End-of-Day report
Timeframe: Donnerstag 01-02-2018 18:00 − Freitag 02-02-2018 18:00
Handler: Alexander Riepl
Co-Handler: Nina Bieringer
News
∗∗∗ Crypto Miners May Be the 'New Payload of Choice' for Attackers ∗∗∗
Crypto mining botnets provide a stealthy way to generate big bucks, without the downsides of ransomware.
http://threatpost.com/crypto-miners-may-be-the-new-payload-of-choice-for-attackers/129734/
∗∗∗ Simple but Effective Malicious XLS Sheet, (Fri, Feb 2nd) ∗∗∗
Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Janes 360[1], a website operated by HIS Markit[2]. Here is a copy of the mail body.
https://isc.sans.edu/diary/rss/23305
∗∗∗ Multiple Vulnerabilities in WD MyCloud ∗∗∗
While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details.
https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilities-in-WD-MyCloud/
∗∗∗ There is no evidence in-the-wild malware is using Meltdown or Spectre ∗∗∗
Reports of malware using the Meltdown or Spectre attacks are likely based on proof-of-concept code rather than files written for a malicious purpose.
https://www.virusbulletin.com:443/blog/2018/02/there-no-evidence-wild-malware-using-meltdown-or-spectre/
∗∗∗ Service-Router von Cisco können sich an IPv6-Paketen verschlucken ∗∗∗
Ein Sicherheitsupdate schließt eine DoS-Schwachstelle in Cisco ASR 9000.
https://www.heise.de/security/meldung/Service-Router-von-Cisco-koennen-sich-an-IPv6-Paketen-verschlucken-3959367.html
∗∗∗ Security updates for Friday ∗∗∗
Security updates have been issued by CentOS (systemd and thunderbird), Debian (squid and squid3), Fedora (firefox), Mageia (java-1.8.0-openjdk and sox), openSUSE (ecryptfs-utils and libXfont), Oracle (systemd and thunderbird), Scientific Linux (thunderbird), and Ubuntu (dovecot and w3m).
https://lwn.net/Articles/746326/rss
Vulnerabilities
∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar ∗∗∗
"Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches noch nicht verfügbar 1. Februar 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-4878 Es ist noch keine entsprechend gefixte Version verfügbar - Adobe hat eine solche für nächste Woche (beginnend mit 5. Februar 2018) in Aussicht
http://www.cert.at/warnings/all/20180201.html
∗∗∗ IBM Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22012719
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Kernel, libvirt and qemu-kvm affect IBM Netezza Host Management ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22012641