[CERT-daily] Tageszusammenfassung - 27.04.2018

Fri Apr 27 18:05:31 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 26-04-2018 18:00 − Freitag 27-04-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ PyRoMine Uses NSA Exploit for Monero Mining and Backdoors ∗∗∗
---------------------------------------------
Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.
---------------------------------------------
http://threatpost.com/pyromine-uses-nsa-exploit-for-monero-mining-and-backdoors/131472/


∗∗∗ Analysis of a Malicious Blackhat SEO Script ∗∗∗
---------------------------------------------
An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+ websites and identified that 44% of all website infection cases were misused for SEO spam campaigns. Once a website has been compromised, attackers often use it to distribute malware, host phishing ..
---------------------------------------------
https://blog.sucuri.net/2018/04/analysis-of-a-malicious-blackhat-seo-script.html


∗∗∗ GravityRAT malware takes your systems temperature ∗∗∗
---------------------------------------------
The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight ..
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/04/gravityrat-malware-takes-your-systems-temperature/


∗∗∗ Phishing für Anspruchsvolle: [A]pache-Kit klont beliebte Online-Shops ∗∗∗
---------------------------------------------
Mitarbeiter des Sicherheitssoftware-Herstellers Check Point haben ein brasilianisches Phishing-Kit unter die Lupe genommen, das zum Abgreifen von Adress- und Kreditkartendaten voll funktionsfähige Marken-Shops imitiert.
---------------------------------------------
https://www.heise.de/meldung/Phishing-fuer-Anspruchsvolle-A-pache-Kit-klont-beliebte-Online-Shops-4036984.html


∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗
---------------------------------------------
Kleinanzeigenportale bieten eine hervorragende Möglichkeit Altes zu Geld zu machen oder das ein oder andere Schnäppchen abzustauben. Die Marktplätze erfreuen sich daher großer Beliebtheit, doch ..
---------------------------------------------
http://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3065&tx_news_pi1[controller]=News&tx_news_pi1[action]=detail&cHash=83ba38cc7f41ea4576f651d91ac36bca


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Delta Electronics PMSoft ∗∗∗
---------------------------------------------
This advisory includes mitigations for multiple stack-based overflow vulnerabilities in Delta Electronics PMSoft, a software development tool.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01


∗∗∗ WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" contains a cross-site scripting vulnerability.
---------------------------------------------
https://jvn.jp/en/jp/JVN08386386/


∗∗∗ WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
The WordPress plugin "WP Google Map Plugin" contains a cross-site scripting vulnerability.
---------------------------------------------
https://jvn.jp/en/jp/JVN01040170/


∗∗∗ WordPress plugin "Events Manager" vulnerable to cross-site scripting ∗∗∗
---------------------------------------------
The WordPress plugin "Events Manager" contains a cross-site scripting vulnerability.
---------------------------------------------
https://jvn.jp/en/jp/JVN85531148/


∗∗∗ Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily