[CERT-daily] Tageszusammenfassung - 27.08.2018
Daily end-of-shift report
team at cert.at
Mon Aug 27 18:09:18 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 24-08-2018 18:00 − Montag 27-08-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability ∗∗∗
---------------------------------------------
Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability.
---------------------------------------------
https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnerability/136921/
∗∗∗ Password Protected Word Document Delivers HERMES Ransomware ∗∗∗
---------------------------------------------
Evading AV detection is part of a malware authors routine in crafting spam campaigns and an old and effective way of achieving this is spamming a password protected document. Recently, we observed such a ..
---------------------------------------------
https://trustwave.com/Resources/SpiderLabs-Blog/Password-Protected-Word-Document-Delivers-HERMES-Ransomware/
∗∗∗ Well, cant get hacked if your PC doesnt work... McAfee yanks BSoDing Endpoint Security patch ∗∗∗
---------------------------------------------
Dont install August update, world+dog warned McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their ..
---------------------------------------------
www.theregister.co.uk/2018/08/24/mcafee_blue_screen_of_death/
∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: An own goal and serious foul: Spanish football league’s app turns 10 million users into involuntarily ..
---------------------------------------------
https://securityblog.switch.ch/2018/08/27/a-new-issue-of-our-switch-security-report-is-available-6/
∗∗∗ Schwachstelle Royale: Fortnite-Installer für Android offen für freies Nachladen ∗∗∗
---------------------------------------------
Bei der Android-Version von Fortnite Battle Royale umging Epic Games den Play Store und lieferte einen eigenen Installer – mit gravierender Sicherheitslücke.
---------------------------------------------
http://heise.de/-4145876
∗∗∗ Who’s Behind the Screencam Extortion Scam? ∗∗∗
---------------------------------------------
The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, its likely that additional spammers and scammers piled on with their own versions of the phishing email after ..
---------------------------------------------
https://krebsonsecurity.com/2018/08/whos-behind-the-screencam-extortion-scam/
∗∗∗ Verschlüsselung - Wenn Paypal und Co plötzlich nicht mehr funktionieren ∗∗∗
---------------------------------------------
Mozilla und Google vertrauen Symantec-Zertifikaten in Entwicklungsversionen ihrer Browser nicht mehr
---------------------------------------------
https://derstandard.at/2000086139348/Wenn-Paypal-und-Co-ploetzlich-nicht-mehr-funktionieren
=====================
= Vulnerabilities =
=====================
∗∗∗ Synology-SA-18:50 Drive ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Drive.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_50
∗∗∗ File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-056
∗∗∗ Multiple Cross Site Scripting on FortiCloud Web Interface Login ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-18-026
∗∗∗ Forgot password link doesnt expire after use ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-18-074
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list