End-of-Day report
Timeframe: Donnerstag 28-06-2018 18:00 - Freitag 29-06-2018 18:00
Handler: Olaf Schwarz
Co-Handler: Stephan Richter
News
File-Wiping Malware Placed Inside Gentoo Linux Code After GitHub Account Hack
An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating systems distributions that would delete user files.
https://www.bleepingcomputer.com/news/linux/file-wiping-malware-placed-inside-gentoo-linux-code-after-github-account-hack/
Samsung-Smartphones schicken unbemerkt Fotos an Kontakte
Ein Fehler in Samsung-Handys schickt zufällig verschiedene Fotos an im Telefonbuch gespeicherte Kontakte.
https://futurezone.at/produkte/samsung-smartphones-schicken-unbemerkt-fotos-an-kontakte/400058912
Überwachungskameras schickten Videos an falsche Nutzer
Bereits zum zweiten Mal wird ein Fall bekannt, in denen Kameras des Herstellers Swann Security Videobilder an die falschen Nutzer senden.
https://futurezone.at/digital-life/ueberwachungskameras-schickten-videos-an-falsche-nutzer/400059146
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
Through FireEye Dynamic Threat Intelligence (DTI), we observed RIG Exploit Kit (EK) delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner (similar activity has been reported by Trend Micro). Apart from leveraging a relatively lesser known injection technique, the attack chain has some other interesting properties that we will touch on in this blog post.
http://www.fireeye.com/blog/threat-research/2018/06/rig-ek-delivering-monero-miner-via-propagate-injection-technique.html
Rampage: Neuer Rowhammer-Angriff betrifft alle Android-Handys seit 2011
Mit einer neuen Technik lässt sich der Speicher von Android-Geräten manipulieren. Der Angreifer wird so auf die harte Art zum Admin.
http://heise.de/-4094782
Vulnerabilities
Medtronic MyCareLink Patient Monitor
This advisory includes mitigation recommendations for hard-coded password and exposed dangerous method or function vulnerabilities reported in Medtronics MyCareLink Patient Monitors.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01
VMSA-2018-0016
VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2018-0016.html
Security updates for Friday
Security updates have been issued by Arch Linux (firefox), Debian (firefox-esr, lava-server, libgcrypt20, mariadb-10.0, and zendframework), Fedora (firefox, podman, webkitgtk4, and xen), openSUSE (procps and unixODBC), Oracle (pki-core), Red Hat (firefox), SUSE (kernel, procps, and tomcat6), and Ubuntu (file and nasm).
https://lwn.net/Articles/758656/