[CERT-daily] Tageszusammenfassung - 28.10.2019

Mon Oct 28 18:16:55 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 25-10-2019 18:00 − Montag 28-10-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Network traffic analysis for IR: Analyzing fileless malware ∗∗∗
---------------------------------------------
Fileless malware is malware authors’ response to traditional malware identification and analysis techniques. Many antiviruses operate by using signature-based analysis to identify malicious files on a computer. By ensuring that a malicious file is never saved on the filesystem, malware authors can make their attacks much more difficult to detect and [...]
---------------------------------------------
https://resources.infosecinstitute.com/network-traffic-analysis-for-ir-analyzing-fileless-malware/


∗∗∗ Steam-powered scammers ∗∗∗
---------------------------------------------
One of the most popular platforms among users (and hence cybercriminals) is Steam, and we’ve been observing money-making schemes to defraud its users for quite some time. Since June, however, such attacks have become more frequent and, compared to previous attempts, far more sophisticated.
---------------------------------------------
https://securelist.com/steam-powered-scammers/94553/


∗∗∗ Experts on demand: Your direct line to Microsoft security insight, guidance, and expertise ∗∗∗
---------------------------------------------
Experts on demand is now generally available and gives customers direct access to real-life Microsoft threat analysts to help with their security investigations.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/10/28/experts-on-demand-your-direct-line-to-microsoft-security-insight-guidance-and-expertise/


∗∗∗ Using scdbg to Find Shellcode, (Sun, Oct 27th) ∗∗∗
---------------------------------------------
I've written a couple of diary entries about scdbg, a Windows 32-bit shellcode emulator.
---------------------------------------------
https://isc.sans.edu/diary/rss/25460


∗∗∗ VB2019 paper: Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry ∗∗∗
---------------------------------------------
Today we publish the VB2019 paper by RiskIQ researcher Yonathan Klijnsma, who looked at the Magecart web-skimming attacks.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2019/10/vb2019-paper-inside-magecart-history-behind-covert-card-skimming-assault-e-commerce-industry/


∗∗∗ Ouroboros Ransomware decryption tool ∗∗∗
---------------------------------------------
Ouroboros ransomware has been around for more than a year in various forms, operated by different cybercrime groups. Ouroboros, known to spread via Remote Desktop Protocol bruteforce attacks and deceptive downloads, has claimed a significant number of victims worldwide. We’re now happy to announce the availability of a new decryptor that can restore the .Lazarus, and .Lazarus+ file extensions to their original, unencrypted form.
---------------------------------------------
https://labs.bitdefender.com/2019/10/ouroboros-ransomware-decryption-tool/


∗∗∗ New Ransomware CCryptor struck, which can encrypt 362 file types ∗∗∗
---------------------------------------------
Recently, 360 Security Center captured a new type of ransomware CCryptor. The attacker spread the virus by delivering phishing emails, and the CVE-2017-11882 vulnerability was [...]
---------------------------------------------
https://blog.360totalsecurity.com/en/new-ransomware-ccryptor-struck-which-can-encrypt-362-file-types/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Updates für PHP7: NGINX-Server mit PHP-FPM waren aus der Ferne angreifbar ∗∗∗
---------------------------------------------
Betreiber eines NGINX-Webservers mit PHP-FPM sollten zügig updaten: Aktuelle PHP-Versionen schließen eine Lücke, für die es Exploit-Code gibt.
---------------------------------------------
https://heise.de/-4570800


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, firefox, php, and thunderbird), Debian (file, golang-1.11, libarchive, libxslt, mosquitto, php5, and proftpd-dfsg), Fedora (apache-commons-compress, chromium, java-1.8.0-openjdk, java-11-openjdk, jss, kernel, kernel-headers, kernel-tools, libpcap, mod_auth_openidc, tcpdump, and xpdf), openSUSE (kernel, openconnect, procps, python, sysstat, and zziplib), and SUSE (binutils, docker-runc, ImageMagick, nfs-utils, and xen).
---------------------------------------------
https://lwn.net/Articles/803318/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily