[CERT-daily] Tageszusammenfassung - 22.09.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 21-09-2017 18:00 − Freitag 22-09-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features ∗∗∗
---------------------------------------------
A team of three scientists from Columbia University has discovered that by attacking the combo of hardware and software management utilities embedded with modern chipsets, threat actors can take over systems via an attack surface found in almost all modern electronic devices. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/clkscrew-attack-can-hack-modern-chipsets-via-their-power-management-features/


∗∗∗ Ecommerce Security: Fake Jquery Used as CC Scraper ∗∗∗
---------------------------------------------
In the last few months, we noticed an increase in attacks targeting ecommerce platforms aiming to steal credit card information. We saw a similar rise last year after the summer ended, and believe that trend will continue now that the holiday season is quickly approaching. Most of these attacks are based on intercepting the communication between the online store and the payment gateway (the checkout process) in order to send valuable information to the attacker.
---------------------------------------------
https://blog.sucuri.net/2017/09/fake-jquery-used-cc-scraper-ecommerce.html


∗∗∗ How I hacked hundreds of companies through their helpdesk ∗∗∗
---------------------------------------------
Months ago I discovered a flaw hackers can use to access a companys internal communications. The flaw only takes a couple of clicks to potentially access intranets, social media accounts such as Twitter, and most commonly Yammer and Slack teams.
---------------------------------------------
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c


∗∗∗ Passwords to Over a Half Million Car Tracking Devices Leaked Online ∗∗∗
---------------------------------------------
We’ve seen a lot of data breaches this year: some big, some small, some that are dangerous, and some that are just embarrassing. But if we were to name one as the creepiest data breach of 2017, this leak of logins for car tracking devices might take the cake.
---------------------------------------------
https://gizmodo.com/passwords-to-access-over-a-half-million-car-tracking-de-1818624272


∗∗∗ Tips for Reverse-Engineering Malicious Code ∗∗∗
---------------------------------------------
This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler.
---------------------------------------------
https://zeltser.com/reverse-engineering-malicious-code-tips/


∗∗∗ Hack the Hacker – Fuzzing Mimikatz On Windows With WinAFL & Heatmaps (0day) ∗∗∗
---------------------------------------------
In this blogpost, I want to explain two topics from a theoretical and practical point of view: How to fuzz windows binaries with source code available (this part is for developers) and How to deal with big input files (aka heatmap fuzzing) and crash analysis (for security consultants; more technical)
---------------------------------------------
https://www.sec-consult.com/en/blog/2017/09/hack-the-hacker-fuzzing-mimikatz-on-windows-with-winafl-heatmaps-0day/index.html



=====================
=    Advisories     =
=====================

∗∗∗ Schneider Electric InduSoft Web Studio, InTouch Machine Edition ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a missing authentication for critical function vulnerability in Schneider Electrics InduSoft Web Studio and InTouch Machine Edition.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-01


∗∗∗ Ctek, Inc. SkyRouter ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an improper authentication vulnerability in the Ctek, Inc. SkyRouter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-02


∗∗∗ Digium Asterisk GUI ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an OS command injection vulnerability in Digiums Asterisk GUI.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-03


∗∗∗ iniNet Solutions GmbH SCADA Webserver ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an improper authentication vulnerability in iniNet Solutions GmbH’s SCADA Webserver.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04


∗∗∗ Saia Burgess Controls PCD Controllers ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an information exposure vulnerability in Saia Burgess Controls PCD Controller.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-05


∗∗∗ DFN-CERT-2017-1682: Perl: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Ausspähen von Informationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1682/


∗∗∗ Security Advisory - Information Leakage Vulnerability on OceanStor ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-oceanstor-en


∗∗∗ Security Notice - Statement on App Lock Bypass Vulnerability in Huawei EMUI ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170922-01-emui-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099638


∗∗∗ IBM Security Bulletin: API Connect is affected by a vulnerability by which an authenticated user could generate an API token ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008588


∗∗∗ IBM Security Bulletin: API Connect is affected by a Cross Frame Scripting vulnerability CVE-2017-1551 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008372


∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007168


∗∗∗ IBM Security Bulletin: HTML injection vulnerability in IBM Business Process Manager (BPM) – CVE-2017-1424 ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005112


∗∗∗ IBM Security Bulletin: Security Identity Adapter data traffic to/from server is not encrypted by default ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007381


∗∗∗ IBM Security Bulletin: Potential information leakage during process app export in IBM Business Process Manager (CVE-2017-1346) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22004654


∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability in Business Space Help affects IBM Business Process Manager (BPM) and WebSphere Process Server (WPS) – CVE-2013-0464 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005596


∗∗∗ EMC M&R Watch4net for SAS Solution Packs WebService Gateway Directory Traversal Flaw Lets Remote Authenticated Users Access and Modify Data and JMX Protocol Flaw Lets Remote Users Deny Service ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039418


∗∗∗ EMC ViPR SRM WebService Gateway Directory Traversal Flaw Lets Remote Authenticated Users Access and Modify Data and JMX Protocol Flaw Lets Remote Users Deny Service ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039417

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily