===================== = End-of-Day report = =====================
Timeframe: Donnerstag 12-07-2018 18:00 − Freitag 13-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders ∗∗∗ --------------------------------------------- Tokens killed after eslint-scope JavaScript utility compromised An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers NPM login tokens.… --------------------------------------------- www.theregister.co.uk/2018/07/12/npm_eslint/
∗∗∗ Cryptominers and stealers – malware edition ∗∗∗ --------------------------------------------- It all started in 2008 with a paper on the first decentralized digital currency, Bitcoin, created by an unknown person or persons referred to as Satoshi Nakamoto. Bitcoin is a peer-to-peer currency based on cryptography .. --------------------------------------------- https://www.zscaler.com/blogs/research/cryptominers-and-stealers-malware-edi...
∗∗∗ Patchday: Kritische Lücke in SAP Business Client ∗∗∗ --------------------------------------------- Im Juli hat SAP 11 neue Sicherheitswarnungen veröffentlicht. Davon gilt aber nur eine als kritisch. Sicherheitsupdates sind verfügbar. --------------------------------------------- http://heise.de/-4108062
∗∗∗ Advanced Mobile Malware Campaign in India uses Malicious MDM ∗∗∗ --------------------------------------------- Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices. At this time, we dont know how the attacker .. --------------------------------------------- https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Mali...
∗∗∗ Heres Why Your Static Website Needs HTTPS ∗∗∗ --------------------------------------------- It was Jan last year that I suggested HTTPS adoption had passed the "tipping point", that is, it had passed the moment of critical mass and as I said at the time, "will very shortly become the norm". Since that time, .. --------------------------------------------- https://www.troyhunt.com/heres-why-your-static-website-needs-https/
∗∗∗ Gefälschte World4You-Phishingmail im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte World4You-Phishingmail. Darin fordern sie Empfänger/innen dazu auf, dass sie sich auf einer Website als echte Kontoinhaber/innen ausweisen. Geben Kund/innen ihre persönlichen Daten bekannt, übermitteln sie diese an Datendiebe. Verbrechen unter ihrem Namen sind möglich. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-world4you-phishingmail-im...
∗∗∗ IT-Security - Erpresser verschicken Drohmails mit echten Passwörtern ∗∗∗ --------------------------------------------- Wollen Nutzer beim Besuch von Pornoportalen gefilmt haben und verlangen "Schweigegeld" --------------------------------------------- https://derstandard.at/2000083434963/Erpresser-verschicken-Drohmails-mit-ech...
===================== = Vulnerabilities = =====================
∗∗∗ Eaton 9000X Drive ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in the Eaton 9000X Drive. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-193-01
∗∗∗ JSA10864 - 2018-07 Security Bulletin: Junos OS: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10864&actp...
∗∗∗ Critical Patch Update - July 2018 - Pre-Release Announcement ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html