End-of-Day report
Timeframe:   Mittwoch 06-11-2019 18:00 - Donnerstag 07-11-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a
      News       
Specially Crafted ZIP Files Used to Bypass Secure Email Gateways
Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing campaign that utilized a specially crafted ZIP file that was designed to bypass secure email gateways to distribute the NanoCore RAT.
https://www.bleepingcomputer.com/news/security/specially-crafted-zip-files-used-to-bypass-secure-email-gateways/
How to Secure Critical Infrastructure When Patching Isn-t Possible
Mission-critical systems cant just be switched off to apply security updates -- so patching can take weeks if not years.
https://threatpost.com/secure-critical-infrastructure-when-patching-isnt-possible/149987/
Vulnerability hunting with Semmle QL: DOM XSS
In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of the [...]
https://msrc-blog.microsoft.com:443/2019/11/06/vulnerability-hunting-with-semmle-ql-dom-xss/
Getting the best value out of security assessments, (Thu, Nov 7th)
Since my day job is all about hacking, I get a lot of questions (and there appears to be a lot of confusion) about what a vulnerability scan, penetration test or red team assessment is.
https://isc.sans.edu/diary/rss/25498
Magento 1 End of Life
It-s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website - which cripples any ecommerce business. When you consider the popularity of the Magento ecommerce platform, it-s easy to see how their announcement of the Magento 1 end of life could leave a significant portion of ecommerce retailers scrambling for new solutions.
https://blog.sucuri.net/2019/11/magento-1-end-of-life.html
VB2019 paper: DNS on fire
In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.
https://www.virusbulletin.com:443/blog/2019/11/vb2019-paper-dns-fire/
C2 With It All: From Ransomware To Carding
Cisco Talos recently discovered a new server hosting a large stockpile of malicious files. Our analysis of these files shows that these attackers were able to obtain a deep level of access to victims infrastructure - all of which allowed us to identify several targets of these attacks, including one American manufacturing company. Talos notified these targets of the attack.
https://blog.talosintelligence.com/2019/11/c2-with-it-all.html
5 Tipps zur Steigerung der Cybersecurity Awareness von Angestellten
Wie können Firmen ein Arbeitsumfeld schaffen, das es Angestellten ermöglicht, die nötigen Fähigkeiten zu erwerben, um Cybergefahren richtig einzuschätzen?
https://www.welivesecurity.com/deutsch/2019/11/07/5-tipps-steigerung-cybersecurity-awareness-angestellte/
Falsche Gewinnspiele für Kinogutscheine kosten 80 Euro pro Monat
Mit Facebook-Anzeigen und nachgebauten Facebook-Seiten von Kinos in ganz Österreich werben Kriminelle für ein Gewinnspiel. Angeblich können Kinogutscheine gewonnen werden. Doch Vorsicht: Hier gibt es nichts zu gewinnen! Statt eines Kinobesuchs gibt es nur Ärger. Die Kreditkartendaten landen in den Händen von Kriminellen, die dann 80 bis 90 Euro pro Monat abbuchen.
https://www.watchlist-internet.at/news/falsche-gewinnspiele-fuer-kinogutscheine-kosten-80-euro-pro-monat/
 Vulnerabilities 
Gamers Hit with Nvidia GPU Driver, GeForce Flaws
Vulnerabilities in several PC gaming products offered by Nvidia can lead to escalation of privilege, denial of service and other malicious attacks.
https://threatpost.com/gamers-hit-with-nvidia-gpu-driver-geforce-flaws/149992/
Security updates for Thursday
Security updates have been issued by Arch Linux (squid), Fedora (chromium, libssh2, and wpa_supplicant), openSUSE (chromium), Red Hat (ansible, chromium-browser, openstack-octavia, patch, qemu-kvm-rhev, sudo, and thunderbird), Scientific Linux (sudo), SUSE (bluez, gdb, php72, and thunderbird), and Ubuntu (cpio and rygel).
https://lwn.net/Articles/804091/
Cisco: All these routers have the same embedded crypto keys, so update firmware
Cisco removes static encryption keys that were shared across its small-business routers.
https://www.zdnet.com/article/cisco-all-these-routers-have-the-same-embedded-crypto-keys-so-update-firmware/
Open Social - Critical - Insecure Session Management - SA-CONTRIB-2019-075
https://www.drupal.org/sa-contrib-2019-075
PEPPERL+FUCHS Linux Kernel Vulnerability on ecom Mobile Devices
https://cert.vde.com/de-de/advisories/vde-2019-021
Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K19-0965