===================== = End-of-Day report = =====================
Timeframe: Montag 18-11-2019 18:00 − Dienstag 19-11-2019 18:00 Handler: Stephan Richter Co-Handler: n/a
===================== = News = =====================
∗∗∗ Linux, Windows Users Targeted With New ACBackdoor Malware ∗∗∗ --------------------------------------------- Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines. --------------------------------------------- https://www.bleepingcomputer.com/news/security/linux-windows-users-targeted-...
∗∗∗ Buran Ransomware Infects PCs via Microsoft Excel Web Queries ∗∗∗ --------------------------------------------- A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victims computer. --------------------------------------------- https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-...
∗∗∗ Coin Stealer Found in Monero Linux Binaries From Official Site ∗∗∗ --------------------------------------------- The Monero Project is currently investigating a potential compromise of the official website after a coin stealer was found in the Linux 64-bit command line (CLI) Monero binaries downloaded from the download page. --------------------------------------------- https://www.bleepingcomputer.com/news/security/coin-stealer-found-in-monero-...
∗∗∗ Elasticsearch: Datenleak bei Conrad ∗∗∗ --------------------------------------------- Der Elektronikhändler Conrad meldet, dass ein Angreifer Zugang zu Kundendaten und Kontonummern gehabt habe. Grund dafür war eine ungesicherte Elasticsearch-Datenbank. --------------------------------------------- https://www.golem.de/news/elasticsearch-datenleak-bei-conrad-1911-145091-rss...
∗∗∗ Windows Debugging & Exploiting Part 2 - WinDBG 101 ∗∗∗ --------------------------------------------- Hello again! After our previous post about the environment setup, now it is time to cover the main tool of this project, the WinDBG. --------------------------------------------- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/windows-debu...
∗∗∗ When Bank Communication is Indistinguishable from Phishing Attacks ∗∗∗ --------------------------------------------- You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security [...] --------------------------------------------- https://www.troyhunt.com/when-bank-communication-is-indistinguishable-from-p...
∗∗∗ Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery ∗∗∗ --------------------------------------------- It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw. --------------------------------------------- https://www.securityweek.com/vulnerability-abb-plant-historian-disclosed-5-y...
∗∗∗ Vorsicht bei angeblichen Gewinnspielen von Magenta, A1, Drei oder Liwest ∗∗∗ --------------------------------------------- Aktuell verbreiten Kriminelle über unterschiedliche Kanäle Fake-Gewinnspiele. Sie werden entweder per E-Mail, SMS oder mittels Pop-Up im Browser benachrichtigt, dass Sie angeblich ein Smartphone gewonnen haben. Um den Gewinn zu erhalten, muss nur eine kurze Umfrage beantwortet und ein kleiner Geldbetrag für den Versand bezahlt werden. Vorsicht: Es handelt sich um eine Abo-Falle. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-bei-angeblichen-gewinnspiele...
===================== = Vulnerabilities = =====================
∗∗∗ Schwere Sicherheitslücke in WhatsApp entdeckt ∗∗∗ --------------------------------------------- In WhatsApp wurde eine Schwachstelle gefunden, die es Angreifern ermöglicht, Dateien zu stehlen und Nachrichten auszulesen. --------------------------------------------- https://futurezone.at/apps/schwere-sicherheitsluecke-in-whatsapp-entdeckt/40...
∗∗∗ Lernplattform Moodle: Entwickler schließen kritische Schwachstellen ∗∗∗ --------------------------------------------- Moodle-Admins aufgepasst: Neue Versionen schließen mehrere, teils als "Serious" bewertete Lücken. --------------------------------------------- https://heise.de/-4591094
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (python-psutil, slurm-llnl, symfony, and thunderbird), Fedora (gd and ghostscript), and SUSE (ceph, haproxy, java-11-openjdk, and ncurses). --------------------------------------------- https://lwn.net/Articles/805149/
∗∗∗ Lexmark Services Monitor Directory Traversal ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2019110124
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5435, CVE-2019-5436) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-af...
∗∗∗ HPESBHF03963 rev.1 - Certain HPE ProLiant Servers with Intel CSME, AMT, SPS, TXE, ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ HPESBHF03968 rev.1 - HPE Gen10 ProLiant, Apollo, and Synergy Servers using Intel CPU Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA), Local Disclosure of Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ HPESBHF03969 rev.1 - HPE ProLiant Gen10 Servers using certain Intel Xeon Scalable Processors, Voltage Modulation, Local Denial of Service ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ HPESBHF03971 rev.1 - HPE Servers using certain Intel Processors, SMM and TXT, Local Escalation of Privilege ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ HPESBST03964 rev.1 - HPE Nimble Storage, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ Google Chrome: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0998