End-of-Day report
Timeframe: Donnerstag 26-04-2018 18:00 − Freitag 27-04-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
∗∗∗ PyRoMine Uses NSA Exploit for Monero Mining and Backdoors ∗∗∗
Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.
http://threatpost.com/pyromine-uses-nsa-exploit-for-monero-mining-and-backdoors/131472/
∗∗∗ Analysis of a Malicious Blackhat SEO Script ∗∗∗
An enormous number of SEO spam infections are handled by us here at Sucuri. In our most recent hacked website trend report, we analyzed over 34,000+ websites and identified that 44% of all website infection cases were misused for SEO spam campaigns. Once a website has been compromised, attackers often use it to distribute malware, host phishing ..
https://blog.sucuri.net/2018/04/analysis-of-a-malicious-blackhat-seo-script.html
∗∗∗ GravityRAT malware takes your systems temperature ∗∗∗
The GravityRAT malware, discovered by Cisco Talos researchers, gives some interesting insight ..
https://www.virusbulletin.com:443/blog/2018/04/gravityrat-malware-takes-your-systems-temperature/
∗∗∗ Phishing für Anspruchsvolle: [A]pache-Kit klont beliebte Online-Shops ∗∗∗
Mitarbeiter des Sicherheitssoftware-Herstellers Check Point haben ein brasilianisches Phishing-Kit unter die Lupe genommen, das zum Abgreifen von Adress- und Kreditkartendaten voll funktionsfähige Marken-Shops imitiert.
https://www.heise.de/meldung/Phishing-fuer-Anspruchsvolle-A-pache-Kit-klont-beliebte-Online-Shops-4036984.html
∗∗∗ Achtung vor Datendiebstahl auf Kleinanzeigenportalen! ∗∗∗
Kleinanzeigenportale bieten eine hervorragende Möglichkeit Altes zu Geld zu machen oder das ein oder andere Schnäppchen abzustauben. Die Marktplätze erfreuen sich daher großer Beliebtheit, doch ..
http://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3065&tx_news_pi1[controller]=News&tx_news_pi1[action]=detail&cHash=83ba38cc7f41ea4576f651d91ac36bca
Vulnerabilities
∗∗∗ Delta Electronics PMSoft ∗∗∗
This advisory includes mitigations for multiple stack-based overflow vulnerabilities in Delta Electronics PMSoft, a software development tool.
https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01
∗∗∗ WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting ∗∗∗
The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" contains a cross-site scripting vulnerability.
https://jvn.jp/en/jp/JVN08386386/
∗∗∗ WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting ∗∗∗
The WordPress plugin "WP Google Map Plugin" contains a cross-site scripting vulnerability.
https://jvn.jp/en/jp/JVN01040170/
∗∗∗ WordPress plugin "Events Manager" vulnerable to cross-site scripting ∗∗∗
The WordPress plugin "Events Manager" contains a cross-site scripting vulnerability.
https://jvn.jp/en/jp/JVN85531148/
∗∗∗ Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1