[CERT-daily] Tageszusammenfassung - Mittwoch 7-06-2017

Wed Jun 7 18:07:33 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 06-06-2017 18:00 − Mittwoch 07-06-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  Olaf Schwarz


*** Rockwell Automation PanelView Plus 6 700-1500 ***
---------------------------------------------
This advisory contains mitigation details for a missing authorization vulnerability in Rockwell Automation's PanelView Plus 6 700-1500.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01


*** Digital Canal Structural Wind Analysis ***
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Digital Canal Structural's Wind Analysis.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-157-02


*** Curiosity Kills Security When it Comes to Phishing ***
---------------------------------------------
The results of an academic experiment reveal that recipients of Facebook messages are much more likely to click on suspicious links.
---------------------------------------------
http://threatpost.com/curiosity-kills-security-when-it-comes-to-phishing/126101/


*** Privileges and Credentials: Phished at the Request of Counsel ***
---------------------------------------------
Summary In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. 
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html


*** Russische Hacker erteilen Befehle über Britney Spears Instagram ***
---------------------------------------------
Adresse von Kontrollserver wurde in Nutzerkommentar zu Foto des Popstars versteckt.
---------------------------------------------
http://derstandard.at/2000058853606


*** VMware-Admins aufgepasst: Es gibt wichtige Updates für ESXi ***
---------------------------------------------
Wer Version 6.0 des ESXi-Hypervisors von VMware einsetzt, sollte Zeit zum Patchen einplanen. Einige Bugs und Sicherheitslücken wollen ausgebügelt werden.
---------------------------------------------
https://heise.de/-3736872


*** [2017-06-07] Various WiMAX CPEs Authentication Bypass ***
---------------------------------------------
Various WiMAX routers by GreenPacket, Huawei, MADA, MitraStar, ZTE and ZyXEL are affected by an authentication bypass vulnerability that allows an attacker to take over the web interface.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt


*** Ghosts from the past: Authentication bypass and OEM backdoors in WiMAX routers ***
---------------------------------------------
SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user. 
---------------------------------------------
http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html


*** PLATINUM continues to evolve, find ways to maintain invisibility ***
---------------------------------------------
Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group. 
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/


*** VMSA-2017-0010 ***
---------------------------------------------
vSphere Data Protection (VDP) updates address multiple security issues.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0010.html