[CERT-daily] Tageszusammenfassung - 27.09.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 26-09-2017 18:00 − Mittwoch 27-09-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Another Banking Trojan Adds Support for NSAs EternalBlue Exploit ∗∗∗
---------------------------------------------
A third banking trojan has added support for EternalBlue, an exploit supposedly created by the NSA, leaked online by the Shadow Brokers, and the main driving force behind the WannaCry and NotPetya ransomware outbreaks. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/another-banking-trojan-adds-support-for-nsas-eternalblue-exploit/


∗∗∗ Broadcom Wireless: Google veröffentlicht Exploit für iPhone 7 ∗∗∗
---------------------------------------------
Google hat einen Exploit für erneute Probleme in Broadcom-WLAN-Chips veröffentlicht. Betroffen von dem Fehler sind das iPhone 7, aber auch Android-Geräte. Für Apple ist das eine gute Botschaft.
---------------------------------------------
https://www.golem.de/news/broadcom-wireless-google-veroeffentlicht-exploit-fuer-iphone-7-1709-130291-rss.html


∗∗∗ Nach Hack: Viele Deloitte-Systeme im Internet auffindbar ∗∗∗
---------------------------------------------
Angebliche Zugangsdaten für Deloitte-Systeme sind aufgetaucht, wo sie nicht sein sollten: bei Github und auf Google Plus. Außerdem haben Sicherheitsforscher zahlreiche Systeme des Unternehmens im Netz gefunden - mit offenen Ports für SMB und RDP.
---------------------------------------------
https://www.golem.de/news/nach-hack-viele-deloitte-systeme-im-internet-auffindbar-1709-130284-rss.html


∗∗∗ Security baseline for Windows 10 "Fall Creators Update" (v1709) – DRAFT ∗∗∗
---------------------------------------------
Microsoft is pleased to announce the draft release of the recommended security configuration baseline settings for Windows 10 "Fall Creators Update," also known as version 1709, "Redstone 3," or RS3. Please evaluate this proposed baseline and send us your feedback via blog comments below.
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-3984 git - security update ∗∗∗
---------------------------------------------
joernchen discovered that the git-cvsserver subcommand of Git, adistributed version control system, suffers from a shell commandinjection vulnerability due to unsafe use of the Perl backtickoperator. The git-cvsserver subcommand is reachable from thegit-shell subcommand even if CVS support has not been configured(however, the git-cvs package needs to be installed).
---------------------------------------------
https://www.debian.org/security/2017/dsa-3984


∗∗∗ Authentication Bypass Vulnerability in the Management Interface of Citrix NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition Appliances ∗∗∗
---------------------------------------------
A vulnerability has been identified in the management interface of the Citrix NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition appliances. This vulnerability, if exploited, could allow an attacker with access to the management interface of the appliance’s NetScaler ADC instance to gain administrative access to the instance.
---------------------------------------------
https://support.citrix.com/article/CTX228091


∗∗∗ SAP Enterprise Portal and Clients Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017090219


∗∗∗ ZDI-17-812: (0Day) EMC Data Protection Advisor ScheduledReportResource Command Injection Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-17-812/


∗∗∗ iOS 11.0.1 Security Update ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT208143


∗∗∗ IBM Security Bulletin: API Connect Portal is affected by multiple Drupal vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008902


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025664


∗∗∗ HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily