[CERT-daily] Tageszusammenfassung - 08.02.2019

Fri Feb 8 18:08:01 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 07-02-2019 18:00 − Freitag 08-02-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================


∗∗∗ The Anatomy of Website Malware: An Introduction ∗∗∗
---------------------------------------------
We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware. Are you interested in how backdoors, injectors, hacktools, ..
---------------------------------------------
https://blog.sucuri.net/2019/02/the-anatomy-of-website-malware-an-introduction.html


∗∗∗ Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard ∗∗∗
---------------------------------------------
Attackers can use the .devicemanifest-ms and .devicemetadata-ms file extensions for remote code execution in phishing scenarios when the Windows Driver Kit is installed on a victim’s machine. This is possible because the Windows Driver Kit installer installs ..
---------------------------------------------
https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the-device-metadata-authoring-wizard-a0d5839fc54f


∗∗∗ LifeSize: Videokonferenzsysteme erlauben Zugriff per Default-Account ∗∗∗
---------------------------------------------
Vier Videokonferenz-Produkte von LifeSize bringen neben Firmware-Schwachstellen auch einen Support-Account mit Default-Login mit. Nutzer sollten zügig handeln.
---------------------------------------------
http://heise.de/-4301951


∗∗∗ First clipper malware discovered on Google Play ∗∗∗
---------------------------------------------
Cryptocurrency stealers that replace a wallet address in the clipboard are no ..
---------------------------------------------
http://feedproxy.google.com/~r/eset/blog/~3/hENbeA5W9fg/


∗∗∗ Super-systemic IoT flaws ∗∗∗
---------------------------------------------
IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected ..
---------------------------------------------
https://www.pentestpartners.com/security-blog/super-systemic-iot-flaws/


∗∗∗ Threat Brief: Understanding Domain Generation Algorithms (DGA) ∗∗∗
---------------------------------------------
Intro One of the most important “innovations” in malware in the past decade is what’s called a Domain Generation Algorithm (“DGA”)”. DGA is an automation technique that attackers use to make it harder for defenders to protect against attacks. While DGA has ..
---------------------------------------------
https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dovecot and libarchive), Fedora (gvfs and poppler), openSUSE (openssl-1_1 and subversion), Oracle (kernel), Slackware (php), SUSE (avahi, docker, libunwind, LibVNCServer, and spice), and Ubuntu (linux-azure and openssh).
---------------------------------------------
https://lwn.net/Articles/779299/


∗∗∗ Siemens SICAM A8000 RTU Series ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-038-01


∗∗∗ Siemens EN100 Ethernet Module ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-038-02


∗∗∗ Apple Releases Multiple Security Updates ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/02/07/Apple-Releases-Multiple-Security-Updates


∗∗∗ IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-analyis-platform-is-affected-by-multiple-vulnerabilities/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-7/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily