[CERT-daily] Tageszusammenfassung - 15.06.2018

Fri Jun 15 18:20:09 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-06-2018 18:00 − Freitag 15-06-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Kaspersky Halts Europol and NoMoreRansom Project Coop After EU Parliament Vote ∗∗∗
---------------------------------------------
Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament today.
---------------------------------------------
https://www.bleepingcomputer.com/news/government/kaspersky-halts-europol-and-nomoreransom-project-coop-after-eu-parliament-vote/


∗∗∗ Decryptor Released for the Everbe Ransomware ∗∗∗
---------------------------------------------
A decryptor for the Everbe Ransomware was released by Michael Gillespie that allows victims to get their files back for free. It is not known how this ransomware is currently being distributed, but as long as victims have an unencrypted version of an encrypted file, they can use them to brute force the decryption key.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-everbe-ransomware/


∗∗∗ Mechanics Behind Ransomware-as-a-Service ∗∗∗
---------------------------------------------
Ransomware is an increasingly serious concern, and this problem is getting worse over time. Initially, this malware began to compromise fixed targets such as individuals, but now the focus has changed and became much broader — from individuals to organizations. 
---------------------------------------------
https://resources.infosecinstitute.com/mechanics-behind-ransomware-as-a-service/


∗∗∗ Old Botnets never Die, and DDG REFUSE to Fade Away ∗∗∗
---------------------------------------------
DDG is a mining botnet that specializes in exploiting SSH, Redis database and OrientDB database servers. We first caught it on October 25, 2017, at that time, DDG used version number 2020 and 2021, and we noticed that the botnet has two internally reserved domain names that had not been [...]
---------------------------------------------
http://blog.netlab.360.com/old-botnets-never-die-and-ddg-refuse-to-fade-away-en/


∗∗∗ Spectre-NG: Harte Kritik von OpenBSD-Entwickler Theo de Raadt ∗∗∗
---------------------------------------------
Die Veröffentlichung des jüngsten Spectre-NG-Bugs wurde hektisch vorgezogen, nachdem Theo de Raadt die Informationspolitik von Intel kritisierte.
---------------------------------------------
http://heise.de/-4078903


∗∗∗ 5 Millionen Mal heruntergeladen: Bösartige Docker-Container schürfen Monero ∗∗∗
---------------------------------------------
Zehn Monate lang waren Docker-Images mit Hintertür über Docker Hub verfügbar, obwohl die Verantwortlichen längst über den Schadcode informiert waren.
---------------------------------------------
http://heise.de/-4079414


∗∗∗ Unintended Clipboard Paste Function in Windows 10 Leads to Information Leak in RS1 ∗∗∗
---------------------------------------------
The McAfee Labs Advanced Threat Research team has been investigating the Windows 10 platform. We have submitted several vulnerabilities already and have disclosed our research to Microsoft. Please refer to our vulnerability disclosure policy for further details or the post from earlier this week on Windows 10 Cortana vulnerabilities.
---------------------------------------------
https://securingtomorrow.mcafee.com/mcafee-labs/unintended-clipboard-paste-function-in-windows-10-leads-to-information-leak-in-rs1/


∗∗∗ Fake Font Dropper ∗∗∗
---------------------------------------------
A website owner reached out to us to investigate a weird behavior on their site. It was randomly showing a popup window for a missing font and telling the visitors that they are unable to view the content of the site because their own computers are missing a required font by the website called "HoeflerText", [...]
---------------------------------------------
http://labs.sucuri.net/?note=2018-06-14


∗∗∗ Totally Pwning the Tapplock (the API way) ∗∗∗
---------------------------------------------
An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas (@evstykas) has found a way to unlock any lock, plus scrape users PII and home addresses.
---------------------------------------------
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-the-api-way/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Natus Xltek NeuroWorks ∗∗∗
---------------------------------------------
This medical device advisory includes mitigations for stack-based buffer overflow and out-of-bounds read vulnerabilities in the Natus Xltek NeuroWorks software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01


∗∗∗ Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for a permissions, privileges, and access controls vulnerability reported in Siemens SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-165-01


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (plexus-archiver), Fedora (chromium, kernel, and plexus-archiver), Mageia (firefox, gifsicle, jasper, leptonica, patch, perl-DBD-mysql, qt3, and scummvm), openSUSE (opencv), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (gpg2, nautilus, and postgresql96), and Ubuntu (gnupg2 and linux-raspi2).
---------------------------------------------
https://lwn.net/Articles/757610/


∗∗∗ Cisco IP Phone 7800 Series and 8800 Series Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ip-phone-dos


∗∗∗ [R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2018-09

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily