Tageszusammenfassung - 18.07.2018

End-of-Day report

Timeframe: Dienstag 17-07-2018 18:00 - Mittwoch 18-07-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Open MongoDB Database Exposes Mobile Games Money Laundering Operation

The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit ..

https://www.bleepingcomputer.com/news/security/open-mongodb-database-exposes-mobile-games-money-laundering-operation/

Microsoft launches Identity Bounty program

Modern security depends today on collaborative communication of identities and identity data within and across domains. A customer-s digital identity is often the key to accessing services and interacting across the internet. Microsoft ..

https://blogs.technet.microsoft.com/msrc/2018/07/17/microsoft-launches-identity-bounty-program/

The SIM Hijackers

Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their ..

https://yro.slashdot.org/story/18/07/18/0554224/the-sim-hijackers

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:The Growth of Miners

Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and services. Many actors have also attempted to capitalize on the growing ..

http://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-crime-growth-of-miners.html

Critical Patch Update: Oracle wirft Paket mit 334 Sicherheitspatches ab

In Software von Oracle klaffen unter anderem kritische Sicherheitslücken. Das Quartalsupdate bringt jede Menge Sicherheitspatches.

http://heise.de/-4113523

TeamViewer hält Zugangspasswort im Speicher vor

Das Fernwartungs-Tool TeamViewer soll es Angreifern leichter machen als nötig. Forschern zufolge hält es in seinem Speicher das Passwort im Klartext vor.

http://heise.de/-4115023

Vulnerabilities

ABB Panel Builder 800

This advisory includes mitigation recommendations for an improper input validation vulnerability in the ABB Panel Builder 800.

https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01

DSA-4248 blender - security update

https://www.debian.org/security/2018/dsa-4248

Critical Patch Update - July 2018

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Oracle Linux Bulletin - July 2018

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2018-4956455.html

Oracle VM Server for x86 Bulletin - July 2018

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2018-4956456.html