Tageszusammenfassung - 16.05.2019

End-of-Day report

Timeframe: Mittwoch 15-05-2019 18:00 - Donnerstag 16-05-2019 18:00 Handler: Alexander Riepl Co-Handler: n/a

News

Announcing the all new Attack Surface Analyzer 2.0

Attack Surface Analyzer 2.0 can help you identify security risks introduced when installing software on Windows, Linux, or macOS by analyzing changes to the file system, registry, network ports, ..

https://www.microsoft.com/security/blog/2019/05/15/announcing-new-attack-surface-analyzer-2-0/

Sicherheitsupdate: WordPress-Plugin WP Live Chat Support für Attacken anfällig

Aufgrund eines Fehlers könnten Angreifer Schadcode auf WordPress-Websites mit dem Zusatzmodul WP Live Chat Support verankern.

https://heise.de/-4423479

Kritische Schwachstelle in Microsoft Remote Desktop Services - Updates verfügbar

Microsoft hat als Teil des "Patch Tuesday" ein Update für eine Schwachstelle in "Remote Desktop Services" veröffentlicht. Diese Schwachstelle ermöglicht es einem Angreifer, durch eine speziell ..

http://www.cert.at/warnings/all/20190516.html

An MDS reading list

We contemplated putting together an LWN article on the "microarchitecturaldata sampling" (MDS) vulnerabilities, as weve done for pastspeculative-execution issues. But the truth of the matter is that its ..

https://lwn.net/Articles/788522/

IT-Security - Zombieload und Co.: Softwarehersteller geben zunehmend gegen Prozessorlücken auf

Apple hat aktuelle Patches wegen massiven Performanceverlusten nur teilweise aktiviert, Googles v8-Team sieht Aufwand nicht gerechtfertigt

https://derstandard.at/2000103251668/Zombieload-und-Co-Softwarehersteller-geben-zunehmend-gegen-Prozessorluecken-auf

$100 million GozNym cybercrime network dismantled as suspects charged

The sophisticated conspiracy saw tens of thousands of victims- computers infected with the GozNym malware in order to steal online banking passwords, and raid ..

https://hotforsecurity.bitdefender.com/blog/100-million-goznym-cybercrime-network-dismantled-as-suspects-charged-21171.html#new_tab

Threat Actor Profile: TA542, From Banker to Malware Distribution Service

Proofpoint researchers began tracking a prolific actor (referred to as TA542) in 2014 when reports first emerged about the appearance of the group-s signature payload, Emotet (aka Geodo). TA542 consistently uses the latest version of this malware, launching widespread email campaigns ..

https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service

Vulnerabilities

Cisco Unified Intelligence Center Remote File Injection Vulnerability

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a ..

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow a remote attacker to gain the ability to ..

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce