Tageszusammenfassung - 27.08.2018

End-of-Day report

Timeframe: Freitag 24-08-2018 18:00 - Montag 27-08-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability

Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability.

https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnerability/136921/

Password Protected Word Document Delivers HERMES Ransomware

Evading AV detection is part of a malware authors routine in crafting spam campaigns and an old and effective way of achieving this is spamming a password protected document. Recently, we observed such a ..

https://trustwave.com/Resources/SpiderLabs-Blog/Password-Protected-Word-Document-Delivers-HERMES-Ransomware/

Well, cant get hacked if your PC doesnt work... McAfee yanks BSoDing Endpoint Security patch

Dont install August update, world+dog warned McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their .. www.theregister.co.uk/2018/08/24/mcafee_blue_screen_of_death/

A new issue of our SWITCH Security Report is available!

Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: An own goal and serious foul: Spanish football league-s app turns 10 million users into involuntarily ..

https://securityblog.switch.ch/2018/08/27/a-new-issue-of-our-switch-security-report-is-available-6/

Schwachstelle Royale: Fortnite-Installer für Android offen für freies Nachladen

Bei der Android-Version von Fortnite Battle Royale umging Epic Games den Play Store und lieferte einen eigenen Installer - mit gravierender Sicherheitslücke.

http://heise.de/-4145876

Who-s Behind the Screencam Extortion Scam?

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, its likely that additional spammers and scammers piled on with their own versions of the phishing email after ..

https://krebsonsecurity.com/2018/08/whos-behind-the-screencam-extortion-scam/

Verschlüsselung - Wenn Paypal und Co plötzlich nicht mehr funktionieren

Mozilla und Google vertrauen Symantec-Zertifikaten in Entwicklungsversionen ihrer Browser nicht mehr

https://derstandard.at/2000086139348/Wenn-Paypal-und-Co-ploetzlich-nicht-mehr-funktionieren

Vulnerabilities

Synology-SA-18:50 Drive

A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Drive.

https://www.synology.com/en-global/support/security/Synology_SA_18_50

File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056

https://www.drupal.org/sa-contrib-2018-056

Multiple Cross Site Scripting on FortiCloud Web Interface Login

https://fortiguard.com/psirt/FG-IR-18-026

Forgot password link doesnt expire after use

https://fortiguard.com/psirt/FG-IR-18-074