End-of-Day report
Timeframe: Freitag 15-02-2019 18:00 - Montag 18-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Finding Property Values in Office Documents, (Sat, Feb 16th)
In diary entry "Maldoc Analysis of the Weekend", I use the strings method explained in diary entry "Quickie: String Analysis is Still Useful" to quickly locate the PowerShell command hidden in a malicious Word document.
https://isc.sans.edu/diary/rss/24652
Distributing Malware - one "Word" at a Time
Using Microsoft Word to distribute malware is a common tactic used by criminals. Given the popularity of Word, criminals can often "live off the land" and use mechanisms that are already in place to do their dirty work.
https://www.gdatasoftware.com/blog/2019/02/31429-distributing-malware-word
A Deep Dive on the Recent Widespread DNS Hijacking Attacks
The U.S. government - along with a number of leading security companies - recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the [...]
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/
IT-Grundschutz-Kompendium Edition 2019 erschienen
Ab sofort steht das IT-Grundschutz-Kompendium in der neuen Edition 2019 zur Verfügung. In dieser Edition sind insgesamt 94 IT-Grundschutz-Bausteine enthalten, 14 Bausteine sind zu neuen Themen aufgenommen worden. Das IT-Grundschutz-Kompendium ist auf die Sicherheitsanforderungen in Unternehmen und Behörden zugeschnitten.
https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/IT-Grundschutz-Kompendium-2019-150219.html
Exploit Code Published for Recent Container Escape Vulnerability
Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. read more
https://www.securityweek.com/exploit-code-published-recent-container-escape-vulnerability
Sinking a ship and hiding the evidence
Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it-s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVDs etc. Now the [...]
https://www.pentestpartners.com/security-blog/sinking-a-ship-and-hiding-the-evidence/
Different 'smart' lock, similar security issues
I was looking through Amazon and found this padlock at the cheaper end of the scale. For twenty of my well-earnt English pounds I could become the owner of a new and shiny SLOK lock. Image credit: Amazon It can be unlocked by BLE and can be shared to others, what could I do but [...]
https://www.pentestpartners.com/security-blog/different-smart-lock-similar-security-issues/
Vulnerabilities
VMSA-2019-0001
VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Security updates for Monday
Security updates have been issued by Arch Linux (cairo, firefox, flatpak, hiawatha, and webkit2gtk), Debian (gsoap, mosquitto, php5, thunderbird, and tiff), Fedora (elfutils, ghostscript, gsi-openssh, kernel, kernel-headers, kernel-tools, kf5-kauth, mingw-podofo, mingw-poppler, mosquitto, podofo, and python-markdown2), Mageia (firefox, flash-player-plugin, lxc, and thunderbird), openSUSE (avahi, docker, libu2f-host, LibVNCServer, nginx, phpMyAdmin, and pspp, spread-sheet-widget), Red Hat [...]
https://lwn.net/Articles/780076/
Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
Security Advisory - Information Leakage Vulnerability on Some Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190218-01-smartphone-en
D-LINK Router DIR-823G: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K19-0147