[CERT-daily] Tageszusammenfassung - 19.10.2017

Thu Oct 19 18:09:15 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 18-10-2017 18:00 − Donnerstag 19-10-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ BoundHook Attack Exploits Intel Skylake MPX Feature ∗∗∗
---------------------------------------------
A new attack method takes advantage a feature in Intel’s Skylake microprocessor allowing for post-intrusion application hooking and stealth manipulation of applications.
---------------------------------------------
http://threatpost.com/boundhook-attack-exploits-intel-skylake-mpx-feature/128517/


∗∗∗ US-CERT study predicts machine learning, transport systems to become security risks ∗∗∗
---------------------------------------------
Youve been warned The Carnegie-Mellon Universitys Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/10/19/cert_cc_threat_survey/


∗∗∗ A Look at Locky Ransomware’s Recent Spam Activities ∗∗∗
---------------------------------------------
Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sDep2mrz5v0/


∗∗∗ New Attacker Scanning for SSH Private Keys on Websites ∗∗∗
---------------------------------------------
Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem.
---------------------------------------------
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/


∗∗∗ Baselining Servers to Detect Outliers ∗∗∗
---------------------------------------------
This week I came across an interesting incident response scenario that was more likely a blind hunt. The starting point was the suspicion that a breach may have occurred in one or more of ~500 web servers of a big company on a given date range, even though there was no evidence of leaked data or any other IOC to guide the investigation. To overcome [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/22940


=====================
=  Vulnerabilities  =
=====================

∗∗∗ KRACK Key Reinstall in FT Handshake - PoC ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017100142


∗∗∗ Bugtraq: WebKitGTK+ Security Advisory WSA-2017-0008 ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541370


∗∗∗ DFN-CERT-2017-1836: Lucene/Solr: Eine Schwachstelle ermöglicht die Ausführung beliebigen Prorgammcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1836/


∗∗∗ DFN-CERT-2017-1837: Suricata: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1837/


∗∗∗ DFN-CERT-2017-1846: GitLab: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1846/


∗∗∗ Cisco Security Advisories and Alerts ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security Advisory – Multiple “BlueBorne” vulnerabilities on Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-01-blueborne-en


∗∗∗ Security Advisory - App Lock Bypass Vulnerability in Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171019-01-smartphone-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily