[CERT-daily] Tageszusammenfassung - 18.07.2018

Wed Jul 18 18:11:10 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 17-07-2018 18:00 − Mittwoch 18-07-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Open MongoDB Database Exposes Mobile Games Money Laundering Operation ∗∗∗
---------------------------------------------
The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/open-mongodb-database-exposes-mobile-games-money-laundering-operation/


∗∗∗ Microsoft launches Identity Bounty program ∗∗∗
---------------------------------------------
Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer’s digital identity is often the key to accessing services and interacting across the internet. Microsoft ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2018/07/17/microsoft-launches-identity-bounty-program/


∗∗∗ The SIM Hijackers ∗∗∗
---------------------------------------------
Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their ..
---------------------------------------------
https://yro.slashdot.org/story/18/07/18/0554224/the-sim-hijackers


∗∗∗ How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:The Growth of Miners ∗∗∗
---------------------------------------------
Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and services. Many actors have also attempted to capitalize on the growing ..
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-crime-growth-of-miners.html


∗∗∗ Critical Patch Update: Oracle wirft Paket mit 334 Sicherheitspatches ab ∗∗∗
---------------------------------------------
In Software von Oracle klaffen unter anderem kritische Sicherheitslücken. Das Quartalsupdate bringt jede Menge Sicherheitspatches.
---------------------------------------------
http://heise.de/-4113523


∗∗∗ TeamViewer hält Zugangspasswort im Speicher vor ∗∗∗
---------------------------------------------
Das Fernwartungs-Tool TeamViewer soll es Angreifern leichter machen als nötig. Forschern zufolge hält es in seinem Speicher das Passwort im Klartext vor.
---------------------------------------------
http://heise.de/-4115023


=====================
=  Vulnerabilities  =
=====================


∗∗∗ ABB Panel Builder 800 ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for an improper input validation vulnerability in the ABB Panel Builder 800.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01


∗∗∗ DSA-4248 blender - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4248


∗∗∗ Critical Patch Update - July 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html


∗∗∗ Oracle Linux Bulletin - July 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2018-4956455.html


∗∗∗ Oracle VM Server for x86 Bulletin - July 2018 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2018-4956456.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily