End-of-Day report
Timeframe: Donnerstag 30-08-2018 18:00 - Freitag 31-08-2018 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
News
Firework: Leveraging Microsoft Workspaces in a Penetration Test
WCX files can be used to configure a Microsoft Workplace on a system with a couple of clicks. The enrollment process could disclose credentials in the form of a NetNTLM hash. Authentication will either take place automatically on older [...]
https://trustwave.com/Resources/SpiderLabs-Blog/Firework--Leveraging-Microsoft-Workspaces-in-a-Penetration-Test/
BEC fraud burgeoning despite training
Business email compromises (BEC) - commonly referred to as CEO Fraud because the CEOs identity is being impersonated - continues to grow and, more significantly, succeed due to the simplicity and urgency of the attacks, according to recent study from Barracuda of some 3,000 attacks.
https://www.scmagazine.com/bec-fraud-burgeoning-despite-training/article/792553/
John McAfees "unhackbares" Bitcoin-Wallet Bitfi gehackt - mehrmals
Zum wiederholten Male haben Sicherheitsforscher eigentlich geheime Passphrasen aus dem Bitcoin-Wallet Bitfi ausgelesen.
http://heise.de/-4152116
How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-UNKNOWN)
[...] Earlier this week security researcher SandboxEscaper published details and proof-of-concept (POC) for a "0day" local privilege escalation vulnerability in Windows Task Scheduler service, which allows a local unprivileged user to change permissions of any file on the system - and thus subsequently replace or modify that file. As the researchers POC demonstrates, one can use this vulnerability [...]
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
Vulnerabilities
Philips e-Alert Unit
This advisory includes mitigation recommendations for numerous vulnerabilities in Phillips e-Alert Unit, a non-medical device.
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
Security updates for Friday
Security updates have been issued by Debian (389-ds-base, bind9, and squirrelmail), Fedora (dolphin-emu), openSUSE (libX11), SUSE (cobbler, GraphicsMagick, ImageMagick, liblouis, postgresql10, qemu, and spice), and Ubuntu (libx11).
https://lwn.net/Articles/763906/