Tageszusammenfassung - 12.07.2018

End-of-Day report

Timeframe: Mittwoch 11-07-2018 18:00 - Donnerstag 12-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Hawkeye Keylogger - Reborn v8: An in-depth campaign analysis

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they ..

https://cloudblogs.microsoft.com/microsoftsecure/2018/07/11/hawkeye-keylogger-reborn-v8-an-in-depth-campaign-analysis/

Ransomware is so 2017, its all cryptomining now among the script kiddies

Plus: Hackers take crack at cloud, phones come pre-pwned, malwares going multi-plat The number of organisations affected by cryptomining malware in the first half of 2018 ramped up to 42 per cent, compared to 20.5 per cent ..

http://go.theregister.com/feed/www.theregister.co.uk/2018/07/12/malware_sitrep/

Mitigating Spectre with Site Isolation in Chrome

Speculative execution side-channel attacks like Spectre are a newly discovered security risk for web browsers. A website could use such attacks to steal data or login information from other websites that are open in the browser. To better mitigate these attacks, were excited to announce that Chrome 67 has enabled a security ..

https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html

Vulnerabilities

Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the ..

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-wsa-xss

TYPO3-CORE-SA-2018-003: Privilege Escalation & SQL Injection in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Privilege Escalation and SQL Injection.

https://typo3.org/security/advisory/typo3-core-sa-2018-003/

TYPO3-CORE-SA-2018-002: Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Insecure Deserialization & Arbitrary Code Execution.

https://typo3.org/security/advisory/typo3-core-sa-2018-002/

TYPO3-CORE-SA-2018-001: Authentication Bypass in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass.

https://typo3.org/security/advisory/typo3-core-sa-2018-001/

EU Cookie Compliance - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-047

https://www.drupal.org/sa-contrib-2018-047

Remote Code Execution and Local File Disclosure in Zeta Producer Desktop CMS

https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/

Synology-SA-18:35 File Station

https://www.synology.com/en-global/support/security/Synology_SA_18_35