[CERT-daily] Tageszusammenfassung - 18.04.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 17-04-2018 18:00 − Mittwoch 18-04-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Android: Google integriert sichere DNS-Abfrage in Android P ∗∗∗
---------------------------------------------
In der kommenden Android-Version mit dem Anfangsbuchstaben P führt Google DNS over TLS ein. Damit würden DNS-Abfragen über einen sicheren Kanal erfolgen. Nutzer können in den Einstellungen auch einen eigenen Hostnamen eingeben oder die Funktion abstellen.
---------------------------------------------
https://www.golem.de/news/android-google-integriert-sichere-dns-abfrage-in-android-p-1804-133916-rss.html


∗∗∗ Leaking ads ∗∗∗
---------------------------------------------
We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relehttps://www.heise.de/security/meldung/Critical-Patch-Update-Oracle-will-mit-254-Updates-die-Sicherheit-steigern-4026726.htmlvant ads, but often fail to protect that data when sending it to their servers.
---------------------------------------------
http://securelist.com/leaking-ads/85239/


∗∗∗ Malicious Activities with Google Tag Manager ∗∗∗
---------------------------------------------
If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say "yes" or even "absolutely". But when malicious behavior ensues, everything should be double-checked and suspected, even assets that come from "trusted sources" like Google, Facebook, and Youtube. In the past, we saw how adsense was abused with a malvertising campaign. Even more recently, we saw how attackers injected malware that called [...]
---------------------------------------------
https://blog.sucuri.net/2018/04/malicious-activities-google-tag-manager.html


∗∗∗ Critical Patch Update: Oracle will mit 254 Updates die Sicherheit steigern ∗∗∗
---------------------------------------------
Oracle hangelt sich durch sein Software-Portfolio und schließt zum Teil äußerst kritische Sicherheitslücken. Admins sollten jetzt handeln.
---------------------------------------------
https://heise.de/-4026726


∗∗∗ Chrome 66 warnt vor Webseiten mit Symantec-Zertifikaten ∗∗∗
---------------------------------------------
Die aktuelle Version des Webbrowser Chrome vertraut ab sofort einigen TLS-Zertifikaten von Symantec nicht mehr. Das ist ein weiterer Schritt von Google gegen die Zertifizierungsstelle.
---------------------------------------------
https://www.heise.de/-4026854


∗∗∗ Erpressungstrojaner XiaoBa verwandelt sich in Krypto-Miner ∗∗∗
---------------------------------------------
Die Malware-Autoren des Verschlüsselungstrojaners XiaoBa schwenken um und wollen statt der Erpressung von Lösegeld nun Kryptogeld auf infizierten Computern schürfen. Doch dabei läuft noch nicht alles rund.
---------------------------------------------
https://www.heise.de/-4026455


∗∗∗ Cryptominers displace ransomware as the number one threat ∗∗∗
---------------------------------------------
During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware as the number one threat, Comodo's Global Malware Report Q1 2018 has found. Another surprising finding: Altcoin Monero became the leading target for cryptominers' malware, replacing Bitcoin. The surge of cryptominers For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users' computers to mine cryptocurrencies
---------------------------------------------
https://www.helpnetsecurity.com/2018/04/18/q1-2018-malware-trends/


∗∗∗ PBot: a Python-based adware ∗∗∗
---------------------------------------------
Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2018/04/pbot-python-based-adware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (freeplane and jruby), Fedora (kernel and python-bleach), Gentoo (evince, gdk-pixbuf, and ncurses), openSUSE (kernel), Oracle (gcc, glibc, kernel, krb5, ntp, openssh, openssl, policycoreutils, qemu-kvm, and xdg-user-dirs), Red Hat (corosync, glusterfs, kernel, and kernel-rt), SUSE (openssl), and Ubuntu (openssl and perl).
---------------------------------------------
https://lwn.net/Articles/752183/


∗∗∗ Abbott Laboratories Defibrillator ∗∗∗
---------------------------------------------
This medical advisory includes mitigations for improper authentication and improper restriction of power consumption vulnerabilities identified in Abbott Laboratories defibrillators.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-107-01


∗∗∗ Schneider Electric Triconex Tricon ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer vulnerabilities in Schneider Electrics Triconex Tricon safety instrumented system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02


∗∗∗ Rockwell Automation Stratix Services Router ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper input validation, improper restriction of operations, and use of externally-controlled format string vulnerabilities in the Rockwell Automation Stratix 5900 router.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03


∗∗∗ Rockwell Automation Stratix and ArmorStratix Switches ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper improper input validation, resource management, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Allen-Bradley Stratix and ArmorStratix Switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04


∗∗∗ Rockwell Automation Stratix Industrial Managed Ethernet Switch ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper imput validation, resource managment, 7PK, memory buffer and externally-controlled format string vulnerabilities in Rockwell Automations Stratix Industrial Managed Switch.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05


∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Inputhub Driver of Huawei Smart Phone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180418-02-smartphone-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily