===================== = End-of-Day report = =====================
Timeframe: Freitag 02-08-2019 18:00 − Montag 05-08-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Dragonfly: Neue Sicherheitslücken in Verschlüsselungsstandard WPA3 ∗∗∗ --------------------------------------------- Wie lange ein kryptografisches Verfahren braucht, kann ungewollt Informationen verraten. Mit einer solchen Schwachstelle konnten Forscher Passwörter bei der WLAN-Verschlüsselung WPA3 knacken. --------------------------------------------- https://www.golem.de/news/dragonfly-neue-sicherheitsluecken-in-verschluessel...
∗∗∗ MegaCortex Ransomware Revamps for Mass Distribution ∗∗∗ --------------------------------------------- Manual steps have been replaced by automation. --------------------------------------------- https://threatpost.com/megacortex-ransomware-mass-distribution/146933/
∗∗∗ Combining Low Tech Scams: SMS + SET + Credit Card Harvesting, (Fri, Aug 2nd) ∗∗∗ --------------------------------------------- As Infosec folks, we spend a lot of time on the latest and greatest exploits, attacks and malware - we seem to be (abnormally) driven towards continuing education in our field. This is a great thing, but often we lose sight of the fact that the attackers dont always try so hard. --------------------------------------------- https://isc.sans.edu/diary/rss/25198
∗∗∗ Erpressungstrojaner GermanWiper löscht Daten ∗∗∗ --------------------------------------------- Lösegeld hilft nicht: Wer den GermanWiper aktiviert, dessen Daten werden nicht etwa wiederherstellbar verschlüsselt, sondern endgültig mit Nullen überschrieben. --------------------------------------------- https://heise.de/-4487825
∗∗∗ Say hello to Lord Exploit Kit ∗∗∗ --------------------------------------------- In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-expl...
∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in NVIDIA Windows GPU Display Driver, VMware ESXi, Workstation and Fusion ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion are affected by an out-of-bounds write vulnerability that can be triggered using a specially crafted shader file. This vulnerability can be triggered from a VMware guest, affecting the VMware host, leading to a crash (denial-of-service) of the vmware-vmx.exe process on the host (TALOS-2019-0757). However, when the host/guest systems are using an NVIDIA graphics card, the VMware [...] --------------------------------------------- https://blog.talosintelligence.com/2019/08/nvidia-vmware-gpu-rce-vulnerabili...
===================== = Vulnerabilities = =====================
∗∗∗ VMSA-2019-0012 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities (CVE-2019-5521, CVE-2019-5684) --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0012.html
∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (proftpd-dfsg and vim), Fedora (java-11-openjdk and matrix-synapse), Gentoo (binutils and libpng), Mageia (kernel), and SUSE (openexr and python-Django). --------------------------------------------- https://lwn.net/Articles/795344/
∗∗∗ ZDI-19-687: (0Day) SolarWinds Orion Network Performance Monitor ExecuteExternalProgram Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-687/
∗∗∗ Linux kernel vulnerability CVE-2017-12190 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K93472064
∗∗∗ poppler: Schwachstelle ermöglicht Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0687