===================== = End-of-Day report = =====================
Timeframe: Montag 24-09-2018 18:00 − Dienstag 25-09-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Android Trojan reads Whatsapp-Messages ∗∗∗ --------------------------------------------- A spyware still in development can read users Whatsapp-Messages and other sensitive data. G DATA researchers analysed the Malware to protect our customers. --------------------------------------------- https://www.gdatasoftware.com/blog/2018/09/31122-android-trojan-reads-whatsa...
∗∗∗ OpenPGP/GnuPG: Signaturen fälschen mit HTML und Bildern ∗∗∗ --------------------------------------------- PGP-Signaturen sollen gewährleisten, dass eine E-Mail tatsächlich vom korrekten Absender kommt. Mit einem simplen Trick kann man bei vielen Mailclients scheinbar signierte Nachrichten erstellen - indem man die entsprechende Anzeige mittels HTML fälscht. (OpenPGP, E-Mail) --------------------------------------------- https://www.golem.de/news/openpgp-gnupg-signaturen-faelschen-mit-html-und-bi...
∗∗∗ Analyzing Encoded Shellcode with scdbg, (Mon, Sep 24th) ∗∗∗ --------------------------------------------- Reader Jason analyzed a malicious RTF file: using OfficeMalScanner and xorsearch he was able to extract and find the entry point of the shellcode, but scdbg was not able to emulate the shellcode. --------------------------------------------- https://isc.sans.edu/diary/rss/24134
===================== = Vulnerabilities = =====================
∗∗∗ Multiple Vulnerabilities in Cisco Identity Services Engine ∗∗∗ --------------------------------------------- Cisco Identity Services Engine (ISE) contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
∗∗∗ DSA-4305 strongswan - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4305
∗∗∗ ZDI-18-1083: Apple Safari Array Concat Uninitialized Buffer Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1083/
∗∗∗ ZDI-18-1082: Apple Safari Subframe Same-Origin Policy Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1082/
∗∗∗ ZDI-18-1081: Apple Safari performProxyCall Internal Object Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-18-1081/