Tageszusammenfassung - 01.06.2018

End-of-Day report

Timeframe: Mittwoch 30-05-2018 18:00 - Freitag 01-06-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

May 2018 mobile malware review from Doctor Web

May 31, 2018 In May 2018 Doctor Web specialists found several Google Play applications containing the Trojan Android.Click.248.origin. It loaded fraudulent websites on which users subscribed to expensive mobile services. Also ..

https://news.drweb.com/show/?i=12618&lng=en&c=9

Shell Logins as a Magento Reinfection Vector

Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files: app/Mage.php; lib/Varien/Autoload.php; index.php; app/code/core/Mage/Core/functions.php; These are ..

https://blog.sucuri.net/2018/05/shell-logins-as-a-magento-reinfection-vector.html

Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner

An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit-s landing page. Sometime around ..

https://blog.trendmicro.com/trendlabs-security-intelligence/rig-exploit-kit-now-using-cve-2018-8174-to-deliver-monero-miner/

Expired domain led to SpamCannibals blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it ..

https://www.virusbulletin.com:443/blog/2018/05/expired-domain-led-spamcannibal-blacklisting-whole-world/

Sicherheitslücke gefährdete zehn Jahre lang Millionen Steam-Client-Nutzer

Der Steam-Client war verwundbar und Angreifer hätten mit vergleichsweise wenig Aufwand Schadcode auf Computer schmuggeln können.

http://heise.de/-4061777

Browser - WebAuthn: Bei Chrome kann man sich vielerorts nun ohne Passwort anmelden

Fingerabdruckscanner oder spezielle USB-Sticks können stattdessen verwendet werden

https://derstandard.at/2000080745632/WebAuthn-Bei-Chrome-kann-man-sich-vielerorts-nun-ohne-Passwort

Vulnerabilities

Cisco TelePresence TX9000 Series Cross-Frame Scripting Vulnerability

A vulnerability in the web UI of Cisco TelePresence TX9000 Series Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the ..

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs

Synology-SA-18:30 SSL VPN Client

A vulnerability allows remote attackers to conduct man-in-the-middle attacks via a susceptible version of SSL VPN Client.

https://www.synology.com/en-global/support/security/Synology_SA_18_30

HPESBUX03818 rev.1 - HP-UX Secure Shell, Multiple Remote Vulnerabilities

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us