[CERT-daily] Tageszusammenfassung - Dienstag 27-06-2017

Daily end-of-shift report team at cert.at
Tue Jun 27 18:19:35 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 26-06-2017 18:00 − Dienstag 27-06-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Petya Ransomware Outbreak ***
---------------------------------------------
Heute hat es in mehreren Firmen in Europa IT-Ausfälle durch Ransomware gegeben. Dabei dürfte die Ransomware auch ein "lateral movement" innerhalb einer Organisation durchführen, und so eine breitflächige Infektion und damit Verschlüsselung erreichen. Die Faktenlage zu den genauen Vektoren, sowohl für die initiale Infektion, als auch für die Weiterverbreitung innerhalb des lokalen Netzes, ist noch sehr dünn und [...]
---------------------------------------------
http://www.cert.at/services/blog/20170627170903-2046.html




*** Second Global Ransomware Outbreak Under Way ***
---------------------------------------------
A massive ransomware outbreak is spreading globally and being compared to WannaCry.
---------------------------------------------
http://threatpost.com/second-global-ransomware-outbreak-under-way/126549/




*** E-Mails über angebliche Verkehrsstrafen ***
---------------------------------------------
E-Mails über angebliche Verkehrsstrafen – ACHTUNG: dahinter verbirgt sich Schadsoftware
---------------------------------------------
http://www.bmi.gv.at/cms/BK/betrug/files/2762017_E_Mails_ber_angebliche_Verkehrsstrafen.pdf




*** How Spora ransomware tries to fool antivirus ***
---------------------------------------------
Spora ransomware is back and its trying to confuse antivirus products and email filters.
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/fpIDs0aHpNY/




*** $1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks ***
---------------------------------------------
The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/




*** How Not to Encrypt a File - Courtesy of Microsoft ***
---------------------------------------------
A client recently sent me a crypto spec which involved some, how do I say, suboptimal use of crypto primitives. They're .Net users so I decided to search for a nice msdn crypto reference to set them straight. Instead I found the likely culprit behind their confusion.
---------------------------------------------
https://medium.com/@bob_parks1/how-not-to-encrypt-a-file-courtesy-of-microsoft-bfadf2b0273d




*** New Shifr RaaS Lets Any Dummy Enter the Ransomware Business ***
---------------------------------------------
Several security researchers have spotted a new Ransomware-as-a-Service (RaaS) portal over the weekend that lets anyone generate their own ransomware executable just by filling in three form fields and pressing a button. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-shifr-raas-lets-any-dummy-enter-the-ransomware-business/




*** What's new in Windows Defender ATP Fall Creators Update ***
---------------------------------------------
When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/




*** Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 Hot Patch 2 ***
---------------------------------------------
Abstract: Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 HP2 has been released. Please see the details section below for installation instructions and the change log section for bug fixes since the last release.  NOTE: Please do not continue using older versions of GMS SSLCheck. It has been superceded by GroupWise Mobility Service SSLCheck 1.1 found here:  http://download.novell.com/Download?buildid=9naDJkniVtg~Document ID: 5311890Security Alert: YesDistribution Type: [...]
---------------------------------------------
https://download.novell.com/Download?buildid=SIbPzOKmofQ~




*** SSA-874235 (Last Update 2017-06-26): Intel Vulnerability in Siemens Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System ***
http://www-01.ibm.com/support/docview.wss?uid=swg22005209
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK Java Technology Edition Version 6, 7, 8 and IBM Runtime Environment Java Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation ***
http://www.ibm.com/support/docview.wss?uid=swg22003154
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM PureApplication System (CVE-2017-3731) ***
http://www.ibm.com/support/docview.wss?uid=swg22005135
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003285
---------------------------------------------
*** IBM Security Bulletin: Security vulnerability in SWF files shipped with IBM Cúram Social Program Management (CVE-2017-1106) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004580
---------------------------------------------


More information about the Daily mailing list