[CERT-daily] Tageszusammenfassung - 14.02.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 13-02-2018 18:00 − Mittwoch 14-02-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  Nina Bieringer

=====================
=       News        =
=====================

∗∗∗ Hackers Keep it Simple: Malware Evades Detection by Simply Copying
a File ∗∗∗
---------------------------------------------
Returning to this particular flavor of malware, we see a rather simple
way to bypass the detection products: it simply copies kernel32.dll.
The copied version is identical and serves to relay requests from Word
in to the kernel in precisely the same way; however, the copy name is
subtly different. Therefore, some products fail to detect the malware
activity as it passes from Word to the kernel.
---------------------------------------------
https://blogs.bromium.com/malware-copies-file-evades-detection/


∗∗∗ DoubleDoor Botnet Chains Exploits to Bypass Firewalls ∗∗∗
---------------------------------------------
Anubhav says DoubleDoor attackers are using the first exploit to bypass
Juniper Netscreen firewalls and then scan internal networks for ZyXEL
routers to exploit with the second exploit.
...
But the botnet is not a major danger just yet. Anubhav says DoubleDoor
looks like a work in progress and still under heavy development.
---------------------------------------------
https://www.bleepingcomputer.com/news/security
   /doubledoor-botnet-chains-exploits-to-bypass-firewalls/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Microsoft - February 2018 Security Updates ∗∗∗
---------------------------------------------
The February security release consists of security updates for the
following software: 
    Internet Explorer
    Microsoft Edge
    Microsoft Windows
    Microsoft Office and Microsoft Office Services and Web Apps
    ChakraCore
    Adobe Flash
---------------------------------------------
https://portal.msrc.microsoft.com/en-us/security-guidance
   /releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573


∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Acrobat and Reader
(APSB18-02) and Adobe Experience Manager (APSB18-04).
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1530


∗∗∗ Zu aufwendig: Microsoft will schwere Skype-Lücke nicht beheben ∗∗∗
---------------------------------------------
Leck erlaubt Übernahme von Windows-System – Kein Patch geplant, Fehler
soll erst in neuer Version entfernt werden
---------------------------------------------
http://derstandard.at/2000074186504


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (exim and mpv), Debian
(advancecomp and graphicsmagick), Red Hat (collectd, erlang,
httpd24-apr, openstack-aodh, and openstack-nova), SUSE (kernel and
xen), and Ubuntu (libvorbis).
---------------------------------------------
https://lwn.net/Articles/747244/rss


∗∗∗ SAP Resolves High Risk Flaws with February 2018 Patches ∗∗∗
---------------------------------------------
SAP this week released its monthly set of security updates for its
products, addressing a total of 11 new vulnerabilities, including two
considered high severity.
---------------------------------------------
https://www.securityweek.com
   /sap-resolves-high-risk-flaws-february-2018-patches


∗∗∗ WAGO PFC200 Series ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-044-01


∗∗∗ Schneider Electric IGSS SCADA Software ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-044-02


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Struts affects SAN
Volume Controller, Storwize family and FlashSystem V9000 products
(CVE-2016-4461) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010883


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect IBM
WebSphere Application Server in IBM Cloud (CVE-2017-1681,
CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013359


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities have been
identified in Open SSL, which is shipped with IBM Tivoli Network
Manager IP Edition. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013041


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN
Volume Controller, Storwize family and FlashSystem V9000 products
(CVE-2017-5647) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010892

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily