[CERT-daily] Tageszusammenfassung - 20.04.2018

Daily end-of-shift report team at cert.at
Fri Apr 20 18:18:45 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 19-04-2018 18:00 − Freitag 20-04-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Patschn am Patscherkofel ∗∗∗
---------------------------------------------
Nachdem einige Medien über einen Vorfall berichten, bei dem auch wir involviert waren, will ich hier ein paar Fakten klarstellen: Wir bekommen immer wieder von Researchern - und da ist die "Internetwache" nur einer unter vielen - Hinweise zu konkreten Sicherheitsproblemen im österreichischen Internet. Unsere Rolle hier ist, diese Meldungen (auf Wunsch anonymisiert) an die Betroffenen weiterzuleiten und dort für die entsprechende [...]
---------------------------------------------
http://www.cert.at/services/blog/20180420131015-2180.html


∗∗∗ Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training ∗∗∗
---------------------------------------------
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
---------------------------------------------
https://www.darkreading.com/careers-and-people/firms-more-likely-to-tempt-security-pros-with-big-salaries-than-invest-in-training/d/d-id/1331605


∗∗∗ First Public Demo of Data Breach via IoT Hack Comes to RSAC ∗∗∗
---------------------------------------------
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
---------------------------------------------
https://www.darkreading.com/vulnerabilities---threats/first-public-demo-of-data-breach-via-iot-hack-comes-to-rsac/d/d-id/1331588


∗∗∗ Doctor Web: a Trojan on Google Play subscribes users to paid services ∗∗∗
---------------------------------------------
April 16, 2018 Doctor Web virus analysts have detected a Trojan Android.Click.245.origin on Google Play. When ordered by cybercriminals, it loads websites where users are tricked into subscribing to paid content services. In some cases the subscription is executed automatically when users click on a fake "download program" button. Cybercriminals distributed Android.Click.245.origin on behalf of developer Roman Zencov and disguised the Trojan as popular applications.
---------------------------------------------
https://news.drweb.com/show/?i=12540&lng=en&c=9


∗∗∗ Introducing Windows Defender System Guard runtime attestation ∗∗∗
---------------------------------------------
At Microsoft, we want users to be in control of their devices, including knowing the security health of these devices. If important security features should fail, users should be aware. Windows Defender System Guard runtime attestation, a new Windows platform security technology, fills this need. In Windows 10 Fall Creators Update, we reorganized all system [...]
---------------------------------------------
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/


∗∗∗ NCSC publishes factsheet on considerations and preconditions for the deployment of TLS interception ∗∗∗
---------------------------------------------
TLS interception makes encrypted connections within the network of an organisation accessible for inspection. The use of this technical measure should be carefully considered in the light of additional risks and should meet a number of important preconditions.
---------------------------------------------
https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-on-considerations-and-preconditions-for-the-deployment-of-tls-interception.html


∗∗∗ Botnet Muhstik is Actively Exploiting Drupal CVE-2018-7600 in a Worm Style ∗∗∗
---------------------------------------------
On March 28, 2018, drupal released a patch for CVE-2018-7600. Drupal is an open-source content management system written in PHP, quite popular in many sites to provide web service. This vulnerability exists in multiple drupal versions, which may be exploited by an attacker to take full control of the target.
---------------------------------------------
http://blog.netlab.360.com/botnet-muhstik-is-actively-exploiting-drupal-cve-2018-7600-in-a-worm-style-en/


∗∗∗ XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing ∗∗∗
---------------------------------------------
We have been detecting a new wave of network attacks since early March, which, for now, are targeting Japan, Korea, China, Taiwan, and Hong Kong. The attacks use Domain Name System (DNS) cache poisoning/DNS spoofing, possibly through infringement techniques such as brute-force or dictionary attacks, to distribute and install malicious Android apps. Trend Micro detects these as ANDROIDOS_XLOADER.HRX. These malware pose as legitimate Facebook or Chrome applications. They are distributed from [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/a9ANfAHCd0c/


∗∗∗ iPhone-Unlock-Tool GrayKey: Apple streicht Gegenmittel aus iOS 11.3 ∗∗∗
---------------------------------------------
iOS 11.3 sollte es eigentlich schwerer machen, iPhone-Daten über eine Kabelverbindung auszulesen. Die wichtige Sicherheitsfunktion fehlt jedoch in der finalen Fassung, sodass sich Entsperr-Tools wie GrayKey offenbar weiter ungehindert einsetzen lassen.
---------------------------------------------
https://www.heise.de/-4027793


∗∗∗ Android: Google Safe Browsing schützt nun auch WebView in Apps ∗∗∗
---------------------------------------------
Google Safe Browsing schützt Chrome-Nutzer vor schädlichen Webseiten, Malware und Phishing-Attacken. Künftig ist der Schutzmechanismus auch in Android-WebView standardmäßig aktiv.
---------------------------------------------
https://www.heise.de/-4028504


∗∗∗ When BEC scammers specialize ∗∗∗
---------------------------------------------
A group of BEC scammers has been focusing its efforts on the global maritime shipping industry, compromising emails accounts and attempting to trick targets into delivering considerable sums to bank accounts set up by the group. Secureworks researchers have been tracking the group's activities for quite a while and have been warning the targets. They estimate that between June 2017 and January 2018, the scammers attempted to steal a minimum of $3.9 million U.S. dollars [...]
---------------------------------------------
https://www.helpnetsecurity.com/2018/04/20/bec-scammers-specialize/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Siemens SIMATIC WinCC OA Operator IOS App ∗∗∗
---------------------------------------------
This advisory includes mitigations for a file and directory information exposure vulnerability identified in the Siemens WinCC OA iOS App.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-109-01


∗∗∗ Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Login screen of the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn


∗∗∗ VMSA-2018-0010 ∗∗∗
---------------------------------------------
Horizon DaaS update addresses a broken authentication issue
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0010.html


∗∗∗ Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader ∗∗∗
---------------------------------------------
Talos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Update to the current version of Foxit PDF Reader.
---------------------------------------------
https://blog.talosintelligence.com/2018/04/multiple-vulns-foxit-pdf-reader.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libreoffice and mysql-5.5), Fedora (corosync), Oracle (java-1.8.0-openjdk), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), and Ubuntu (openssl).
---------------------------------------------
https://lwn.net/Articles/752405/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list