[CERT-daily] Tageszusammenfassung - 06.08.2019

Daily end-of-shift report team at cert.at
Tue Aug 6 18:20:57 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 05-08-2019 18:00 − Dienstag 06-08-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Mass Spoofing Campaign Takes Aim at Walmart ∗∗∗
---------------------------------------------
The sites are targeting job-seekers, movie aficionados and shoppers in hopes of harvesting their personal information.
---------------------------------------------
https://threatpost.com/mass-spoofing-campaign-walmart/146994/


∗∗∗ LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks ∗∗∗
---------------------------------------------
First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that it has improved its capabilities [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_k1Sozs3GX4/


∗∗∗ Malicious Plugin Used to Encrypt WordPress Posts ∗∗∗
---------------------------------------------
During a recent cleanup, we found an interesting malicious WordPress plugin, "WP Security", that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable.
---------------------------------------------
https://blog.sucuri.net/2019/08/malicious-plugin-used-to-encrypt-wordpress-posts.html


∗∗∗ Code-Signed malware: Whats all the buzz about? Looking at the "Ryuk" ransomware as an example. ∗∗∗
---------------------------------------------
Certificates are an established method for verifying the legitimacy of an application. If malicious actors succeed in undermining a certificate authority (CA) by either stealing a valid certificate or compromising the CA, the entire model unravels. We have taken a look at a case where this has happened.
---------------------------------------------
https://www.gdatasoftware.com/blog/2019/08/35046-whats-all-the-buzz-about-looking-at-the-ryuk-ransomware-as-an-example


∗∗∗ Erstmals gezielte Spionage-Angriffe über "intelligente Dinge" dokumentiert ∗∗∗
---------------------------------------------
Die Hacker, die in den Bundestag einbrachen, haben eine neue Angriffstechnik im Repertoire: Sie steigen über Drucker oder VoIP-Phones in Firmennetze ein.
---------------------------------------------
https://heise.de/-4489325


∗∗∗ Hinter dem Shop sportfroger.com steckt Betrug ∗∗∗
---------------------------------------------
sportfroger.com bietet ein breites Sortiment an Sportgeräten. Ob Ergometer, Hantelsets oder Laufband – hier finden Konsument/innen was sie suchen. Nach einer Zahlung per Vorkasse folgt der Schock, denn die bestellte Ware wird nie geliefert und das Geld ist verloren.
---------------------------------------------
https://www.watchlist-internet.at/news/hinter-dem-shop-sportfrogercom-steckt-betrug/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: Google sichert Android gegen "QualPwn" und andere kritische Lücken ab ∗∗∗
---------------------------------------------
Auch diesen Monat weist Google auf beseitigte Android-Lücken hin. Mit dabei: eine Exploit-Chain aus teils kritischen Qualcomm-Lücken namens QualPwn.
---------------------------------------------
https://heise.de/-4489232


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium), Debian (glib2.0 and python-django), Fedora (gvfs, kernel, kernel-headers, kernel-tools, and subversion), Oracle (icedtea-web, nss and nspr, and ruby:2.5), Red Hat (advancecomp, bind, binutils, blktrace, compat-libtiff3, curl, dhcp, elfutils, exempi, exiv2, fence-agents, freerdp and vinagre, ghostscript, glibc, gvfs, http-parser, httpd, kde-workspace, keepalived, kernel, kernel-rt, keycloak-httpd-client-install, libarchive, libcgroup, [...]
---------------------------------------------
https://lwn.net/Articles/795506/


∗∗∗ Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass


∗∗∗ Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-rce


∗∗∗ Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-inject

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list