[CERT-daily] Tageszusammenfassung - Mittwoch 28-06-2017

Wed Jun 28 18:06:31 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 27-06-2017 18:00 − Mittwoch 28-06-2017 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl


*** Newport XPS-Cx, XPS-Qx ***
---------------------------------------------
This advisory contains mitigation details for an improper authentication vulnerability in the Newport XPS-Cx and XPS-Qx controllers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-178-01


*** Schroedinger’s Pet(ya) ***
---------------------------------------------
Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time. Despite rampant public speculation, the following is what we can confirm from our independent analysis.
---------------------------------------------
http://securelist.com/schroedingers-petya/78870/


*** Microsoft bringing EMET back as a built-in part of Windows 10 ***
---------------------------------------------
The built-in exploit mitigations are getting stronger and easier to configure.
---------------------------------------------
https://arstechnica.com/?p=1124813


*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues ..
---------------------------------------------
https://support.citrix.com/article/CTX224740


*** New ransomware, old techniques: Petya adds worm capabilities ***
---------------------------------------------
On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/


*** DFN-CERT-2017-1114/">systemd: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff und die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1114/


*** DFN-CERT-2017-1112/">Microsoft Azure Active Directory (AD) Connect: Eine Schwachstelle ermöglicht eine Privilegieneskalation ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1112/


*** DSA-3900 openvpn - security update ***
---------------------------------------------
Several issues were discovered in openvpn, a virtual private network application.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3900


*** Security Advisory - DoS Vulnerability of isub Service in Some Huawei Smartphones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170628-01-isub-en


*** HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution ***
---------------------------------------------
Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution.
---------------------------------------------
http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbgn03763en_us


*** Linux-Kernel-Security: Torvalds bezeichnet Grsecurity als "Müll" ***
---------------------------------------------
Mit seinem wie üblich wenig diplomatischen Feingefühl machte Kernel-Chefhacker Linus Torvalds auf der Kernel-Mailingliste deutlich, was er von dem auf Sicherheit fokussierten ..
---------------------------------------------
https://www.golem.de/news/linux-kernel-security-torvalds-bezeichnet-grsecurity-als-muell-1706-128636.html


*** Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS ***
---------------------------------------------
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we recorded was:30 Mpps (millions of packets per second)80 ..
---------------------------------------------
https://blog.cloudflare.com/ssdp-100gbps/