[CERT-daily] Tageszusammenfassung - 18.02.2019

Mon Feb 18 18:11:31 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 15-02-2019 18:00 − Montag 18-02-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Finding Property Values in Office Documents, (Sat, Feb 16th) ∗∗∗
---------------------------------------------
In diary entry "Maldoc Analysis of the Weekend", I use the strings method explained in diary entry "Quickie: String Analysis is Still Useful" to quickly locate the PowerShell command hidden in a malicious Word document.
---------------------------------------------
https://isc.sans.edu/diary/rss/24652


∗∗∗ Distributing Malware - one "Word" at a Time ∗∗∗
---------------------------------------------
Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work.
---------------------------------------------
https://www.gdatasoftware.com/blog/2019/02/31429-distributing-malware-word


∗∗∗ A Deep Dive on the Recent Widespread DNS Hijacking Attacks ∗∗∗
---------------------------------------------
The U.S. government - along with a number of leading security companies - recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the [...]
---------------------------------------------
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/


∗∗∗ IT-Grundschutz-Kompendium Edition 2019 erschienen ∗∗∗
---------------------------------------------
Ab sofort steht das IT-Grundschutz-Kompendium in der neuen Edition 2019 zur Verfügung. In dieser Edition sind insgesamt 94 IT-Grundschutz-Bausteine enthalten, 14 Bausteine sind zu neuen Themen aufgenommen worden. Das IT-Grundschutz-Kompendium ist auf die Sicherheitsanforderungen in Unternehmen und Behörden zugeschnitten.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/IT-Grundschutz-Kompendium-2019-150219.html


∗∗∗ Exploit Code Published for Recent Container Escape Vulnerability ∗∗∗
---------------------------------------------
Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. read more
---------------------------------------------
https://www.securityweek.com/exploit-code-published-recent-container-escape-vulnerability


∗∗∗ Sinking a ship and hiding the evidence ∗∗∗
---------------------------------------------
Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVDs etc. Now the [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/sinking-a-ship-and-hiding-the-evidence/


∗∗∗ Different 'smart' lock, similar security issues ∗∗∗
---------------------------------------------
I was looking through Amazon and found this padlock at the cheaper end of the scale. For twenty of my well-earnt English pounds I could become the owner of a new and shiny SLOK lock. Image credit: Amazon It can be unlocked by BLE and can be shared to others, what could I do but [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/different-smart-lock-similar-security-issues/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMSA-2019-0001 ∗∗∗
---------------------------------------------
VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0001.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (cairo, firefox, flatpak, hiawatha, and webkit2gtk), Debian (gsoap, mosquitto, php5, thunderbird, and tiff), Fedora (elfutils, ghostscript, gsi-openssh, kernel, kernel-headers, kernel-tools, kf5-kauth, mingw-podofo, mingw-poppler, mosquitto, podofo, and python-markdown2), Mageia (firefox, flash-player-plugin, lxc, and thunderbird), openSUSE (avahi, docker, libu2f-host, LibVNCServer, nginx, phpMyAdmin, and pspp, spread-sheet-widget), Red Hat [...]
---------------------------------------------
https://lwn.net/Articles/780076/


∗∗∗ Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019 ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc


∗∗∗ Security Advisory - Information Leakage Vulnerability on Some Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190218-01-smartphone-en


∗∗∗ D-LINK Router DIR-823G: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0147

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily