[CERT-daily] Tageszusammenfassung - Mittwoch 31-05-2017

Daily end-of-shift report team at cert.at
Wed May 31 18:13:35 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 30-05-2017 18:00 − Mittwoch 31-05-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Personal Security Guide - WiFi Network ***
---------------------------------------------
This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach to security, you are protecting your website against attack vectors due to poor security practices in various aspects of your digital life. This post shares some insight on how to secure your network. When we talk about a network, we mean the way you connect to the internet.
---------------------------------------------
https://blog.sucuri.net/2017/05/personal-security-guide-network-connection.html




*** Kritische Infrastruktur: Meldepflicht für IT-Vorfälle deutlich erweitert ***
---------------------------------------------
Die Meldepflicht für IT-Sicherheitsvorfälle ist auf weitere Branchen ausgedehnt worden. Damit steigt die Gesamtzahl auf mehr als 1.600 Einrichtungen in ganz Deutschland.
---------------------------------------------
https://www.golem.de/news/kritische-infrastruktur-meldepflicht-fuer-it-vorfaelle-um-ueber-900-anlagen-erweitert-1705-128134-rss.html




*** HospitalGown: Appthority Discovers Backend Exposure of 43TB of Enterprise Data ***
---------------------------------------------
[...] It's understandable that in mobile security we focus on the device, the apps it runs, and the networks it connects to. But what happens to the data from there? Cloud computing and storage are ubiquitous, advertising networks are the default revenue model for many apps, and analytics frameworks are driving design and implementation decisions. We can't ignore where the data goes. Like any other component of the larger system, these backend servers can introduce additional risk, [...]
---------------------------------------------
https://www.appthority.com/mobile-threat-center/blog/hospitalgown-appthority-discovers-backend-exposure-of-43tb-of-enterprise-data/
http://info.appthority.com/hubfs/website-LEARN-content/Appthority%20Q2-17%20Threat%20Report%20HospitalGown.pdf




*** XData Ransomware Master Decryption Keys Released. Kaspersky Releases Decryptor. ***
---------------------------------------------
In what has become a welcome trend, today another ransomware master decryption key was released on BleepingComputer.com. This time the key that was released is for the XData Ransomware that was targeting the Ukraine around May 19th 2017. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/xdata-ransomware-master-decryption-keys-released-kaspersky-releases-decryptor-/




*** Indicators Associated With WannaCry Ransomware (Update G) ***
---------------------------------------------
This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-135-01F Indicators Associated With WannaCry Ransomware that was published May 25, 2017, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01G




*** WannaCry: Two Weeks and 16 Million Averted Ransoms Later ***
---------------------------------------------
[...] What WannaCry does has been extensively documented by others, as seen in reports by BAE Systems, MalwareBytes, Endgame, and Talos. Rather than focusing on the technical functionality of the malware, this article will open a window into our recent experience with managing, mitigating, and tracking the propagation and evolution of the WannaCry outbreak, and the true extent of its reach.
---------------------------------------------
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html




*** Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2), (Wed, May 31st) ***
---------------------------------------------
Introduction  In my previous diary, I did a very brief introduction on what the ACH method is [1], so that now all readers, also those who had never seen it before, can have a common basic understanding of it. One more thing I have not mentioned yet is how the scores are calculated. There are three different algorithms: an Inconsistency Counting algorithm, a Weighted Inconsistency Counting algorithm, and a Normalized algorithm [2]. The Weighted Inconsistency Counting algorithm, the one used in [...]
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22470&rss




*** [webapps] Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution ***
---------------------------------------------
https://www.exploit-db.com/exploits/42089/?rss




*** Vulnerability in Samba Affecting Cisco Products: May 2017 ***
---------------------------------------------
On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system.This vulnerability has been assigned CVE ID CVE-2017-7494This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170530-samba On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170530-samba




*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Command Injection Vulnerability in the GaussDB ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-02-gaussdb-en
---------------------------------------------
*** Security Advisory - Command Injection Vulnerability in the NetEco ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-neteco-en
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in The GaussDB ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-gaussdb-en
---------------------------------------------
*** Security Advisory - Four Command Injection Vulnerabilities in The FusionSphere OpenStack ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-openstack-en
---------------------------------------------
*** Security Advisory - Authentication Bypass Vulnerability in the Backup Function of GaussDB ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-03-gaussdb-en
---------------------------------------------
*** Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-04-gaussdb-en
---------------------------------------------
*** Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-05-gaussdb-en
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in tcpdump affect AIX ***
http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory2.asc
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager appliances ***
http://www.ibm.com/support/docview.wss?uid=swg22003237
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+ ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003752
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments. ***
http://www.ibm.com/support/docview.wss?uid=swg22004048
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002991
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web ***
http://www.ibm.com/support/docview.wss?uid=swg22003236
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect Tivoli Storage Manager (IBM Spectrum Protect) for Virtual Environments: Data Protection for VMware and FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware ***
http://www.ibm.com/support/docview.wss?uid=swg22000212
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances may be affected by a kernel vulnerability known as the Dirty COW bug (CVE-2016-5195) ***
http://www.ibm.com/support/docview.wss?uid=swg21997991
---------------------------------------------
*** IBM Security Bulletin: MQ Explorer directory created with owner '555' on Linux x86-64 vulnerability affects IBM MQ (CVE-2016-6089) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003509
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware ***
http://www.ibm.com/support/docview.wss?uid=swg22003620
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware ***
http://www.ibm.com/support/docview.wss?uid=swg22003480
---------------------------------------------


More information about the Daily mailing list