[CERT-daily] Tageszusammenfassung - 28.09.2018

Daily end-of-shift report team at cert.at
Fri Sep 28 18:06:08 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 27-09-2018 18:00 − Freitag 28-09-2018 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================


∗∗∗ New Iot Botnet Torii Uses Six Methods for Persistence, Has No Clear Purpose ∗∗∗
---------------------------------------------
Security researchers discovered a new IoT botnet that is in a league superior to the Mirai variants ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/


∗∗∗ Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV ∗∗∗
---------------------------------------------
Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, ..
---------------------------------------------
https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/


∗∗∗ Credential Leak Flaws in Windows PureVPN Client ∗∗∗
---------------------------------------------
Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to ..
---------------------------------------------
https://trustwave.com/Resources/SpiderLabs-Blog/Credential-Leak-Flaws-in-Windows-PureVPN-Client/


∗∗∗ DNSSEC Key Signing Key Rollover ∗∗∗
---------------------------------------------
Original release date: September 27, 2018 On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security ..
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2018/09/27/DNSSEC-Key-Signing-Key-Rollover


∗∗∗ [SANS ISC] More Excel DDE Code Injection ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “More Excel DDE Code Injection“: The “DDE code injection” technique is not brand new. DDE stands for “Dynamic Data Exchange”. It has already been discussed by many security researchers. Just a quick ..
---------------------------------------------
https://blog.rootshell.be/2018/09/28/sans-isc-more-excel-dde-code-injection/


∗∗∗ Stellungnahme des BSI zur Schadsoftware "LoJax" ∗∗∗
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/LoJax-Schadsoftware_28092018.html


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Emerson AMS Device Manager ∗∗∗
---------------------------------------------
This advisory includes mitigations for improper access control and improper privilege management vulnerabilities in the Emerson AMS Device Manager software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01


∗∗∗ Fuji Electric Alpha5 Smart Loader ∗∗∗
---------------------------------------------
This advisory includes information on classic buffer overflow and heap-based buffer overflow vulnerabilities in Fuji Electrics Alpha5 Smart Loader servo drive.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02


∗∗∗ Fuji Electric FRENIC Devices ∗∗∗
---------------------------------------------
This advisory includes information on buffer over-read, out-of-bounds read, and stack-based buffer overflow vulnerabilities in Fuji Electrics FRENIC HVAC drive devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03


∗∗∗ OpenSSH vulnerability CVE-2018-15473 ∗∗∗
---------------------------------------------
OpenSSH vulnerability CVE-2018-15473. Security Advisory. Security Advisory Description. OpenSSH through 7.7 is prone ...
---------------------------------------------
https://support.f5.com/csp/article/K28942395


∗∗∗ ZDI-18-1093: Delta Industrial Automation PMSoft rtl60 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1093/


∗∗∗ Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1972/


∗∗∗ IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10733108


∗∗∗ IBM Security Bulletin: Security Misconfiguration during Combined Cumulative Fix Installation Affects IBM WebSphere Portal (CVE-2018-1420) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22014276

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list