[CERT-daily] Tageszusammenfassung - 22.02.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 21-02-2019 18:00 − Freitag 22-02-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Statische Analyse von bösartigen Makros in Office-Dokumenten (am Beispiel der Schadsoftware Emotet) ∗∗∗
---------------------------------------------
Verdächtige Office-Dokumente können mit frei verfügbaren Werkzeugen auf Schadsoftware geprüft werden. Dieser Artikel gibt einen Einblick in die statische Analyse solcher Dokumente.
---------------------------------------------
https://www.dfn-cert.de/aktuell/malicious-macros-emotet.html


∗∗∗ Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware ∗∗∗
---------------------------------------------
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source.
---------------------------------------------
https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-banking-malware.html


∗∗∗ VB2018 paper: The modality of mortality in domain names ∗∗∗
---------------------------------------------
Domains play a crucial role in most cyber attacks, from the very advanced to the very mundane. Today, we publish a VB2018 paper by Paul Vixie (Farsight Security) who undertook the first systematic study into the lifetimes of newly registered domains. 
---------------------------------------------
https://www.virusbulletin.com:443/blog/2019/02/vb2018-paper-modality-mortality-domain-names/


∗∗∗ The lazy person’s guide to cybersecurity: minimum effort for maximum protection ∗∗∗
---------------------------------------------
How can we help our less tech-savvy friends stay more secure online? By giving them a lazy persons guide to cybersecurity, we can offer maximum protection for minimal effort.Categories: 101How-tosTags: cybersecuritypassword managerpotentially unwanted programspush notificationstech support scamsuser awarenessuser education(Read more...)The post The lazy person’s guide to cybersecurity: minimum effort for maximum protection appeared first on Malwarebytes Labs.
---------------------------------------------
https://blog.malwarebytes.com/101/2019/02/the-lazy-persons-guide-to-cybersecurity-minimum-effort-for-maximum-protection/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems ∗∗∗
---------------------------------------------
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-infects-d-link-nas-devices-targets-embedded-systems/


∗∗∗ Sicherheitsupdates: Lücken in Cisco HyperFlex machen Angreifer zum Root ∗∗∗
---------------------------------------------
Cisco hat wichtige Sicherheitsupdates für verschiedenen Produkte veröffentlicht. Keine der Lücken gilt als kritisch.
---------------------------------------------
http://heise.de/-4315921


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (libreoffice, libtiff, spice, and spice-gtk), openSUSE (build, mosquitto, and nodejs6), Red Hat (firefox, flatpak, and systemd), Scientific Linux (firefox, flatpak, and systemd), SUSE (kernel-firmware and texlive), and Ubuntu (bind9 and ghostscript).
---------------------------------------------
https://lwn.net/Articles/780543/


∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0161


∗∗∗ WinRAR: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WinRAR ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0162


∗∗∗ Adobe Acrobat DC: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat und Adobe Reader ausnutzen, um Informationen offenzulegen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0163


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js and OpenSSL affect IBM Watson Assistant on IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-and-openssl-affect-ibm-watson-assistant-on-ibm-cloud-private/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Watson Assistant on IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-watson-assistant-on-ibm-cloud-private/


∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-7810) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2014-7810/


∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1767) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2018-1767/


∗∗∗ BIND vulnerability CVE-2018-5744 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00040234


∗∗∗ BIND vulnerability CVE-2018-5745 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K25244852


∗∗∗ BIND vulnerability CVE-2019-6465 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01713115

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily