[CERT-daily] Tageszusammenfassung - 20.02.2018

Daily end-of-shift report team at cert.at
Tue Feb 20 18:17:15 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 19-02-2018 18:00 − Dienstag 20-02-2018 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Coldroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years Ago ∗∗∗
---------------------------------------------
Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/


∗∗∗ Pirated Wordpress Add-On makes Websites Distribute Malware ∗∗∗
---------------------------------------------
Wordpress is a popular tool for creating web pages. Numerous extensions make your own programming skills superfluous. However, one should be careful when choosing its extensions.
---------------------------------------------
https://www.gdatasoftware.com/blog/2018/02/30506-wordpress-add-on-malware


∗∗∗ Biggest Crypto Hacking Operation Ever Uncovered ∗∗∗
---------------------------------------------
Hackers are targeting Jenkins CI servers to exploit a vulnerability and secretly mine millions of dollars worth of cryptocurrency.
---------------------------------------------
https://www.htbridge.com/blog/biggest-crypto-hacking-operation-ever-uncovered.html


∗∗∗ Wikipedia Page Review Reveals Minr Malware ∗∗∗
---------------------------------------------
Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the  tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen any new malware using it. It was definitely a surprise for us when approximately 3 months ago we noticed the JJEncode obfuscator was once again in [...]
---------------------------------------------
https://blog.sucuri.net/2018/02/wikipedia-page-review-revealed-minr-malware.html


∗∗∗ Textbombe: Apple räumt verheerenden Fehler mit Update aus ∗∗∗
---------------------------------------------
Neue Versionen von iOS und macOS verfügbar – Zeichenfolge konnte zahlreiche Apps zum Absturz bringen
---------------------------------------------
http://derstandard.at/2000074619775



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9).
---------------------------------------------
https://lwn.net/Articles/747630/


∗∗∗ DFN-CERT-2018-0340: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0340/


∗∗∗ IBM Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by the Following OpenSSL Vulnerabilities (CVE-2017-3637, CVE-2017-3737, CVE-2017-3738) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013705


∗∗∗ JSA10843 - 2018-02 Security Bulletin: AppFormix: Debug Shell Command Execution in AppFormix Agent (CVE-2018-0015) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10843&actp=RSS

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list