End-of-Day report
Timeframe: Freitag 06-09-2019 18:00 - Montag 09-09-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
7 most common application backdoors
The popular adage "we often get in quicker by the back door than the front" has withstood the test of time even in our advanced, modern world. Application backdoors have become rampant in today's business environment, making it mandatory for us to take the same level of precaution we'd do to safeguard the backdoor [...]
https://resources.infosecinstitute.com/7-most-common-application-backdoors/
'Purple Fox' Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
This new iteration of Purple Fox that we came across, also being delivered by Rig, has a few new tricks up its sleeve. It retains its rootkit component by abusing publicly available code. It now also eschews its use of NSIS in favor of abusing PowerShell, making Purple Fox capable of fileless infection. It also incorporated additional exploits to its infection chain, most likely as a foolproof mechanism to ensure that it can still infect the system.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rRfjdvF4DOI/
Open Sourcing StringSifter
Malware analysts routinely use the Strings program during static analysis in order to inspect a binarys printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke analyst fatigue, relevant strings occur less often than irrelevant ones, and the definition of "relevant" can vary significantly among analysts.
http://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsifter.html
BlueKeep Exploit Added to Metasploit
An initial public exploit targeting the recently addressed BlueKeep vulnerability in Microsoft Windows has been added to Rapid7's Metasploit framework.
https://www.securityweek.com/bluekeep-exploit-added-metasploit
Kriminelle nützen Promis und Medien für Bitcoin-Betrug
Die Schadensummen reichen von etwa 200 Euro bis weit über 100.000 Euro: KonsumentInnen werden durch erfundene News-Artikel auf gefälschten Nachrichten-Websites zu Investments bei unseriösen Plattformen wie "Bitcoin Code", "Bitcoin Profit" oder "The News Spy" bewegt. Bekannte Persönlichkeiten wie Christoph Waltz oder Bill Gates und einflussreiche Medien wie orf.at oder Der Spiegel werden dabei von Kriminellen missbraucht, um Opfer [...]
https://www.watchlist-internet.at/news/kriminelle-nuetzen-promis-und-medien-fuer-bitcoin-betrug/
Sicherheitsforscher warnen vor GPS-Uhren für Kinder: Sofort wegwerfen
Smartwatches für Kids mit horrender Sicherheit - Angreifer können mit Leichtigkeit, Heranwachsende und Eltern ausspionieren
https://www.derstandard.at/story/2000108423850/sicherheitsforscher-warnen-vor-gps-uhren-fuer-kinder-sofort-wegwerfen
Telnet backdoor vulnerabilities impact over a million IoT radio devices
Devices can be remotely exploited as root without any need for user interaction.
https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/
Vulnerabilities
Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers
The NETGEAR N300 line of wireless routers contains two denial-of-service vulnerabilities. The N300 is a small and affordable wireless router that contains the basic features of a wireless router. An attacker could exploit these bugs by sending specific SOAP and HTTP requests to different functions of the router, causing it to crash entirely.
https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-routers-DoS-sept-2019.html
Security updates for Monday
Security updates have been issued by Debian (expat, ghostscript, libreoffice, and memcached), Fedora (chromium, grafana, kea, nsd, pdfbox, roundcubemail, and SDL), Gentoo (apache, dbus, exim, libsdl2, pango, perl, vlc, and webkit-gtk), Mageia (dovecot, giflib, golang, icedtea-web, irssi, java-1.8.0-openjdk, libgcrypt, libmspack, mercurial, monit, php, poppler, python-urllib3, rdesktop, SDL12, sdl2, sigil, sqlite3, subversion, tomcat, and zstd), openSUSE (chromium, exim, go1.12, httpie, [...]
https://lwn.net/Articles/798826/
LibreOffice: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit Benutzerrechten
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/09/warnmeldung_tw-t19-0127.html
Instagram - Open Redirect Vulnerability
https://cxsecurity.com/issue/WLB-2019090061
Photo Gallery by 10Web < 1.5.35 - SQL Injection & XSS
https://wpvulndb.com/vulnerabilities/9872
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio (CVE-2018-1890, CVE-2019-2426)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-watson-explorer-watson-content-analytics-and-watson-explorer-content-analytics-studio-cve-2018-1890-cve-2019-2426/