[CERT-daily] Tageszusammenfassung - 04.09.2018

Tue Sep 4 18:08:52 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 03-09-2018 18:00 − Dienstag 04-09-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Thousands of Compromised MikroTik Routers Send Traffic to Attackers ∗∗∗
---------------------------------------------
Attackers compromising MikroTik routers have configured the devices to forward network traffic to a handful of IP addresses under their control.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/thousands-of-compromised-mikrotik-routers-send-traffic-to-attackers/


∗∗∗ New Banking Trojan Poses As A Security Module ∗∗∗
---------------------------------------------
A newly discovered banking Trojan departs from the regular tactics observed by malware researchers by choosing visible installation and by adding social engineering components.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-banking-trojan-poses-as-a-security-module/


∗∗∗ Credit card gobbling code found piggybacking on ecommerce sites ∗∗∗
---------------------------------------------
Be careful! If crooks can upload malicious JavaScript to your ecommerce server, then youre helping the them rip off your own customers.
---------------------------------------------
https://nakedsecurity.sophos.com/2018/09/04/credit-card-gobbling-code-found-piggybacking-on-ecommerce-sites/


∗∗∗ You cant contain me! :: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows ∗∗∗
---------------------------------------------
I have been continuing my journey of searching for windows breakout vulnerabilities in popular applications and one that I discovered in March I found interesting enough to share. Whilst kernel vulnerabilities are fun to discover, there are many core windows and third party applications that are fundamentally broken in regards to logic [...]
---------------------------------------------
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html


∗∗∗ Googles Doors Hacked Wide Open By Own Employee ∗∗∗
---------------------------------------------
Last July, in Google’s Sunnyvale offices, a hacker found a way to trick doors into opening without the requisite RFID keycard. Luckily for Google, it was David Tomaschik, an employee at the tech giant, who only had good intentions.
---------------------------------------------
https://www.forbes.com/sites/thomasbrewster/2018/09/03/googles-doors-hacked-wide-open-by-own-employee/amp/


∗∗∗ Erpressungstrojaner Gandcrab verbreitet sich über gefälschte Bewerbungsmails ∗∗∗
---------------------------------------------
Momentan sind vermehrt Fake-Bewerbungen als Mail in Umlauf, die einen gefährlichen Trojaner als Dateianhang haben.
---------------------------------------------
http://heise.de/-4154167


∗∗∗ Sicherheitsforscher warnt vor Browser-Angriffen auf dem Mac ∗∗∗
---------------------------------------------
Mittels URL-Schemata ist es unter macOS möglich, Programme zu aktivieren, die ein Nutzer nicht ausgelöst haben möchte.
---------------------------------------------
http://heise.de/-4154059


∗∗∗ Of ML and malware: What’s in store? ∗∗∗
---------------------------------------------
All things labeled Artificial Intelligence (AI) or Machine Learning (ML) are making waves, but talk of them in cybersecurity contexts often muddies the waters. A new ESET white paper sets out to bring some clarity to a subject where confusion often reigns supreme The post Of ML and malware: What’s in store? appeared first on WeLiveSecurity
---------------------------------------------
https://www.welivesecurity.com/2018/09/04/ml-malware-whats-in-store/


∗∗∗ Gefälschte Microsoft-Nachricht im Umlauf ∗∗∗
---------------------------------------------
Datendiebe versenden eine gefälschte Microsoft-Nachricht. Darin behaupten sie, dass das E-Mailkonto von Empfänger/innen gesperrt sei. Damit Nutzer/innen wieder auf ihr Postfach zugreifen können, sollen sie ihre Identität auf einer unbekannten Website bestätigen. Das führt zur Datenübermittlung an Kriminelle. Diese können dadurch Verbrechen unter dem Namen ihrer Opfer begehen.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-microsoft-nachricht-im-umlauf/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Lenovo Computer: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
Es existiert eine Schwachstelle in Lenovo Computern mit Intel Prozessoren und Intel Optane Speichermodulen bezüglich der Festplattenverschlüsselung. Wenn die Optane Speichermodule konfiguriert werden, bevor die Festplattenverschlüsselung aktiviert wird, bleiben Teile des Speichers unverschlüsselt.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2018/09/warnmeldung_tw-t18-0123.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (ImageMagick, libressl, postgresql10, spice, and spice-gtk), Red Hat (collectd, kernel, Red Hat Gluster Storage, Red Hat Virtualization, RHGS WA, rhvm-appliance, and samba), and SUSE (crowbar, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, kernel, spice, and spice-gtk).
---------------------------------------------
https://lwn.net/Articles/764130/


∗∗∗ Red Hat Gluster Storage, collectd: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1787/


∗∗∗ Red Hat Gluster Storage, Samba: Mehrere Schwachstellen ermöglichen u. a. die Manipulation von Dateien ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1786/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily