Tageszusammenfassung - 09.08.2019

End-of-Day report

Timeframe: Donnerstag 08-08-2019 18:00 - Freitag 09-08-2019 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Hackerone: Sicherheitslücke in Steam bleibt vorerst ungefixt

Auf Windows-Systemen, auf denen der Spiele-Launcher Steam installiert ist, können einfache Nutzer Programme mit Systemrechten ausführen. Der Entdecker der Lücke meldete diese über die Plattform Hackerone, dort erklärte man den Bug für ungültig und wollte eine Veröffentlichung verhindern.

https://www.golem.de/news/hackerone-sicherheitsluecke-in-steam-bleibt-vorerst-ungefixt-1908-143110-rss.html

Protect against BlueKeep

DART offers steps you can take to protect your network from BlueKeep, the -wormable- vulnerability that can create a large-scale outbreak due to its ability to replicate and propagate.

https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/

Hidden Algorithm Flaws Expose Websites to DoS Attacks

Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes?

https://www.wired.com/story/algorithm-dos-attack

How Safecrackers Can Unlock an ATM in Minutes-Without Leaving a Trace

At Defcon this week, security researcher Mike Davis will show how he can pick the lock of an ATM safe in no time, thanks to its electric leaks.

https://www.wired.com/story/atm-lock-hack-electric-leaks

Saefko: A new multi-layered RAT

Recently, the Zscaler ThreatLabZ team came across a new remote-access trojan (RAT) for sale on the dark web. The RAT, called Saefko, is written in .NET and has multiple functionalities. This blog provides a detailed analysis of this piece of malware, including its HTTP, IRC, and data stealing and spreading module.

https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat

Are Your Out-of-Office Replies Revealing Too Much?

Whether you-re traveling for business or pleasure, it-s common practice to create an automatic out-of-office reply for incoming emails. While business continuity is important, it-s critical to remember that some emails that arrive in your inbox will come from people you don-t know - and, in some cases, cybercriminals who wish to do you harm. The details you provide could be used for malicious purposes and expose your organization to attack.

https://www.proofpoint.com/us/security-awareness/post/are-your-out-office-replies-revealing-too-much

New Windows Process Injection Can Be Useful for Stealthy Malware

Researchers at SafeBreach, a cybersecurity firm that specializes in breach and attack simulations, have catalogued most known Windows process injection techniques. They also discovered a new method, which they claim is stealthy and can bypass all protections implemented by Microsoft.

https://www.securityweek.com/new-windows-process-injection-can-be-useful-stealthy-malware

Analyse: Ransomware-Angriffe auf Firmen fast vervierfacht

Die Zahl der Infektionen mit Ransomware bei Firmen hat im Vergleich zum Vorjahr um 365 Prozent zugenommen. Groß im Geschäft: das Trio Emotet/Trickbot/Ryuk.

https://heise.de/-4492497

Skype, Slack, VS Code, Atom: Electron-Apps haben eine gefährliche Achilles-Ferse

Programme, die auf dem Electron Framework basieren, können von lokalen Angreifern trojanisiert und als Angriffsplattform missbraucht werden.

https://heise.de/-4493195

Hackers Can Use Rogue Engineering Stations to Target Siemens PLCs

Malicious actors could use rogue engineering workstations to take control of Siemens programmable logic controllers (PLCs), and they can hide the attack from the engineer monitoring the system, researchers from two universities in Israel have demonstrated.

https://www.securityweek.com/hackers-can-use-rogue-engineering-stations-target-siemens-plcs

Vulnerabilities

Schwerwiegende Sicherheitslücke in Big-IP-Produkten von F5 Networks

Der finnische Sicherheitsspezialist F-Secure warnt vor einer Sicherheitslücke, die möglicherweise zahlreiche Unternehmen zu Zielen für Cyberangriffe macht. Betroffen sind Big-IP-Produkte von F5 Networks. Der Anbieter dementiert.

https://www.it-business.de/schwerwiegende-sicherheitsluecke-in-big-ip-produkten-von-f5-networks-a-853135/

Avaya Deskphone: Decade-Old Vulnerability Found in Phone-s Firmware

Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum of customers, from small business and midmarket, to large corporations. As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software [...]

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/

Security updates for Friday

Security updates have been issued by Debian (postgresql-11, postgresql-9.4, and postgresql-9.6), Fedora (exiv2), openSUSE (python-Django and vlc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (evince, nodejs10, python, and squid), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5).

https://lwn.net/Articles/795821/