End-of-Day report
Timeframe: Freitag 02-08-2019 18:00 - Montag 05-08-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Dragonfly: Neue Sicherheitslücken in Verschlüsselungsstandard WPA3
Wie lange ein kryptografisches Verfahren braucht, kann ungewollt Informationen verraten. Mit einer solchen Schwachstelle konnten Forscher Passwörter bei der WLAN-Verschlüsselung WPA3 knacken.
https://www.golem.de/news/dragonfly-neue-sicherheitsluecken-in-verschluesselungsstandard-wpa3-1908-142991-rss.html
MegaCortex Ransomware Revamps for Mass Distribution
Manual steps have been replaced by automation.
https://threatpost.com/megacortex-ransomware-mass-distribution/146933/
Combining Low Tech Scams: SMS + SET + Credit Card Harvesting, (Fri, Aug 2nd)
As Infosec folks, we spend a lot of time on the latest and greatest exploits, attacks and malware - we seem to be (abnormally) driven towards continuing education in our field. This is a great thing, but often we lose sight of the fact that the attackers dont always try so hard.
https://isc.sans.edu/diary/rss/25198
Erpressungstrojaner GermanWiper löscht Daten
Lösegeld hilft nicht: Wer den GermanWiper aktiviert, dessen Daten werden nicht etwa wiederherstellbar verschlüsselt, sondern endgültig mit Nullen überschrieben.
https://heise.de/-4487825
Say hello to Lord Exploit Kit
In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK.
https://blog.malwarebytes.com/threat-analysis/2019/08/say-hello-to-lord-exploit-kit/
Vulnerability Spotlight: Multiple vulnerabilities in NVIDIA Windows GPU Display Driver, VMware ESXi, Workstation and Fusion
VMware ESXi, Workstation and Fusion are affected by an out-of-bounds write vulnerability that can be triggered using a specially crafted shader file. This vulnerability can be triggered from a VMware guest, affecting the VMware host, leading to a crash (denial-of-service) of the vmware-vmx.exe process on the host (TALOS-2019-0757). However, when the host/guest systems are using an NVIDIA graphics card, the VMware [...]
https://blog.talosintelligence.com/2019/08/nvidia-vmware-gpu-rce-vulnerabilities.html
Vulnerabilities
VMSA-2019-0012
VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities (CVE-2019-5521, CVE-2019-5684)
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
Security updates for Monday
Security updates have been issued by Debian (proftpd-dfsg and vim), Fedora (java-11-openjdk and matrix-synapse), Gentoo (binutils and libpng), Mageia (kernel), and SUSE (openexr and python-Django).
https://lwn.net/Articles/795344/
ZDI-19-687: (0Day) SolarWinds Orion Network Performance Monitor ExecuteExternalProgram Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-687/
Linux kernel vulnerability CVE-2017-12190
https://support.f5.com/csp/article/K93472064
poppler: Schwachstelle ermöglicht Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K19-0687