[CERT-daily] Tageszusammenfassung - 23.08.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 22-08-2017 18:00 − Mittwoch 23-08-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ ROPEMAKER Lets Attackers Change Your Emails After Delivery ∗∗∗
---------------------------------------------
A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ropemaker-lets-attackers-change-your-emails-after-delivery/


∗∗∗ Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware ∗∗∗
---------------------------------------------
Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-play-store-security-scans-tricked-by-sigh-in-dev-malware/


∗∗∗ Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd) ∗∗∗
---------------------------------------------
Yesterday, I found an interesting sample that I started to analyze... It reached my spam trap attached to an email in Portuguese with the subject: "Venho por meio desta solicitar orçamento dos produtos” ("I hereby request the products budget”). 
---------------------------------------------
https://isc.sans.edu/diary/rss/22748


∗∗∗ Apple iCloud Keychain easily slurped, ElcomSoft says ∗∗∗
---------------------------------------------
Credentials stored in the cloud succumb to forensic software ElcomSoft, the Russia-based maker of forensic software, has managed to find a way to access the data stored in Apples iCloud Keychain, if Apple ID account credentials are available.
---------------------------------------------
http://www.theregister.co.uk/2017/08/22/apple_icloud_keychain_easily_slurped/


∗∗∗ Is the Power Grid Getting More Vulnerable to Cyber Attacks? ∗∗∗
---------------------------------------------
Rising computerization opens doors for increasingly aggressive adversaries, but defenses are better than many might think.
---------------------------------------------
https://www.scientificamerican.com/article/is-the-power-grid-getting-more-vulnerable-to-cyber-attacks/


∗∗∗ Ukrainian Security Firm Warns of Another Massive Global Cyberattack ∗∗∗
---------------------------------------------
A new wave of cyberattacks could be launched as soon as this week, Ukrainian security firm ISSP warns, pointing out that the main objective would be taking down networks on August 24 when Ukraine celebrates the Independence Day.
---------------------------------------------
http://news.softpedia.com/news/ukrainian-security-firm-warns-massive-global-cyberattack-517475.shtml


∗∗∗ Google schmeißt 500 potenzielle Spionage-Apps aus App Store ∗∗∗
---------------------------------------------
Ein Software Development Kit für Werbeeinblendungen soll Schnüffelfunktionen mitbringen. Damit ausgestattete Android-Apps weisen über 100 Millionen Downloads auf, warnen Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3810366


∗∗∗ Hintergrund: Hardware-Fuzzing: Hintertüren und Fehler in CPUs aufspüren ∗∗∗
---------------------------------------------
Ein Prozessor-Fuzzer analysiert Hardware, der man normalerweise blind vertrauen muss. In ersten Testläufen wurde er bei nahezu allen Architekturen fündig und spürte etwa undokumentierte CPU-Befehle auf. Sandsifter ist kostenlos und frei verfügbar; der Autor hilft sogar bei der Analyse.
---------------------------------------------
https://heise.de/-3809408



=====================
=    Advisories     =
=====================

∗∗∗ DSA-3952 libxml2 - security update ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause a denial-of-service againstthe application, information leaks, or potentially, the execution ofarbitrary code with the privileges of the user running the application.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3952


∗∗∗ Automated Logic Corporation WebCTRL, i-VU, SiteScan ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01


∗∗∗ SpiderControl SCADA Web Server ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03


∗∗∗ SpiderControl SCADA MicroBrowser ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02


∗∗∗ Security Advisory - Two Command Injection Vulnerabilities in The FusionSphere OpenStack ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170823-01-openstack-en


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005055


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007464


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource NTP affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002233


∗∗∗ Multiple GNU Binutils vulnerabilities ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23729200

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily