End-of-Day report
Timeframe: Mittwoch 12-09-2018 18:00 - Donnerstag 13-09-2018 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
News
Office VBA + AMSI: Parting the veil on malicious macros
As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for malicious behavior.
https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/
A New Mining Botnet Blends Its C2s into ngrok Service
These days, it feels like new mining malwares are popping up almost daily and we have pretty much stopped blogging the regular ones so we don-t flood our readers- feed. With that being said, one did have our attention recently. This botnet hides its C2s(Downloader and Reporter [...]
http://blog.netlab.360.com/a-new-mining-botnet-blends-its-c2s-into-ngrok-service/
Fast, Furious and Insecure: Passive Keyless Entry and Start in Modern Supercars
High-end vehicles are often equipped with a Passive Keyless Entry and Start (PKES) system. These PKES systems allow to unlock and start the vehicle based on the physical proximity of a paired key fob; no user interaction is required.
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entry-and-start-in-modern-supercars/
The 42M Record kayo.moe Credential Stuffing Data
This is going to be a brief blog post but its a necessary one because I cant load the data Im about to publish into Have I Been Pwned (HIBP) without providing more context than what I can in a single short breach description. Heres the story: [...]
https://www.troyhunt.com/the-42m-record-kayo-moe-credential-stuffing-data/
Keine 359,88 Euro an Streaming-Plattformen zahlen
Die Streaming-Plattformen borastream.de und matostream.de verlangen von Besucher/innen eine kostenlose Registrierung. Sie führt ohne Hinweis zu einer Premium-Mitgliedschaft um 359,88 Euro pro Jahr. Konsument/innen müssen die Rechnung der Website-Betreiberinnen Roxo Films Ltd bzw. Filmser Ltd27 nicht bezahlen, denn ihre Angebote sind unseriöse Abo-Fallen.
https://www.watchlist-internet.at/news/keine-35988-euro-an-streaming-plattformen-zahlen/
Vulnerabilities
Security updates for Thursday
Security updates have been issued by Debian (ghostscript and openssh), Oracle (firefox), Scientific Linux (firefox and OpenAFS), SUSE (tomcat), and Ubuntu (openjdk-lts).
https://lwn.net/Articles/764713/
ZDI-18-1046: (0Day) PoDoFo Library ParseToUnicode Memory Corruption Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-18-1046/
Intel Baseboard Management Controller (BMC) Firmware: Eine Schwachstelle ermöglicht die Eskalation von Privilegien
https://adv-archiv.dfn-cert.de/adv/2018-1861/
IBM Security Bulletin: IBM Connections Security Refresh (CVE-2018-1791)
https://www-01.ibm.com/support/docview.wss?uid=ibm10731207
IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-1656 and CVE-2018-12539)
https://www-01.ibm.com/support/docview.wss?uid=ibm10728399
IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719)
https://www-01.ibm.com/support/docview.wss?uid=ibm10718837
IBM Security Bulletin: A Vulnerability in the Java runtime environment that IBM provides affects WebSphere DataPower XC10 Appliance
http://www.ibm.com/support/docview.wss?uid=ibm10718653
IBM Security Bulletin: A Vulnerability in Java runtime environment that IBM provides affects WebSphere eXtreme Scale
http://www.ibm.com/support/docview.wss?uid=ibm10718453
IBM Security Bulletin: Vulnerability in OpenSSH affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter
https://www-01.ibm.com/support/docview.wss?uid=ibm10731317
IBM Security Bulletin: WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium) is affected by OpenSSL vulnerability CVE-2018-0739
https://www-01.ibm.com/support/docview.wss?uid=ibm10731019