[CERT-daily] Tageszusammenfassung - 16.05.2019

Thu May 16 18:03:18 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 15-05-2019 18:00 − Donnerstag 16-05-2019 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Announcing the all new Attack Surface Analyzer 2.0 ∗∗∗
---------------------------------------------
Attack Surface Analyzer 2.0 can help you identify security risks introduced when installing software on Windows, Linux, or macOS by analyzing changes to the file system, registry, network ports, ..
---------------------------------------------
https://www.microsoft.com/security/blog/2019/05/15/announcing-new-attack-surface-analyzer-2-0/


∗∗∗ Sicherheitsupdate: WordPress-Plugin WP Live Chat Support für Attacken anfällig ∗∗∗
---------------------------------------------
Aufgrund eines Fehlers könnten Angreifer Schadcode auf WordPress-Websites mit dem Zusatzmodul WP Live Chat Support verankern.
---------------------------------------------
https://heise.de/-4423479


∗∗∗ Kritische Schwachstelle in Microsoft Remote Desktop Services - Updates verfügbar ∗∗∗
---------------------------------------------
Microsoft hat als Teil des "Patch Tuesday" ein Update für eine Schwachstelle in "Remote Desktop Services" veröffentlicht. Diese Schwachstelle ermöglicht es einem Angreifer, durch eine speziell ..
---------------------------------------------
http://www.cert.at/warnings/all/20190516.html


∗∗∗ An MDS reading list ∗∗∗
---------------------------------------------
We contemplated putting together an LWN article on the "microarchitecturaldata sampling" (MDS) vulnerabilities, as weve done for pastspeculative-execution issues. But the truth of the matter is that its ..
---------------------------------------------
https://lwn.net/Articles/788522/


∗∗∗ IT-Security - Zombieload und Co.: Softwarehersteller geben zunehmend gegen Prozessorlücken auf ∗∗∗
---------------------------------------------
Apple hat aktuelle Patches wegen massiven Performanceverlusten nur teilweise aktiviert, Googles v8-Team sieht Aufwand nicht gerechtfertigt
---------------------------------------------
https://derstandard.at/2000103251668/Zombieload-und-Co-Softwarehersteller-geben-zunehmend-gegen-Prozessorluecken-auf


∗∗∗ $100 million GozNym cybercrime network dismantled as suspects charged ∗∗∗
---------------------------------------------
The sophisticated conspiracy saw tens of thousands of victims’ computers infected with the GozNym malware in order to steal online banking passwords, and raid ..
---------------------------------------------
https://hotforsecurity.bitdefender.com/blog/100-million-goznym-cybercrime-network-dismantled-as-suspects-charged-21171.html#new_tab


∗∗∗ Threat Actor Profile: TA542, From Banker to Malware Distribution Service ∗∗∗
---------------------------------------------
Proofpoint researchers began tracking a prolific actor (referred to as TA542) in 2014 when reports first emerged about the appearance of the group’s signature payload, Emotet (aka Geodo). TA542 consistently uses the latest version of this malware, launching widespread email campaigns ..
---------------------------------------------
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Cisco Unified Intelligence Center Remote File Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj


∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities ∗∗∗
---------------------------------------------
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow a remote attacker to gain the ability to ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce


∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/05/15/Cisco-Releases-Multiple-Security-Updates


∗∗∗ Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-core-2019-007


∗∗∗ Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys ∗∗∗
---------------------------------------------
https://security.googleblog.com/2019/05/titan-keys-update.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily