Tageszusammenfassung - 07.09.2018

End-of-Day report

Timeframe: Donnerstag 06-09-2018 18:00 - Freitag 07-09-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

News

New Chainshot Malware Found By Cracking 512-Bit RSA Key

Security researchers exploited a threat actors poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks.

https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-by-cracking-512-bit-rsa-key/

Hotspot Honeypot

Introduction The Hotspot Honeypot is an illegitimate Wi-Fi access point which can appear as an authorized and secure hotspot. Despite appearances, it is actually set up by black-hat attackers or malicious hackers to steal your bank and credit card details, passwords and other personal information.

https://resources.infosecinstitute.com/hotspot-honeypot/

British Airways Website, Mobile App Breach Compromises 380k

The airline said information like name, address and bank card details like CVC code were compromised.

https://threatpost.com/british-airways-website-mobile-app-breach-compromises-380k/137291/

2018 CEF Telecom Call - -13 million to reinforce the EUs Cybersecurity capacity

The European Commission calls for proposals under the Connecting Europe Facility (CEF) to reinforce the EUs cybersecurity capacity, with up to -13 million available in grant funding, open until the 22 November 2018.

https://www.enisa.europa.eu/news/enisa-news/2018-cef-telecom-call2013-20ac13-million-to-reinforce-the-eus-cybersecurity-capacity

Jetzt patchen! Die Ransomware Gandcrab schlüpft durch Flash- und Windows-Lücken

Auf einigen kompromittierten Webseiten lauert ein Exploit Kit, das nach Sicherheitslücken in Flash und Windows Ausschau hält.

https://heise.de/-4157172

Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities

Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user.

https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html

Vulnerabilities

VMSA-2018-0017.3 - VMware Tools update addresses an out-of-bounds read vulnerability

[...] VMware Tools 10.3.0 is is discontinued because of a functional issue with 10.3.0 in ESXi 6.5, please refer to KB55796 for more information.

https://www.vmware.com/security/advisories/VMSA-2018-0017.html

Security updates for Friday

Security updates have been issued by Debian (qemu and xen), Mageia (libxkbcommon, sleuthkit, and wireshark), openSUSE (apache-pdfbox, dovecot22, and php7), SUSE (enigmail, kernel, nodejs4, and php7), and Ubuntu (firefox and transfig).

https://lwn.net/Articles/764386/

(0Day) Remote Code Execution Vulnerabilities in Hewlett Packard Enterprise Intelligent Management Center

IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter

https://www-01.ibm.com/support/docview.wss?uid=ibm10730727

IBM Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability

https://www-01.ibm.com/support/docview.wss?uid=swg22016006

IBM Security Bulletin: Vulnerabilities in NTP affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru

https://www-01.ibm.com/support/docview.wss?uid=ibm10730717

IBM Security Bulletin: IBM Security Guardium is affected by a Public disclosed vulnerability from Bouncy Castle

https://www-01.ibm.com/support/docview.wss?uid=swg22016292

IBM Security Bulletin: IBM OpenPages GRC Platform is affected by an Information disclosure vulnerability (CVE-2017-1679)

https://www-01.ibm.com/support/docview.wss?uid=ibm10728737

Apache Tomcat vulnerability CVE-2018-1336

https://support.f5.com/csp/article/K73008537