[CERT-daily] Tageszusammenfassung - 20.08.2018

Mon Aug 20 18:25:27 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 17-08-2018 18:00 − Montag 20-08-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ The Week in Ransomware - August 17th 2018 - Princess Evolution & Dharma ∗∗∗
---------------------------------------------
The biggest news was the release of the Princess Evolution RaaS and a new variant of the Dharma ransomware utilizing the .cmb extension for encrypted files. Otherwise, it was mostly small variants released that will not likely have many victims.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-17th-2018-princess-evolution-and-dharma/


∗∗∗ New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles ∗∗∗
---------------------------------------------
A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-variant-tries-its-best-to-close-all-file-handles/


∗∗∗ New "Turning Tables" Technique Bypasses All Windows Kernel Mitigations ∗∗∗
---------------------------------------------
Security researchers have discovered a new exploitation technique that they say can bypass the kernel protection measures present in the Windows operating systems.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-turning-tables-technique-bypasses-all-windows-kernel-mitigations/


∗∗∗ Malspam Campaign Targets Banks Using Microsoft Publisher ∗∗∗
---------------------------------------------
Its very unusual for malware authors to utilize publishing software like Microsoft Publisher which is mainly used for fancy documents and desktop publishing tasks. So when we saw an email sample with a .pub attachment (Microsoft Office Publisher file) and [...]
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Malspam-Campaign-Targets-Banks-Using-Microsoft-Publisher/


∗∗∗ Fake Plugins with Popuplink.js Redirect to Scam Sites ∗∗∗
---------------------------------------------
Since July, we've been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin that has been called either "index" or "wp_update", and a malicious popuplink.js file.
---------------------------------------------
https://blog.sucuri.net/2018/08/fake-plugins-with-popuplink-js-redirect-to-scam-sites.html


∗∗∗ Fax-Lücke in HP-Druckern: Mac-Nutzer weiter angreifbar ∗∗∗
---------------------------------------------
Firmware-Updates für eine schwere Lücke in seinen Multifunktionsdruckern liefert Hewlett-Packard zum Teil nur für Windows. Es gibt aber Abhilfe.
---------------------------------------------
http://heise.de/-4141384


∗∗∗ Firefox-Add-on "Web Security": Entwickler räumen Fehler ein ∗∗∗
---------------------------------------------
Das Firefox-Add-on "Web Security" sammelte zu viele Daten und übertrug sie unverschlüsselt. Das war ein Fehler, räumen die Entwickler ein und geloben Besserung.
---------------------------------------------
http://heise.de/-4141593


∗∗∗ Banker Trojan, "TrickBot", is preparing for the next global outbreak by using new techniques ∗∗∗
---------------------------------------------
Recently, 360 Security Center detected a new variant of "TrickBot" banker Trojan. Compared to the previous "TrickBot", the functions of the latest "TrickBot" are all [...]
---------------------------------------------
https://blog.360totalsecurity.com/en/banker-trojan-trickbot-is-preparing-for-the-next-global-outbreak-by-using-new-techniques/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (confuse, jetty9, kamailio, kernel, libxcursor, and mutt), Fedora (blktrace, docker-latest, libgit2, and yubico-piv-tool), Mageia (chromium-browser-stable, flash-player-plugin, kernel, kernel-linus, kernel-tmb, microcode, openslp, and wpa_supplicant), openSUSE (apache2, curl, GraphicsMagick, perl-Archive-Zip, and xen), Oracle (kernel and mariadb), Red Hat (rh-postgresql95-postgresql), Slackware (ntp and samba), SUSE (apache2, curl, kernel, [...]
---------------------------------------------
https://lwn.net/Articles/763045/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016776


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a systemd vulnerability (CVE-2018-1049) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10728209


∗∗∗ Linux kernel vulnerability (FragmentSmack) CVE-2018-5391 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K74374841


∗∗∗ HPESBHF03850 rev.5 - Certain HPE Products using Intel-based Processors, Local Disclosure of Information, Speculative Execution Side Channel Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily