[CERT-daily] Tageszusammenfassung - 02.07.2018

Daily end-of-shift report team at cert.at
Mon Jul 2 18:10:08 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 29-06-2018 18:00 − Montag 02-07-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses ∗∗∗
---------------------------------------------
While we have covered cryptocurrency clipboard hijackers in the past, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses. This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses!
---------------------------------------------
https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/


∗∗∗ DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident ∗∗∗
---------------------------------------------
The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/dns-poisoning-or-bgp-hijacking-suspected-behind-trezor-wallet-phishing-incident/


∗∗∗ Newer Diameter Telephony Protocol Just As Vulnerable As SS7 ∗∗∗
---------------------------------------------
Security researchers say the Diameter protocol used with todays 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/newer-diameter-telephony-protocol-just-as-vulnerable-as-ss7/


∗∗∗ Taking apart a double zero-day sample discovered in joint hunt with ESET ∗∗∗
---------------------------------------------
In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherpanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same Read more
---------------------------------------------
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/


∗∗∗ Boffins want to stop Network Time Protocols time-travelling exploits ∗∗∗
---------------------------------------------
Ancient protocols key vulnerability is fixable Among the many problems that exist in the venerable Network Time Protocol is its vulnerability to timing attacks: turning servers into time-travellers can play all kinds of havoc with important systems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2018/07/02/ntp_revision_to_end_timing_attacks/


∗∗∗ The principle of least privilege: A strategy of limiting access to what is essential ∗∗∗
---------------------------------------------
The principle of least privilege is a security strategy applicable to different areas, which is based on the idea of only granting those permissions that are necessary for the performance of a certain activity
---------------------------------------------
https://www.welivesecurity.com/2018/07/02/principle-least-privilege-strategy/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium-browser, mosquitto, python-pysaml2, simplesamlphp, tiff, and tomcat7), Fedora (kernel, libgxps, nodejs, and phpMyAdmin), Mageia (ansible, firefox, java-1.8.0-openjdk, libcrypt, libgcrypt, ncurses, phpmyadmin, taglib, and webkit2), openSUSE (GraphicsMagick, ImageMagick, mailman, Opera, and rubygem-sprockets), and SUSE (ImageMagick, kernel, mariadb, and python-paramiko).
---------------------------------------------
https://lwn.net/Articles/758845/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list