===================== = End-of-Day report = =====================
Timeframe: Donnerstag 26-04-2018 18:00 − Freitag 27-04-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ PyRoMine Uses NSA Exploit for Monero Mining and Backdoors ∗∗∗ --------------------------------------------- Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. --------------------------------------------- http://threatpost.com/pyromine-uses-nsa-exploit-for-monero-mining-and-backdo...
∗∗∗ Analysis of a Malicious Blackhat SEO Script ∗∗∗ --------------------------------------------- An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+ websites and identified that 44% of all website infection cases were misused for SEO spam campaigns. Once a website has been compromised, attackers often use it to distribute malware, host phishing .. --------------------------------------------- https://blog.sucuri.net/2018/04/analysis-of-a-malicious-blackhat-seo-script....
∗∗∗ GravityRAT malware takes your systems temperature ∗∗∗ --------------------------------------------- The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/04/gravityrat-malware-takes-your...
∗∗∗ Phishing für Anspruchsvolle: [A]pache-Kit klont beliebte Online-Shops ∗∗∗ --------------------------------------------- Mitarbeiter des Sicherheitssoftware-Herstellers Check Point haben ein brasilianisches Phishing-Kit unter die Lupe genommen, das zum Abgreifen von Adress- und Kreditkartendaten voll funktionsfähige Marken-Shops imitiert. --------------------------------------------- https://www.heise.de/meldung/Phishing-fuer-Anspruchsvolle-A-pache-Kit-klont-...
∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗ --------------------------------------------- Kleinanzeigenportale bieten eine hervorragende Möglichkeit Altes zu Geld zu machen oder das ein oder andere Schnäppchen abzustauben. Die Marktplätze erfreuen sich daher großer Beliebtheit, doch .. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=71&tx_news_pi1%5Bnews%5D=3...
===================== = Vulnerabilities = =====================
∗∗∗ Delta Electronics PMSoft ∗∗∗ --------------------------------------------- This advisory includes mitigations for multiple stack-based overflow vulnerabilities in Delta Electronics PMSoft, a software development tool. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01
∗∗∗ WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN08386386/
∗∗∗ WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "WP Google Map Plugin" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN01040170/
∗∗∗ WordPress plugin "Events Manager" vulnerable to cross-site scripting ∗∗∗ --------------------------------------------- The WordPress plugin "Events Manager" contains a cross-site scripting vulnerability. --------------------------------------------- https://jvn.jp/en/jp/JVN85531148/
∗∗∗ Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-...