===================== = End-of-Day report = =====================
Timeframe: Donnerstag 01-02-2018 18:00 − Freitag 02-02-2018 18:00 Handler: Alexander Riepl Co-Handler: Nina Bieringer
===================== = News = =====================
∗∗∗ Crypto Miners May Be the 'New Payload of Choice' for Attackers ∗∗∗ --------------------------------------------- Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware. --------------------------------------------- http://threatpost.com/crypto-miners-may-be-the-new-payload-of-choice-for-att...
∗∗∗ Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd) ∗∗∗ --------------------------------------------- Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Janes 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body. --------------------------------------------- https://isc.sans.edu/diary/rss/23305
∗∗∗ Multiple Vulnerabilities in WD MyCloud ∗∗∗ --------------------------------------------- While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilities...
∗∗∗ There is no evidence in-the-wild malware is using Meltdown or Spectre ∗∗∗ --------------------------------------------- Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose. --------------------------------------------- https://www.virusbulletin.com:443/blog/2018/02/there-no-evidence-wild-malwar...
∗∗∗ Service-Router von Cisco können sich an IPv6-Paketen verschlucken ∗∗∗ --------------------------------------------- Ein Sicherheitsupdate schließt eine DoS-Schwachstelle in Cisco ASR 9000. --------------------------------------------- https://www.heise.de/security/meldung/Service-Router-von-Cisco-koennen-sich-...
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (systemd and thunderbird), Debian (squid and squid3), Fedora (firefox), Mageia (java-1.8.0-openjdk and sox), openSUSE (ecryptfs-utils and libXfont), Oracle (systemd and thunderbird), Scientific Linux (thunderbird), and Ubuntu (dovecot and w3m). --------------------------------------------- https://lwn.net/Articles/746326/rss
===================== = Vulnerabilities = =====================
∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar ∗∗∗ --------------------------------------------- "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar 1. Februar 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-4878 Es ist noch keine entsprechend gefixte Version verfügbar - Adobe hat eine solche für nächste Woche (beginnend mit 5. Februar 2018) in Aussicht --------------------------------------------- http://www.cert.at/warnings/all/20180201.html
∗∗∗ IBM Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012719
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Kernel, libvirt and qemu-kvm affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012641