End-of-Day report
Timeframe: Montag 19-02-2018 18:00 − Dienstag 20-02-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
News
∗∗∗ Coldroot RAT Still Undetectable Despite Being Uploaded on GitHub Two Years Ago ∗∗∗
Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.
https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/
∗∗∗ Pirated Wordpress Add-On makes Websites Distribute Malware ∗∗∗
Wordpress is a popular tool for creating web pages. Numerous extensions make your own programming skills superfluous. However, one should be careful when choosing its extensions.
https://www.gdatasoftware.com/blog/2018/02/30506-wordpress-add-on-malware
∗∗∗ Biggest Crypto Hacking Operation Ever Uncovered ∗∗∗
Hackers are targeting Jenkins CI servers to exploit a vulnerability and secretly mine millions of dollars worth of cryptocurrency.
https://www.htbridge.com/blog/biggest-crypto-hacking-operation-ever-uncovered.html
∗∗∗ Wikipedia Page Review Reveals Minr Malware ∗∗∗
Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen any new malware using it. It was definitely a surprise for us when approximately 3 months ago we noticed the JJEncode obfuscator was once again in [...]
https://blog.sucuri.net/2018/02/wikipedia-page-review-revealed-minr-malware.html
∗∗∗ Textbombe: Apple räumt verheerenden Fehler mit Update aus ∗∗∗
Neue Versionen von iOS und macOS verfügbar – Zeichenfolge konnte zahlreiche Apps zum Absturz bringen
http://derstandard.at/2000074619775
Vulnerabilities
∗∗∗ Security updates for Tuesday ∗∗∗
Security updates have been issued by Debian (libav), Gentoo (chromium, firefox, libreoffice, mysql, and ruby), SUSE (kernel), and Ubuntu (bind9).
https://lwn.net/Articles/747630/
∗∗∗ DFN-CERT-2018-0340: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0340/
∗∗∗ IBM Security Bulletin: IBM Sterling Connect:Express for UNIX is Affected by the Following OpenSSL Vulnerabilities (CVE-2017-3637, CVE-2017-3737, CVE-2017-3738) ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22013705
∗∗∗ JSA10843 - 2018-02 Security Bulletin: AppFormix: Debug Shell Command Execution in AppFormix Agent (CVE-2018-0015) ∗∗∗
http://kb.juniper.net/InfoCenter/index/content&id=JSA10843&actp=RSS