End-of-Day report
Timeframe: Donnerstag 27-09-2018 18:00 - Freitag 28-09-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
News
New Iot Botnet Torii Uses Six Methods for Persistence, Has No Clear Purpose
Security researchers discovered a new IoT botnet that is in a league superior to the Mirai variants ..
https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, ..
https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/
Credential Leak Flaws in Windows PureVPN Client
Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to ..
https://trustwave.com/Resources/SpiderLabs-Blog/Credential-Leak-Flaws-in-Windows-PureVPN-Client/
DNSSEC Key Signing Key Rollover
Original release date: September 27, 2018 On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security ..
https://www.us-cert.gov/ncas/current-activity/2018/09/27/DNSSEC-Key-Signing-Key-Rollover
[SANS ISC] More Excel DDE Code Injection
I published the following diary on isc.sans.edu: -More Excel DDE Code Injection-: The -DDE code injection- technique is not brand new. DDE stands for -Dynamic Data Exchange-. It has already been discussed by many security researchers. Just a quick ..
https://blog.rootshell.be/2018/09/28/sans-isc-more-excel-dde-code-injection/
Stellungnahme des BSI zur Schadsoftware "LoJax"
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/LoJax-Schadsoftware_28092018.html
Vulnerabilities
Emerson AMS Device Manager
This advisory includes mitigations for improper access control and improper privilege management vulnerabilities in the Emerson AMS Device Manager software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01
Fuji Electric Alpha5 Smart Loader
This advisory includes information on classic buffer overflow and heap-based buffer overflow vulnerabilities in Fuji Electrics Alpha5 Smart Loader servo drive.
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-02
Fuji Electric FRENIC Devices
This advisory includes information on buffer over-read, out-of-bounds read, and stack-based buffer overflow vulnerabilities in Fuji Electrics FRENIC HVAC drive devices.
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03
OpenSSH vulnerability CVE-2018-15473
OpenSSH vulnerability CVE-2018-15473. Security Advisory. Security Advisory Description. OpenSSH through 7.7 is prone ...
https://support.f5.com/csp/article/K28942395
ZDI-18-1093: Delta Industrial Automation PMSoft rtl60 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1093/
Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u. a. die Ausführung beliebigen Programmcodes
https://adv-archiv.dfn-cert.de/adv/2018-1972/
IBM Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow
http://www.ibm.com/support/docview.wss?uid=ibm10733108
IBM Security Bulletin: Security Misconfiguration during Combined Cumulative Fix Installation Affects IBM WebSphere Portal (CVE-2018-1420)
https://www-01.ibm.com/support/docview.wss?uid=swg22014276