End-of-Day report
Timeframe: Freitag 09-08-2019 18:00 - Montag 12-08-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Beware of Fake Microsoft Account Unusual Sign-in Activity Emails
In this article we take a look at a phishing campaign that pretends to be an "Unusual sign-in activity" alertfrom Microsoft that could easily trick someone into clicking on the enclosed link.
https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-account-unusual-sign-in-activity-emails/
Malware Analysis and Reverse Engineering
Introduction This article provides a high-level overview of malware analysis and reverse engineering. If you are planning to get started with malware analysis and reverse engineering, this article can be a good starting point, as it covers a high-level overview of what you need to know before you download that debugger and get your hands [...]
https://resources.infosecinstitute.com/malware-analysis-and-reverse-engineering/
DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover
The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few.
https://threatpost.com/def-con-2019-delta-ics-flaw-allows-total-industrial-takeover/147142/
Inside the Hidden World of Elevator Phone Phreaking
Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes.
https://www.wired.com/story/elevator-phone-phreaking-defcon
Amazon Web Services: Tausende virtuelle Festplatten frei zugänglich im Netz
Ein Forscher fand tausendfach offen zugängliche Elastic Block Store-Volumes mit vertraulichen Daten im Netz, wo sie sich beliebig durchsuchen lassen.
https://heise.de/-4493402
Windows-Treiber von Intel, AMD, Nvidia und vielen Mainboard-Herstellern unsicher
Über mehr als 40 weit verbreitete Hardware-Treiber können Angreifer sich Kernel-Rechte auf einem System verschaffen.
https://heise.de/-4494929
Cruise Releases Automated Firmware Security Analyzer to Open Source
The growth of IoT devices has highlighted the difficulties in ensuring firmware security -- especially where the device and software are initially sourced from third parties, or developed under time pressures in-house. Now a new firmware analyzer has been released to open source on GitHub.
https://www.securityweek.com/gm-cruise-releases-automated-firmware-security-analyzer-open-source
Hotellerie-Betriebe: Vorsicht vor kriminellen Buchungs- & Stornierungsversuchen!
Vermeintliche Interessent/innen kontaktieren gezielt Hotels, Pensionen, Apartments und sonstige Unterkünfte für eine Buchung. Kurz nach einer (ungültigen) Zahlung per Kreditkarte folgen schreckliche Nachrichten: Aufgrund tragischer Ereignisse bei den geplanten Gästen muss die Buchung storniert und das Geld zurücküberwiesen werden. Hotellerie-Betriebe dürfen den Aufforderungen nicht nachkommen!
https://www.watchlist-internet.at/news/hotellerie-betriebe-vorsicht-vor-kriminellen-buchungs-stornierungsversuchen/
Hunting the Public Cloud for Exposed Hosts and Misconfigurations
This research explores the security landscape of the Internet-facing services hosted in Amazon AWS, Microsoft Azure and Google Cloud Platform.
https://unit42.paloaltonetworks.com/hunting-the-public-cloud-for-exposed-hosts-and-misconfigurations/
Clever attack uses SQLite databases to hack other apps, malware servers
Tainted SQLite database can run malicious code inside other apps, such as web apps or Apples iMessage.
https://www.zdnet.com/article/clever-attack-uses-sqlite-databases-to-hack-other-apps-malware-servers/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (fusiondirectory, gosa, kconfig, kernel, pango1.0, and python-django), Fedora (aubio, icedtea-web, java-1.8.0-openjdk, kernel, kernel-headers, kernel-tools, libslirp, openqa, os-autoinst, and upx), Gentoo (JasPer, libvncserver, and redis), Mageia (cyrus-imapd and php), Oracle (kernel), Red Hat (chromium-browser, cockpit-ovirt, Red Hat Virtualization, and rhvm-appliance), SUSE (ImageMagick, libvirt, python, and wireshark), and Ubuntu (poppler).
https://lwn.net/Articles/795963/
PPOM for WooCommerce <= 18.3 - Authenticated Stored XSS
https://wpvulndb.com/vulnerabilities/9502
ZDI-19-701: (0Day) EZAutomation EZPLC EZC File Parsing Memory Corruption Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-701/
ZDI-19-700: (0Day) EZAutomation EZTouch Editor EZP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-700/
iControl REST and tmsh vulnerability CVE-2019-6621
https://support.f5.com/csp/article/K20541896