Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 22.06.2018
by Daily end-of-shift report 22 Jun '18

22 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-06-2018 18:00 − Freitag 22-06-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New GZipDe Malware Drops Metasploit Backdoor ∗∗∗ --------------------------------------------- Security researchers from AlienVault have discovered a new malware strain named GZipDe that appears to be part of a targeted attack â€”most likely a cyber-espionage campaign. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-gzipde-malware-drops-met… ∗∗∗ FIRST Releases Training to Help Companies Respond to Product Vulnerabilities ∗∗∗ --------------------------------------------- The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the final Product Security Incident Response Teams (PSIRT) Services Framework (PDF) and accompanying training video course. This framework and training video course were developed by a global team of PSIRT practitioners from FIRST members and relevant subject matter experts. --------------------------------------------- https://www.first.org/newsroom/releases/20180621 ∗∗∗ Detecting Kernel Memory Disclosure – Whitepaper ∗∗∗ --------------------------------------------- Since early 2017, we have been working on Bochspwn Reloaded – a piece of dynamic binary instrumentation built on top of the Bochs IA-32 software emulator, designed to identify memory disclosure vulnerabilities in operating system kernels. Over the course of the project, we successfully used it to discover and report over 70 previously unknown security issues in Windows, and more than 10 bugs in Linux. --------------------------------------------- https://googleprojectzero.blogspot.com/2018/06/detecting-kernel-memory-disc… ∗∗∗ Financial Services Sector Rife with Hidden Tunnels ∗∗∗ --------------------------------------------- Attackers use the approach to look like legitimate traffic and hide data exfiltration in plain sight. --------------------------------------------- https://threatpost.com/financial-services-sector-rife-with-hidden-tunnels/1… ∗∗∗ Wie Sie eine Baby-Cam erfolgreich hacken (Gwelltimes P2P Cloud) ∗∗∗ --------------------------------------------- Vor einiger Zeit wurde in den USA ein Fall bekannt, bei dem ein W-LAN-fähiges Babyphone gehackt worden sei. Jemand hätte die Mutter und ihr Baby überwacht. SEC Consult hat sich den Fall nun aus der technischen Perspektive angesehen. --------------------------------------------- https://www.sec-consult.com/blog/2018/06/wie-sie-eine-babycam-erfolgreich-h… ∗∗∗ Documenting and Attacking a Windows Defender Application Control Feature the Hard Way - A Case Study in Security Research Methodology ∗∗∗ --------------------------------------------- As is typically the case for me, whenever a new Windows build is released, I diff the Windows Defender Application Control (WDAC, formerly Device Guard) code integrity policy schema (located in %windir%\schemas\CodeIntegrity\cipolicy.xsd) to see if there are any new, interesting features. I resort to doing this because new WDAC features are seldom documented [...] --------------------------------------------- https://posts.specterops.io/documenting-and-attacking-a-windows-defender-ap… ∗∗∗ Why You Should Care about Website Security on Your Small Site ∗∗∗ --------------------------------------------- Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vulnerability to hack. Under most circumstances however, bad actors don’t manually hand-pick websites to attack since it’s a tedious and time consuming process. Instead, they rely on automation to identify vulnerable websites and execute their attacks. --------------------------------------------- https://blog.sucuri.net/2018/06/why-you-should-care-about-website-security-… ===================== = Vulnerabilities = ===================== ∗∗∗ Delta Electronics Delta Industrial Automation COMMGR ∗∗∗ --------------------------------------------- This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation COMMGR software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01 ∗∗∗ Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for an improper input validation vulnerability reported in Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02 ∗∗∗ PMASA-2018-4 ∗∗∗ --------------------------------------------- File inclusion and remote code execution attackAffected VersionsphpMyAdmin 4.8.0 and 4.8.1 are affected.CVE ID(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12613, uCVE-2018-12613) --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2018-4/ ∗∗∗ PMASA-2018-3 ∗∗∗ --------------------------------------------- XSS in Designer featureAffected VersionsphpMyAdmin versions prior to 4.8.2.CVE ID(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581, uCVE-2018-12581) --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2018-3/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- There is Factory Reset Protection (FRP) bypass vulnerability in some Huawei smart phones. An attacker gets some users smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. (Vulnerability ID: HWPSIRT-2018-04051) --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-by… ∗∗∗ Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- Some Huawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the users Bluetooth device to unlock the users mobile phone screen. (Vulnerability ID: HWPSIRT-2017-01088) --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170323-01-sm… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (php-horde-image), openSUSE (kernel), Scientific Linux (git), SUSE (bluez, kernel, mariadb, and mariadb, mariadb-connector-c, xtrabackup), and Ubuntu (openjdk-7). --------------------------------------------- https://lwn.net/Articles/758024/ ∗∗∗ Lazy FP state restore vulnerability CVE-2018-3665 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21344224 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.06.2018
by Daily end-of-shift report 21 Jun '18

21 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-06-2018 18:00 − Donnerstag 21-06-2018 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Downloading 3rd Party OpenVPN Configs May Be Dangerous. Here’s Why. ∗∗∗ --------------------------------------------- If an actor wanted to cause the OpenVPN configuration file to execute a command they would add the "script-security 2" line, which allows user defined scripts to be executed, and a "up" entry, which contains the command that is executed after after a connection has been made. --------------------------------------------- https://www.bleepingcomputer.com/news/security/downloading-3rd-party-openvp… ∗∗∗ Beginner’s Guide to Pentesting IoT Architecture/Network and Setting Up IoT Pentesting Lab – Part 1 ∗∗∗ --------------------------------------------- In this post, I will explain how to pentest an IoT Network/Architecture. Also, I will explain how to set up an IoT Pentesting lab for getting started with IoT Pentesting. Since the post is too long, to make it digestible, it will be split into two parts. --------------------------------------------- https://resources.infosecinstitute.com/beginners-guide-to-pentesting-iot-ar… ∗∗∗ Google Developer Discovers a Critical Bug in Modern Web Browsers ∗∗∗ --------------------------------------------- Chrome and Safari already have a policy in place to reject such cross-origin requests as soon as they see any redirection after the underlying content appears to have changed between requests, their users are already protected. ... FireFox and Edge browsers that were found vulnerable to this issue have also patched the vulnerability in their latest versions after Archibald responsibly reported it to their security teams. Therefore, FireFox and Edge browser users are highly recommended to make sure that they are running the latest version of these browsers. --------------------------------------------- https://thehackernews.com/2018/06/browser-cross-origin-vulnerability.html ∗∗∗ Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware ∗∗∗ --------------------------------------------- We were able to observe a series of network attacks exploiting CVE-2018-7602, a security flaw in the Drupal content management framework. For now, these attacks aim to turn affected systems into Monero-mining bots. Of note are its ways of hiding behind the Tor network to elude detection and how it checks the affected system first before infecting it with a cryptocurrency-mining malware. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0C5nXsg4wxQ/ ∗∗∗ Warnung vor gefälschter Finanzonline.at-Nachricht ∗∗∗ --------------------------------------------- Internet-Nutzer/innen erhalten eine gefälschte E-Mail des Finanzministeriums. Sie hat das Betreff „Ihre Steuerrückzahlung“. Darin heißt es, dass eine kürzlich erfolgte Steuerrückzahlung an Empfänger/innen fehlgeschlagen sei. Aus diesem Grund sollen sie auf einer unbekannten Website persönliche Bankdarten bekannt geben. Nutzer/innen übermitteln diese an Kriminelle und werden Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-gefaelschter-finanzonlin… ===================== = Vulnerabilities = ===================== ∗∗∗ NVIDIA TX1 Boot ROM Vulnerability ∗∗∗ --------------------------------------------- On April 24, 2018, researchers disclosed a vulnerability that takes advantage of a buffer overflow vulnerability in NVIDIA TX1 BootROM when Recovery Mode (RCM) is active. This vulnerability could allow an unprivileged, local attacker to bypass secure boot and execute unverified code on an affected system. The vulnerability has been identified by CVE-2018-6242. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Nextcloud Server: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- er Hersteller stellt die Nextcloud Server Versionen 12.0.8 und 13.0.3 zur Behebung der Schwachstellen CVE-2018-3761 und CVE-2018-3762 zur Verfügung. Zur Behebung der Schwachstellen CVE-2018-3763 und CVE-2018-3764 stehen Sicherheitsupdates für die Apps 'Contacts' auf Version 2.1.2 und 'Calendar' auf Version 1.6.1 bzw. 1.5.8 zur Verfügung. --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1204/ ∗∗∗ Security Advisory für Microsoft Exchange Server ∗∗∗ --------------------------------------------- Microsoft hat anlässlich des Quartals-Updates für Microsoft Exchange Server ein Security Advisory sowie Sicherheitsupdates für Elemente der "Outside In" Libraries von Oracle veröffentlicht, die in Microsoft Exchange Server enthalten sind. Durch diese Patches werden drei Schwachstellen geschlossen. --------------------------------------------- https://www.cert.at/warnings/all/20180620.html ∗∗∗ Sicherheitslücken (teils kritisch) in Cisco FXOS und NX-OS Software - Patches verfügbar ∗∗∗ --------------------------------------------- Cisco hat mehrere Security Advisories zu teils kritischen Sicherheitslücken in Cisco FXOS und Cisco NX-OS Software veröffentlicht. Fünf der Schwachstellen werden mit einem CVSS Base Score von 9.8 als kritisch eingestuft: [...] --------------------------------------------- https://www.cert.at/warnings/all/20180621.html ∗∗∗ Symantec Endpoint Protection Multiple Issues ∗∗∗ --------------------------------------------- Symantec has released a set of updates to address issues that were discovered in the Symantec Endpoint Protection product. --------------------------------------------- https://support.symantec.com/en_US/article.SYMSA1454.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (cobbler and matrix-synapse), Oracle (git), Red Hat (git), SUSE (java-1_7_1-ibm, nagios-nrpe, and ntp), and Ubuntu (AMD microcode). --------------------------------------------- https://lwn.net/Articles/757971/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.06.2018
by Daily end-of-shift report 20 Jun '18

20 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-06-2018 18:00 − Mittwoch 20-06-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ZeroFont Technique Lets Phishing Emails Bypass Office 365 Security Filters ∗∗∗ --------------------------------------------- Cyber-criminals are currently using a trick that allows them to bypass Microsofts security filters and deliver spam and phishing emails to Office 365 email accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/zerofont-technique-lets-phis… ∗∗∗ Verschlüsselung: TLS 1.0 und 1.1 sollen "sterben, sterben, sterben" ∗∗∗ --------------------------------------------- Ein aktueller Entwurf der IETF sieht vor, dass die alten TLS-Versionen 1.0 und 1.1 künftig nicht mehr benutzt werden dürfen. Ein Fallback ist explizit nicht vorgesehen. (TLS, Verschlüsselung) --------------------------------------------- https://www.golem.de/news/verschluesselung-tls-1-0-und-1-1-sollen-sterben-s… ∗∗∗ Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill ∗∗∗ --------------------------------------------- Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them.Sounds like a really good idea, but Andreas Gutmann points out an application where this could become a vulnerability: when authenticating transactions:Transaction authentication, as opposed to user authentication, is used to attest the [...] --------------------------------------------- https://www.schneier.com/blog/archives/2018/06/perverse_vulner.html ∗∗∗ Magento Credit Card Stealer Reinfector ∗∗∗ --------------------------------------------- In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinfector of Magento websites in one of our recent Labs Notes. --------------------------------------------- https://blog.sucuri.net/2018/06/magento-credit-card-stealer-reinfector.html ∗∗∗ Malware Olympic Destroyer ist zurück und zielt auch auf Deutschland ∗∗∗ --------------------------------------------- Olympic Destroyer hat es auf europäische Einrichtungen zur chemischen und biologischen Gefahrenabwehr abgesehen, warnen Sicherheitsforscher. --------------------------------------------- http://heise.de/-4086654 ∗∗∗ Spectre-NG-Lücken: OpenBSD schaltet Hyper-Threading ab ∗∗∗ --------------------------------------------- Um das Risiko für Angriffe über Spectre-Lücken zu mindern, schaltet das Betriebssystem OpenBSD bei Intel-Prozessoren Multi-Threading jetzt standardmäßig ab. --------------------------------------------- http://heise.de/-4087035 ∗∗∗ Bawag P.S.K.-KundInnen dürfen keine angebliche Sicherheits-App installieren! ∗∗∗ --------------------------------------------- Kriminelle verfassen eine gefälschte Bawag P.S.K.-Nachricht und versenden diese massenhaft. In der Nachricht werden die EmpfängerInnen wegen einer vermeintlichen Einschränkung des Kontos dazu aufgefordert eine Sicherheits-App zu installieren, um ihr Konto wieder nutzen zu können. Achtung: Es handelt sich um Schadsoftware und einen Versuch an fremde Bankdaten zu gelangen. Wer die Applikation installiert gewährt den Kriminellen Zugriff auf das eigene Bankkonto. --------------------------------------------- https://www.watchlist-internet.at/news/bawag-psk-kundinnen-duerfen-keine-an… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (pass), Debian (xen), Fedora (chromium, cobbler, gnupg, kernel, LibRaw, mariadb, mingw-libtiff, nikto, and timidity++), Gentoo (chromium, curl, and transmission), Mageia (gnupg, gnupg2, librsvg, poppler, roundcubemail, and xdg-utils), Red Hat (ansible and glusterfs), Slackware (gnupg), SUSE (cobbler, dwr, java-1_8_0-ibm, kernel, microcode_ctl, pam-modules, salt, slf4j, and SMS3.1), and Ubuntu (libgcrypt11, libgcrypt11, libgcrypt20, and mozjs52). --------------------------------------------- https://lwn.net/Articles/757876/ ∗∗∗ QNAP QTS LDAP Server Command Injection Flaw Lets Remote Users Execute Arbitrary Commands on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041141 ∗∗∗ Splunk REST Endpoint Lets Remote Users Obtain Potentially Sensitive Information on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041148 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.06.2018
by Daily end-of-shift report 19 Jun '18

19 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Montag 18-06-2018 18:00 − Dienstag 19-06-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 75% of Malware Uploaded on "No-Distribute" Scanners Is Unknown to Researchers ∗∗∗ --------------------------------------------- Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time. --------------------------------------------- https://www.bleepingcomputer.com/news/security/75-percent-of-malware-upload… ∗∗∗ Over 22,000 Container Orchestration Systems Connected to the Internet ∗∗∗ --------------------------------------------- The admin consoles of over 22,000 container orchestration and API management systems are currently exposed online, according to a report published on Monday by Lacework, a company specialized in cloud security. --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-22-000-container-orches… ∗∗∗ FIRST releases 2017-2018 Annual Report ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams releases its second annual report, covering the scope of its activities from the 2017 conference in Puerto Rico, through its 2018 annual event in Kuala Lumpur. --------------------------------------------- https://www.first.org/newsroom/releases/20180619 ∗∗∗ macOS-Fehler macht verschlüsselte Bilder und Texte zugänglich ∗∗∗ --------------------------------------------- Ein Bug in der QuickLook-Schnellansicht speichert auch geschützte Dateien im Dateisystem, so Sicherheitsforscher. --------------------------------------------- http://heise.de/-4084698 ∗∗∗ Flightradar24 gehackt: Daten von 230.000 Nutzern abgezogen ∗∗∗ --------------------------------------------- Einige Mitglieder von Flightradar24 erhalten derzeit E-Mails mit Warnungen über einen Server-Einbruch. Die Betreiber haben Passwörter zurückgesetzt. --------------------------------------------- http://heise.de/-4084911 ∗∗∗ Warnung vor thermomix-outlet.com ∗∗∗ --------------------------------------------- Auf thermomix-outlet.com können Konsument/innen den Thermomix TM5 mit Cook-Key um 879,00 Euro kaufen. Die Bezahlung der Ware ist nur im Voraus möglich. Interessent/innen, die den Kaufpreis überweisen, verlieren ihr Geld an Kriminelle und werden Opfer eines Datendiebstahls. Von einem Einkauf auf thermomix-outlet.com ist daher dringend abzuraten! --------------------------------------------- https://www.watchlist-internet.at/news/warnung-vor-thermomix-outletcom/ ∗∗∗ Vermeintliche Geschäftsführung drängt zu Geldüberweisung ∗∗∗ --------------------------------------------- Verrechnungs- und Buchhaltungsabteilungen in Firmen sowie KassierInnen in Vereinen werden gezielt von Betrügern adressiert. Die E-Mails werden im Namen der Geschäftsführung der jeweiligen Firma bezehungsweise des jeweiligen Vereins verschickt. Darin werden die MitarbeiterInnen dazu aufgefordert hohe Geldbeträge ins Ausland zu überweisen. Wird die Überweisung durchgeführt, ist das Geld verloren. --------------------------------------------- https://www.watchlist-internet.at/news/vermeintliche-geschaeftsfuehrung-dra… ∗∗∗ Netzpolitik - Sicherheitsdefizit bei Chromecast und Google Home erlaubt exakte Ortung der Nutzer ∗∗∗ --------------------------------------------- Google verspricht Update – Forscher warnt generell vor falschem Vertrauen in das lokale Netzwerk --------------------------------------------- https://derstandard.at/2000081833170/Sicherheitsdefizit-bei-Chromecast-und-… ===================== = Vulnerabilities = ===================== ∗∗∗ ADV180010 | June 2018 Oracle Outside In Library Security Update ∗∗∗ --------------------------------------------- Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. The June 19, 2018 releases of Microsoft Exchange Server contain fixes to the following vulnerabilities, [...] --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180010 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libgcrypt), Fedora (bouncycastle, nodejs, and perl-Archive-Tar), openSUSE (aubio), and Red Hat (chromium-browser, glibc, kernel, kernel-rt, libvirt, pcs, samba, samba4, sssd and ding-libs, and zsh). --------------------------------------------- https://lwn.net/Articles/757811/ ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012400 ∗∗∗ HPESBMU03837 rev.1 - HPE CentralView Fraud Risk Management - Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBGN03853 rev.1 - HPE Network Function Virtuallization Director (NFVD), Remote Unauthorized Access to Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.06.2018
by Daily end-of-shift report 18 Jun '18

18 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-06-2018 18:00 − Montag 18-06-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives ∗∗∗ --------------------------------------------- Apples macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. --------------------------------------------- https://www.bleepingcomputer.com/news/apple/macos-breaks-your-opsec-by-cach… ∗∗∗ Rootkit-Based Adware Wreaks Havoc Among Windows 10 Users in the US ∗∗∗ --------------------------------------------- Security researchers from Romania-based antivirus vendor Bitdefender have detailed the operations of an adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component thats even effective against Windows 10 installations. --------------------------------------------- https://www.bleepingcomputer.com/news/security/rootkit-based-adware-wreaks-… ∗∗∗ Vendor Patches Seven Vulnerabilities Across 392 Camera Models ∗∗∗ --------------------------------------------- Axis Communications AB, a Swedish manufacturer of network cameras for physical security and video surveillance, has patched seven security flaws across nearly 400 security camera