[CERT-daily] Tageszusammenfassung - 04.07.2018

Daily end-of-shift report team at cert.at
Wed Jul 4 18:48:42 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 03-07-2018 18:00 − Mittwoch 04-07-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Malware Authors Seem Intent on Weaponizing Windows SettingContent-ms Files ∗∗∗
---------------------------------------------
Malware authors are frantically trying to weaponize a new infection vector that was revealed at the start of June. The trick relies on using Windows Settings (.SettingContent-ms) shortcut files in order to achieve ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malware-authors-seem-intent-on-weaponizing-windows-settingcontent-ms-files/


∗∗∗ Lücken in Provider-Routern entdeckt ∗∗∗
---------------------------------------------
Durch Lücken in Routern des Herstellers ADB kann sich ein Angreifer Root-Rechte verschaffen. Das kann auch für die Provider zum Problem werden.
---------------------------------------------
http://heise.de/-4099449


∗∗∗ Phishing tales: Microsoft Access Macro (.MAM) shortcuts ∗∗∗
---------------------------------------------
Previously, I blogged about the ability to create malicious .ACCDE Microsoft Access Database files and using them as a phishing vector. This post expands on using the ACCDE format and will be introducing Microsoft Access Macro “MAM” ..
---------------------------------------------
https://posts.specterops.io/phishing-tales-microsoft-access-macro-mam-shortcuts-c0bc3f90ed62


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Rockwell Automation Allen-Bradley Stratix 5950 ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper input validation, improper certificate validation, and resource management error vulnerabilities in the Allen-Bradley Stratix 5950 security appliance.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01


∗∗∗ Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/


∗∗∗ Authorization Bypass in all ADB Broadband Gateways / Routers ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/


∗∗∗ Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/


∗∗∗ Security vulnerabilities fixed in Thunderbird 52.9 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list