[CERT-daily] Tageszusammenfassung - 05.08.2019
Daily end-of-shift report
team at cert.at
Mon Aug 5 18:23:49 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 02-08-2019 18:00 − Montag 05-08-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Dragonfly: Neue Sicherheitslücken in Verschlüsselungsstandard WPA3 ∗∗∗
---------------------------------------------
Wie lange ein kryptografisches Verfahren braucht, kann ungewollt Informationen verraten. Mit einer solchen Schwachstelle konnten Forscher Passwörter bei der WLAN-Verschlüsselung WPA3 knacken.
---------------------------------------------
https://www.golem.de/news/dragonfly-neue-sicherheitsluecken-in-verschluesselungsstandard-wpa3-1908-142991-rss.html
∗∗∗ MegaCortex Ransomware Revamps for Mass Distribution ∗∗∗
---------------------------------------------
Manual steps have been replaced by automation.
---------------------------------------------
https://threatpost.com/megacortex-ransomware-mass-distribution/146933/
∗∗∗ Combining Low Tech Scams: SMS + SET + Credit Card Harvesting, (Fri, Aug 2nd) ∗∗∗
---------------------------------------------
As Infosec folks, we spend a lot of time on the latest and greatest exploits, attacks and malware - we seem to be (abnormally) driven towards continuing education in our field. This is a great thing, but often we lose sight of the fact that the attackers dont always try so hard.
---------------------------------------------
https://isc.sans.edu/diary/rss/25198
∗∗∗ Erpressungstrojaner GermanWiper löscht Daten ∗∗∗
---------------------------------------------
Lösegeld hilft nicht: Wer den GermanWiper aktiviert, dessen Daten werden nicht etwa wiederherstellbar verschlüsselt, sondern endgültig mit Nullen überschrieben.
---------------------------------------------
https://heise.de/-4487825
∗∗∗ Say hello to Lord Exploit Kit ∗∗∗
---------------------------------------------
In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-exploit-kit/
∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in NVIDIA Windows GPU Display Driver, VMware ESXi, Workstation and Fusion ∗∗∗
---------------------------------------------
VMware ESXi, Workstation and Fusion are affected by an out-of-bounds write vulnerability that can be triggered using a specially crafted shader file. This vulnerability can be triggered from a VMware guest, affecting the VMware host, leading to a crash (denial-of-service) of the vmware-vmx.exe process on the host (TALOS-2019-0757). However, when the host/guest systems are using an NVIDIA graphics card, the VMware [...]
---------------------------------------------
https://blog.talosintelligence.com/2019/08/nvidia-vmware-gpu-rce-vulnerabilities.html
=====================
= Vulnerabilities =
=====================
∗∗∗ VMSA-2019-0012 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities (CVE-2019-5521, CVE-2019-5684)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (proftpd-dfsg and vim), Fedora (java-11-openjdk and matrix-synapse), Gentoo (binutils and libpng), Mageia (kernel), and SUSE (openexr and python-Django).
---------------------------------------------
https://lwn.net/Articles/795344/
∗∗∗ ZDI-19-687: (0Day) SolarWinds Orion Network Performance Monitor ExecuteExternalProgram Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-687/
∗∗∗ Linux kernel vulnerability CVE-2017-12190 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K93472064
∗∗∗ poppler: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0687
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list