===================== = End-of-Day report = =====================
Timeframe: Mittwoch 24-10-2018 18:00 − Donnerstag 25-10-2018 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting ∗∗∗ --------------------------------------------- The sLoad downloader is an example of the stealthy, smart malware trend. --------------------------------------------- https://threatpost.com/sload-banking-trojan-downloader-displays-sophisticate...
∗∗∗ Magecart Cybergang Targets 0days in Third-Party Magento Extensions ∗∗∗ --------------------------------------------- Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign. --------------------------------------------- https://threatpost.com/magecart-cybergang-targets-0days-in-third-party-magen...
∗∗∗ BSI-Mindeststandard zur Protokollierung und Detektion von Cyber-Angriffen ∗∗∗ --------------------------------------------- Cyber-Angriffe auf die IT-Systeme der Bundesverwaltung finden täglich statt. Neben ungezielten Massenangriffen sind die Netze des Bundes auch gezielten Angriffskampagnen ausgesetzt. Um die Detektion von Cyber-Angriffen zu verbessern, hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) einen Mindeststandard zur Protokollierung und der darauf basierenden Erkennung von Cyber-Angriffen definiert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Mindeststand...
∗∗∗ EU-Kommission will Zertifizierung für sichere Internetgeräte schaffen ∗∗∗ --------------------------------------------- Die EU arbeitet an einer Verordnung zur Sicherheitszertifizierung, die insbesondere die Geräte im Internet of Things in den Blick nimmt. --------------------------------------------- http://heise.de/-4202642
∗∗∗ Sicherheitsupdate: Gefährliche Lücke in Cisco Webex Meetings ∗∗∗ --------------------------------------------- Angreifer könnten den Update-Mechanismus von Webex missbrauchen, um eigenen Code auszuführen. Ein Sicherheitsupdate schließt die Schwachstelle. --------------------------------------------- http://heise.de/-4202886
∗∗∗ Gandcrab: Aktualisiertes Entschlüsselungstool für Erpressungstrojaner ∗∗∗ --------------------------------------------- Opfer der Ransomware Gandcrab in den Versionen 1, 4 und 5 können ihre Daten nun kostenlos entschlüsseln. --------------------------------------------- http://heise.de/-4203283
∗∗∗ Sextortion emails: They're probably not watching you ∗∗∗ --------------------------------------------- Yes, those sextortion email scams using old passwords are still making the rounds. How can you spot a real sextortion attempt from an empty threat? And when should you report to authorities? Read on to find out. --------------------------------------------- https://blog.malwarebytes.com/101/2018/10/sextortion-emails-theyre-probably-...
===================== = Vulnerabilities = =====================
∗∗∗ Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-...
∗∗∗ Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled ∗∗∗ --------------------------------------------- When running HVM guests, virtual extensions are enabled in hardware because Xen is using them. As a result, a guest can blindly execute the virtualisation instructions, and will exit to Xen for processing. --------------------------------------------- https://lists.xenproject.org/archives/html/xen-announce/2018-10/msg00000.htm...
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (389-ds-base, clamav, firefox-esr, and mosquitto), openSUSE (Chromium and firefox), Oracle (firefox and kernel), Red Hat (chromium-browser, firefox, java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), SUSE (dom4j, exempi, mercurial, ntp, python-cryptography, tiff, tomcat, and webkit2gtk3), and Ubuntu (audiofile and firefox). --------------------------------------------- https://lwn.net/Articles/769529/
∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2018-15473) Security Bulletin ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10733751
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Image for Red Hat Linux Systems on IBM PureApplication ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728607
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10732846
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Admin Console affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1770, CVE-2018-1777) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10737065
∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=ibm10735863
∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10728649
∗∗∗ IBM Security Bulletin : IBM Storwize V7000 Unified is affected by multiple GSKit vulnerabilities in GPFS ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=ibm10734249
∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by multiple vulnerabilities in GSKit ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22016890
∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow some server-side code injection (CVE-2018-1808) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ibm10735905
∗∗∗ Reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41704442
Next End-of-Day report: 2018-10-29