Tageszusammenfassung - 24.09.2018

End-of-Day report

Timeframe: Freitag 21-09-2018 18:00 - Montag 24-09-2018 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Malware Disguised as Job Offers Distributed on Freelance Sites

Attackers are using freelance job sites such as fiverr and Freelancer to distribute malware disguised as job offers. These job offers contain attachments that pretends to be the job brief, but are actually ..

https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/

Security: Curl bekommt eigenes Bug-Bounty-Programm

Das kleine Kommandozeilenwerkzeug Curl und dessen Bibliothek finden sich in nahezu allen vernetzten Geräten. Sicherheitsforscher erhalten künftig eine Bug-Bounty, also Geld für das Auffinden von Sicherheitslücken in der ..

https://www.golem.de/news/security-curl-bekommt-eigenes-bug-bounty-programm-1809-136704.html

Adwind Dodges AV via DDE

Cisco Talos, along with fellow cybersecurity firm ReversingLabs, recently discovered a ..

https://blog.talosintelligence.com/2018/09/adwind-dodgesav-dde.html

Security - Android: Immer mehr Hersteller liefern Sicherheits-Updates

Mittlerweile 250 Modelle mit Patch Level aus den letzten 90 Tagen - Google zahlt 3 Millionen Dollar für Bug Bounties

https://derstandard.at/2000087981052/Android-Immer-mehr-Hersteller-liefern-Sicherheits-Updates

Vulnerabilities

Cisco Video Surveillance Manager Appliance Default Password Vulnerability

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote ..

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm

DSA-4301 mediawiki - security update

https://www.debian.org/security/2018/dsa-4301

DSA-4302 openafs - security update

https://www.debian.org/security/2018/dsa-4302

ZDI-18-1079: Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-18-1079/

ZDI-18-1078: Cisco WebEx Network Recording Player NMVC RtpConfig Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-18-1078/

Multiple vulnerabilities in Citrix StorageZones Controller

https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-citrix-storagezones-controller-cve-2018-16968-cve-2018-16969/

Security vulnerabilities fixed in Firefox ESR 60.2.1

https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/

Security vulnerabilities fixed in Firefox 62.0.2

https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/