End-of-Day report
Timeframe: Mittwoch 25-07-2018 18:00 - Donnerstag 26-07-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
A mining multitool
Recently, an interesting miner implementation appeared on Kaspersky Lab-s radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.
https://securelist.com/a-mining-multitool/86950/
Attack inception: Compromised supply chain within a supply chain poses new risks
A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a Read more
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel
We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system-s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. Underminer transfers malware via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6eLtSVD7Bqc/
Zwei Jahre alter Mac-Trojaner kursiert wieder
Die Malware Calisto soll Vorläufer des Proton-Schädlings sein, der sich über gefälschte Apps verbreitete.
http://heise.de/-4120597
Vulnerabilities
Xen Security Advisory 274 - Linux: Uninitialized state in PV syscall return path
A rogue user-space program could crash a guest kernel. Privilege escalation cannot be ruled out.
https://lists.xenproject.org/archives/html/xen-announce/2018-07/msg00004.html
Sicherheitslücken in ClamAV: Angreifer können Rechner lahmlegen
Der Open-Souce-Virenscanner ermöglicht Denial-of-Service-Angriffe aus der Ferne. Das BSI rät zum umgehenden Update.
http://heise.de/-4120917
Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub
Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung to ensure that these issues have been resolved and that a firmware update has been made available for affected customers.
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html
Security updates for Thursday
Security updates have been issued by Arch Linux (jenkins), CentOS (java-1.8.0-openjdk, openslp, and thunderbird), Fedora (dcraw and httpd), Oracle (java-1.8.0-openjdk and thunderbird), Red Hat (procps), Scientific Linux (thunderbird), SUSE (kernel), and Ubuntu (clamav and tomcat7, tomcat8).
https://lwn.net/Articles/760956/
IBM Security Bulletin: IBM QRadar Network Security is affected by GNU C library (glibc) vulnerabilities
http://www.ibm.com/support/docview.wss?uid=ibm10716377
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement
https://www-01.ibm.com/support/docview.wss?uid=ibm10718395
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in libidn2 (CVE-2017-14062)
http://www.ibm.com/support/docview.wss?uid=ibm10718807
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in GNU C Library (CVE-2017-12133)
http://www.ibm.com/support/docview.wss?uid=ibm10718801
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in NTP
http://www.ibm.com/support/docview.wss?uid=ibm10718877
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in freetype2 (CVE-2017-8287 CVE-2017-8105 CVE-2016-10244)
http://www.ibm.com/support/docview.wss?uid=ibm10718879
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libxml2 (CVE-2017-5130 CVE-2017-15412 CVE-2016-5131)
http://www.ibm.com/support/docview.wss?uid=ibm10718881
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in dhcp (CVE-2017-3144)
https://www-01.ibm.com/support/docview.wss?uid=ibm10718803
IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in ncurses (CVE-2017-13733)
http://www.ibm.com/support/docview.wss?uid=ibm10718805
IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification
http://www.ibm.com/support/docview.wss?uid=swg22014442
HPESBHF03836 rev.1 - HPE Routers and Switches running Linux-based Comware 5 and Comware 7 Software, Remote Unauthorized Disclosure of Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us