[CERT-daily] Tageszusammenfassung - Donnerstag 30-03-2017

Thu Mar 30 18:05:58 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 29-03-2017 18:00 − Donnerstag 30-03-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Tech support scammers and their banking woes ***
---------------------------------------------
We all know about tech support scams by this point. Unfortunately for the scammers, banks know this as well, making it quite difficult at times to maintain an account to store the criminal's ill-gotten gains. So how does the enterprising criminal cash out with your money? Let's take a look.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2017/03/tech-support-scammers-and-their-banking-woes/


*** Security Advisory - Exposed System Interface Vulnerability on Huawei Smart Phones ***
---------------------------------------------
There is a exposed system interface vulnerability on smart phones. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties. 
CVE-2017-2735
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170329-01-smartphone-en


*** Widespread Email Scam Targets Github Developers with Dimnie Trojan ***
---------------------------------------------
Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit ...
---------------------------------------------
http://thehackernews.com/2017/03/github-email-scam.html


*** Vuln: EMC Isilon OneFS CVE-2017-4980 Directory Traversal Vulnerability ***
---------------------------------------------
EMC Isilon OneFS is prone to a directory-traversal vulnerability.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
---------------------------------------------
http://www.securityfocus.com/bid/97222


*** [SANS ISC] Diverting built-in features for the bad ***
---------------------------------------------
I published the following diary on isc.sans.org: 'Diverting built-in features for the bad'. Sometimes you may find very small pieces of malicious code. Yesterday, I caught this very small Javascript sample with only 2 lines of code 
---------------------------------------------
https://blog.rootshell.be/2017/03/30/sans-isc-diverting-built-features-bad/


*** Trend Micro InterScan Web Security Virtual Appliance Unspecified Flaws Let Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1038161


*** Mirai-Botnetz lernt neue Tricks ***
---------------------------------------------
Das IoT-Botnetz Mirai beherrscht neuerdings auch DDoS-Angriffe auf dem Application Layer. Diese sind schwer zu entdecken und damit auch relativ schwer abzuwehren.
---------------------------------------------
https://heise.de/-3670226


*** Hashfunktion: Der schwierige Abschied von SHA-1 ***
---------------------------------------------
Die Hashfunktion SHA-1 ist seit kurzem endgültig gebrochen. Doch an vielen Stellen ist SHA-1 noch im Einsatz. Beispielsweise in Git, in Bittorrent und - was manche überraschen wird - auch in TLS. (SHA-1, Google)
---------------------------------------------
https://www.golem.de/news/hashfunktion-der-schwierige-abschied-von-sha-1-1703-127041-rss.html


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM Algo One - Algo Risk Application (ARA) could allow retrieval of restricted files ***
http://www.ibm.com/support/docview.wss?uid=swg21999892
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale packaged the Elastic Storage Server and the GPFS Storage Server ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010042
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in the GSKit component of Tivoli Netcool/OMNIbus (CVE-2016-2183) ***
https://www-01.ibm.com/support/docview.wss?uid=swg22001105
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998701
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Expat affect Intel (R) Manycore Platform Software Stack (MPSS) for Linux and Windows ***
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099554
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Document Manager Privilege Escalation (CVE-2017-1180) ***
http://www.ibm.com/support/docview.wss?uid=swg22001084
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities have been identified in data server connection and product integration shipped with InfoSphere Optim Query Workload Tuner [for LUW, z/OS ***
http://www.ibm.com/support/docview.wss?uid=swg22000601
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition ***
http://www.ibm.com/support/docview.wss?uid=swg22000398
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM WebSphere MQ and IBM MQ Appliance (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000904
---------------------------------------------
*** IBM Security Bulletin: IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management vulnerable to cross-site request forgery (CSRF) ***
http://www.ibm.com/support/docview.wss?uid=swg22000771
---------------------------------------------