End-of-Day report
Timeframe: Freitag 29-06-2018 18:00 - Montag 02-07-2018 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
News
Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses
While we have covered cryptocurrency clipboard hijackers in the past, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses. This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses!
https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/
DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident
The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend.
https://www.bleepingcomputer.com/news/security/dns-poisoning-or-bgp-hijacking-suspected-behind-trezor-wallet-phishing-incident/
Newer Diameter Telephony Protocol Just As Vulnerable As SS7
Security researchers say the Diameter protocol used with todays 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier.
https://www.bleepingcomputer.com/news/security/newer-diameter-telephony-protocol-just-as-vulnerable-as-ss7/
Taking apart a double zero-day sample discovered in joint hunt with ESET
In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherpanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same Read more
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/
Boffins want to stop Network Time Protocols time-travelling exploits
Ancient protocols key vulnerability is fixable Among the many problems that exist in the venerable Network Time Protocol is its vulnerability to timing attacks: turning servers into time-travellers can play all kinds of havoc with important systems.
http://go.theregister.com/feed/www.theregister.co.uk/2018/07/02/ntp_revision_to_end_timing_attacks/
The principle of least privilege: A strategy of limiting access to what is essential
The principle of least privilege is a security strategy applicable to different areas, which is based on the idea of only granting those permissions that are necessary for the performance of a certain activity
https://www.welivesecurity.com/2018/07/02/principle-least-privilege-strategy/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (chromium-browser, mosquitto, python-pysaml2, simplesamlphp, tiff, and tomcat7), Fedora (kernel, libgxps, nodejs, and phpMyAdmin), Mageia (ansible, firefox, java-1.8.0-openjdk, libcrypt, libgcrypt, ncurses, phpmyadmin, taglib, and webkit2), openSUSE (GraphicsMagick, ImageMagick, mailman, Opera, and rubygem-sprockets), and SUSE (ImageMagick, kernel, mariadb, and python-paramiko).
https://lwn.net/Articles/758845/