[CERT-daily] Tageszusammenfassung - 23.10.2017

Mon Oct 23 18:26:07 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 20-10-2017 18:00 − Montag 23-10-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ National Cybersecurity Awareness Month – Words to Avoid ∗∗∗
---------------------------------------------
TGIF (Thank Goodness, It’s Friday)! Yes, I altered the ‘G’ to be politically correct, but being politically correct has little...The post National Cybersecurity Awareness Month – Words to Avoid appeared first on BeyondTrust.
---------------------------------------------
https://www.beyondtrust.com/blog/national-cybersecurity-awareness-month-words-avoid/


∗∗∗ Performing & Preventing SSL Stripping: A Plain-English Primer ∗∗∗
---------------------------------------------
Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks. The KRACK Attack effectively allows interception of traffic on wireless networks secured by the WPA2 protocol. Whilst it is possible to backward patch [...]
---------------------------------------------
https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-english-primer/


∗∗∗ Krack-Angriff: AVM liefert erste Updates für Repeater und Powerline ∗∗∗
---------------------------------------------
Nach dem Bekanntwerden der WPA2-Schwäche Krack hat AVM nun erste Geräte gepatcht. Weitere Patches sollen folgen, jedoch nicht für Fritzboxen.
---------------------------------------------
https://www.golem.de/news/krack-angriff-avm-liefert-erste-updates-fuer-repeater-und-powerline-1710-130747-rss.html


∗∗∗ Mirai-Nachfolger: Experten warnen vor "Cyber-Hurrican" durch neues Botnetz ∗∗∗
---------------------------------------------
Kriminelle nutzen Sicherheitslücken in IoT-Geräten zum Aufbau eines großen Botnetzes aus. Dabei verwendet der Bot Code von Mirai, unterscheidet sich jedoch von seinem prominenten Vorgänger.
---------------------------------------------
https://www.golem.de/news/mirai-nachfolger-experten-warnen-vor-cyber-hurrican-durch-neues-botnetz-1710-130749-rss.html


∗∗∗ Security+ Domain #6: Cryptography ∗∗∗
---------------------------------------------
Cryptography falls into the sixth and last domain of CompTIA’s Security+ exam (SYO-401) and contributes 12% to the exam score. The Security+ exam tests the candidate’s knowledge of cryptography and how it relates to the security of networked and stand-alone systems in organizations. To pass the Security+ exam, the candidates must understand both symmetric and [...]
---------------------------------------------
http://resources.infosecinstitute.com/security-domain-6-cryptography/


∗∗∗ Introducing Windows Defender Application Control ∗∗∗
---------------------------------------------
Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control flips the model from one where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. Many organizations, like [...]
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/10/23/introducing-windows-defender-application-control/


∗∗∗ Google to add "DNS over TLS" security feature to Android OS ∗∗∗
---------------------------------------------
No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications. But do you know — ISPs can still see all of your DNS requests, allowing them to know what websites you visit. Google is working on a new security feature for Android that could prevent your Internet traffic from network spoofing attacks. Almost every Internet activity starts with a [...]
---------------------------------------------
https://thehackernews.com/2017/10/android-dns-over-tls.html


∗∗∗ TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗
---------------------------------------------
Original release date: October 20, 2017 | Last revised: October 21, 2017 Systems Affected Domain ControllersFile ServersEmail Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing [...]
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA17-293A


∗∗∗ New FakeNet-NG Feature: Content-Based Protocol Detection ∗∗∗
---------------------------------------------
I (Matthew Haigh) recently contributed to FLARE’s FakeNet-NG network simulator by adding content-based protocol detection and configuration. This feature is useful for analyzing malware that uses a protocol over a non-standard port; for example, HTTP over port 81. The new feature also detects and adapts to SSL so that any protocol can be used with SSL and handled appropriately by FakeNet-NG. We were motivated to add this feature since it was a feature of the original FakeNet and it was [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-protocol-detection.html


∗∗∗ Krypto-Mining im Browser: Software-Hersteller wollen Nutzer besser schützen ∗∗∗
---------------------------------------------
Mining-Skripte zwacken beim Surfen heimlich Rechenleistung zum Schürfen von Krypto-Währungen ab. Adblocker- und Browser-Hersteller erarbeiten Gegenstrategien. Einige Skript-Entwickler reagieren ihrerseits, indem sie Nutzer künftig um Erlaubnis fragen.
---------------------------------------------
https://heise.de/-3865577


∗∗∗ Kanadischer Geheimdienst veröffentlicht erstmals Sicherheitssoftware ∗∗∗
---------------------------------------------
CSE gilt als besonders schweigsam. Nun überraschen die Spione mit der Herausgabe eines Dateiformats sowie eines Frameworks. Es soll helfen, in vielen Dateien gleichzeitig Malware aufzuspüren.
---------------------------------------------
https://heise.de/-3867343


∗∗∗ Mac-Shareware-Downloads mit signiertem Trojaner ∗∗∗
---------------------------------------------
Die Apps Folx und Elmedia Player wurden nach einem Hack über deren Websites inklusive der "Proton"-Malware vertrieben. Der Hersteller empfiehlt eine Neuinstallation betroffener Maschinen.
---------------------------------------------
https://heise.de/-3867420


∗∗∗ "Cyber Conflict" Decoy Document Used In Real Cyber Conflict ∗∗∗
---------------------------------------------
This post was authored by Warren Mercer, Paul Rascagneres and Vitor VenturaUpdate 10/23: CCDCOE released a statement today on their websiteIntroductionCisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference.
---------------------------------------------
http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco AMP for Endpoints Static Key Vulnerability ∗∗∗
---------------------------------------------
On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe


∗∗∗ DFN-CERT-2017-1859: OpenJFX: Zwei Schwachstellen ermöglichen eine komplette Kompromittierung der Software ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1859/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009296


∗∗∗ IBM Security Bulletin: IBM b-type Network/Storage switches is affected by Open Source OpenSSL Vulnerabilities (OpenSSL and Node.JS consumers). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010726


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in cURL affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009692


∗∗∗ BMC Remedy IT Service Management Suite Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information and Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Execute Arbitrary Code ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039637

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily