===================== = End-of-Day report = =====================
Timeframe: Dienstag 17-07-2018 18:00 − Mittwoch 18-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a
===================== = News = =====================
∗∗∗ Open MongoDB Database Exposes Mobile Games Money Laundering Operation ∗∗∗ --------------------------------------------- The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/open-mongodb-database-exposes...
∗∗∗ Microsoft launches Identity Bounty program ∗∗∗ --------------------------------------------- Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2018/07/17/microsoft-launches-ident...
∗∗∗ The SIM Hijackers ∗∗∗ --------------------------------------------- Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their .. --------------------------------------------- https://yro.slashdot.org/story/18/07/18/0554224/the-sim-hijackers
∗∗∗ How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:The Growth of Miners ∗∗∗ --------------------------------------------- Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and services. Many actors have also attempted to capitalize on the growing .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-c...
∗∗∗ Critical Patch Update: Oracle wirft Paket mit 334 Sicherheitspatches ab ∗∗∗ --------------------------------------------- In Software von Oracle klaffen unter anderem kritische Sicherheitslücken. Das Quartalsupdate bringt jede Menge Sicherheitspatches. --------------------------------------------- http://heise.de/-4113523
∗∗∗ TeamViewer hält Zugangspasswort im Speicher vor ∗∗∗ --------------------------------------------- Das Fernwartungs-Tool TeamViewer soll es Angreifern leichter machen als nötig. Forschern zufolge hält es in seinem Speicher das Passwort im Klartext vor. --------------------------------------------- http://heise.de/-4115023
===================== = Vulnerabilities = =====================
∗∗∗ ABB Panel Builder 800 ∗∗∗ --------------------------------------------- This advisory includes mitigation recommendations for an improper input validation vulnerability in the ABB Panel Builder 800. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01
∗∗∗ DSA-4248 blender - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2018/dsa-4248
∗∗∗ Critical Patch Update - July 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
∗∗∗ Oracle Linux Bulletin - July 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2018-49564...
∗∗∗ Oracle VM Server for x86 Bulletin - July 2018 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2018-4956456...