[CERT-daily] Tageszusammenfassung - 09.09.2019

Mon Sep 9 18:14:37 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 06-09-2019 18:00 − Montag 09-09-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ 7 most common application backdoors ∗∗∗
---------------------------------------------
The popular adage "we often get in quicker by the back door than the front" has withstood the test of time even in our advanced, modern world. Application backdoors have become rampant in today's business environment, making it mandatory for us to take the same level of precaution we'd do to safeguard the backdoor [...]
---------------------------------------------
https://resources.infosecinstitute.com/7-most-common-application-backdoors/


∗∗∗ 'Purple Fox' Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell ∗∗∗
---------------------------------------------
This new iteration of Purple Fox that we came across, also being delivered by Rig, has a few new tricks up its sleeve. It retains its rootkit component by abusing publicly available code. It now also eschews its use of NSIS in favor of abusing PowerShell, making Purple Fox capable of fileless infection. It also incorporated additional exploits to its infection chain, most likely as a foolproof mechanism to ensure that it can still infect the system.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rRfjdvF4DOI/


∗∗∗ Open Sourcing StringSifter ∗∗∗
---------------------------------------------
Malware analysts routinely use the Strings program during static analysis in order to inspect a binarys printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke analyst fatigue, relevant strings occur less often than irrelevant ones, and the definition of "relevant" can vary significantly among analysts.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsifter.html


∗∗∗ BlueKeep Exploit Added to Metasploit ∗∗∗
---------------------------------------------
An initial public exploit targeting the recently addressed BlueKeep vulnerability in Microsoft Windows has been added to Rapid7's Metasploit framework.
---------------------------------------------
https://www.securityweek.com/bluekeep-exploit-added-metasploit


∗∗∗ Kriminelle nützen Promis und Medien für Bitcoin-Betrug ∗∗∗
---------------------------------------------
Die Schadensummen reichen von etwa 200 Euro bis weit über 100.000 Euro: KonsumentInnen werden durch erfundene News-Artikel auf gefälschten Nachrichten-Websites zu Investments bei unseriösen Plattformen wie "Bitcoin Code", "Bitcoin Profit" oder "The News Spy" bewegt. Bekannte Persönlichkeiten wie Christoph Waltz oder Bill Gates und einflussreiche Medien wie orf.at oder Der Spiegel werden dabei von Kriminellen missbraucht, um Opfer [...]
---------------------------------------------
https://www.watchlist-internet.at/news/kriminelle-nuetzen-promis-und-medien-fuer-bitcoin-betrug/


∗∗∗ Sicherheitsforscher warnen vor GPS-Uhren für Kinder: Sofort wegwerfen ∗∗∗
---------------------------------------------
Smartwatches für Kids mit horrender Sicherheit - Angreifer können mit Leichtigkeit, Heranwachsende und Eltern ausspionieren
---------------------------------------------
https://www.derstandard.at/story/2000108423850/sicherheitsforscher-warnen-vor-gps-uhren-fuer-kinder-sofort-wegwerfen


∗∗∗ Telnet backdoor vulnerabilities impact over a million IoT radio devices ∗∗∗
---------------------------------------------
Devices can be remotely exploited as root without any need for user interaction.
---------------------------------------------
https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers ∗∗∗
---------------------------------------------
The NETGEAR N300 line of wireless routers contains two denial-of-service vulnerabilities. The N300 is a small and affordable wireless router that contains the basic features of a wireless router. An attacker could exploit these bugs by sending specific SOAP and HTTP requests to different functions of the router, causing it to crash entirely.
---------------------------------------------
https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-routers-DoS-sept-2019.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (expat, ghostscript, libreoffice, and memcached), Fedora (chromium, grafana, kea, nsd, pdfbox, roundcubemail, and SDL), Gentoo (apache, dbus, exim, libsdl2, pango, perl, vlc, and webkit-gtk), Mageia (dovecot, giflib, golang, icedtea-web, irssi, java-1.8.0-openjdk, libgcrypt, libmspack, mercurial, monit, php, poppler, python-urllib3, rdesktop, SDL12, sdl2, sigil, sqlite3, subversion, tomcat, and zstd), openSUSE (chromium, exim, go1.12, httpie, [...]
---------------------------------------------
https://lwn.net/Articles/798826/


∗∗∗ LibreOffice: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/09/warnmeldung_tw-t19-0127.html


∗∗∗ Instagram - Open Redirect Vulnerability ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019090061


∗∗∗ Photo Gallery by 10Web < 1.5.35 - SQL Injection & XSS ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/9872


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio (CVE-2018-1890, CVE-2019-2426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-watson-explorer-watson-content-analytics-and-watson-explorer-content-analytics-studio-cve-2018-1890-cve-2019-2426/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily