[CERT-daily] Tageszusammenfassung - 29.06.2018

Fri Jun 29 18:08:57 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 28-06-2018 18:00 − Freitag 29-06-2018 18:00
Handler:     Olaf Schwarz
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ File-Wiping Malware Placed Inside Gentoo Linux Code After GitHub Account Hack ∗∗∗
---------------------------------------------
An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating systems distributions that would delete user files.
---------------------------------------------
https://www.bleepingcomputer.com/news/linux/file-wiping-malware-placed-inside-gentoo-linux-code-after-github-account-hack/


∗∗∗ Samsung-Smartphones schicken unbemerkt Fotos an Kontakte ∗∗∗
---------------------------------------------
Ein Fehler in Samsung-Handys schickt zufällig verschiedene Fotos an im Telefonbuch gespeicherte Kontakte.
---------------------------------------------
https://futurezone.at/produkte/samsung-smartphones-schicken-unbemerkt-fotos-an-kontakte/400058912


∗∗∗ Überwachungskameras schickten Videos an falsche Nutzer ∗∗∗
---------------------------------------------
Bereits zum zweiten Mal wird ein Fall bekannt, in denen Kameras des Herstellers Swann Security Videobilder an die falschen Nutzer senden.
---------------------------------------------
https://futurezone.at/digital-life/ueberwachungskameras-schickten-videos-an-falsche-nutzer/400059146


∗∗∗ RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique ∗∗∗
---------------------------------------------
Through FireEye Dynamic Threat Intelligence (DTI), we observed RIG Exploit Kit (EK) delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner (similar activity has been reported by Trend Micro). Apart from leveraging a relatively lesser known injection technique, the attack chain has some other interesting properties that we will touch on in this blog post.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2018/06/rig-ek-delivering-monero-miner-via-propagate-injection-technique.html


∗∗∗ Rampage: Neuer Rowhammer-Angriff betrifft alle Android-Handys seit 2011 ∗∗∗
---------------------------------------------
Mit einer neuen Technik lässt sich der Speicher von Android-Geräten manipulieren. Der Angreifer wird so auf die harte Art zum Admin.
---------------------------------------------
http://heise.de/-4094782


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Medtronic MyCareLink Patient Monitor ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for hard-coded password and exposed dangerous method or function vulnerabilities reported in Medtronics MyCareLink Patient Monitors.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01


∗∗∗ VMSA-2018-0016 ∗∗∗
---------------------------------------------
VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0016.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox), Debian (firefox-esr, lava-server, libgcrypt20, mariadb-10.0, and zendframework), Fedora (firefox, podman, webkitgtk4, and xen), openSUSE (procps and unixODBC), Oracle (pki-core), Red Hat (firefox), SUSE (kernel, procps, and tomcat6), and Ubuntu (file and nasm).
---------------------------------------------
https://lwn.net/Articles/758656/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily