End-of-Day report
Timeframe: Donnerstag 02-08-2018 18:00 - Freitag 03-08-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
News
Cryptominers: Binary-Process-Cron Variants and Methods of Removal
This post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a web page, a binary server-level cryptominer abuses server resources without affecting the computers or mobile devices of site ..
https://blog.sucuri.net/2018/08/cryptominer-variants-removal.html
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (busybox, graphicsmagick, and libmspack), Fedora (pam_yubico), Scientific Linux (openslp), Slackware (lftp), SUSE (cups, libtirpc, and thunderbird), and Ubuntu (clamav).
https://lwn.net/Articles/761752/
IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from the WhoAmI API (CVE-2018-1528)
https://www-01.ibm.com/support/docview.wss?uid=swg22017450
IBM Security Bulletin: Invalid user group vulnerability in IBM MQ on Unix platform(CVE-2018-1551)
https://www-01.ibm.com/support/docview.wss?uid=ibm10716113
IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2018-1422)
http://www.ibm.com/support/docview.wss?uid=ibm10719817
IBM Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447)
http://www-01.ibm.com/support/docview.wss?uid=swg22015283
HPESBHF03872 rev.1 - HPE Intelligent Management Center Platform (IMC PLAT), Remote Directory Traversal
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03872en_us
HPESBHF03841 rev.2 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us
HPSBGN02298 SSRT071502 rev.3 - HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c01300486