End-of-Day report
Timeframe: Donnerstag 07-02-2019 18:00 - Freitag 08-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
The Anatomy of Website Malware: An Introduction
We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don-t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware. Are you interested in how backdoors, injectors, hacktools, ..
https://blog.sucuri.net/2019/02/the-anatomy-of-website-malware-an-introduction.html
Remote Code Execution via Path Traversal in the Device Metadata Authoring Wizard
Attackers can use the .devicemanifest-ms and .devicemetadata-ms file extensions for remote code execution in phishing scenarios when the Windows Driver Kit is installed on a victim-s machine. This is possible because the Windows Driver Kit installer installs ..
https://posts.specterops.io/remote-code-execution-via-path-traversal-in-the-device-metadata-authoring-wizard-a0d5839fc54f
LifeSize: Videokonferenzsysteme erlauben Zugriff per Default-Account
Vier Videokonferenz-Produkte von LifeSize bringen neben Firmware-Schwachstellen auch einen Support-Account mit Default-Login mit. Nutzer sollten zügig handeln.
http://heise.de/-4301951
First clipper malware discovered on Google Play
Cryptocurrency stealers that replace a wallet address in the clipboard are no ..
http://feedproxy.google.com/~r/eset/blog/~3/hENbeA5W9fg/
Super-systemic IoT flaws
IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected ..
https://www.pentestpartners.com/security-blog/super-systemic-iot-flaws/
Threat Brief: Understanding Domain Generation Algorithms (DGA)
Intro One of the most important -innovations- in malware in the past decade is what-s called a Domain Generation Algorithm (-DGA-)-. DGA is an automation technique that attackers use to make it harder for defenders to protect against attacks. While DGA has ..
https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/
Vulnerabilities
Security updates for Friday
Security updates have been issued by Debian (dovecot and libarchive), Fedora (gvfs and poppler), openSUSE (openssl-1_1 and subversion), Oracle (kernel), Slackware (php), SUSE (avahi, docker, libunwind, LibVNCServer, and spice), and Ubuntu (linux-azure and openssh).
https://lwn.net/Articles/779299/
Siemens SICAM A8000 RTU Series
https://ics-cert.us-cert.gov/advisories/ICSA-19-038-01
Siemens EN100 Ethernet Module
https://ics-cert.us-cert.gov/advisories/ICSA-19-038-02
Apple Releases Multiple Security Updates
https://www.us-cert.gov/ncas/current-activity/2019/02/07/Apple-Releases-Multiple-Security-Updates
IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-i2-intelligent-analyis-platform-is-affected-by-multiple-vulnerabilities/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-7/