End-of-Day report
Timeframe: Montag 05-08-2019 18:00 - Dienstag 06-08-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Mass Spoofing Campaign Takes Aim at Walmart
The sites are targeting job-seekers, movie aficionados and shoppers in hopes of harvesting their personal information.
https://threatpost.com/mass-spoofing-campaign-walmart/146994/
LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing malicious ISO file attachments. Our analysis of a new LokiBot variant shows that it has improved its capabilities [...]
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_k1Sozs3GX4/
Malicious Plugin Used to Encrypt WordPress Posts
During a recent cleanup, we found an interesting malicious WordPress plugin, "WP Security", that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable.
https://blog.sucuri.net/2019/08/malicious-plugin-used-to-encrypt-wordpress-posts.html
Code-Signed malware: Whats all the buzz about? Looking at the "Ryuk" ransomware as an example.
Certificates are an established method for verifying the legitimacy of an application. If malicious actors succeed in undermining a certificate authority (CA) by either stealing a valid certificate or compromising the CA, the entire model unravels. We have taken a look at a case where this has happened.
https://www.gdatasoftware.com/blog/2019/08/35046-whats-all-the-buzz-about-looking-at-the-ryuk-ransomware-as-an-example
Erstmals gezielte Spionage-Angriffe über "intelligente Dinge" dokumentiert
Die Hacker, die in den Bundestag einbrachen, haben eine neue Angriffstechnik im Repertoire: Sie steigen über Drucker oder VoIP-Phones in Firmennetze ein.
https://heise.de/-4489325
Hinter dem Shop sportfroger.com steckt Betrug
sportfroger.com bietet ein breites Sortiment an Sportgeräten. Ob Ergometer, Hantelsets oder Laufband - hier finden Konsument/innen was sie suchen. Nach einer Zahlung per Vorkasse folgt der Schock, denn die bestellte Ware wird nie geliefert und das Geld ist verloren.
https://www.watchlist-internet.at/news/hinter-dem-shop-sportfrogercom-steckt-betrug/
Vulnerabilities
Patchday: Google sichert Android gegen "QualPwn" und andere kritische Lücken ab
Auch diesen Monat weist Google auf beseitigte Android-Lücken hin. Mit dabei: eine Exploit-Chain aus teils kritischen Qualcomm-Lücken namens QualPwn.
https://heise.de/-4489232
Security updates for Tuesday
Security updates have been issued by Arch Linux (chromium), Debian (glib2.0 and python-django), Fedora (gvfs, kernel, kernel-headers, kernel-tools, and subversion), Oracle (icedtea-web, nss and nspr, and ruby:2.5), Red Hat (advancecomp, bind, binutils, blktrace, compat-libtiff3, curl, dhcp, elfutils, exempi, exiv2, fence-agents, freerdp and vinagre, ghostscript, glibc, gvfs, http-parser, httpd, kde-workspace, keepalived, kernel, kernel-rt, keycloak-httpd-client-install, libarchive, libcgroup, [...]
https://lwn.net/Articles/795506/
Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass
Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-rce
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-inject