===================== = End-of-Day report = =====================
Timeframe: Donnerstag 02-08-2018 18:00 − Freitag 03-08-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl
===================== = News = =====================
∗∗∗ Cryptominers: Binary-Process-Cron Variants and Methods of Removal ∗∗∗ --------------------------------------------- This post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a web page, a binary server-level cryptominer abuses server resources without affecting the computers or mobile devices of site .. --------------------------------------------- https://blog.sucuri.net/2018/08/cryptominer-variants-removal.html
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (busybox, graphicsmagick, and libmspack), Fedora (pam_yubico), Scientific Linux (openslp), Slackware (lftp), SUSE (cups, libtirpc, and thunderbird), and Ubuntu (clamav). --------------------------------------------- https://lwn.net/Articles/761752/
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API (CVE-2018-1528) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22017450
∗∗∗ IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10716113
∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2018-1422) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10719817
∗∗∗ IBM Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015283
∗∗∗ HPESBHF03872 rev.1 - HPE Intelligent Management Center Platform (IMC PLAT), Remote Directory Traversal ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ HPESBHF03841 rev.2 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...
∗∗∗ HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=em...