Daily

daily@lists.cert.at

1 participants
3189 discussions

Tageszusammenfassung - 27.07.2018
by Daily end-of-shift report 27 Jul '18

27 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-07-2018 18:00 − Freitag 27-07-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Häftlinge erhacken sich Guthaben im Wert von 225.000 Dollar ∗∗∗ --------------------------------------------- Durch Austricksen eines Tablet-Systems haben sich US-Häftlinge Guthaben für Digitalkonsum verschafft. --------------------------------------------- https://futurezone.at/digital-life/haeftlinge-erhacken-sich-guthaben-im-wer… ∗∗∗ NetSpectre liest RAM via Netzwerk aus ∗∗∗ --------------------------------------------- NetSpectre greift ohne ausführbaren Schadcode an – zwar fließen nur wenige Bytes pro Stunde, aber ungeschützte Server und Storage-Systeme sind angreifbar. --------------------------------------------- http://heise.de/-4121831 ∗∗∗ State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China ∗∗∗ --------------------------------------------- Heres a timely reminder that email isnt the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity .. --------------------------------------------- https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-… ===================== = Vulnerabilities = ===================== ∗∗∗ Bugtraq: [CORE-2018-0009] - SoftNAS Cloud OS Command Injection ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542187 ∗∗∗ Vuln: Apache Kafka CVE-2017-12610 User Impersonation Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/104899 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2018
by Daily end-of-shift report 26 Jul '18

26 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-07-2018 18:00 − Donnerstag 26-07-2018 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ A mining multitool ∗∗∗ --------------------------------------------- Recently, an interesting miner implementation appeared on Kaspersky Lab’s radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers. --------------------------------------------- https://securelist.com/a-mining-multitool/86950/ ∗∗∗ Attack inception: Compromised supply chain within a supply chain poses new risks ∗∗∗ --------------------------------------------- A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a Read more --------------------------------------------- https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inceptio… ∗∗∗ New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel ∗∗∗ --------------------------------------------- We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6eLtSVD7Bqc/ ∗∗∗ Zwei Jahre alter Mac-Trojaner kursiert wieder ∗∗∗ --------------------------------------------- Die Malware Calisto soll Vorläufer des Proton-Schädlings sein, der sich über gefälschte Apps verbreitete. --------------------------------------------- http://heise.de/-4120597 ===================== = Vulnerabilities = ===================== ∗∗∗ Xen Security Advisory 274 - Linux: Uninitialized state in PV syscall return path ∗∗∗ --------------------------------------------- A rogue user-space program could crash a guest kernel. Privilege escalation cannot be ruled out. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2018-07/msg00004.ht… ∗∗∗ Sicherheitslücken in ClamAV: Angreifer können Rechner lahmlegen ∗∗∗ --------------------------------------------- Der Open-Souce-Virenscanner ermöglicht Denial-of-Service-Angriffe aus der Ferne. Das BSI rät zum umgehenden Update. --------------------------------------------- http://heise.de/-4120917 ∗∗∗ Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub ∗∗∗ --------------------------------------------- Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung to ensure that these issues have been resolved and that a firmware update has been made available for affected customers. --------------------------------------------- https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (jenkins), CentOS (java-1.8.0-openjdk, openslp, and thunderbird), Fedora (dcraw and httpd), Oracle (java-1.8.0-openjdk and thunderbird), Red Hat (procps), Scientific Linux (thunderbird), SUSE (kernel), and Ubuntu (clamav and tomcat7, tomcat8). --------------------------------------------- https://lwn.net/Articles/760956/ ∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by GNU C library (glibc) vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10716377 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718395 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in libidn2 (CVE-2017-14062) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718807 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in GNU C Library (CVE-2017-12133) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718801 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in NTP ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718877 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in freetype2 (CVE-2017-8287 CVE-2017-8105 CVE-2016-10244) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718879 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libxml2 (CVE-2017-5130 CVE-2017-15412 CVE-2016-5131) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718881 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in dhcp (CVE-2017-3144) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10718803 ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in ncurses (CVE-2017-13733) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718805 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014442 ∗∗∗ HPESBHF03836 rev.1 - HPE Routers and Switches running Linux-based Comware 5 and Comware 7 Software, Remote Unauthorized Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2018
by Daily end-of-shift report 25 Jul '18

25 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-07-2018 18:00 − Mittwoch 25-07-2018 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Bitdefender Releases Decryption Tool for Older Version of LockCrypt Ransomware ∗∗∗ --------------------------------------------- Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension. --------------------------------------------- https://www.bleepingcomputer.com/news/security/bitdefender-releases-decrypt… ∗∗∗ VB2017 paper and update: Browser attack points still abused by banking trojans ∗∗∗ --------------------------------------------- At VB2017, ESET researchers Peter Kálnai and Michal Poslušný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises the recent developments in this space. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/07/vb2017-paper-and-update-brow… ∗∗∗ Anmeldung auf Probenheld.de ist nicht empfehlenswert ∗∗∗ --------------------------------------------- Gehäuft gehen Beschwerden zu probenheld.de bei uns ein. Die betroffenen Personen berichten von nicht bestellten Produktzusendungen und Rechnungen für Produktproben, die als gratis ausgewiesen waren. Wir empfehlen InteressentInnen sich nicht bei probenheld.de anzumelden, denn der Anbieter verstößt gegen gesetzliche Vorgaben und ist nicht als vertrauenswürdig einzustufen. Erhaltene Rechnungen, Mahnungen oder Inkassoschreiben sollten nicht bezahlt werden. --------------------------------------------- https://www.watchlist-internet.at/news/anmeldung-auf-probenheldde-ist-nicht… ∗∗∗ DHS Warns of Impending Cyber-Attacks on ERP Systems ∗∗∗ --------------------------------------------- the US Department of Homeland Security (DHS) has issued an alert warning of increased activity from nation-state hackers, criminal groups, and hacktivists against Enterprise Resource Planning (ERP) systems. The warning is based on a joint report published two days ago by threat intelligence firms Digital Shadows and Onapsis. --------------------------------------------- https://www.bleepingcomputer.com/news/security/dhs-warns-of-impending-cyber… ===================== = Vulnerabilities = ===================== ∗∗∗ Apache Tomcat: Wichtige Updates schließen Sicherheitslücken ∗∗∗ --------------------------------------------- Neue Versionen der 7er-, 8er- und 9er-Reihe des Anwendungsservers Apache Tomcat bringen unter anderem zwei dringliche Security-Fixes mit. --------------------------------------------- http://heise.de/-4119967 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ant, evolution-data-server, libarchive-zip-perl, mailman, resiprocate, slurm-llnl, and sympa), Mageia (firmware, kernel, microcode, and wesnoth), openSUSE (Chromium), Oracle (openslp and thunderbird), Red Hat (java-1.7.0-oracle, java-1.8.0-oracle, kernel, qemu-kvm-rhev, and thunderbird), SUSE (kernel, nautilus, and xen), and Ubuntu (ant and clamav). --------------------------------------------- https://lwn.net/Articles/760803/ ∗∗∗ Cisco CallManager Express Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Red Hat JBoss Data Virtualization: Eine Schwachstelle ermöglicht einen Clickjacking-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1457/ ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180725-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2® ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10713455 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-0739) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016251 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2017-10356). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016354 ∗∗∗ BIG-IP APM per-request policy object vulnerability CVE-2018-5536 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K27391542 ∗∗∗ TMM vulnerability CVE-2018-5530 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45611803 ∗∗∗ BIG-IP ASM vulnerability CVE-2018-5539 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75432956 ∗∗∗ HTTPS monitor vulnerability CVE-2018-5542 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05112543 ∗∗∗ TMM vulnerability CVE-2018-5537 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K94105051 ∗∗∗ DNS Express vulnerability CVE-2018-5538 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45435121 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2018
by Daily end-of-shift report 24 Jul '18

24 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 23-07-2018 18:00 − Dienstag 24-07-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Subdomain Takeover: Verwaiste Domains einfach übernehmen ∗∗∗ --------------------------------------------- Subdomain Takeover wird in der IT-Security- und Hacker-Szene immer beliebter. Denn mit der einfachen Übernahme einer verwaisten Subdomain lassen sich schöne Angriffe durchführen oder Bug Bountys von Unternehmen einstreichen. (Sicherheitslücke, Web Service) --------------------------------------------- https://www.golem.de/news/subdomain-takeover-verwaiste-domains-einfach-uebe… ∗∗∗ Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again ∗∗∗ --------------------------------------------- [...] It may therefore seem that looking for security issues in the Electron app will not differ from the web version. This is mostly true, with one important caveat. The web version, when displayed in a browser, contains an address bar. The address bar is in fact the only place where the user can tell if (s)he trusts the domain or not. --------------------------------------------- https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how… ∗∗∗ Förderprogramm der EU zur Stärkung der Cyber-Sicherheit bei KRITIS-Betreibern und Anbietern digitaler Dienste ∗∗∗ --------------------------------------------- Betreiber Kritischer Infrastrukturen (OES) und Anbieter digitaler Dienste (DSP) im Sinne der NIS-Richtlinie haben noch bis zum 22. November 2018 die Möglichkeit, sich um Fördermittel der Europäischen Union im Rahmen des "2018 CEF Telecom Call - Cyber Security" (CEF-TC-2018-3) zu bewerben. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/EU-Foerderung_KRI… ∗∗∗ Recent Emotet activity ∗∗∗ --------------------------------------------- So far in 2018, Ive seen a great deal of malicious spam (malspam) pushing Emotet malware. Its probably the most common malspam threat Ive seen so far in 2018. Within the past week, the some good posts about Emotet have been published: [...] --------------------------------------------- https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ ∗∗∗ Bluetooth-Lücke in Millionen Geräten entdeckt ∗∗∗ --------------------------------------------- Eine Nachlässigkeit beim Pairing erlaubt es Angreifer, sich in die Verbindung einzuklinken. Betroffen sind etliche Hersteller, darunter Apple und Qualcomm. --------------------------------------------- http://heise.de/-4118968 ∗∗∗ CPU-Lücken ret2spec und SpectreRSB entdeckt ∗∗∗ --------------------------------------------- Forscher der Uni Saarland und der Uni Kalifornien enttarnen neue Sicherheitslücken, die zu bekannten und erwarteten Spectre- und Spectre-NG-Bugs hinzukommen. --------------------------------------------- http://heise.de/-4119197 ∗∗∗ Chinesische Domainregistrierung mit Unternehmensname ∗∗∗ --------------------------------------------- Unternehmen erhalten eine E-Mail, in der es heißt, dass Dritte ihren Unternehmensnamen für eine chinesische Domainregistrierung nutzen wollen. Aus diesem Grund macht ihnen chinaregistriy.net.cn das Angebot, sich die Domain rechtzeitig zu sichern. Die Preise dafür sind weit überhöht. Eine Notwendigkeit für die Registrierung gibt es nicht. --------------------------------------------- https://www.watchlist-internet.at/news/chinesische-domainregistrierung-mit-… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (network-manager-vpnc), Fedora (haproxy, mailman, and NetworkManager-vpnc), Mageia (clamav, ffmpeg, rust, thunderbird, and wireshark), Oracle (java-1.8.0-openjdk and openslp), Red Hat (rh-ror42-rubygem-sprockets and rh-ror50-rubygem-sprockets), Scientific Linux (java-1.8.0-openjdk and openslp), SUSE (ImageMagick, libofx, php53, and python-dulwich), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-hwe, linux-azure, [...] --------------------------------------------- https://lwn.net/Articles/760685/ ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server in IBM Cloud April 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10718297 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717631 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22016016 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects FlashCopy Manager shipped with IBM® Db2® LUW (CVE-2017-3738, CVE-2017-3737). ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716907 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10718419 ∗∗∗ Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K01152385 ∗∗∗ Binutils vulnerability CVE-2018-13033 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K20503360 ∗∗∗ Multiple BinUtils vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52513065 ∗∗∗ BinUtils vulnerabilities CVE-2018-6759 and CVE-2018-6872 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52513065 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.07.2018
by Daily end-of-shift report 23 Jul '18

23 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-07-2018 18:00 − Montag 23-07-2018 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Half a Billion IoT Devices Vulnerable to DNS Rebinding Attacks ∗∗∗ --------------------------------------------- Armis, the cyber-security firm that discovered the BlueBorne vulnerabilities in the Bluetooth protocol, warns that nearly half a billion of todays "smart" devices are vulnerable to a decade-old attack known as DNS rebinding. --------------------------------------------- https://www.bleepingcomputer.com/news/security/half-a-billion-iot-devices-v… ∗∗∗ Academics Announce New Protections Against Spectre and Rowhammer Attacks ∗∗∗ --------------------------------------------- Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/academics-announce-new-prote… ∗∗∗ Weblogic Exploit Code Made Public (CVE-2018-2893), (Fri, Jul 20th) ∗∗∗ --------------------------------------------- [UPDATE] We do see first exploit attempts. The exploit attempts to download additional code from %%ip:185.159.128.200%% . We are still looking at details, but it looks like the code attempts to install a backdoor. The initial exploit came from %%ip:5.8.54.27%%. --------------------------------------------- https://isc.sans.edu/diary/rss/23896 ∗∗∗ Maldoc analysis with standard Linux tools, (Sun, Jul 22nd) ∗∗∗ --------------------------------------------- I received a malicious Word document (Richiesta.doc MD5 2f87105fea2d4bae72ebc00efc6ede56) with heavily obfuscated VBA code: just a few functional lines of code, the rest is junk code. --------------------------------------------- https://isc.sans.edu/diary/rss/23900 ∗∗∗ TA18-201A: Emotet Malware ∗∗∗ --------------------------------------------- Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA18-201A ∗∗∗ TeamViewer reagiert auf Passwort-Leck ∗∗∗ --------------------------------------------- Das Fernwartungs-Tool TeamViewer wird vergesslich: Künftig merkt es sich Passwörter nur noch fünf Minuten, um Angriffe zu erschweren. --------------------------------------------- http://heise.de/-4118201 ∗∗∗ Erpressung durch Passwortdiebstahl und Masturbationsvideo ∗∗∗ --------------------------------------------- InternetuserInnen erhalten momentan vermehrt E-Mails in denen sie dazu aufgefordert werden, Geld dafür zu bezahlen, dass ein heimlich per Webcam aufgenommenes Masturbationsvideo von ihnen nicht veröffentlicht wird. Um zu einer Zahlung zu bewegen, wird auch ein altes Passwort der betroffenen Personen in der Mail angegeben. EmpfängerInnen der Nachricht sollten ihre Passwörter ändern aber das Geld auf keinen Fall bezahlen, denn die Masturbationsvideos existieren nicht. --------------------------------------------- https://www.watchlist-internet.at/news/erpressung-durch-passwortdiebstahl-u… ∗∗∗ Nicht im Fake-Shop fitolino.net einkaufen ∗∗∗ --------------------------------------------- Der Online-Shop fitolino.net vertreibt günstige Produkte für den Haushalt und den Garten. Konsument/innen, die bei dem Anbieter einkaufen, verlieren ihr Geld, denn trotz Bezahlung gibt es keine Ware. Darüber hinaus verfügen Kriminelle über Daten ihrer Opfer, die sie für Verbrechen unter fremden Namen nützen können. --------------------------------------------- https://www.watchlist-internet.at/news/nicht-im-fake-shop-fitolinonet-einka… ===================== = Vulnerabilities = ===================== ∗∗∗ National Instruments Linux Driver Remote Code Injection ∗∗∗ --------------------------------------------- Topic: National Instruments Linux Driver Remote Code Injection Risk: High Text:Hello folks, ive recently discovered a critical vulnerability in the National Instruments Linux driver package, which open [...] --------------------------------------------- https://cxsecurity.com/issue/WLB-2018070204 ∗∗∗ OpenSSL vulnerability CVE-2018-0732 ∗∗∗ --------------------------------------------- OpenSSL vulnerability CVE-2018-0732. Security Advisory. Security Advisory Description. During key agreement in a TLS [...] --------------------------------------------- https://support.f5.com/csp/article/K21665601 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (apache, networkmanager-vpnc, and znc), Debian (gosa, opencv, and slurm-llnl), Fedora (evolution, evolution-data-server, evolution-ews, gnome-bluetooth, libtomcrypt, podman, python-cryptography, and rust), Gentoo (passenger), Red Hat (java-1.8.0-openjdk and openslp), Slackware (php), SUSE (openssl-1_1, procps, python, rsyslog, rubygem-passenger, and xen), and Ubuntu (mutt). --------------------------------------------- https://lwn.net/Articles/760583/ ∗∗∗ Synology-SA-18:37 Photo Station ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to hijack web sessions via a susceptible version of Synology Photo Station. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_37 ∗∗∗ VU#304725: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/304725 ∗∗∗ Bugtraq: Sourcetree - Remote Code Execution vulnerabilities - CVE-2018-11235 ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/542174 ∗∗∗ Apache Tomcat: Mehrere Schwachstellen ermöglichen u. a. das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1443/ ∗∗∗ Apple macOS: Mehrere Schwachstellen ermöglichen u. a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1059/ ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716653 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (‪CVE-2018-8012)‬‬‬ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10716659 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (‪CVE-2017-3738, CVE-2017-3736)‬‬‬ ∗∗∗ --------------------------------------------- https://www-prd-trops.events.ibm.com/node/716657 ∗∗∗ IBM Security Bulletin: Rational Software Architect Design Manager is vulnerable to cross-site scripting (CVE-2018-1400) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717617 ∗∗∗ RSA Archer Flaws Let Remote Authenticated Users Conduct Cross-Site Scripting Attacks and Gain Elevated Privileges via a REST API ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1041359 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2018
by Daily end-of-shift report 20 Jul '18

20 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-07-2018 18:00 − Freitag 20-07-2018 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Calisto Trojan for macOS ∗∗∗ --------------------------------------------- As researchers we interesting in developmental prototypes of malware that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto. --------------------------------------------- https://securelist.com/calisto-trojan-for-macos/86543/ ∗∗∗ Reporting Malicious Websites in 2018, (Thu, Jul 19th) ∗∗∗ --------------------------------------------- Back in 2010 I wrote up a quick diary on how to report malicious websites at the end of your incident reponse process (https://isc.sans.edu/forums/diary/How+Do+I+Report+Malicious+Websites/8719/). John C, a reader, asked for an update. Let's see how munch has changed in the past 8 years... --------------------------------------------- https://isc.sans.edu/diary/rss/23892 ∗∗∗ Sicherheitsupdates: VMware Horizon View Agent könnte Anmeldeinformationen leaken ∗∗∗ --------------------------------------------- Wichtige Patches schließen Sicherheitslücken in verschiedenen Anwendungen von VMware. --------------------------------------------- http://heise.de/-4116871 ∗∗∗ TLS 1.2: Client-Zertifikate als Tracking-Falle ∗∗∗ --------------------------------------------- Kombiniert mit TLS 1.2 lassen sich Client-Zertifikate zum Tracking missbrauchen. So ließen sich etwa die Aktivitäten von Millionen iPhone-Nutzern mitverfolgen. --------------------------------------------- http://heise.de/-4117357 ∗∗∗ The danger of third parties: ads, pipelines, and plugins ∗∗∗ --------------------------------------------- We take a look at the perils of the tools and services embedded into the websites you use on a daily basis, thanks to the development help of third parties. --------------------------------------------- https://blog.malwarebytes.com/101/2018/07/third-party-dangers-ads-pipelines… ∗∗∗ Hunting for Bad Apples — Part 2 ∗∗∗ --------------------------------------------- In the previous post in this series, I introduced the use case of an attacker persisting via a LaunchAgent/Daemon, and a few osquery queries to detect such activity. In this post, I will discuss hunting for activity resulting from attackers using the tactic of defense evasion on MacOS systems, and corresponding techniques. --------------------------------------------- https://posts.specterops.io/hunting-for-bad-apples-part-2-6f2d01b1f7d3 ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Machine Edition ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in AVEVAs InduSoft Web Studio and InTouch Machine Edition. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01 ∗∗∗ AVEVA InTouch ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in AVEVAs InTouch HMI software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-02 ∗∗∗ Echelon SmartServer 1, SmartServer 2, SmartServer 3, i.LON 100, i.LON 600 ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for information exposure, authentication bypass using an alternate path or channel, unprotected storage of credentials, cleartext transmission of sensitive information vulnerabilities in the Echelon SmartServer 1, SmartServer 2, i.LON 100, i.LON 600 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03 ∗∗∗ HPESBHF03864 rev.1 - HPE Intelligent Management Center (iMC PLAT), Remote Code Execution ∗∗∗ --------------------------------------------- A security vulnerability in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability could be exploited to allow remote execution of code. --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03864en_us ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (dnsmasq, linux-base, and openjpeg2), Fedora (libgit2, libtomcrypt, openslp, and perl-Archive-Zip), and openSUSE (gdk-pixbuf, libopenmpt, mercurial, perl, php7, polkit, and rsyslog). --------------------------------------------- https://lwn.net/Articles/760450/ ∗∗∗ Sophos UTM: Mehrere Schwachstellen ermöglichen u. a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1441/ ∗∗∗ Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://adv-archiv.dfn-cert.de/adv/2018-1434/ ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in Libidn2 (CVE-2017-14062) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717427 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2017-12133) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717425 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects IBM SAN Volume Controller, IBM Storwize and IBM FlashSystem products (CVE-2016-10708) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717661 ∗∗∗ IBM Security Bulletin: Malformed message headers could cause message transmission to be blocked through channels resulting in denial of service in IBM MQ(CVE-2018-1503) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22015617 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in GNU C Library ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717429 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in libxml/libxml2 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717431 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in dhcp ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10717433 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in Ncurses (CVE-2017-13733) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717423 ∗∗∗ IBM Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in cURL/libcURL (CVE-2016-7141) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ibm10717421 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2018
by Daily end-of-shift report 19 Jul '18

19 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-07-2018 18:00 − Donnerstag 19-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Adult Site Blackmail Spammers made Over $50K in One Week ∗∗∗ --------------------------------------------- After examining 42 bitcoin addresses associated with a current extortion scam, it was discovered that over $50,000 USD in payments have been made. --------------------------------------------- https://www.bleepingcomputer.com/news/security/adult-site-blackmail-spammer… ∗∗∗ Security: OpenBSD versteckt und enthüllt Dateisystemzugriffe ∗∗∗ --------------------------------------------- Zusätzlich zum Filtern von Systemaufrufen erstellt das Team von OpenBSD eine Technik, um Dateisystemzugriffe einer Anwendung weitgehend zu beschränken. Beide Techniken sollen sich ergänzen und das Ausführen von Anwendungen sicherer machen. --------------------------------------------- https://www.golem.de/news/security-openbsd-versteckt-und-enthuellt-dateisys… ∗∗∗ Credential Stuffing: 90 Prozent der Onlineshop-Logins kommen von Unbefugten ∗∗∗ --------------------------------------------- Obwohl es 2017 weniger Fälle geleakter Zugangsdaten gab, blüht der Handel mit E-Mail-Adressen und Passwörtern wie eh und je. Das funktioniert auch deswegen so gut, weil Nutzer noch immer ein und dasselbe Passwort für verschiedene Konten verwenden. --------------------------------------------- https://www.golem.de/news/credential-stuffing-90-prozent-der-onlineshop-log… ∗∗∗ Hiding Malware Inside Images on GoogleUserContent ∗∗∗ --------------------------------------------- If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code. This technique is still in use. Let us show you a recent example. Contaminated Pac-Man This code was found at the beginning of a malicious script that steals PayPal security tokens. As you .. --------------------------------------------- https://blog.sucuri.net/2018/07/hiding-malware-inside-images-on-googleuserc… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Webex Teams Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to execute arbitrary code on the user’s device, possibly with elevated privileges.The vulnerability occurs .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco Unified Contact Center Express ∗∗∗ --------------------------------------------- Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DSA-4250 wordpress - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4250 ∗∗∗ DSA-4251 vlc - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4251 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.07.2018
by Daily end-of-shift report 18 Jul '18

18 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-07-2018 18:00 − Mittwoch 18-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Open MongoDB Database Exposes Mobile Games Money Laundering Operation ∗∗∗ --------------------------------------------- The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/open-mongodb-database-expose… ∗∗∗ Microsoft launches Identity Bounty program ∗∗∗ --------------------------------------------- Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/07/17/microsoft-launches-iden… ∗∗∗ The SIM Hijackers ∗∗∗ --------------------------------------------- Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their .. --------------------------------------------- https://yro.slashdot.org/story/18/07/18/0554224/the-sim-hijackers ∗∗∗ How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:The Growth of Miners ∗∗∗ --------------------------------------------- Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and services. Many actors have also attempted to capitalize on the growing .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-… ∗∗∗ Critical Patch Update: Oracle wirft Paket mit 334 Sicherheitspatches ab ∗∗∗ --------------------------------------------- In Software von Oracle klaffen unter anderem kritische Sicherheitslücken. Das Quartalsupdate bringt jede Menge Sicherheitspatches. --------------------------------------------- http://heise.de/-4113523 ∗∗∗ TeamViewer hält Zugangspasswort im Speicher vor ∗∗∗ --------------------------------------------- Das Fernwartungs-Tool TeamViewer soll es Angreifern leichter machen als nötig. Forschern zufolge hält es in seinem Speicher das Passwort im Klartext vor. --------------------------------------------- http://heise.de/-4115023 ===================== = Vulnerabilities = ===================== ∗∗∗ ABB Panel Builder 800 ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for an improper input validation vulnerability in the ABB Panel Builder 800. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01 ∗∗∗ DSA-4248 blender - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4248 ∗∗∗ Critical Patch Update - July 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html ∗∗∗ Oracle Linux Bulletin - July 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2018-4956… ∗∗∗ Oracle VM Server for x86 Bulletin - July 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2018-495645… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2018
by Daily end-of-shift report 17 Jul '18

17 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Montag 16-07-2018 18:00 − Dienstag 17-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication ∗∗∗ --------------------------------------------- Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators. It targets organizations in Japan, South Korea, and Taiwan, leveling its attacks on public sector agencies and telecommunications and other high-technology industries. In 2016, for instance, we .. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6Rxca1hyaeA/ ∗∗∗ Sicherheitsupdates: Angreifer könnte Passwörter in Typo3 überschreiben ∗∗∗ --------------------------------------------- Im freien Content Management System Typo3 klaffen mitunter kritische Sicherheitslücken. Patches schließen mehrere Schwachstellen. --------------------------------------------- http://heise.de/-4111640 ∗∗∗ 007: Schutzsoftware mit der Lizenz zum Töten von Spectre-Code ∗∗∗ --------------------------------------------- Eine neue, nach James Bond benannte Schutztechnik, soll Spectre-Schwachstellen mit nur 2 Prozent Performance-Einbußen in Programmcode erkennen und eliminieren. --------------------------------------------- http://heise.de/-4112150 ∗∗∗ A deep dive down the Vermin RAThole ∗∗∗ --------------------------------------------- ESET researchers have analyzed remote access tools cybercriminals have been using in an ongoing espionage campaign to systematically spy on Ukrainian government institutions .. --------------------------------------------- https://www.welivesecurity.com/2018/07/17/deep-dive-vermin-rathole/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4247 ruby-rack-protection - security update ∗∗∗ --------------------------------------------- A timing attack was discovered in the function for CSRF token validationof the Ruby rack protection framework. --------------------------------------------- https://www.debian.org/security/2018/dsa-4247 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.07.2018
by Daily end-of-shift report 16 Jul '18

16 Jul '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-07-2018 18:00 − Montag 16-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ TLS: Mozilla, Cloudflare und Apple wollen verschlüsselte SNI ∗∗∗ --------------------------------------------- Mit der TLS-Erweiterung SNI können beliebig viele Webseiten samt eigenen Zertifikaten auf einer IP gehostet werden. Dabei könnte jedoch der Name der Domain von Dritten belauscht werden. Ein .. --------------------------------------------- https://www.golem.de/news/tls-mozilla-cloudflare-und-apple-wollen-verschlue… ∗∗∗ Analysis of the DHCP Client Script Code Execution Vulnerability (CVE-2018-1111) ∗∗∗ --------------------------------------------- Unit 42 shares their analysis of the DHCP Client Script Code Execution .. --------------------------------------------- https://researchcenter.paloaltonetworks.com/2018/07/unit42-analysis-dhcp-cl… ∗∗∗ Red Alert v2.0: Misadventures in Reversing Android Bot Malware ∗∗∗ --------------------------------------------- It all started with a spam message, which curiously had an Android App attachment. The spam email vaguely claims that the attachment was a dating app for finding .. --------------------------------------------- https://trustwave.com/Resources/SpiderLabs-Blog/Red-Alert-v2-0--Misadventur… ∗∗∗ GitHub to Pythonistas: Let us save you from vulnerable code ∗∗∗ --------------------------------------------- Third language added to security scanner GitHubs added Python to the list of programming languages it can auto-scan for known vulnerabilities. --------------------------------------------- www.theregister.co.uk/2018/07/16/github_to_pythonistas_let_us_save_you_from… ∗∗∗ Does malware based on Spectre exist? ∗∗∗ --------------------------------------------- The Spectre attack has received massive coverage since the beginning of 2018, and by now, it is likely that everyone in computer science has at least heard about .. --------------------------------------------- https://www.virusbulletin.com/virusbulletin/2018/07/does-malware-based-spec… ∗∗∗ Fernwartungs-Tool hatte Trojaner im Gepäck ∗∗∗ --------------------------------------------- Die Remote-Admin-Software Ammyy Admin wurde offenbar erneut über die Herstellerseite mit einem Trojaner verteilt. --------------------------------------------- http://heise.de/-4111069 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4246 mailman - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4246 ∗∗∗ DSA-4245 imagemagick - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4245 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily