Tageszusammenfassung - 04.07.2018

End-of-Day report

Timeframe: Dienstag 03-07-2018 18:00 - Mittwoch 04-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Malware Authors Seem Intent on Weaponizing Windows SettingContent-ms Files

Malware authors are frantically trying to weaponize a new infection vector that was revealed at the start of June. The trick relies on using Windows Settings (.SettingContent-ms) shortcut files in order to achieve ..

https://www.bleepingcomputer.com/news/security/malware-authors-seem-intent-on-weaponizing-windows-settingcontent-ms-files/

---

Lücken in Provider-Routern entdeckt

Durch Lücken in Routern des Herstellers ADB kann sich ein Angreifer Root-Rechte verschaffen. Das kann auch für die Provider zum Problem werden.

http://heise.de/-4099449

---

Phishing tales: Microsoft Access Macro (.MAM) shortcuts

Previously, I blogged about the ability to create malicious .ACCDE Microsoft Access Database files and using them as a phishing vector. This post expands on using the ACCDE format and will be introducing Microsoft Access Macro -MAM- ..

https://posts.specterops.io/phishing-tales-microsoft-access-macro-mam-shortcuts-c0bc3f90ed62

Vulnerabilities

Rockwell Automation Allen-Bradley Stratix 5950

This advisory includes mitigations for improper input validation, improper certificate validation, and resource management error vulnerabilities in the Allen-Bradley Stratix 5950 security appliance.

https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01

---

Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers

https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/

---

Authorization Bypass in all ADB Broadband Gateways / Routers

https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/

---

Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers

https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

---

Security vulnerabilities fixed in Thunderbird 52.9

https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/