[CERT-daily] Tageszusammenfassung - 30.10.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 27-10-2017 18:00 − Montag 30-10-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ Cybercrime-Report 2016: Zahl der Anzeigen 2016 fast um ein Drittel gestiegen ∗∗∗
---------------------------------------------
Das Bundeskriminalamt präsentierte am 30. Oktober 2017 den Cybercrime-Report 2016. Demnach ist die Zahl der Cybercrime-Anzeigen 2016 im Vergleich zum Jahr davor um fast ein Drittel gestiegen.
---------------------------------------------
http://www.bmi.gv.at/news.aspx?id=5062565A4F35476A2B38453D


∗∗∗ Matrix Ransomware Being Distributed by the RIG Exploit Kit ∗∗∗
---------------------------------------------
The Matrix Ransomware has started to be distributed through the RIG exploit kit. This article will provide information on what vulnerabilities are being targeted and how to protect yourself.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/matrix-ransomware-being-distributed-by-the-rig-exploit-kit/


∗∗∗ Firefox to Get a Better Password Manager ∗∗∗
---------------------------------------------
Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefoxs built-in password management."
---------------------------------------------
https://www.bleepingcomputer.com/news/software/firefox-to-get-a-better-password-manager/


∗∗∗ Pharmahersteller: Merck musste wegen NotPetya-Angriff Medikamente leihen ∗∗∗
---------------------------------------------
Auch das Pharmaunternehmen Merck Sharp und Dohme merkt den NotPetya-Angriff in seiner Bilanz: Rund 375 Millionen US-Dollar Ausfall gibt das Unternehmen durch die Ransomware an. Um den Betrieb trotz Produktionsausfällen aufrechtzuerhalten, hat sich die Firma sogar Medikamente bei den US-Behörden geliehen.
---------------------------------------------
https://www.golem.de/news/pharmahersteller-merck-musste-wegen-notpetya-angriff-medikamente-leihen-1710-130880.html


∗∗∗ Freie Linux-Firmware: Google will Server ohne Intel ME und UEFI ∗∗∗
---------------------------------------------
Nach dem Motto "Habt ihr Angst? Wir schon!" arbeitet ein Team von Googles Coreboot-Entwicklern mit Kollegen daran, Intels ME und das proprietäre UEFI auch in Servern unschädlich zu machen. Und das wohl mit Erfolg. 
---------------------------------------------
https://www.golem.de/news/freie-linux-firmware-google-will-server-ohne-intel-me-und-uefi-1710-130840.html


∗∗∗ "Catch-All" Google Chrome Malicious Extension Steals All Posted Data, (Fri, Oct 27th) ∗∗∗
---------------------------------------------
It seems that malicious Google Chrome extensions are on the rise. A couple of months ago, I posted here about two of them which stole user credentials posted on banking websites and alike. Now, while analyzing a phishing e-mail, I went through a new malware with a slight different approach: instead of monitoring specific URLs and focusing ..
---------------------------------------------
https://isc.sans.edu/diary/rss/22976


∗∗∗ IOActive disclosed 2 critical flaws in global satellite telecommunications Inmarsat’s SATCOM systems ∗∗∗
---------------------------------------------
Flaws in Stratos Global AmosConnect 8 PC-based SATCOM service impact thousands of customers worldwide running the newest version of the platform that is used in vessels. Security researchers at IOActive have disclosed critical security vulnerabilities in the maritime Stratos Global’s AmosConnect 8.4.0 satellite-based shipboard communication ..
---------------------------------------------
http://securityaffairs.co/wordpress/64902/breaking-news/satcom-amosconnect-8-flaws.html


∗∗∗ Hackers Can Steal Windows Login Credentials Without User Interaction ∗∗∗
---------------------------------------------
Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction. The hack is easy to carry out and doesn't involve advanced technical skills to pull off. All the attacker needs to do is to place a malicious SCF file inside publicly accessible Windows folders.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-can-steal-windows-login-credentials-without-user-interaction/


∗∗∗ McAfee stoppt Einblick in den Quellcode ∗∗∗
---------------------------------------------
Der amerikanische Antivirenspezialist gibt im Rahmen eines grundsätzlichen Strategiewechsels seit einiger Zeit fremden Regierungen keinen Zugang mehr zum Quellcode.
---------------------------------------------
https://heise.de/-3875393


∗∗∗ HTTPS-Verschlüsselung: Google verabschiedet sich vom Pinning ∗∗∗
---------------------------------------------
Das Festnageln von Zertifikaten sollte gegen Missbrauch schützen. In der Praxis wurde es jedoch selten eingesetzt. Zu kompliziert und zu fehlerträchtig lautet nun das Verdikt; demnächst soll die Unterstützung aus Chrome wieder entfernt werden.
---------------------------------------------
https://heise.de/-3876078


∗∗∗ Windigo Still not Windigone: An Ebury Update ∗∗∗
---------------------------------------------
In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury ..
---------------------------------------------
https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-4008 wget - security update ∗∗∗
---------------------------------------------
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.
---------------------------------------------
https://www.debian.org/security/2017/dsa-4008


∗∗∗ DSA-4010 git-annex - security update ∗∗∗
---------------------------------------------
It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command.
---------------------------------------------
https://www.debian.org/security/2017/dsa-4010


∗∗∗ Oracle Security Alert Advisory - CVE-2017-10151 ∗∗∗
---------------------------------------------
This Security Alert addresses CVE-2017-10151, a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability, and will be updated when patches in addition to the workaround are available.
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ F5 Security Advisories ∗∗∗
---------------------------------------------
https://support.f5.com/csp/new-updated-articles


∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171030-01-smartphone-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily