End-of-Day report
Timeframe: Montag 17-12-2018 18:00 - Dienstag 18-12-2018 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Hidden Code in Memes Instruct Malware via Twitter
Analysts discover malicious code embedded in tweeted images.
https://threatpost.com/hidden-code-in-memes-instruct-malware-via-twitter/140047/
Sneaky phishing campaign beats two-factor authentication
Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn-t mean every method for doing this is equally secure.
https://nakedsecurity.sophos.com/2018/12/18/sneaky-phishing-campaign-beats-two-factor-authentication/
Your trust, our signature
Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario [...]
https://blog.fox-it.com/2018/12/18/your-trust-our-signature/
Clever SEO Spam Injection
It's very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I'll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website.
https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html
Erpressungstrojaner Everbe, Hidden Tear und InsaneCrypt kostenlos entschlüsseln
Ein Sicherheitsforscher hat für verschiedene Verschlüsselungstrojaner Gratis-Entschlüsselungstools veröffentlicht.
http://heise.de/-4254364
Vulnerabilities
Sicherheitsupdate, 14.12.18
[...] haben wir eine potenzielle Sicherheitsschwachstelle in unserer iCal-Feed-Funktion festgestellt, in dem durch vom Benutzer manuelles Manipulieren von Teilen der Feed-URL es theoretisch möglich gewesen wäre, zufällig auf die iCal-Feeds anderer TimeTac-Benutzer zugreifen zu können. [...] Dieses Problem wurde unmittelbar nach Bekanntwerden durch ein Sicherheitsupdate behoben und bei allen theoretisch betroffenen TimeTac-Kundenkonten ausgerollt.
https://support.timetac.com/de/changelog-de/sicherheitsupdate-14-12-18/
Razer Cortex Debugger Remote Command Execution
Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on...
https://cxsecurity.com/issue/WLB-2018120170
VMSA-2018-0031
vRealize Operations updates address a local privilege escalation vulnerability
https://www.vmware.com/security/advisories/VMSA-2018-0031.html
Security updates for Tuesday
Security updates have been issued by Debian (libapache-mod-jk and sleuthkit), Fedora (kernel, kernel-headers, mbedtls, php, php-symfony, php-symfony3, php-symfony4, and wireshark), openSUSE (pdns, pdns-recursor, and salt), Oracle (firefox and ghostscript), Red Hat (ansible, firefox, ghostscript, and kernel), Scientific Linux (firefox and ghostscript), and SUSE (ovmf).
https://lwn.net/Articles/775172/
Synology-SA-18:61 Magellan
Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products.
https://www.synology.com/en-global/support/security/Synology_SA_18_61
libexif: Schwachstelle ermöglicht Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K18-1182
Nagios Enterprises Nagios XI: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K18-1180
IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-i-2/
IBM Security Bulletin: Vulnerabilities in curl affect PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-curl-affect-powerkvm-2/
IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-krb5-affect-powerkvm-2/
IBM Security Bulletin: A vulnerability in git affects PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-git-affects-powerkvm-2/
IBM Security Bulletin: Vulnerabilities in GnuTLS affect PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnutls-affect-powerkvm-2/
IBM Security Bulletin: Vulnerabilities in GNU binutils affect PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnu-binutils-affect-powerkvm/
IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-openssl-affect-powerkvm-4/
IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-python-affect-powerkvm-2/
IBM Security Bulletin: A vulnerability in wpa_supplicant affects PowerKVM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-wpa_supplicant-affects-powerkvm/
IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-affected-by-curl-vulnerabilities/