[CERT-daily] Tageszusammenfassung - 10.07.2017

Mon Jul 10 18:05:22 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 07-07-2017 18:00 − Montag 10-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ A VBScript with Obfuscated Base64 Data, (Sat, Jul 8th) ∗∗∗
---------------------------------------------
A few months ago, I posted a diary to explain how to search for (malicious) PE files in Base64 data[1]. Base64 is indeed a common way to distribute binary content in an ASCII form. There are plenty of scripts based on this technique. On my Macbook, Im using width:800px [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/22590

∗∗∗ Adversary hunting with SOF-ELK, (Sun, Jul 9th) ∗∗∗
---------------------------------------------
As we recently celebrated Independence Day in the U.S., Im reminded that we honor what was, of course, an armed conflict. Todays realities, when we think about conflict, are quite different than the days of lining troops up across the field from each other, loading muskets, and flinging balls of lead into the fray. We live in a world of asymmetrical battles, often conflicts that arent always obvious in purpose and intent, and likely fought on multiple fronts. For one of the best reads on the [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/22592

∗∗∗ 94 .ch & .li domain names hijacked and used for drive-by ∗∗∗
---------------------------------------------
A Swiss domain holder called us today telling us that the .ch zone points to the wrong name servers for his domain. The NS entries were ns1.dnshost[.]ga and ns2.dnshost[.]ga. We contacted the registrar and soon realized that this is not the [...]
---------------------------------------------
https://securityblog.switch.ch/2017/07/07/94-ch-li-domain-names-hijacked-and-used-for-drive-by/

∗∗∗ BSI warnt Unternehmen gezielt vor akutem Risiko durch CEO Fraud ∗∗∗
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/CEO_Fraud_10072017.html

∗∗∗ Attack on Critical Infrastructure Leverages Template Injection ∗∗∗
---------------------------------------------
Contributors: Sean Baird, Earl Carter, Erick Galinkin, Christopher Marczewski & Joe Marshall Executive SummaryAttackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro [...]
---------------------------------------------
http://blog.talosintelligence.com/2017/07/template-injection.html

=====================
=    Advisories     =
=====================

∗∗∗ Microsoft .NET Privilege Escalation ∗∗∗
---------------------------------------------
Topic: Microsoft .NET Privilege Escalation Risk: Medium Text:Hi @ll, all versions of .NET Framework support to load a COM object as code profiler, enabled via two or three environment ...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017070067

∗∗∗ DSA-3905 xorg-server - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3905

∗∗∗ Petya Malware Variant (Update C) ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01C

∗∗∗ iManager 3.0.3 Patch 2 (3.0.3.2) ∗∗∗
---------------------------------------------
https://download.novell.com/Download?buildid=KhPP8lJyDik~

∗∗∗ DFN-CERT-2017-1188: SQLite: Eine Schwachstelle ermöglicht u.a. das Ausspähen von Informationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1188/

∗∗∗ DFN-CERT-2017-1187: Apache Software Foundation Struts: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1187/

∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for Bluemix April 2017 CPU ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22004278

∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Performance Tester. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004418

∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Service Tester. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004419

∗∗∗ EMC Data Protection Advisor Input Validation Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information and Inject SQL Commands ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038841

∗∗∗ EMC Secure Remote Services (ESRS) Policy Manager Undocumented Account With Default Password Lets Remote Users Access the Target System ∗∗∗
---------------------------------------------


-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily