[CERT-daily] Tageszusammenfassung - Montag 8-05-2017

Mon May 8 18:19:41 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 05-05-2017 18:00 − Montag 08-05-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Intels ME-Sicherheitslücke: Tipps und Links ***
---------------------------------------------
Praxistipps zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Firmware der Management Engine vieler Desktop-PCs, Server und Notebooks.
---------------------------------------------
https://heise.de/-3704563


*** Researchers Disclose Intel AMT Flaw Research ***
---------------------------------------------
Security firm Embedi releases further details on the Intel AMT flaw, revealing how it can be exploited and how potentially dangerous it can be.
---------------------------------------------
http://threatpost.com/researchers-disclose-intel-amt-flaw-research/125503/


*** Dell patches AMT-vulnerable systems ***
---------------------------------------------
BIOS fixes for most boxen landed Friday Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, has caught up with peers HP Inc, Lenovo and Fujitsu.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/05/07/dell_patches_amtvulnerable_systems/


*** Hacker-Wettbewerb: Cyber Security Challenge startet ***
---------------------------------------------
Zahlreiche Teilnehmer der vergangenen Jahre haben über den Hacker-Wettbewerb Jobs in der Security-Branche gefunden. Heuer wird erstmals auch eine Starter Challenge angeboten.
---------------------------------------------
https://futurezone.at/digital-life/hacker-wettbewerb-cyber-security-challenge-startet/262.640.648


*** Emsisoft Releases a Decryptor for the Amnesia Ransomware ***
---------------------------------------------
On Satruday, Emsisofts CTO and malware researcher Fabian Wosar released a decryptor for the Amnesia Ransomware. This ransomware was first spotted in early May and has had one other variant released. It was named Amnesia based on the extension appended to encrypted files by the first variant. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-the-amnesia-ransomware/


*** Exploring a P2P Transient Botnet - From Discovery to Enumeration, (Mon, May 8th) ***
---------------------------------------------
[This is a guest diary by Renato Marinho of Morphus Labs. If you are interested in writing a guest diary: please send suggestions to us via our contact page] 1. Introduction We recently deployed a high interaction honeypotsexpecting it to be compromised by a specific malware. But in the first few days, instead of getting infected by the expected malware, it received a variety of attacks ranging from SSH port forwarding to Viagra and Cialis SPAM to XORDDoS failed deployment attempts. By the [...]
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22392&rss


*** Phishingversuch bei willhaben-Kunden ***
---------------------------------------------
Nutzer/innen von willhaben erhalten eine WhatsApp-Nachricht, die angeblich von der Kleinanzeigenplattform stammt.
---------------------------------------------
https://www.watchlist-internet.at/phishing/phishingversuch-bei-willhaben-kunden/


*** In eigener Sache: CERT.at sucht Verstärkung ***
---------------------------------------------
Für unser "Daily Business" suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich [...]
---------------------------------------------
http://www.cert.at/services/blog/20170508172334-1993.html


*** DFN-CERT-2017-0796: Nextcloud: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0796/


*** Vuln: Panda Mobile Security for iOS CVE-2017-8060 TLS Certificate Validation Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/98327


*** HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management.
---------------------------------------------
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us


*** BlackBerry powered by Android Security Bulletin - May 2017 ***
---------------------------------------------
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (May 2017) and addresses issues in that bulletin that affect [...]
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044536


*** Bugtraq: CA20170504-01: Security Notice for CA Client Automation OS Installation Management ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540524


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Explorer for z/OS V3.0.1 (CVE-2016-5548 and CVE-2016-5549) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002413


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5597, CVE-2016-5542) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21994526


*** Siemens Security Advisories ***
---------------------------------------------
*** SSA-701708 (Last Update 2017-05-08): Local Privilege Escalation in Industrial Products ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf
---------------------------------------------
*** SSA-156872 (Last Update 2017-05-08): Vulnerability in SIMATIC WinCC and SIMATIC WinCC Runtime Professional ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf
---------------------------------------------
*** SSA-275839 (Last Update 2017-05-08): Denial-of-Service Vulnerability in Industrial Products ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf
---------------------------------------------
*** SSA-293562 (Last Update 2017-05-08): Vulnerabilities in Industrial Products ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf
---------------------------------------------
*** SSA-731239 (Last Update 2017-05-08): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
---------------------------------------------


*** F5 Security Advisories ***
---------------------------------------------
*** BIG-IP APM redirect vulnerability CVE-2017-0302 ***
https://support.f5.com/csp/article/K87141725
---------------------------------------------
*** Insufficient validation of ICMP error messages CVE-2004-0790 (11.x - 13.x) ***
https://support.f5.com/csp/article/K23440942
---------------------------------------------
*** BIG-IP management vulnerability CVE-2017-9250 ***
https://support.f5.com/csp/article/K55792317
---------------------------------------------
*** iControl REST vulnerability CVE-2016-9251 ***
https://support.f5.com/csp/article/K41107914
---------------------------------------------
*** Linux kernel vulnerability CVE-2017-2647 ***
https://support.f5.com/csp/article/K32115847
---------------------------------------------
*** Websocket profile vulnerability CVE-2016-9253 ***
https://support.f5.com/csp/article/K51351360
---------------------------------------------
*** TMM vulnerability CVE-2017-6137 ***
https://support.f5.com/csp/article/K82851041
---------------------------------------------
*** BIG-IP APM XSS vulnerability CVE-2016-9257 ***
https://support.f5.com/csp/article/K43523962
---------------------------------------------
*** Multiple Oracle MySQL vulnerabilities ***
https://support.f5.com/csp/article/K77508618
---------------------------------------------