===================== = End-of-Day report = =====================
Timeframe: Dienstag 13-02-2018 18:00 − Mittwoch 14-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer
===================== = News = =====================
∗∗∗ Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File ∗∗∗ --------------------------------------------- Returning to this particular flavor of malware, we see a rather simple way to bypass the detection products: it simply copies kernel32.dll. The copied version is identical and serves to relay requests from Word in to the kernel in precisely the same way; however, the copy name is subtly different. Therefore, some products fail to detect the malware activity as it passes from Word to the kernel. --------------------------------------------- https://blogs.bromium.com/malware-copies-file-evades-detection/
∗∗∗ DoubleDoor Botnet Chains Exploits to Bypass Firewalls ∗∗∗ --------------------------------------------- Anubhav says DoubleDoor attackers are using the first exploit to bypass Juniper Netscreen firewalls and then scan internal networks for ZyXEL routers to exploit with the second exploit. ... But the botnet is not a major danger just yet. Anubhav says DoubleDoor looks like a work in progress and still under heavy development. --------------------------------------------- https://www.bleepingcomputer.com/news/security /doubledoor-botnet-chains-exploits-to-bypass-firewalls/
===================== = Vulnerabilities = =====================
∗∗∗ Microsoft - February 2018 Security Updates ∗∗∗ --------------------------------------------- The February security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance /releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573
∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-02) and Adobe Experience Manager (APSB18-04). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1530
∗∗∗ Zu aufwendig: Microsoft will schwere Skype-Lücke nicht beheben ∗∗∗ --------------------------------------------- Leck erlaubt Übernahme von Windows-System – Kein Patch geplant, Fehler soll erst in neuer Version entfernt werden --------------------------------------------- http://derstandard.at/2000074186504
∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (exim and mpv), Debian (advancecomp and graphicsmagick), Red Hat (collectd, erlang, httpd24-apr, openstack-aodh, and openstack-nova), SUSE (kernel and xen), and Ubuntu (libvorbis). --------------------------------------------- https://lwn.net/Articles/747244/rss
∗∗∗ SAP Resolves High Risk Flaws with February 2018 Patches ∗∗∗ --------------------------------------------- SAP this week released its monthly set of security updates for its products, addressing a total of 11 new vulnerabilities, including two considered high severity. --------------------------------------------- https://www.securityweek.com /sap-resolves-high-risk-flaws-february-2018-patches
∗∗∗ WAGO PFC200 Series ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01
∗∗∗ Schneider Electric IGSS SCADA Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-044-02
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010883
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1681, CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013359
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013041
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5647) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010892