===================== = End-of-Day report = =====================
Timeframe: Montag 17-12-2018 18:00 − Dienstag 18-12-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Hidden Code in Memes Instruct Malware via Twitter ∗∗∗ --------------------------------------------- Analysts discover malicious code embedded in tweeted images. --------------------------------------------- https://threatpost.com/hidden-code-in-memes-instruct-malware-via-twitter/140...
∗∗∗ Sneaky phishing campaign beats two-factor authentication ∗∗∗ --------------------------------------------- Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn’t mean every method for doing this is equally secure. --------------------------------------------- https://nakedsecurity.sophos.com/2018/12/18/sneaky-phishing-campaign-beats-t...
∗∗∗ Your trust, our signature ∗∗∗ --------------------------------------------- Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario [...] --------------------------------------------- https://blog.fox-it.com/2018/12/18/your-trust-our-signature/
∗∗∗ Clever SEO Spam Injection ∗∗∗ --------------------------------------------- It's very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I'll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. --------------------------------------------- https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html
∗∗∗ Erpressungstrojaner Everbe, Hidden Tear und InsaneCrypt kostenlos entschlüsseln ∗∗∗ --------------------------------------------- Ein Sicherheitsforscher hat für verschiedene Verschlüsselungstrojaner Gratis-Entschlüsselungstools veröffentlicht. --------------------------------------------- http://heise.de/-4254364
===================== = Vulnerabilities = =====================
∗∗∗ Sicherheitsupdate, 14.12.18 ∗∗∗ --------------------------------------------- [...] haben wir eine potenzielle Sicherheitsschwachstelle in unserer iCal-Feed-Funktion festgestellt, in dem durch vom Benutzer manuelles Manipulieren von Teilen der Feed-URL es theoretisch möglich gewesen wäre, zufällig auf die iCal-Feeds anderer TimeTac-Benutzer zugreifen zu können. [...] Dieses Problem wurde unmittelbar nach Bekanntwerden durch ein Sicherheitsupdate behoben und bei allen theoretisch betroffenen TimeTac-Kundenkonten ausgerollt. --------------------------------------------- https://support.timetac.com/de/changelog-de/sicherheitsupdate-14-12-18/
∗∗∗ Razer Cortex Debugger Remote Command Execution ∗∗∗ --------------------------------------------- Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on... --------------------------------------------- https://cxsecurity.com/issue/WLB-2018120170
∗∗∗ VMSA-2018-0031 ∗∗∗ --------------------------------------------- vRealize Operations updates address a local privilege escalation vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0031.html
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libapache-mod-jk and sleuthkit), Fedora (kernel, kernel-headers, mbedtls, php, php-symfony, php-symfony3, php-symfony4, and wireshark), openSUSE (pdns, pdns-recursor, and salt), Oracle (firefox and ghostscript), Red Hat (ansible, firefox, ghostscript, and kernel), Scientific Linux (firefox and ghostscript), and SUSE (ovmf). --------------------------------------------- https://lwn.net/Articles/775172/
∗∗∗ Synology-SA-18:61 Magellan ∗∗∗ --------------------------------------------- Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_18_61
∗∗∗ libexif: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1182
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ermöglichen Cross-Site Scripting ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K18-1180
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-cur...
∗∗∗ IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-krb...
∗∗∗ IBM Security Bulletin: A vulnerability in git affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-git...
∗∗∗ IBM Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnu...
∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnu...
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ope...
∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-pyt...
∗∗∗ IBM Security Bulletin: A vulnerability in wpa_supplicant affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-wpa...
∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-a...