Daily July 2018

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 03.07.2018
by Daily end-of-shift report 03 Jul '18

03 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 02-07-2018 18:00 − Dienstag 03-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Malware lockt mit Fortnite-Cheats ∗∗∗ --------------------------------------------- Die Beliebtheit von Fortnite ruft vermehrt auch Kriminelle auf den Plan. --------------------------------------------- https://futurezone.at/games/malware-lockt-mit-fortnite-cheats/400060664 ∗∗∗ Akute Gefahr für Überwachungs-Software Nagios XI ∗∗∗ --------------------------------------------- Ein MetaSploit-Modul nutzt mehrere Schwachstellen in Nagios XI so geschickt aus, dass ein Angreifer den Monitoring-Server übernehmen kann. --------------------------------------------- http://heise.de/-4096379 ∗∗∗ Patchday: Google schließt teils kritische Android-Lücken ∗∗∗ --------------------------------------------- Die monatlich von Google veröffentlichten Sicherheits-Patches für Android betreffen im Juli ausnahmslos Lücken mit hohem bis kritischem Schweregrad. --------------------------------------------- http://heise.de/-4096435 ∗∗∗ Mac malware targets cryptomining users ∗∗∗ --------------------------------------------- A new Mac malware called OSX.Dummy is being distributed on cryptomining chat groups that, even after being removed, leaves behind remnants for future malware to find. --------------------------------------------- https://blog.malwarebytes.com/malwarebytes-news/2018/07/mac-malware-targets… ∗∗∗ Smoking Guns - Smoke Loader learned new tricks ∗∗∗ --------------------------------------------- This post is authored by Ben Baker and Holger Unterbrink OverviewCisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to .. --------------------------------------------- https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learne… ∗∗∗ Kontrolle erlangt - Hacker integrierten bei Gentoo Linux gefährlichen Löschbefehl ∗∗∗ --------------------------------------------- Github-Repo übernommen und Befehl untergejubelt – mittlerweile haben die Entwickler aber wieder Kontrolle --------------------------------------------- https://derstandard.at/2000082722326/Hacker-integrierten-bei-Gentoo-Linux-g… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (drupal7-backup_migrate, firefox, and podman), Red Hat (python), Scientific Linux (glibc, kernel, libvirt, pcs, samba, samba4, sssd and ding-libs, and zsh), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, linux-oem, and zziplib). --------------------------------------------- https://lwn.net/Articles/758940/ ∗∗∗ Multiple vulnerabilities from IBM Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability ∗∗∗ --------------------------------------------- https://www.securitytracker.com/id/1041211 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.07.2018
by Daily end-of-shift report 02 Jul '18

02 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 29-06-2018 18:00 − Montag 02-07-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses ∗∗∗ --------------------------------------------- While we have covered cryptocurrency clipboard hijackers in the past, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses. This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses! --------------------------------------------- https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-m… ∗∗∗ DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident ∗∗∗ --------------------------------------------- The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dns-poisoning-or-bgp-hijacki… ∗∗∗ Newer Diameter Telephony Protocol Just As Vulnerable As SS7 ∗∗∗ --------------------------------------------- Security researchers say the Diameter protocol used with todays 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier. --------------------------------------------- https://www.bleepingcomputer.com/news/security/newer-diameter-telephony-pro… ∗∗∗ Taking apart a double zero-day sample discovered in joint hunt with ESET ∗∗∗ --------------------------------------------- In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherpanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same Read more --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-… ∗∗∗ Boffins want to stop Network Time Protocols time-travelling exploits ∗∗∗ --------------------------------------------- Ancient protocols key vulnerability is fixable Among the many problems that exist in the venerable Network Time Protocol is its vulnerability to timing attacks: turning servers into time-travellers can play all kinds of havoc with important systems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2018/07/02/ntp_revisio… ∗∗∗ The principle of least privilege: A strategy of limiting access to what is essential ∗∗∗ --------------------------------------------- The principle of least privilege is a security strategy applicable to different areas, which is based on the idea of only granting those permissions that are necessary for the performance of a certain activity --------------------------------------------- https://www.welivesecurity.com/2018/07/02/principle-least-privilege-strateg… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (chromium-browser, mosquitto, python-pysaml2, simplesamlphp, tiff, and tomcat7), Fedora (kernel, libgxps, nodejs, and phpMyAdmin), Mageia (ansible, firefox, java-1.8.0-openjdk, libcrypt, libgcrypt, ncurses, phpmyadmin, taglib, and webkit2), openSUSE (GraphicsMagick, ImageMagick, mailman, Opera, and rubygem-sprockets), and SUSE (ImageMagick, kernel, mariadb, and python-paramiko). --------------------------------------------- https://lwn.net/Articles/758845/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily July 2018