models. --------------------------------------------- https://www.bleepingcomputer.com/news/security/vendor-patches-seven-vulnera… ∗∗∗ Betrügerische Pfändungstermine ignorieren ∗∗∗ --------------------------------------------- Kriminelle versenden gefälschte Inkassoschreiben und erklären den Empfänger/innen, dass sie ein Mahnverfahren erwirkt haben und ein Gerichtsvollzieher die vermeintlichen Schuldner/innen besuchen werde. Das könne einzig und allein eine Geldzahlung verhindern. Konsument/innen können die E-Mail ignorieren und müssen keine Geldzahlung leisten. --------------------------------------------- https://www.watchlist-internet.at/news/betruegerische-pfaendungstermine-ign… ===================== = Vulnerabilities = ===================== ∗∗∗ Xen Security Advisory CVE-2018-3665 / XSA-267 ∗∗∗ --------------------------------------------- Speculative register leakage from lazy FPU context switching --------------------------------------------- https://xenbits.xen.org/xsa/advisory-267.html ∗∗∗ MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF ∗∗∗ --------------------------------------------- A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization & Cross-site Request forgery (CSRF). --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (libgcrypt20, redis, and strongswan), Fedora (epiphany, freedink-dfarc, gnupg, LibRaw, nodejs-JSV, nodejs-uri-js, singularity, strongswan, and webkit2gtk3), Mageia (flash-player-plugin, freedink-dfarc, and imagemagick), openSUSE (enigmail, gpg2, java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, postgresql96, python-python-gnupg, and samba), Oracle (kernel), SUSE (gpg2 and xen), and Ubuntu (gnupg and webkit2gtk). --------------------------------------------- https://lwn.net/Articles/757758/ ∗∗∗ BlackBerry powered by Android Security Bulletin – June 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ FFmpeg: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1177/ ∗∗∗ IBM Security Bulletin: IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru is affected by vulnerability in OpenSLP (CVE-2017-17833) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099813 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL Affect Sterling Connect:Direct for HP NonStop (CVE-2018-0739) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016399 ∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru (CVE-2017-8816 CVE-2017-8817 CVE-2017-8818) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099811 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru (CVE-2017-3737 CVE-2017-3738) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099812 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.06.2018
by Daily end-of-shift report 15 Jun '18

15 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-06-2018 18:00 − Freitag 15-06-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Kaspersky Halts Europol and NoMoreRansom Project Coop After EU Parliament Vote ∗∗∗ --------------------------------------------- Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament today. --------------------------------------------- https://www.bleepingcomputer.com/news/government/kaspersky-halts-europol-an… ∗∗∗ Decryptor Released for the Everbe Ransomware ∗∗∗ --------------------------------------------- A decryptor for the Everbe Ransomware was released by Michael Gillespie that allows victims to get their files back for free. It is not known how this ransomware is currently being distributed, but as long as victims have an unencrypted version of an encrypted file, they can use them to brute force the decryption key. --------------------------------------------- https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-e… ∗∗∗ Mechanics Behind Ransomware-as-a-Service ∗∗∗ --------------------------------------------- Ransomware is an increasingly serious concern, and this problem is getting worse over time. Initially, this malware began to compromise fixed targets such as individuals, but now the focus has changed and became much broader — from individuals to organizations. --------------------------------------------- https://resources.infosecinstitute.com/mechanics-behind-ransomware-as-a-ser… ∗∗∗ Old Botnets never Die, and DDG REFUSE to Fade Away ∗∗∗ --------------------------------------------- DDG is a mining botnet that specializes in exploiting SSH, Redis database and OrientDB database servers. We first caught it on October 25, 2017, at that time, DDG used version number 2020 and 2021, and we noticed that the botnet has two internally reserved domain names that had not been [...] --------------------------------------------- http://blog.netlab.360.com/old-botnets-never-die-and-ddg-refuse-to-fade-awa… ∗∗∗ Spectre-NG: Harte Kritik von OpenBSD-Entwickler Theo de Raadt ∗∗∗ --------------------------------------------- Die Veröffentlichung des jüngsten Spectre-NG-Bugs wurde hektisch vorgezogen, nachdem Theo de Raadt die Informationspolitik von Intel kritisierte. --------------------------------------------- http://heise.de/-4078903 ∗∗∗ 5 Millionen Mal heruntergeladen: Bösartige Docker-Container schürfen Monero ∗∗∗ --------------------------------------------- Zehn Monate lang waren Docker-Images mit Hintertür über Docker Hub verfügbar, obwohl die Verantwortlichen längst über den Schadcode informiert waren. --------------------------------------------- http://heise.de/-4079414 ∗∗∗ Unintended Clipboard Paste Function in Windows 10 Leads to Information Leak in RS1 ∗∗∗ --------------------------------------------- The McAfee Labs Advanced Threat Research team has been investigating the Windows 10 platform. We have submitted several vulnerabilities already and have disclosed our research to Microsoft. Please refer to our vulnerability disclosure policy for further details or the post from earlier this week on Windows 10 Cortana vulnerabilities. --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/unintended-clipboard-paste-… ∗∗∗ Fake Font Dropper ∗∗∗ --------------------------------------------- A website owner reached out to us to investigate a weird behavior on their site. It was randomly showing a popup window for a missing font and telling the visitors that they are unable to view the content of the site because their own computers are missing a required font by the website called "HoeflerText", [...] --------------------------------------------- http://labs.sucuri.net/?note=2018-06-14 ∗∗∗ Totally Pwning the Tapplock (the API way) ∗∗∗ --------------------------------------------- An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas (@evstykas) has found a way to unlock any lock, plus scrape users PII and home addresses. --------------------------------------------- https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Natus Xltek NeuroWorks ∗∗∗ --------------------------------------------- This medical device advisory includes mitigations for stack-based buffer overflow and out-of-bounds read vulnerabilities in the Natus Xltek NeuroWorks software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01 ∗∗∗ Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a permissions, privileges, and access controls vulnerability reported in Siemens SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-165-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (plexus-archiver), Fedora (chromium, kernel, and plexus-archiver), Mageia (firefox, gifsicle, jasper, leptonica, patch, perl-DBD-mysql, qt3, and scummvm), openSUSE (opencv), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (gpg2, nautilus, and postgresql96), and Ubuntu (gnupg2 and linux-raspi2). --------------------------------------------- https://lwn.net/Articles/757610/ ∗∗∗ Cisco IP Phone 7800 Series and 8800 Series Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ [R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2018-09 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.06.2018
by Daily end-of-shift report 14 Jun '18

14 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-06-2018 18:00 − Donnerstag 14-06-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ SigSpoof: Signaturen fälschen mit GnuPG ∗∗∗ --------------------------------------------- In bestimmten Situationen lässt sich die Signaturprüfung von GnuPG in den Plugins für Thunderbird und Apple Mail austricksen. Der Grund: Über ungefilterte Ausgaben lassen sich Statusmeldungen des Kommandozeilentools fälschen. Doch der Angriff funktioniert nur unter sehr speziellen Bedingungen. (GPG, E-Mail) --------------------------------------------- https://www.golem.de/news/sigspoof-signaturen-faelschen-mit-gnupg-1806-1349… ∗∗∗ Lazy FPU: Intels Floating Point Unit kann geheime Daten leaken ∗∗∗ --------------------------------------------- Register der Floating Point Unit in Core I und wohl auch von einigen Xeon-Prozessoren können Ergebnisse vertraulicher Berechnungen verraten. Dazu ist jedoch ein lokaler Angriff mit Malware erforderlich, außerdem ein veraltetes Betriebssystem. (Intel, Amazon) --------------------------------------------- https://www.golem.de/news/lazy-fpu-intels-floating-point-unit-kann-geheime-… ∗∗∗ Microsoft Reveals Which Bugs It Won’t Patch ∗∗∗ --------------------------------------------- A draft document lays out its criteria for addressing various flaws and notes the exceptions. --------------------------------------------- https://threatpost.com/microsoft-reveals-which-bugs-it-wont-patch/132817/ ∗∗∗ A Bunch of Compromized Wordpress Sites, (Wed, Jun 13th) ∗∗∗ --------------------------------------------- A few days ago, one of our readers contacted reported an incident affecting his website based on Wordpress. He performed quick checks by himself and found some pieces of evidence: [...] --------------------------------------------- https://isc.sans.edu/diary/rss/23764 ∗∗∗ Tapplock Smart locks found to be physically and digitally vulnerable ∗∗∗ --------------------------------------------- Tapplock Smart locks contain several physical and digital vulnerabilities, each of which could allow an attacker to crack the lock with some attacks taking as little as two seconds to execute. --------------------------------------------- https://www.scmagazine.com/tapplock-smart-locks-found-to-be-physically-and-… ∗∗∗ Malspam Campaigns Using IQY Attachments to Bypass AV Filters and Install RATs ∗∗∗ --------------------------------------------- Malspam campaigns, such as ones being distributed by Necurs, are utilizing a new attachment type that is doing a good job in bypassing antivirus and mail filters. These IQY attachments are called Excel Web Query files and when opened will attempt to pull data from external sources. --------------------------------------------- https://www.bleepingcomputer.com/news/security/malspam-campaigns-using-iqy-… ∗∗∗ Mac-Malware kann Sicherheits-Tools austricksen ∗∗∗ --------------------------------------------- Mit einer vermeintlichen Apple-Signatur ist es Schadsoftware möglich, bekannte Security-Tools zu umgehen. Das Problem besteht offenbar seit Jahren. --------------------------------------------- http://heise.de/-4077945 ∗∗∗ Ecos Secure Boot Stick: Forscher warnen vor Schwachstellen ∗∗∗ --------------------------------------------- Tests mit dem SBS-Stick 5.6.5 und der System-Management-Software 5.2.68 haben mehrere Angriffspunkte offenbart. Updates stehen bereit. --------------------------------------------- http://heise.de/-4078344 ∗∗∗ Schadcode per Git: Xcode-Update soll Schwachstelle beheben ∗∗∗ --------------------------------------------- Apple hat die Programmierumgebung aktualisiert, um Sicherheitslücken auszuräumen. Git-Nutzer sollten das Update zügig einspielen. --------------------------------------------- http://heise.de/-4078821 ∗∗∗ New CryptoMiner hijacks your Bitcoin transaction. Over 300,000 computers have been attacked. ∗∗∗ --------------------------------------------- Recently, 360 Security Center discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker. The Trojan monitors clipboard activity to detect if it contains the account [...] --------------------------------------------- https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium and gnupg), Debian (spip), Fedora (pdns-recursor), Gentoo (adobe-flash, burp, quassel, and wget), openSUSE (bouncycastle and taglib), Oracle (kernel), SUSE (java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, and samba), and Ubuntu (file, perl, and ruby1.9.1, ruby2.0, ruby2.3). --------------------------------------------- https://lwn.net/Articles/757531/ ∗∗∗ Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2018-041 ∗∗∗ OpenSSL, Libgcrypt, LibreSSL: Zwei Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1138/ https://www.openssl.org/news/secadv/20180612.txt ∗∗∗ Enigmail: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1155/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22017118 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM® SPSS Statistics Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016900 ∗∗∗ IBM Security Bulletin: A privilege escalation vulnerability in nzhwinfo that affects IBM Netezza Platform Software clients. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015701 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016809 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – October 2017, January 2018 and April 2018 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012379 ∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Tomcat vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22017032 ∗∗∗ SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020) ∗∗∗ --------------------------------------------- https://neopg.io/blog/gpg-signature-spoof/ ∗∗∗ SigSpoof 2: More ways to spoof signatures in GnuPG (CVE-2018-12019) ∗∗∗ --------------------------------------------- https://neopg.io/blog/enigmail-signature-spoof/ ∗∗∗ SigSpoof 3: Breaking signature verification in pass (Simple Password Store) (CVE-2018-12356) ∗∗∗ --------------------------------------------- https://neopg.io/blog/pass-signature-spoof/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.06.2018
by Daily end-of-shift report 13 Jun '18

13 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-06-2018 18:00 − Mittwoch 13-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ June 2018 Security Update Release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/06/12/june-2018-security-upda… ∗∗∗ Windows NTFS Tricks von und für Pentester ∗∗∗ --------------------------------------------- Das SEC Consult Vulnerability Lab hat einen neuen Blogeintrag veröffentlicht, in welchem verschiedene NTFS-Dateisystemtricks aufgezeigt werden. Diese wurden in den letzten Jahren aus verschiedenen Quellen zusammengetragen bzw. vom SEC Consult Vulnerability Lab entdeckt sowie weiterentwickelt. Die Tricks führen .. --------------------------------------------- https://www.sec-consult.com/blog/2018/06/windows-ntfs-tricks-von-und-fuer-p… ∗∗∗ Subtle change could see a reduction in installation of malicious Chrome extensions ∗∗∗ --------------------------------------------- Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/06/subtle-change-could-see-redu… ∗∗∗ Feds Bust Dozens of Nigerian Email Scammers, but Your Inbox Still Isn’t Safe ∗∗∗ --------------------------------------------- The arrest of dozens of alleged Nigerian email scammers and their associates is a small, but important, .. --------------------------------------------- https://www.wired.com/story/feds-bust-nigerian-email-scammers ∗∗∗ Patchday: Microsoft verarztet 50 Sicherheitslücken ∗∗∗ --------------------------------------------- In vielen Windows-Versionen klafft unter anderem eine kritische Lücke in der DNS-Programmierschnittstelle. Sicherheitsupdates stehen bereit. --------------------------------------------- http://heise.de/-4077270 ∗∗∗ Botnetz "Trik": C&C-Server leakt Millionen von E-Mail-Adressen ∗∗∗ --------------------------------------------- Ein Forscher ist auf eine Spammer-Datenbank mit mehr als 43 Millionen Mail-Adressen gestoßen. Noch ist unklar, wie viele von ihnen schon zuvor geleakt wurden. --------------------------------------------- http://heise.de/-4077371 ∗∗∗ Exploit kits: Spring 2018 review ∗∗∗ --------------------------------------------- In this Spring 2018 snapshot, we review the top exploit kits .. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-r… ∗∗∗ June 2018 Office Update Release ∗∗∗ --------------------------------------------- The June 2018 Public Update releases for Office are now available! This month, there .. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2018/06/12… ===================== = Vulnerabilities = ===================== ∗∗∗ HPESBHF03850 rev.1 - HPE ProLiant, Synergy, and Moonshot Systems: Local Disclosure of Information, CVE-2018-3639 – Speculative Store Bypass and CVE-2018-3640 – Rogue System Register Read ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ Schneider Electric U.motion Builder ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-163-01 ∗∗∗ Siemens SCALANCE X Switches ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-163-02 ∗∗∗ Local File Inclusion vulnerability in Zenphoto ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN33124193/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.06.2018
by Daily end-of-shift report 12 Jun '18

12 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Montag 11-06-2018 18:00 − Dienstag 12-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Unprotected Server Exposes Weight Watchers Internal IT Infrastructure ∗∗∗ --------------------------------------------- Researchers found that a critical Weight Watchers server revealed its IT internal infrastructure. --------------------------------------------- https://threatpost.com/unprotected-server-exposes-weight-watchers-internal-… ∗∗∗ Hacker überfällt Linuxforums.org und erbeutet Daten von 276.000 Accounts ∗∗∗ --------------------------------------------- Ein Unbekannter hat Zugriff auf Interna von Linuxforums.org bekommen und dabei Nutzerdaten inklusive Passwörtern kopiert. --------------------------------------------- http://heise.de/-4076540 ∗∗∗ Android-Malware schürft Kryptogeld auf Fire-TV-Geräten ∗∗∗ --------------------------------------------- Ruckelnde Video-Streams und seltsame weiße Pop-Ups können Anzeichen für eine Schadcode-Infektion auf Fire TV und Fire TV Sticks sein. --------------------------------------------- http://heise.de/-4076706 ∗∗∗ IT-Security - Security-Fail: OnePlus 6 nicht gegen modifizierte Firmware abgesichert ∗∗∗ --------------------------------------------- Auch bei gesperrtem Bootloader kann ein beliebiges Image übertragen werden – Hersteller kündigt Patch an --------------------------------------------- https://derstandard.at/2000081439178/Security-Fail-OnePlus-6-nicht-gegen-mo… ∗∗∗ IT-Security - Bei Trump-Kim-Gipfel verteilt: Spionagebedenken um USB-Ventilatoren ∗∗∗ --------------------------------------------- Aufgrund der Hitze wurden Sackerl mit USB-Ventilatoren und Wasser verteilt – die könnten mit Malware infiziert sein --------------------------------------------- https://derstandard.at/2000081443928/Bei-Trump-Kim-Gipfel-verteilt-Bedenken… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework of the https://try.webex.com page of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system.The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2018-0015 - VMware AirWatch Agent updates resolve remote code execution vulnerability. ∗∗∗ --------------------------------------------- The VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of .. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0015.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.06.2018
by Daily end-of-shift report 11 Jun '18

11 Jun '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-06-2018 18:00 − Montag 11-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Chile: Swift-Angriff hinter Wiper-Malware versteckt ∗∗∗ --------------------------------------------- Wenn ein Unternehmen mit Ransomware attackiert wird, geht es nicht immer um Erpressung. Bei einem Angriff auf die Banco de Chile soll die Software vor allem als Ablenkung eingesetzt worden sein. --------------------------------------------- https://www.golem.de/news/chile-swift-angriff-hinter-wiper-malware-versteck… ∗∗∗ Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets ∗∗∗ --------------------------------------------- Lenovo patches several popular tablet models to protect against BlueBorne vulnerabilities first identified in September 2017. --------------------------------------------- https://threatpost.com/lenovo-finally-patches-ancient-blueborne-bugs-in-tab… ∗∗∗ Paper: EternalBlue: a prominent threat actor of 2017–2018 ∗∗∗ --------------------------------------------- We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/06/paper-eternalblue-prominent-… ∗∗∗ Verschlüsselung: GnuPG verschärft Integritäts-Checks ∗∗∗ --------------------------------------------- Als Folge der Efail-Probleme erzwingt GnuPG 2.2.8 jetzt die Verwendung von Prüfcodes. Außerdem beseitigt das Update ein neu entdecktes Sicherheitsproblem. --------------------------------------------- http://heise.de/-4075908 ∗∗∗ Magento CC stealer reinfector ∗∗∗ --------------------------------------------- We have seen many times in the past few months how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials, but we haven’t .. --------------------------------------------- http://labs.sucuri.net/?note=2018-06-08 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4225 openjdk-7 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4225 ∗∗∗ DSA-4220 firefox-esr - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4220 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily