Daily April 2017

daily@lists.cert.at

1 participants
19 discussions

Tageszusammenfassung - Donnerstag 13-04-2017
by Daily end-of-shift report 13 Apr '17

13 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-04-2017 18:00 − Donnerstag 13-04-2017 18:02 Handler: Alexander Riepl Co-Handler: n/a *** BrickerBot Permanent Denial-of-Service Attack *** --------------------------------------------- NCCIC/ICS-CERT is aware of open-source reports of “BrickerBot” attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01 *** India to world+dog: Go ahead, please hack our elections ... if you can *** --------------------------------------------- Не волнуйтесь. Мы уже это сделали, товарищи Following demands for an investigation into the security of Indias electronic voting machines, the countrys .. --------------------------------------------- www.theregister.co.uk/2017/04/12/india_electronic_election_hacking/ *** Hintergrund: Forensik-Tools patzen bei neuer Windows-Kompression *** --------------------------------------------- Mit Hilfe einer noch weitgehend unbekannten Dateikompression namens 'Compact OS' könnten sich Schad-Programme und andere Beweismittel einer forensischen Untersuchung eines PCs entziehen. Wir haben sechs Standard-Forensik-Tools getestet. --------------------------------------------- https://heise.de/-3676075 *** WordPress plugin "WP Statistics" vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN62392065/ *** SAP schließt kritische Lücke in der Search Engine TREX *** --------------------------------------------- TREX ist in über einem Dutzend SAP-Produkten verbaut und erlaubte fast zwei Jahre das Einschleusen und Ausführen von Code. Diese und 14 weitere Lücken schließt der Hersteller im Rahmen des April-Patchdays. --------------------------------------------- https://heise.de/-3685632 *** Akamai reports UDP DDOS Using C-LDAP reaching 24Gbps, (Thu, Apr 13th) *** --------------------------------------------- Akamai researchers Jose Arteaga Wilber Mejia have posted details on a new reflected DDOS apprach, using the Connectionless LDAP protocol (on udp/389). Reflected UDP attacks arent new, but using CLDAP seems to be. Which made me wonder who are the folks that decided that their AD (or other LDAP directory) .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22300 *** Samsung: Keine Sicherheitslücken in Smart-TVs *** --------------------------------------------- Der Elektronikkonzern will die Sicherheit seines in die Kritik geratenen Betriebssystems Tizen ins rechte Licht rücken und verkündet, dass weder Smart TVs noch Smartwatches .. --------------------------------------------- https://heise.de/-3685732

1 0

Tageszusammenfassung - Mittwoch 12-04-2017
by Daily end-of-shift report 12 Apr '17

12 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-04-2017 18:00 − Mittwoch 12-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Fake News at Work in Spam Kingpin’s Arrest? *** --------------------------------------------- Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there .. --------------------------------------------- https://krebsonsecurity.com/2017/04/fake-news-at-work-in-spam-kingpins-arre… *** Schneider Electric Modicon Modbus Protocol *** --------------------------------------------- This advisory contains mitigation details for authentication bypass by capture-replay and violation of secure design principles vulnerabilities in Schneider Electric’s Modicon Modbus protocol. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01 *** Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) *** --------------------------------------------- Posted by Gal Beniamini, Project ZeroIn this blog post well continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms… *** CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler *** --------------------------------------------- FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handl… *** Patchday: Adobe stopft kritische Lücken in Acrobat, Reader, Flash und Photoshop *** --------------------------------------------- Kritische Lücken in Flash sowie in Adobe Acrobat und Reader benötigen sofortige Aufmerksamkeit. Auf ungepatchten Systemen können Angreifer Schadcode aus der Ferne ausführen. Photoshop ist diesmal auch mit Sicherheitslücken beim Patchday dabei. --------------------------------------------- https://heise.de/-3682970 *** Malicious Image Defacement Hidden from Search Engines *** --------------------------------------------- After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or website. In a recent blog post, we discussed a case in which a .. --------------------------------------------- https://blog.sucuri.net/2017/04/malicious-image-defacement-hidden-from-sear… *** JSA10753 - 2016-07 Security Bulletin: SRX Series: Upgrades using partition option may allow unauthenticated root login (CVE-2016-1278) *** --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753 *** Sundown EK gone missing, Terror EK flavours seen in active drive-by campaigns *** --------------------------------------------- With another player out at the moment, we take a look at a rebranded exploit kit in current malware .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/04/sundown-ek-gone-missi… *** IT-Sicherheit: Wie ich mein Passwort im Stack Trace fand *** --------------------------------------------- Unser Autor hat versehentlich das MySQL-Passwort seiner Webseite veröffentlicht. Hier schreibt er, wie es dazu kam. Er berichtet, warum Fehler selbst dann passieren, wenn .. --------------------------------------------- https://www.golem.de/news/it-sicherheit-wie-ich-mein-passwort-im-stack-trac… *** Patchday: Microsoft sichert Office gegen aktive Angriffe ab *** --------------------------------------------- Im April verteilt Microsoft zwölf Sicherheitsupdates und stopft mehrere als kritisch eingestufte Schwachstellen. Aktuell haben es Angreifer gezielt auf eine Office-Lücke abgesehen. --------------------------------------------- https://heise.de/-3683358 *** Investigation Finds Inmates Built Computers, Hid Them In Prison Ceiling *** --------------------------------------------- An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late .. --------------------------------------------- https://hardware.slashdot.org/story/17/04/12/0328239/investigation-finds-in… *** Kelihos.E *** --------------------------------------------- Kelihos.E Botnet – Law Enforcement Takedown On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator. The .. --------------------------------------------- http://blog.shadowserver.org/2017/04/12/kelihos-e/ *** New NAS Vulnerabilities are as Bad as they Get *** --------------------------------------------- If you have a QNAP network attached storage (NAS) device, you’d better make sure the firmware is updated. Earlier this year, F-Secure Senior Security .. --------------------------------------------- https://safeandsavvy.f-secure.com/2017/04/12/new-nas-vulnerabilities-are-pr…

1 0

Tageszusammenfassung - Dienstag 11-04-2017
by Daily end-of-shift report 11 Apr '17

11 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-04-2017 18:00 − Dienstag 11-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Longhorn: Tools used by cyberespionage group linked to Vault 7 *** --------------------------------------------- Spying tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn. Symantec has been protecting its .. --------------------------------------------- https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-g… *** Mirai Botnet Temporarily Adds Bitcoin Mining Component, Removes It After a Week *** --------------------------------------------- For around a week at the end of March, one of the many versions of the Mirai malware was spotted delivering a Bitcoin-mining module to its infected .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mirai-botnet-temporarily-add… *** Support-Ende erreicht: Tschüss, Vista *** --------------------------------------------- Am heutigen 11. April endet der Support für Windows Vista. Eine Träne wird deswegen wohl kaum jemand vergießen, dabei steckten viele tolle Neuerungen darin. --------------------------------------------- https://heise.de/-3675983 *** Understanding and Discovering Open Redirect Vulnerabilities *** --------------------------------------------- One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as "Unvalidated Redirects and Forwards"). A website is vulnerable to .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Understanding-and-Disco… *** Microsoft Word 0day used to push dangerous Dridex malware on millions *** --------------------------------------------- Blast could give a boost to Dridex, one of the Internets worst bank-fraud threats. --------------------------------------------- https://arstechnica.com/security/2017/04/microsoft-word-0day-used-to-push-d… *** Malware belauscht Sensoren und knackt Handysperre *** --------------------------------------------- Von Forschern geschriebener Schädling nutzt Browserleck und neuronales Netzwerk, um Sperrcode zu errechnen --------------------------------------------- http://derstandard.at/2000055738573 *** Breaking Signal: A Six-Month Journey *** --------------------------------------------- Researchers spent six months poking holes in Signal and urge a bigger spotlight on security testing. --------------------------------------------- http://threatpost.com/breaking-signal-a-six-month-journey/124888/ *** DSA-3828 dovecot - security update *** --------------------------------------------- It was discovered that the Dovecot email server is vulnerable to adenial of service attack. When the dict passdb and userdb are usedfor user authentication, the .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3828 *** Security Bulletins posted *** --------------------------------------------- Adobe has published security bulletins for Adobe Campaign (APSB17-09), Adobe Flash Player (APSB17-10), Adobe Acrobat and Reader (APSB17-11), Adobe Photoshop (APSB17-12) and the Creative Cloud Desktop Application (APSB17-13). Adobe recommends users update their product installations to the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1457 *** Nach Hacker-Festnahme: FBI will Kelihos-Botnetz endgültig stilllegen *** --------------------------------------------- Schon kurz nachdem der mutmaßlich verantwortliche Cyberkriminelle in Spanien festgenommen wurde, haben US-Behörden offenbar mehrere Maßnahmen eingeleitet, um das Botnetz Kelihos ein für alle mal außer Gefecht zu setzen. --------------------------------------------- https://heise.de/-3682746

1 0

Tageszusammenfassung - Montag 10-04-2017
by Daily end-of-shift report 10 Apr '17

10 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-04-2017 18:00 − Montag 10-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Sicherheitsforscher: IoT-Hersteller machen es Bugjägern unnötig schwer *** --------------------------------------------- Ein Sicherheitsexperte hat nicht nur diverse Bugs in Kameras, NAS-Laufwerken, mobilen Routern oder einem Retinascanner gefunden, sondern auch dokumentiert, wie wenig die betroffenen Hersteller mit solchen Meldungen anfangen können. --------------------------------------------- https://heise.de/-3678493 *** Apache Struts 2 Exploits Installing Cerber Ransomware *** --------------------------------------------- Attackers are attempting to exploit the recent Apache Struts vulnerability on Windows servers and the payload is a variant of the Cerber ransomware. --------------------------------------------- http://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware… *** Matrix Ransomware Spreads to Other PCs Using Malicious Shortcuts *** --------------------------------------------- The Matrix Ransomware gears up for higher distribution by using EITest, the Rig Exploit kit, while .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/matrix-ransomware-spreads-to… *** Baseband Zero Day Exposes Millions of Mobile Phones to Attack *** --------------------------------------------- A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules .. --------------------------------------------- http://threatpost.com/baseband-zero-day-exposes-millions-of-mobile-phones-t… *** Malware auf Zerstörungsjagd: BrickerBot legt unsichere IoT-Geräte still *** --------------------------------------------- Unsichere IoT-Geräte werden meist im Stillen gekapert und als Hilfsarmee für DDoS-Attacken eingesetzt. Jetzt .. --------------------------------------------- https://heise.de/-3678861 *** A quick look at the Ikea Trådfri lighting platform *** --------------------------------------------- Ikea recently launched their Trådfri smart lighting platform in the US. The idea of Ikea plus internet security together at last seems like a pretty terrible one, but having taken a look its surprisingly competent. Hardware-wise, .. --------------------------------------------- http://mjg59.dreamwidth.org/47803.html *** Equation Group: Die Shadow Brokers veröffentlichen NSA-Geheimnisse *** --------------------------------------------- Die Shadow Brokers haben keine Lust mehr - oder sind von Donald Trump wirklich enttäuscht. Das Passwort zum verschlüsselten Archiv ist jetzt im Netz. Die Gruppe hatte Exploits .. --------------------------------------------- https://www.golem.de/news/equation-group-die-shadow-brokers-veroeffentliche… *** Apple finally teaches Android music app to validate certificates *** --------------------------------------------- Cupertinos so keen on Android it took eight months to repair interception bug If youre so .. --------------------------------------------- www.theregister.co.uk/2017/04/10/apple_music_vulnerability/ *** Hackers set off Dallas’ 156 emergency sirens over a dozen times *** --------------------------------------------- https://arstechnica.com/security/2017/04/hackers-set-off-dallas-156-emergen… *** Alleged Spam King Pyotr Levashov Arrested *** --------------------------------------------- Authorities in Spain have arrested a Russian computer programmer thought to be one of the worlds most notorious spam kingpins. Spanish police arrested Pyotr .. --------------------------------------------- https://krebsonsecurity.com/2017/04/alleged-spam-king-pyotr-levashov-arrest… *** WP Statistics <= 12.0.4 - Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8794 *** Telekom Austria war von NSA-Angriff betroffen *** --------------------------------------------- Laut Daten der Hackergruppe Shadow Brokers hat die NSA vor Jahren Rechner der Telekom Austria unter ihre Kontrolle gebracht. Die Telekom untersucht dies. --------------------------------------------- https://futurezone.at/digital-life/telekom-austria-war-von-nsa-angriff-betr… *** Schwerwiegende Microsoft Word-Lücke erlaubt Fremdzugriff *** --------------------------------------------- McAfee berichtet von Exploit, mit dem Angreifer Code auf Zielcomputer ausführen kann --------------------------------------------- http://derstandard.at/2000055670310 *** SQL Injection in extension "Event management and registration" (sf_event_mgt) *** --------------------------------------------- https://typo3.org/news/article/sql-injection-in-extension-event-management-… *** SQL Injection in extension "News system" (news) *** --------------------------------------------- https://typo3.org/news/article/sql-injection-in-extension-news-system-news/ *** Hacker nehmen zunehmend Amazon-Händler ins Visier *** --------------------------------------------- Drittanbieter auf der Handelsplattform Amazon geraten zunehmend ins Visier von Cyber-Betrügern. --------------------------------------------- https://futurezone.at/digital-life/hacker-nehmen-zunehmend-amazon-haendler-… *** Notes on Windows Uniscribe Fuzzing *** --------------------------------------------- Posted by Mateusz Jurczyk of Google Project ZeroAmong the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/notes-on-windows-uniscribe-fu… *** Symantec dokumentiert Verbindung zwischen angeblichen CIA-Tools und weltweiten Attacken *** --------------------------------------------- In mindestens 16 Ländern attackierte eine Gruppe namens Longhorn Firmen, Organisationen und Regierungen. Und Longhorn nutzte dabei die jetzt von Wikileaks als Vault 7 veröffentlichten, angeblichen CIA-Tools, stellt Symantec fest. --------------------------------------------- https://heise.de/-3680265

1 0

Tageszusammenfassung - Freitag 7-04-2017
by Daily end-of-shift report 07 Apr '17

07 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-04-2017 18:00 − Freitag 07-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Ransomware Gang Made Over $100,000 by Exploiting Apache Struts Zero-Day *** --------------------------------------------- For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-gang-made-over-10… *** Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-11) *** --------------------------------------------- A prenotification Security Advisory (APSB17-11) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, April 11, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1454 *** Tracking Website Defacers with HTTP Referers, (Fri, Apr 7th) *** --------------------------------------------- In a previous diary, I explained how pictures may affect your website reputation[1]. Although asuggestedrecommendation was to prevent cross-linking by using the HTTP referer, this is a control that I do not implement on my personal blog, purely for research purposes. And it successfully worked! My website and all its components are constantly monitored but Im also monitoring online services like pastebin.com to track references to... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22268&rss *** Brickerbot: Hacker zerstören das Internet of Insecure Things *** --------------------------------------------- Unbekannte versuchen zurzeit, sich in ungesicherte IoT-Geräte zu hacken und diese aktiv zu zerstören. Offenbar ein Versuch, die Geräte unschädlich zu machen, bevor sie Teil von Botnetzen wie Mirai werden. --------------------------------------------- https://www.golem.de/news/brickerbot-hacker-zerstoeren-das-internet-of-inse… *** Global DDoS Threat Landscape: What's new? *** --------------------------------------------- The Current Global DDoS Threat Landscape In this post, we analyze the current Global DDoS threat landscape focusing on the economic aspect of this kind of criminal activity. The extortion crimes continue to represent a serious threat to businesses and organizations worldwide; ransomware infections and DDoS attacks are becoming daily problems. Security experts at Imperva... --------------------------------------------- http://resources.infosecinstitute.com/global-ddos-threat-landscape-whats-ne… *** QNAP NAS devices open to remote command execution *** --------------------------------------------- If you're using one of the many QNAP NAS devices and you haven't yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don't want it to fall prey to attackers. Among the vulnerabilities fixed by QNAP in this latest firmware version, released on March 21, are three command injection flaws in the web user interface that can be exploited to gain remote command execution on a vulnerable device as... --------------------------------------------- https://www.helpnetsecurity.com/2017/04/07/qnap-nas-vulnerability/ *** ClearEnergy - The "In the Wild" SCADA Ransomware Attacks That Never Were *** --------------------------------------------- A mini-controversy broke out this week in the infosec community after cyber-security firm CRITIFENCE led journalists and other security experts to believe that theyve detected in-the-wild attacks with a new ransomware called ClearEnergy, specialized in targeting ICS/SCADA industrial equipment. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/clearenergy-the-in-the-wild-… *** Sathurbot: Distributed WordPress password attack *** --------------------------------------------- This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts. --------------------------------------------- https://www.welivesecurity.com/2017/04/06/sathurbot-distributed-wordpress-p… *** New IoT/Linux Malware Targets DVRs, Forms Botnet *** --------------------------------------------- Unit 42 researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which we are calling "Amnesia". The Amnesia botnet targets an unpatched remote code execution vulnerability that was publicly disclosed over a year ago in March 2016 in DVR (digital video recorder) devices made by TVT Digital and branded by over 70 vendors worldwide. Based on our scan data shown below in Figure 1, this [...] --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malw… *** [2017-04-07] Server-Side Request Forgery in MyBB forum *** --------------------------------------------- The "Change Avatar" function in MyBB allows an attacker to perform server-side request forgery (SSRF) attacks if the cURL functions are disabled. It is possible to send requests to internal networks and perform port scans. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service ( CVE-2016-3627 ) *** --------------------------------------------- DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22001676

1 0

Tageszusammenfassung - Donnerstag 6-04-2017
by Daily end-of-shift report 06 Apr '17

06 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-04-2017 18:00 − Donnerstag 06-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Forscher warnen vor Gefahr durch Viren-Signaturen *** --------------------------------------------- Mit Hilfe der von Antiviren-Software eingesetzten Signaturen könnten Angreifer gezielt Fehlalarme auslösen. Im schlimmsten Fall kann das ein Opfer das komplette Mail-Archiv kosten. --------------------------------------------- https://heise.de/-3675819 *** Teenager Arrested in Austria for Spreading Philadelphia Ransomware *** --------------------------------------------- Austrian police arrested a 19-year-old teenager from Linz for infecting the network of a local company with the Philadelphia ransomware. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/teenager-arrested-in-austria… *** Trust issues: Know the limits of SSL certificates *** --------------------------------------------- Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation's Let's Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to... --------------------------------------------- http://www.cio.com/article/3187881/internet/trust-issues-know-the-limits-of… *** Cisco Access Points: Zugriff mit offenen Default-Accounts *** --------------------------------------------- Bis zum Mittwoch konnten sich Angreifer mittels Default-Zugangsdaten Zugriff auf Cisco WLAN Access Points der Aeronet-Serie verschaffen. Ein Sicherheits-Update fixt das. Drei weitere schließen Einfallstore für DoS-Angriffe auf WLAN-Controller. --------------------------------------------- https://heise.de/-3677288 *** Wie Sie verschlüsselte Dateien wiederherstellen können *** --------------------------------------------- Mit einem Verschlüsselungstrojaner können Kriminelle Dateien von Opfern unbrauchbar machen. Sie verlangen Geld dafür, dass sie den Schaden beseitigen. Die Website nomoreransom.org/de hilft Opfern, die Dateien selbstständig wiederherzustellen, ohne dass sie dafür Geld an die Verbrecher/innen zahlen müssen. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/wie-sie-verschluesselte-dat… *** Moodle Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Obtain Usernames and Conduct SQL Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038174 *** Bugtraq: Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) *** --------------------------------------------- http://www.securityfocus.com/archive/1/540375 *** SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) 3.x Command Injection Remote Code Execution Vulnerability *** --------------------------------------------- Trend Micro has released new Critical Patches (CP) for Trend Micro Smart Protection Server (Standalone) versions 3.0 and 3.1. These CPs resolve a vulnerability in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. --------------------------------------------- https://success.trendmicro.com/solution/1117033 *** BlackBerry powered by Android Security Bulletin - April 2017 *** --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000039276 *** Certec EDV GmbH atvise scada *** --------------------------------------------- This advisory contains mitigation details for cross-site scripting and header injection vulnerabilities in the Certec EDV GmbH atvise scada. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services session identifier vulnerability (CVE-2017-1152) *** http://www.ibm.com/support/docview.wss?uid=swg22001551 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition, affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5549) (CVE-2016-5548) (CVE-2016-5547) (CVE-2016-5546) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999271 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Mobile Connect (CVE-2017-3272,CVE-2017-5548,CVE-2017-3261,CVE-2017-3231,CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg22000443 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX *** http://aix.software.ibm.com/aix/efixes/security/java_jan2017_advisory.asc --------------------------------------------- *** Novell Patches *** --------------------------------------------- *** eDirectory 8.8 SP8 Patch 10 *** https://download.novell.com/Download?buildid=VYtYu65T21Y~ --------------------------------------------- *** iManager 3.0.3 *** https://download.novell.com/Download?buildid=3jd0pzoyux0~ --------------------------------------------- *** iManager 2.7 Support Pack 7 - Patch 10 *** https://download.novell.com/Download?buildid=5NqajLP7bSo~ --------------------------------------------- *** eDirectory 9.0.3 *** https://download.novell.com/Download?buildid=D1U-cCj1YEs~ --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Director Virtual Machine Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager SQL Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Registered Envelope Service Open Redirect Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software Startup Script Local Command Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XR Software Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Redirection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 5-04-2017
by Daily end-of-shift report 05 Apr '17

05 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-04-2017 18:00 − Mittwoch 05-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** WordPress Security - Unwanted Redirects via Infected JavaScript Files *** --------------------------------------------- We've been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into almost every .js file it can find. Previous versions of this malware injected only jquery.js files, but now we remove this code from hundreds of infected files. Due to a bug in the injector code, it also infects files whose extensions contain ".js" (such as .js.php or .json). --------------------------------------------- https://blog.sucuri.net/2017/04/wordpress-security-unwanted-redirects-via-i… *** Encryption inside Utility Industrial Control Systems (ICS) communication protocols: a must to preserve the confidentiality of information and reliability of the industrial process, (Tue, Apr 4th) *** --------------------------------------------- Industrial control systems are sensitive systems that must make decisions in real time to ensure the operation of the industrial process they govern. The latency and reliability in packet transmission is fundamental, since the protocols are connection-oriented but because of the main speed goal, many of them do not have included error recovery schemes other than those included in the TCP / IP stack. Where is it possible to use encryption without affecting the operation of the industrial control... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22260&rss *** Schneider Electric still shipping passwords in firmware *** --------------------------------------------- Youd think a vendor of critical infrastructure would at least pretend to care about security That "dont use hard-coded passwords" infosec rule? Someone needs to use a needle to write it on the corner of Schneider Electrics developers eyes so they dont forget it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/04/05/schneider_i… *** Internetplattform unterstützt Opfer von digitaler Erpressung *** --------------------------------------------- Für Betroffene von digitaler Erpressung ist es besonders wichtig, ihre Dateien schnell und einfach wiederherzustellen. Unter www.nomoreransom.org können verschiedene Entschlüsselungstools nun auch auf Deutsch aufgerufen werden. --------------------------------------------- http://www.bmi.gv.at/cms/bmi/_news/bmi.aspx?id=537A58584930536354666F3D&pag… *** 500.000 US-Dollar Lösegeld: Ransomware-Gangs nehmen Unternehmen aufs Korn *** --------------------------------------------- Sicherheitsforscher haben mindestens acht Gruppen ausgemacht, die sich auf Ransomware-Attacken auf Unternehmen spezialisiert haben. Je nach Anzahl der infizierten PCs und Server steigt das Lösegeld. Summen von bis zu 500.000 US-Dollar sind im Spiel. --------------------------------------------- https://heise.de/-3675612 *** Whitelists: The Holy Grail of Attackers, (Wed, Apr 5th) *** --------------------------------------------- As a defender, take the time to put yourself in the place of a bad guy for a few minutes. Youre writing some malicious code and you need to download payloads from the Internet or hide your code on a website. Once your malicious code spread in the wild, it will be quickly captured by honeypots, IDS, ... (name your best tool) and analysed automatically of manually by the good guys. Their goal of this is to extract abehavioural analysis of the code and generate indicators (IOCs) which will help to... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22262&rss *** Broadcom-Sicherheitslücke: Angriff über den WLAN-Chip *** --------------------------------------------- Googles Project Zero zeigt, wie man ein Smartphone per WLAN übernehmen kann. WLAN-Chips haben heute eigene Betriebssysteme, denen jedoch alle modernen Sicherheitsmechanismen fehlen. --------------------------------------------- https://www.golem.de/news/broadcom-sicherheitsluecke-angriff-ueber-den-wlan… *** Report: 30% of malware is zero-day, missed by legacy antivirus *** --------------------------------------------- At least 30 percent of malware today is new, zero-day malware that is missed by traditional antivirus defenses, according to a new report."Were gathering threat data from hundreds of thousands of customers and network security appliances," said Corey Nachreiner, CTO at WatchGuard Technologies. "We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed... --------------------------------------------- http://www.cio.com/article/3187734/network-security/report-30-of-malware-is… *** Changes coming to TLS: Part Two *** --------------------------------------------- In the first part of this two-part blog we covered certain performance improving features of TLS 1.3, namely 1-RTT handshakes and 0-RTT session resumption. In this part we shall discuss some security and privacy improvements.Remove Obsolete and insecure cryptographic primitivesRemove RSA HandshakesWhen RSA is used for key establishment there is no forward secrecy, which basically means that an adversary can record the encrypted conversation between the client and the server and later if it is... --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2978671 *** Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE *** --------------------------------------------- [...] Then, if the IE is present, its contents are copied into a heap-allocated buffer of length 256. The copy is performed using the length field present in the IE, and at a fixed offset from the buffers start address. Since the length of the FTIE is not verified prior to the copy, this allows an attacker to include a large FTIE (e.g., with a length field of 255), causing the memcpy to overflow the heap-allocated buffer. --------------------------------------------- https://bugs.chromium.org/p/project-zero/issues/detail?id=1046 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security issues have been identified within Citrix XenServer. The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host. --------------------------------------------- https://support.citrix.com/article/CTX222565 *** Django Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038177 *** HPE Business Process Monitor Unspecified Flaw Lets Remote Users Access Data on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038176 *** Asterisk Buffer Overflow in Processing CDR User Data Lets Remote Authenticated Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1038175 *** Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… *** Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… *** Schneider Electric Interactive Graphical SCADA System Software *** --------------------------------------------- This advisory contains mitigation details for a DLL hijacking vulnerability in Schneider Electric's Interactive Graphical SCADA System Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01 *** Marel Food Processing Systems *** --------------------------------------------- This advisory contains mitigation details for hard-coded passwords and unrestricted upload vulnerabilities in Marel's Food Processing Systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 *** Rockwell Automation Allen-Bradley Stratix and Allen-Bradley ArmorStratix *** --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automation's Allen-Bradley Stratix and ArmorStratix Industrial Ethernet and Distribution switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-03 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Opportunity Detect (CVE-2017-5638) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001388 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerability (CVE-2017-3302) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999203 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (multiple CVEs) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999202 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Database Activity Monitor *** http://www-01.ibm.com/support/docview.wss?uid=swg21999580 --------------------------------------------- *** Fortinet PSIRT Advisories *** --------------------------------------------- *** FortiClient SSLVPN Linux - Root privilege escalation with subproc *** http://fortiguard.com/psirt/FG-IR-16-041 --------------------------------------------- *** FortiClient SSLVPN Linux - Arbitrary write to log file *** http://fortiguard.com/psirt/FG-IR-16-069 --------------------------------------------- *** Multiple vulnerabilities in Linux kernels through 4.6.3 *** http://fortiguard.com/psirt/FG-IR-16-052 --------------------------------------------- *** Unauthenticated XSS (Cross Site Scripting) in FortiMail *** http://fortiguard.com/psirt/FG-IR-17-011 --------------------------------------------- *** Linux kernel - challenge ack information leak *** http://fortiguard.com/psirt/FG-IR-16-047 --------------------------------------------- *** F5 Security Advisories *** --------------------------------------------- *** BIG-IP file validation vulnerability CVE-2015-8022 *** https://support.f5.com/csp/article/K12401251 --------------------------------------------- *** OpenSSL vulnerability CVE-2015-3195 *** https://support.f5.com/csp/article/K12824341 --------------------------------------------- *** OpenSSH vulnerability CVE-2016-6210 *** https://support.f5.com/csp/article/K14845276 --------------------------------------------- *** Expat XML library vulnerability CVE-2015-1283 *** https://support.f5.com/csp/article/K15104541 --------------------------------------------- *** glibc vulnerability CVE-2016-3075 *** https://support.f5.com/csp/article/K15439022 --------------------------------------------- *** libxml2 vulnerability CVE-2016-1834 *** https://support.f5.com/csp/article/K16712298 --------------------------------------------- *** glibc vulnerability CVE-2016-4429 *** https://support.f5.com/csp/article/K17075474 --------------------------------------------- *** TMM vulnerability CVE-2016-5023 *** https://support.f5.com/csp/article/K19784568 --------------------------------------------- *** Linux kernel vulnerability CVE-2013-7446 *** https://support.f5.com/csp/article/K20022580 --------------------------------------------- *** OpenSSH vulnerability CVE-2015-8325 *** https://support.f5.com/csp/article/K20911042 --------------------------------------------- *** NTP vulnerability CVE-2015-7976 *** https://support.f5.com/csp/article/K21230183 --------------------------------------------- *** Linux kernel vulnerability CVE-2011-5321 *** https://support.f5.com/csp/article/K21632201 --------------------------------------------- *** TMM vulnerability CVE-2016-9245 *** https://support.f5.com/csp/article/K22216037 --------------------------------------------- *** glibc vulnerability CVE-2015-8776 *** https://support.f5.com/csp/article/K23946311 --------------------------------------------- *** OpenSSL vulnerability CVE-2016-0800 *** https://support.f5.com/csp/article/K23196136 --------------------------------------------- *** libarchive vulnerability CVE-2016-5844 *** https://support.f5.com/csp/article/K24036027 --------------------------------------------- *** ISC DHCP vulnerability CVE-2016-2774 *** https://support.f5.com/csp/article/K30409575 --------------------------------------------- *** Java commons-collections library vulnerability CVE-2015-4852 *** https://support.f5.com/csp/article/K30518307 --------------------------------------------- *** PHP vulnerability CVE-2016-4070 *** https://support.f5.com/csp/article/K42065024 --------------------------------------------- *** NTP vulnerability CVE-2016-2519 *** https://support.f5.com/csp/article/K41613034 --------------------------------------------- *** GnuPG vulnerability CVE-2013-4402 *** https://support.f5.com/csp/article/K40131068 --------------------------------------------- *** libarchive vulnerability CVE-2016-8688 *** https://support.f5.com/csp/article/K35263486 --------------------------------------------- *** PHP vulnerability CVE-2016-3074 *** https://support.f5.com/csp/article/K34958244 --------------------------------------------- *** OpenSSL vulnerability CVE-2016-7056 *** https://support.f5.com/csp/article/K32743437 --------------------------------------------- *** OpenSSH vulnerability CVE-2016-10009 *** https://support.f5.com/csp/article/K31440025 --------------------------------------------- *** BIG-IP APM access logs vulnerability CVE-2016-1497 *** https://support.f5.com/csp/article/K31925518 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 4-04-2017
by Daily end-of-shift report 04 Apr '17

04 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-04-2017 18:00 − Dienstag 04-04-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Lazarus Under The Hood *** --------------------------------------------- Today wed like to share some of our findings, and add something new to whats currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank. --------------------------------------------- http://securelist.com/blog/sas/77908/lazarus-under-the-hood/ *** APT10 - Operation Cloud Hopper *** --------------------------------------------- Written by Adrian Nish and Tom RowlesBACKGROUNDFor many businesses the network now extends to suppliers who provide management of applications, cloud storage, helpdesk, and other functions. With the right integration and service levels Managed Service Providers (MSPs) can become a key enabler for businesses by allowing them to focus on their core mission while suppliers take care of background tasks. However, the network connectivity which exists between MSPs and their customers also provides a... --------------------------------------------- http://baesystemsai.blogspot.com/2017/04/apt10-operation-cloud-hopper_3.html *** WLAN-Lücke: Apple reicht Bugfix-Update für iOS 10.3 nach *** --------------------------------------------- iOS 10.3.1 behebt einen schwerwiegenden Fehler, über den ein Angreifer Code auf dem WLAN-Chip ausführen könnte. Außerdem lassen sich 32-Bit-Versionen nun wieder direkt auf dem Gerät installieren. --------------------------------------------- https://heise.de/-3674340 *** NSO Group: Pegasus-Staatstrojaner für Android entdeckt *** --------------------------------------------- Nach der iOS-Version des Staatstrojaners Pegasus haben Sicherheitsforscher auch eine Version für Android gefunden. Diese nutzt keine Zero-Day-Exploits und kann auch ohne vollständige Infektion Daten übertragen. --------------------------------------------- https://www.golem.de/news/nso-group-pegasus-staatstrojaner-fuer-android-ent… *** Cloudmark kündigt überraschend DANE/TLSA für Mail-Sicherheit an *** --------------------------------------------- Der überraschende Schritt des Internet-Schwergewichts erscheint bedeutsam, weil er die Mail-Sicherheitstechnik stärkt und zugleich als eine deutliche Absage an das Konzept der Certification Authorities gelesen werden kann. --------------------------------------------- https://www.heise.de/newsticker/meldung/Cloudmark-kuendigt-ueberraschend-DA… *** Betriebssystem Tizen für Samsung-Geräte von Sicherheitslücken durchsiebt *** --------------------------------------------- Ein Sicherheitsforscher hat den Code von Samsungs Tizen analysiert und zieht ein desaströses Resümee. Das Betriebssystem dient als Basis für mobile Geräte und Fernseher des Herstellers. --------------------------------------------- https://heise.de/-3674713 *** Kaspersky: Geldautomaten mit 15-US-Dollar-Bastelcomputer leergeräumt *** --------------------------------------------- Am Ende bleibt nur ein golfballgroßes Loch und das Geld ist weg: Kaspersky hat einen neuen Angriff auf Geldautomaten vorgestellt. Bei dem Angriff werden physische Beschädigung und Hacking kombiniert. Betroffen sind weit verbreitete Modelle aus den 90er Jahren. --------------------------------------------- https://www.golem.de/news/kaspersky-geldautomaten-mit-15-us-dollar-bastelco… *** How Hackers Hijacked a Bank's Entire Online Operation *** --------------------------------------------- Researchers at Kaspersky say a Brazilian banks entire online footprint was commandeered in a five-hour heist. --------------------------------------------- https://www.wired.com/2017/04/hackers-hijacked-banks-entire-online-operatio… *** Workshop on Software Security in industrial area *** --------------------------------------------- May 09, 2017 - 4:00 pm - 6:30 pm Bachmann electronic GmbH Kreuzäckerweg 33 Feldkirch --------------------------------------------- https://www.sba-research.org/events/workshop-on-software-security-in-indust… *** CVE-2017-7228 - x86: broken check in memory_exchange() permits PV guest breakout *** --------------------------------------------- A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-212.html *** Bugtraq: The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. *** --------------------------------------------- http://www.securityfocus.com/archive/1/540365 *** Bugtraq: OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. *** --------------------------------------------- http://www.securityfocus.com/archive/1/540364 *** VU#307983: AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references *** --------------------------------------------- Vulnerability Note VU#307983 AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references Original Release date: 04 Apr 2017 | Last revised: 04 Apr 2017 Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of Untrusted DataSome Java... --------------------------------------------- http://www.kb.cert.org/vuls/id/307983 *** DFN-CERT-2017-0569: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0569/ *** DFN-CERT-2017-0571: Red Hat JBoss A-MQ, JBoss Fuse: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0571/ *** Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection *** --------------------------------------------- Topic: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Risk: High Text:# Exploit Title: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (t... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040006 *** D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery *** --------------------------------------------- Topic: D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery Risk: Medium Text:*Title:* = D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability *Credit... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040008 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 *** http://www-01.ibm.com/support/docview.wss?uid=swg21999999 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2016-6810) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001326 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view incorrect item sets that they should not have access to view (CVE-2016-8987) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996255 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360) *** http://www.ibm.com/support/docview.wss?uid=swg22000834 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM) *** http://wwwbeta-sso.toronto.ca.ibm.com:81/support/entry2/portal/docdisplay?l… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 3-04-2017
by Daily end-of-shift report 03 Apr '17

03 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-03-2017 18:00 − Montag 03-04-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** EvilEye: Malware kapert Webcam, um Werbung zu personalisieren *** --------------------------------------------- Eine auf "EvilEye" getaufte Spyware sucht per übernommener Webcam nach Produkten des Computernutzers, um ihm gezielt personalisierte Werbung anzuzeigen und daran .. --------------------------------------------- https://heise.de/-3664941 *** Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware *** --------------------------------------------- Yesterday, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allo… *** Weitere Lücke in LastPass geschlossen, neue Version verfügbar *** --------------------------------------------- Lastpass hat eine vor wenigen Tagen gefundene Sicherheitslücke in seinen Erweiterungen für diverse Browser geschlossen. Anwender sollten umgehend aktualisieren. --------------------------------------------- https://heise.de/-3672957 *** Vuln: Moodle CVE-2017-7298 Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97182 *** Angriffswerkzeug Metasploit hackt jetzt auch Zombie-IIS *** --------------------------------------------- Etwa ein Prozent der weltweiten Webserver laufen mit einer verwundbaren Version von Microsofts Internet .. --------------------------------------------- https://heise.de/-3673038 *** Miele Professional PG 8528 Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-089-01 *** Smart-TV-Hack: Schadcode über DVB-T ermöglicht Übernahme aus der Ferne *** --------------------------------------------- Einem Sicherheitsexperten ist es gelungen, volle Kontrolle über einen Fernseher zu übernehmen, in dem er in das DVB-T-Signal Code einschleuste, der eine Sicherheitslücke in der HbbTV-Applikation des Geräts ausnutzt. --------------------------------------------- https://www.heise.de/newsticker/meldung/Smart-TV-Hack-Schadcode-ueber-DVB-T… *** Tech support scams persist with increasingly crafty techniques *** --------------------------------------------- Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/04/03/tech-support-scams-pers… *** IBM Security Bulletin:Open Source Apache Poi Vulnerability in IBM eDiscovery Manager *** --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21992041 *** IBM Security Bulletin:Open Source Apache Tomcat,Commons FileUpload Vulnerabilities affects WebSphere App Server in IBM eDiscovery Manager *** --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21991962 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024915 *** IBM Security Bulletin: Persistent cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1140) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21999133 *** IBM Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1021837 *** IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024825 *** Skype: Bösartige Werbung verteilt Fake-Flash-Update *** --------------------------------------------- Anwender berichten davon, in Skype Werbebanner untergeschoben bekommen zu haben, die beim Klick ein gefälschtes Flash-Update herunterladen. Dabei handelt es sich um Schadcode. --------------------------------------------- https://heise.de/-3674229 *** Cryptowars: Ahnungslose EU-Kommissarin redet über Whatsapp-Daten *** --------------------------------------------- EU-Justizkommissarin Vera Jourová will der Polizei ermöglichen, leichter Zugang zu Daten von Internetdienstleistern .. --------------------------------------------- https://www.golem.de/news/cryptowars-ahnungslose-eu-kommissarin-redet-ueber…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily April 2017