End-of-Day report
Timeframe: Mittwoch 24-10-2018 18:00 - Donnerstag 25-10-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
The sLoad downloader is an example of the stealthy, smart malware trend.
https://threatpost.com/sload-banking-trojan-downloader-displays-sophisticated-recon-and-targeting/138542/
Magecart Cybergang Targets 0days in Third-Party Magento Extensions
Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign.
https://threatpost.com/magecart-cybergang-targets-0days-in-third-party-magento-extensions/138547/
BSI-Mindeststandard zur Protokollierung und Detektion von Cyber-Angriffen
Cyber-Angriffe auf die IT-Systeme der Bundesverwaltung finden täglich statt. Neben ungezielten Massenangriffen sind die Netze des Bundes auch gezielten Angriffskampagnen ausgesetzt. Um die Detektion von Cyber-Angriffen zu verbessern, hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) einen Mindeststandard zur Protokollierung und der darauf basierenden Erkennung von Cyber-Angriffen definiert.
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Mindeststandard_Detektion_25102018.html
EU-Kommission will Zertifizierung für sichere Internetgeräte schaffen
Die EU arbeitet an einer Verordnung zur Sicherheitszertifizierung, die insbesondere die Geräte im Internet of Things in den Blick nimmt.
http://heise.de/-4202642
Sicherheitsupdate: Gefährliche Lücke in Cisco Webex Meetings
Angreifer könnten den Update-Mechanismus von Webex missbrauchen, um eigenen Code auszuführen. Ein Sicherheitsupdate schließt die Schwachstelle.
http://heise.de/-4202886
Gandcrab: Aktualisiertes Entschlüsselungstool für Erpressungstrojaner
Opfer der Ransomware Gandcrab in den Versionen 1, 4 und 5 können ihre Daten nun kostenlos entschlüsseln.
http://heise.de/-4203283
Sextortion emails: They're probably not watching you
Yes, those sextortion email scams using old passwords are still making the rounds. How can you spot a real sextortion attempt from an empty threat? And when should you report to authorities? Read on to find out.
https://blog.malwarebytes.com/101/2018/10/sextortion-emails-theyre-probably-not-watching/
Vulnerabilities
Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection
Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled
When running HVM guests, virtual extensions are enabled in hardware because Xen is using them. As a result, a guest can blindly execute the virtualisation instructions, and will exit to Xen for processing.
https://lists.xenproject.org/archives/html/xen-announce/2018-10/msg00000.html
Security updates for Thursday
Security updates have been issued by Debian (389-ds-base, clamav, firefox-esr, and mosquitto), openSUSE (Chromium and firefox), Oracle (firefox and kernel), Red Hat (chromium-browser, firefox, java-1.6.0-sun, java-1.7.0-oracle, and java-1.8.0-oracle), SUSE (dom4j, exempi, mercurial, ntp, python-cryptography, tiff, tomcat, and webkit2gtk3), and Ubuntu (audiofile and firefox).
https://lwn.net/Articles/769529/
IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2018-15473) Security Bulletin
https://www-01.ibm.com/support/docview.wss?uid=ibm10733751
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Image for Red Hat Linux Systems on IBM PureApplication
https://www-01.ibm.com/support/docview.wss?uid=ibm10728607
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony
http://www.ibm.com/support/docview.wss?uid=ibm10732846
IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Admin Console affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1770, CVE-2018-1777)
http://www.ibm.com/support/docview.wss?uid=ibm10737065
IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities
https://www.ibm.com/support/docview.wss?uid=ibm10735863
IBM Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050)
https://www-01.ibm.com/support/docview.wss?uid=ibm10728649
IBM Security Bulletin : IBM Storwize V7000 Unified is affected by multiple GSKit vulnerabilities in GPFS
https://www-01.ibm.com/support/docview.wss?uid=ibm10734249
IBM Security Bulletin: IBM Security Access Manager is affected by multiple vulnerabilities in GSKit
http://www.ibm.com/support/docview.wss?uid=swg22016890
IBM Security Bulletin: IBM WebSphere Commerce could allow some server-side code injection (CVE-2018-1808)
http://www.ibm.com/support/docview.wss?uid=ibm10735905
Reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315
https://support.f5.com/csp/article/K41704442
Next End-of-Day report: 2018-10-29