – Google zahlt 3 Millionen Dollar für Bug Bounties
---------------------------------------------
https://derstandard.at/2000087981052/Android-Immer-mehr-Hersteller-liefern-Sicherheits-Updates


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Cisco Video Surveillance Manager Appliance Default Password Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm


∗∗∗ DSA-4301 mediawiki - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4301


∗∗∗ DSA-4302 openafs - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4302


∗∗∗ ZDI-18-1079: Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1079/


∗∗∗ ZDI-18-1078: Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1078/


∗∗∗ Multiple vulnerabilities in Citrix StorageZones Controller ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-citrix-storagezones-controller-cve-2018-16968-cve-2018-16969/


∗∗∗ Security vulnerabilities fixed in Firefox ESR 60.2.1 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/


∗∗∗ Security vulnerabilities fixed in Firefox 62.0.2 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list