End-of-Day report
Timeframe: Mittwoch 14-08-2019 18:00 - Freitag 16-08-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Microsoft Warns of Phishing Attacks Using Custom 404 Pages
Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials.
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-using-custom-404-pages/
Energy Sector Phish Swims Past Microsoft Email Security via Google Drive
The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.
https://threatpost.com/energy-phish-microsoft-security-google-drive/147397/
Analysis of a Spearphishing Maldoc, (Thu, Aug 15th)
A spearphishing attack with a VBA maldoc on US utility companies was mentioned in SANS NewsBites Vol. 21, Num. 61. I always like to take a look at malicious documents mentioned in the news. Luckily for me, Proofpoint's analysis includes the hashes of the maldocs, and one maldoc can be found on VirusTotal.
https://isc.sans.edu/diary/rss/25242
VoIP-Sicherheitslücken: Viele Büro-Telefonanlagen grundlegend unsicher
33 Geräte von 25 Herstellern lassen sich kapern. Angreifer können spionieren, andere Systeme angreifen oder die Organisation durch einen Totalausfall schwächen.
https://heise.de/-4499202
MITRE ATT&CK July 2019 Update
On the last day of July, MITRE released its most recent update to the ATT&CK framework. The ATT&CK framework is a curated knowledge base of tactics, techniques, software, that adversarial groups have leveraged when compromising enterprise systems. The July 2019 update is relatively minor compared to the April 2019 update, which saw a new tactic [...]
https://www.tripwire.com/state-of-security/security-data-protection/mitre-attck-july-2019-update/
Many Apache Struts Security Advisories Updated Following Review
Two dozen security advisories for the Apache Struts open source development framework have been updated after researchers determined that they contained incorrect information regarding which versions of the software were impacted by a vulnerability.
https://www.securityweek.com/many-apache-struts-security-advisories-updated-following-review
Vulnerabilities
Lenovo Warns of ThinkPad Bugs, One Unpatched
The notebook maker is warning users of three separate vulnerabilities.
https://threatpost.com/lenovo-warns-bugs-thinkpads/147338/
Patches for 2 Severe LibreOffice Flaws Bypassed - Update to Patch Again
If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities.
https://thehackernews.com/2019/08/libreoffice-patch-update.html
Security updates for Thursday
Security updates have been issued by openSUSE (irssi, ledger, libheimdal, libmediainfo, libqb, and libsass) and Slackware (mozilla).
https://lwn.net/Articles/796311/
Security updates for Friday
Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, [...]
https://lwn.net/Articles/796455/