[CERT-daily] Tageszusammenfassung - 04.10.2019
Daily end-of-shift report
team at cert.at
Fri Oct 4 18:32:28 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 03-10-2019 18:00 − Freitag 04-10-2019 18:00
Handler: Stephan Richter
Co-Handler: Olaf Schwarz
=====================
= News =
=====================
∗∗∗ Lost Files Data Wiper Poses as a Windows Security Scanner ∗∗∗
---------------------------------------------
A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victims files.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/lost-files-data-wiper-poses-as-a-windows-security-scanner/
∗∗∗ Linux-Kernel: Android-Bug wird von NSO Group angegriffen ∗∗∗
---------------------------------------------
Googles Project Zero berichtet über einen Bug im Linux-Kernel, mit dem sich Android-Telefone angreifen lassen. Laut Google wird offenbar ein Exploit für den Bug bereits aktiv ausgenutzt. Pikant: Gefunden wurde der Bug bereits 2017 - von Google selbst.
---------------------------------------------
https://www.golem.de/news/linux-kernel-android-bug-wird-von-nso-group-angegriffen-1910-144250-rss.html
∗∗∗ Investigating the security of Lime scooters ∗∗∗
---------------------------------------------
I've been looking at the security of the Lime escooters. These caught my attention because:(1) There's a whole bunch of them outside my building, and(2) I can see them via Bluetooth from my sofa which, given that I'm extremely lazy, made them more attractive targets than something that would actually require me to leave my home.
---------------------------------------------
https://mjg59.dreamwidth.org/53024.html
∗∗∗ Down the Malware Rabbit Hole – Part 1 ∗∗∗
---------------------------------------------
It’s common for malware to be encoded to hide itself—or its true intentions—but have you ever given thought to what lengths attackers will go to hide their malicious code? In our first post in this series, we’ll describe how bad actors hide their malicious code and the steps taken to reveal its true form.
---------------------------------------------
https://blog.sucuri.net/2019/10/down-the-malware-rabbit-hole-part-1.html
∗∗∗ COMpfun successor Reductor infects files on the fly to compromise TLS traffic ∗∗∗
---------------------------------------------
In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly.
---------------------------------------------
https://securelist.com/compfun-successor-reductor/93633/
∗∗∗ Antimalware Scan Interface Detection Optics Analysis Methodology: Identification and Analysis of AMSI for WMI ∗∗∗
---------------------------------------------
AMSI offers a fantastic interface for endpoint security vendors to gain insight into in-memory buffers from components that choose have their content scanned.
---------------------------------------------
https://posts.specterops.io/antimalware-scan-interface-detection-optics-analysis-methodology-858c37c38383
∗∗∗ macOS systems abused in DDoS attacks ∗∗∗
---------------------------------------------
Up to 40,000 macOS systems expose a particular port online that can be abused for pretty big DDoS attacks.
---------------------------------------------
https://www.zdnet.com/article/macos-systems-abused-in-ddos-attacks/
=====================
= Vulnerabilities =
=====================
∗∗∗ Interpeak IPnet TCP/IP Stack (Update A) ∗∗∗
---------------------------------------------
This updated medical advisory is a follow-up to the original advisory titled ICSMA-19-274-01 Interpeak IPnet TCP/IP Stack that was published October 1, 2019, on the ICS webpage on us-cert.gov.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-274-01
∗∗∗ Microsoft Re-Releases Security Updates ∗∗∗
---------------------------------------------
Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/10/03/microsoft-re-releases-security-updates
∗∗∗ FreeType vulnerability CVE-2015-9290 ∗∗∗
---------------------------------------------
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict ...
---------------------------------------------
https://support.f5.com/csp/article/K38315305
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (exim, ruby, ruby-rdoc, ruby2.5, and systemd), Debian (openconnect), Mageia (thunderbird), openSUSE (lxc and mosquitto), Oracle (kernel and patch), Scientific Linux (patch), SUSE (firefox, java-1_7_0-ibm, and sqlite3), and Ubuntu (clamav).
---------------------------------------------
https://lwn.net/Articles/801318/
∗∗∗ Security Advisory 2019-13: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/
∗∗∗ IBM Security Bulletin: Linux Kernel as used by IBM QRadar SIEM is vulnerable to Denial of Service(CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-linux-kernel-as-used-by-ibm-qradar-siem-is-vulnerable-to-denial-of-servicecve-2019-11477-cve-2019-11478-cve-2019-11479/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list