[CERT-daily] Tageszusammenfassung - 16.08.2019

Fri Aug 16 18:10:47 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 14-08-2019 18:00 − Freitag 16-08-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft Warns of Phishing Attacks Using Custom 404 Pages ∗∗∗
---------------------------------------------
Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/


∗∗∗ Energy Sector Phish Swims Past Microsoft Email Security via Google Drive ∗∗∗
---------------------------------------------
The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.
---------------------------------------------
https://threatpost.com/energy-phish-microsoft-security-google-drive/147397/


∗∗∗ Analysis of a Spearphishing Maldoc, (Thu, Aug 15th) ∗∗∗
---------------------------------------------
A spearphishing attack with a VBA maldoc on US utility companies was mentioned in SANS NewsBites Vol. 21, Num. 61. I always like to take a look at malicious documents mentioned in the news. Luckily for me, Proofpoint's analysis includes the hashes of the maldocs, and one maldoc can be found on VirusTotal.
---------------------------------------------
https://isc.sans.edu/diary/rss/25242


∗∗∗ VoIP-Sicherheitslücken: Viele Büro-Telefonanlagen grundlegend unsicher ∗∗∗
---------------------------------------------
33 Geräte von 25 Herstellern lassen sich kapern. Angreifer können spionieren, andere Systeme angreifen oder die Organisation durch einen Totalausfall schwächen.
---------------------------------------------
https://heise.de/-4499202


∗∗∗ MITRE ATT&CK July 2019 Update ∗∗∗
---------------------------------------------
On the last day of July, MITRE released its most recent update to the ATT&CK framework. The ATT&CK framework is a curated knowledge base of tactics, techniques, software, that adversarial groups have leveraged when compromising enterprise systems. The July 2019 update is relatively minor compared to the April 2019 update, which saw a new tactic [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/mitre-attck-july-2019-update/


∗∗∗ Many Apache Struts Security Advisories Updated Following Review ∗∗∗
---------------------------------------------
Two dozen security advisories for the Apache Struts open source development framework have been updated after researchers determined that they contained incorrect information regarding which versions of the software were impacted by a vulnerability.
---------------------------------------------
https://www.securityweek.com/many-apache-struts-security-advisories-updated-following-review


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Lenovo Warns of ThinkPad Bugs, One Unpatched ∗∗∗
---------------------------------------------
The notebook maker is warning users of three separate vulnerabilities.
---------------------------------------------
https://threatpost.com/lenovo-warns-bugs-thinkpads/147338/


∗∗∗ Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again ∗∗∗
---------------------------------------------
If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities.
---------------------------------------------
https://thehackernews.com/2019/08/libreoffice-patch-update.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (irssi, ledger, libheimdal, libmediainfo, libqb, and libsass) and Slackware (mozilla).
---------------------------------------------
https://lwn.net/Articles/796311/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, [...]
---------------------------------------------
https://lwn.net/Articles/796455/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily