[CERT-daily] Tageszusammenfassung - Dienstag 28-03-2017

Tue Mar 28 18:07:29 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 27-03-2017 18:00 − Dienstag 28-03-2017 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Bugtraq: APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540325


*** APT29 Used Domain Fronting, Tor to Execute Backdoor ***
---------------------------------------------
APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running.
---------------------------------------------
http://threatpost.com/apt29-used-domain-fronting-tor-to-execute-backdoor/124582/


*** New Clues Surface on Shamoon 2’s Destructive Behavior ***
---------------------------------------------
Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks.
---------------------------------------------
http://threatpost.com/new-clues-surface-on-shamoon-2s-destructive-behavior/124587/


*** Vuln: GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities ***
---------------------------------------------
GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/97040


*** Neue Sicherheitslücke im Passwort-Manager LastPass ***
---------------------------------------------
Bereits zum zweiten Mal innerhalb kurzer Zeit ist der populäre Passwort-Manager mit einer Schwachstelle konfrontiert.
---------------------------------------------
https://futurezone.at/produkte/neue-sicherheitsluecke-im-passwort-manager-lastpass/254.818.884


*** Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates ***
---------------------------------------------
A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL ..
---------------------------------------------
https://thehackernews.com/2017/03/symantec-ssl-certificates.html


*** Threat Landscape for Industrial Automation Systems, H2 2016 ***
---------------------------------------------
On average, in the second half of 2016 Kaspersky Lab products across the globe blocked attempted attacks on 39.2% of protected computers that Kaspersky Lab ICS CERT classifies as being part of industrial enterprise technology infrastructure.
---------------------------------------------
http://securelist.com/analysis/publications/77842/threat-landscape-for-industrial-automation-systems-h2-2016/


*** From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign ***
---------------------------------------------
As soon as a zero-day remote code execution vulnerability is disclosed, it is common to see many scans in the wild. Some of these scans are researchers, but many of ..
---------------------------------------------
https://f5.com/labs/articles/threat-intelligence/malware/from-ddos-to-server-ransomware-apache-struts-2-cve-2017-5638-campaign-25922


*** This book reads you - using JavaScript ***
---------------------------------------------
Apple just released a fix for one issue I reported last year in iBooks that allowed access to files on a users system when a book was opened. iBooks on El Capitan would ..
---------------------------------------------
https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html


*** Gefahr durch Exploit für Zombie-IIS ***
---------------------------------------------
Microsofts Internet Information Services 6.0 sind eigentlich Alteisen, für das es nicht einmal Sicherheits-Updates gibt. Trotzdem gibt es noch über 30.000 allein in Deutschland. Und die sind durch einen öffentlich bekannten Exploit akut bedroht.
---------------------------------------------
https://heise.de/-3666599


*** Verschlüsselung: Schwachstellen in zahlreichen VoIP-Anwendungen entdeckt ***
---------------------------------------------
Das ZRT-Protokoll soll für sichere Verbindungen und verschlüsselte VoIP-Telefonate sorgen. Forscher haben Schwachstellen in zahlreichen ZRTP-Anwendungen ..
---------------------------------------------
https://www.golem.de/news/verschluesselung-schwachstellen-in-zahlreichen-voip-anwendungen-entdeckt-1703-126979.html


*** IronWASP – Part 1 ***
---------------------------------------------
Considering not all vulnerability scanners are open source, a great deal of them are available such as: IronWASP OpenVAS Retina CS Community W3af Grabber, etc. In this article, we shall be discussing more about IronWASP.
---------------------------------------------
http://resources.infosecinstitute.com/ironwasp-part-1-2/


*** Docs.com-Nutzer teilen Kennwörter und vieles mehr mit der Welt ***
---------------------------------------------
Über Microsofts Dienst Docs.com lassen sich Dokumente teilen. Allerdings sind diese oft öffentlich einsehbar. Viele Anwender scheinen sich dem nicht bewusst zu sein – zu einfach finden sich Informationen wie Kennwörter.
---------------------------------------------
https://heise.de/-3665975


*** Apache / ModSecurity Tutorials ***
---------------------------------------------
This is a series of Apache web server tutorials that will span from the basics to advanced topics like ModSecurity and logfile visualization.
---------------------------------------------
https://www.netnea.com/cms/apache-tutorials/


*** Xen Security Advisory XSA-206 - xenstore denial of service via repeated update ***
---------------------------------------------
Unprivileged guests may be able to stall progress of the control domain or driver domain, possibly leading to ..
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-206.txt


*** With iOS 10.3, iDevices get new Apple File System with native encryption support ***
---------------------------------------------
On Monday, Apple released updates for its various products. As usual, they fix flaws and add capabilities, but the iOS update (v10.3) is more noteworthy than usual, ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/03/28/apple-file-system-encryption/


*** Ransomware: Scammer erpressen Besucher von Porno-Seiten ***
---------------------------------------------
Über einen Fehler in Apples Safari für iPhone blockieren Unbekannte den Browser mit einem immer wiederkehrenden Javascript-Popup. Darin werden Nutzer aufgefordert, Lösegeld zu zahlen. Mit einem einfachen Trick lässt sich der Falle aber entgehen.
---------------------------------------------
https://www.golem.de/news/ransomware-scammer-erpressen-besucher-von-porno-seiten-1703-126982.html