[CERT-daily] Tageszusammenfassung - 13.02.2018

Tue Feb 13 18:13:22 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 12-02-2018 18:00 − Dienstag 13-02-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ If You Thought Ransomware was Big, Illegal Crypto-Mining May be Bigger ∗∗∗
---------------------------------------------
There has been an interesting trend if you follow the daily barrage of security breaches, malware, and other ..
---------------------------------------------
https://www.beyondtrust.com/blog/thought-ransomware-big-illegal-crypto-mining-may-bigger/


∗∗∗ Cybersecurity-Experten warnen for Valentinstags-Angeboten ∗∗∗
---------------------------------------------
Der Valentinstag am 14. Februar wird von Cyber-Kriminellen zum Versand von E-Mails mit gefährlichen Sonderangeboten genutzt.
---------------------------------------------
https://futurezone.at/digital-life/cybersecurity-experten-warnen-for-valentinstags-angeboten/400003541


∗∗∗ Security baseline for Office 2016 and Office 365 ProPlus apps – FINAL ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Microsoft Office Professional Plus 2016 and Office 365 ProPlus 2016 apps. There are no changes from the draft ..
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2018/02/13/security-baseline-for-office-2016-and-office-365-proplus-apps-final/


∗∗∗ Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins ∗∗∗
---------------------------------------------
On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks ..
---------------------------------------------
https://blog.sucuri.net/2018/02/unwanted-popups-caused-injectbody-injectscr-plugins.html


∗∗∗ Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1 ∗∗∗
---------------------------------------------
Redmond extends ATP to older builds, adds third-party links Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) antivirus tool from Windows 10 to Windows 7 and 8.1.
---------------------------------------------
www.theregister.co.uk/2018/02/12/microsoft_windows_atp/


∗∗∗ Sicherheitsupdates: Gefährliche Lücken in IBM AIX und Notes ∗∗∗
---------------------------------------------
In AIX von IBM klafft eine kritische Sicherheitslücke. Darüber hinaus stopft ein Update eine Schwachstelle in Notes.
---------------------------------------------
https://www.heise.de/meldung/Sicherheitsupdates-Gefaehrliche-Luecken-in-IBM-AIX-und-Notes-3966859.html?


∗∗∗ Chrome-Security-Chefin: "Wenn Flash entfernt wird, feiern wir eine Party" ∗∗∗
---------------------------------------------
Parisa Tabriz leitet die Elite-Hacker Gruppe Project Zero – sie sagt, dass Phishing eine größere Gefahr für die breite Masse als die Lücken "Meltdown" und Spectre ist
---------------------------------------------
http://derstandard.at/2000073871421


∗∗∗ Olympic Destroyer Takes Aim At Winter Olympics ∗∗∗
---------------------------------------------
This blog post is authored by Warren Mercer and Paul Rascagneres.Update 2/13 08:30 We have updated the information regarding the use of stolen credentialsUpdate 2/12 12:00: We have updated the destructor section with action taken ..
---------------------------------------------
blog.talosintelligence.com/2018/02/olympic-destroyer.html


∗∗∗ Zero-Day in Telegrams Windows Client Exploited for Months ∗∗∗
---------------------------------------------
A zero-day vulnerability impacting Telegram Messenger’s Windows client had been exploited in malicious attacks for months before being discovered and addressed.  read more
---------------------------------------------
https://www.securityweek.com/zero-day-telegrams-windows-client-exploited-months


=====================
=  Vulnerabilities  =
=====================

∗∗∗ [KDE] Plasma Desktop: Arbitrary command execution in the removable device notifier ∗∗∗
---------------------------------------------
When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, its interpreted as a shell command, leaving a possibility of arbitrary commands execution.
---------------------------------------------
https://www.kde.org/info/security/advisory-20180208-2.txt


∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1530

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily