[CERT-daily] Tageszusammenfassung - 28.07.2017

Fri Jul 28 18:08:26 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 27-07-2017 18:00 − Freitag 28-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ Google Study Quantifies Ransomware Profits ∗∗∗
---------------------------------------------
A ransomware study released Google revealed the malware earned criminals $25 million over the past two years.
---------------------------------------------
http://threatpost.com/google-study-quantifies-ransomware-revenue/127057/


∗∗∗ Attack Uses Docker Containers To Hide, Persist, Plant Malware ∗∗∗
---------------------------------------------
Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers.
---------------------------------------------
http://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-malware/126992/


∗∗∗ The Cloak & Dagger Attack That Bedeviled Android For Months ∗∗∗
---------------------------------------------
Not all Android attacks come from firmware mistakes.
---------------------------------------------
https://www.wired.com/story/cloak-and-dagger-android-malware


∗∗∗ Hacker Says He Broke Through Samsungs Secure Smartphone Platform ∗∗∗
---------------------------------------------
When his rooting exploit worked on plenty of Android devices but failed on the Samsung Galaxy S7 Edge, researcher Di Shen decided to dig into KNOX.
---------------------------------------------
https://motherboard.vice.com/en_us/article/pad5jn/hacker-says-he-broke-through-samsungs-secure-smartphone-platform


∗∗∗ OPC Data Access IDAPython script ∗∗∗
---------------------------------------------
An IDAPython script for IDA Pro that helps reverse engineer binaries that are using the OPC Data Access protocol.
---------------------------------------------
https://github.com/eset/malware-research/blob/master/industroyer/README.adoc


∗∗∗ Internet der Dinge: Wenn die Waschstraße angreift ∗∗∗
---------------------------------------------
Sicherheitsforscher haben diverse Schwachstellen in automatisierten Autowaschstraßen gefunden, die sich sogar übers Internet missbrauchen lassen. Durch ferngesteuerte Tore, Roboterarme und Hochdruck-Wasserstrahle könnte es sogar zu Personenschäden kommen.
---------------------------------------------
https://heise.de/-3785654


∗∗∗ Microsoft opens fuzz testing service to the wider public ∗∗∗
---------------------------------------------
Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry.
---------------------------------------------
https://www.helpnetsecurity.com/2017/07/28/microsoft-fuzz-testing-service/


=====================
=    Advisories     =
=====================

∗∗∗ Continental AG Infineon S-Gold 2 (PMB 8876) ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow and an improper restriction of operations within the bounds of a memory buffer vulnerability in Continental AGs Infineon S-Gold 2 (PMB 8876).
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01


∗∗∗ Mirion Technologies Telemetry Enabled Devices ∗∗∗
---------------------------------------------
This advisory contains mitigation details for use of hard-coded cryptographic key and inadequate encryption strength vulnerabilities in Mirion Technologies Telemetry Enabled Devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02


∗∗∗ PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch ∗∗∗
---------------------------------------------
This advisory contains mitigation details for improper authentication and missing encryption of sensitive data affecting PDQ Manufacturing, Inc.s LaserWash, LaserJet, and ProTouch car washes.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03


∗∗∗ Multiple Cisco Products OSPF LSA Manipulation Vulnerability ∗∗∗
---------------------------------------------
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic.The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170727-ospf


∗∗∗ VMSA-2017-0012 ∗∗∗
---------------------------------------------
VMware VIX API VM Direct Access Function security issue
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0012.html


∗∗∗ VMSA-2017-0013 ∗∗∗
---------------------------------------------
VMware vCenter Server and Tools updates resolve multiple security vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0013.html


∗∗∗ Vuln: Cloud Foundry Cloud Controller API CVE-2017-8036 Incomplete Fix Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/100002


∗∗∗ DFN-CERT-2017-1305: PHPMailer: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1305/


∗∗∗ DFN-CERT-2017-1310: Microsoft Outlook: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1310/


∗∗∗ FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages ∗∗∗
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-104


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005830


∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1332) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005233


∗∗∗ IBM Security Bulletin: Multiple security vunerabilities in Oracle Java SE and Java SE Embedded affects IBM InfoSphere Master Data Management ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006603


∗∗∗ IBM Security Bulletin: IBM System Networking Switch Center is affected by a Jsch vulnerability (CVE-2016-5725) ∗∗∗
---------------------------------------------
http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099634


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM User Interface (CVE-2016-9714) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006608


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method – TRACE discovered in MDM User Interface (CVE-2016-9718) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006606


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery discovered in MDM User Interface (CVE-2016-9716) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006610


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting Attack (CVE-2016-9715) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006611


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities might affect IBM® SDK for Node.js™ ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22006298


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025538


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in qemu-kvm and libguestfs affect SmartCloud Entry (CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 CVE-2015-8869) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025529


∗∗∗ IBM Security Bulletin: IBM i is affected by an OSPF vulnerability (CVE-2017-1460) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022191


∗∗∗ IBM Security Bulletin: The BigFix Platform has a vulnerability that can cause denial of service ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22003222


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a X-Frame-Options Header ClickJacking attack (CVE-2016-9719 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006607


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006605


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025397

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily