Daily June 2017

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - Freitag 30-06-2017
by Daily end-of-shift report 30 Jun '17

30 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-06-2017 18:00 − Freitag 30-06-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Eternal Champion Exploit Analysis *** --------------------------------------------- Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the latest mitigations in Windows 10 break the exploit as-written.... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit… *** Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone *** --------------------------------------------- A fourth ransomware campaign focused on Ukraine has surfaced today, following some of the patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-… *** Sicherheitsupdates angekündigt: Ciscos IOS-System ist für Schadcode anfällig *** --------------------------------------------- Bisher können Betroffene die Bedrohung durch neu entdeckte Schwachstellen in Ciscos IOS und IOS EX nur über Workarounds eindämmen. Sicherheitspatches sollen folgen. --------------------------------------------- https://heise.de/-3759927 *** e-Government in Deutschland: Kritische Schwachstellen in zentraler Transportkomponente *** --------------------------------------------- You can find the English version of this post here containing further technical details.Die "OSCI-Transport" Java-Bibliothek ist eine Kernkomponente im deutschen e-Government. Schwachstellen in dieser Komponente erlauben es einem Angreifer, bestimmte zwischen Behörden ausgetauschte Informationen zu entschlüsseln oder zu manipulieren bzw. sogar Daten von Behördenrechnern auszulesen.OSCI-Transport ist ein Protokoll, das dazu dient Daten zwischen Behörden sicher [...] --------------------------------------------- http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachstel… *** Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation *** --------------------------------------------- On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as a worm on older platforms, particularly Windows 7 and Windows Server 2008 systems that haven't... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/06/30/exploring-the-crypt-ana… *** Eternal Blues: A free EternalBlue vulnerability scanner *** --------------------------------------------- It is to be hoped that after the WannaCry and NotPetya outbreaks, companies will finally make sure to install - on all their systems - the Windows update that patches SMB vulnerabilities leveraged by the EternalBlue and EternalRomance exploits. These exploits are currently available to practically any hacker who might want to use them, and protecting systems against them should be a must for every organization. But while bigger ones might have an IT department [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/06/30/eternal-blues-eternalblue-vulner… *** Cyber Europe 2016: Key lessons from a simulated cyber crisis *** --------------------------------------------- Today marks the end of the latest cyber crisis exercise organised by ENISA, with the release of the after action report and closure video of Cyber Europe 2016. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2016-key-lessons-f… *** TeleBots are back: supply-chain attacks against Ukraine *** --------------------------------------------- The latest Petya-like outbreak has gathered a lot of attention from the media. However, it should be noted that this was not an isolated incident: this is the latest in a series of similar attacks in Ukraine. This blogpost reveals many details about the Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya) outbreak and related information about previously unpublished attacks. --------------------------------------------- https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attack… *** How Malicious Websites Infect You in Unexpected Ways *** --------------------------------------------- You probably spend most of your time on a PC browsing, whether that is Facebook, news or just blogs or pages that appeal to your particular interest. If a malicious hacker wants to break into your computer and scramble the kilobytes that make up your digital life, his starting point will be to create a [...] --------------------------------------------- https://heimdalsecurity.com/blog/malicious-websites/ *** SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software *** --------------------------------------------- The Simple Network Management Protocol(SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Schneider Electric U.motion Builder *** --------------------------------------------- This advisory contains mitigation details for SQL injection, path traversal, improper authentication, use of hard-coded password, improper access control, denial of service, and information disclosure vulnerabilities in Schneider Electric's U.motion Builder. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02 *** BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt *** --------------------------------------------- http://www.securitytracker.com/id/1038809 *** SSA-545214 (Last Update 2017-06-29): Vulnerability in ViewPort for Web Office Portal *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214… *** SSA-874235 (Last Update 2017-06-29): Intel Vulnerability in Siemens Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235… *** 2017-06-16 (updated 2017-06-30): Cyber Security Notification - CrashOverride/Industroyer Malware *** --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1003&Lang… *** [2017-06-30] Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government *** --------------------------------------------- The OSCI-transport library 1.2, a core component of Germanys e-government infrastructure, is affected by XXE, padding oracle and signature wrapping. These vulnerabilities could be used to read local files from OSCI-systems, decrypt certain parts of a message or, under specific circumstances, even to forge messages. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin:OpenSource ICU4C Vulnernabilties in IBM eDiscovery Analyzer *** https://www-01.ibm.com/support/docview.wss?uid=swg21996949 --------------------------------------------- *** IBM Security Bulletin:Cross-site scripting vulnerability in WebSphere Application Server admin console in IBM Content Collector for Email *** https://www-01.ibm.com/support/docview.wss?uid=swg21998348 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer *** https://www-01.ibm.com/support/docview.wss?uid=swg21996957 --------------------------------------------- *** IBM Security Bulletin: WebSphere Application Server vulnerability with malformed SOAP requests in IBM Content Collector for Email *** https://www-01.ibm.com/support/docview.wss?uid=swg21998347 --------------------------------------------- *** IBM Security Bulletin: OpenSource Apache Struts vulnerability in Content Collector for IBM Connections *** https://www-01.ibm.com/support/docview.wss?uid=swg21999097 --------------------------------------------- *** IBM Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint *** https://www-01.ibm.com/support/docview.wss?uid=swg21999099 --------------------------------------------- *** IBM Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for File Systems *** https://www-01.ibm.com/support/docview.wss?uid=swg21999105 --------------------------------------------- *** IBM Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Email *** https://www-01.ibm.com/support/docview.wss?uid=swg21999106 --------------------------------------------- *** IBM Security Bulletin: Open Source Apache PDFBox Vulnerability in IBM eDiscovery Analyzer *** https://www-01.ibm.com/support/docview.wss?uid=swg21991027 --------------------------------------------- *** IBM Security Bulletin: OpenSource Apache Struts vulnerability in Content Collector for IBM Connections *** https://www-01.ibm.com/support/docview.wss?uid=swg21999098 --------------------------------------------- *** IBM Security Bulletin: zlib vulnerability may affect IBM SDK, Java Technology Edition *** http://www-01.ibm.com/support/docview.wss?uid=swg22004465 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Intel Ethernet Controller XL710 affects IBM MQ Appliance *** http://www-01.ibm.com/support/docview.wss?uid=swg22002763 --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Security Guardium (CVE-2017-1256) *** http://www-01.ibm.com/support/docview.wss?uid=swg22004461 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance *** http://www.ibm.com/support/docview.wss?uid=isg3T1025342 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect Content Collector for IBM Connections *** https://www-01.ibm.com/support/docview.wss?uid=swg22001465 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM eDiscovery Analyzer *** https://www-01.ibm.com/support/docview.wss?uid=swg22001458 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM Content Collector for Microsoft SharePoint *** https://www-01.ibm.com/support/docview.wss?uid=swg22001455 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM Content Collector for File Systems *** https://www-01.ibm.com/support/docview.wss?uid=swg22001463 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM Content Collector for Email *** https://www-01.ibm.com/support/docview.wss?uid=swg22001460 --------------------------------------------- *** IBM Security Bulletin: WebSphere Application Server vulnerability in IBM Content Collector for Email *** https://www-01.ibm.com/support/docview.wss?uid=swg21998346 --------------------------------------------- *** IBM Security Bulletin: SQL Injection vulnerability affects IBM Security Guardium (CVE-2017-1269) *** http://www-01.ibm.com/support/docview.wss?uid=swg22004462 --------------------------------------------- *** IBM Security Bulletin: Missing Authentication for Critical Function affects IBM Security Guardium (CVE-2017-1258) *** http://www-01.ibm.com/support/docview.wss?uid=swg22004309 --------------------------------------------- *** IBM Security Bulletin: IBM InfoSphere Guardium is affected by Cleartext Transmission of Sensitive Information vulnerability (CVE-2016-0238 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21989124 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal (CVE-2015-8743) *** http://www-01.ibm.com/support/docview.wss?uid=swg22003173 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 29-06-2017
by Daily end-of-shift report 29 Jun '17

29 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 28-06-2017 18:00 − Donnerstag 29-06-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Petya/NotPetya: Kein Erpressungstrojaner sondern ein "Wiper" *** --------------------------------------------- Nach eingehenden Analysen des Schädlings NotPetya sind sich die meisten Experten einig: Der Schädling hatte es nicht auf Geld abgesehen sondern auf Randale, sprich: auf möglichst großen Datenverlust bei den Opfern. --------------------------------------------- https://heise.de/-3759293 *** Update on Petya malware attacks *** --------------------------------------------- As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/06/28/update-on-petya-malware… *** Websites Grabbing User-Form Data Before Its Submitted *** --------------------------------------------- Websites are sending information prematurely:...we discovered NaviStones code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it even if those people immediately changed their minds and closed the page.This is important because it goes [...] --------------------------------------------- https://www.schneier.com/blog/archives/2017/06/websites_grabbi.html *** Microsoft Announces "Controlled Folder Access" to Fend Off Crypto-Ransomware *** --------------------------------------------- This fall, Microsoft plans to release a new Windows Defender feature called Controlled Folder Access, which blocks and blacklists unauthorized apps from making changes to files located inside specially-designated folders. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-control… *** DFN-CERT-2017-1124: Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1124/ *** Symantec Management Console XSS/XXE Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Kaspersky Anti-Virus for Linux File Server Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks, Remote Authenticated Users View Files on the Target System, and Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1038798 *** Bugtraq: ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/540783 *** 2017-06-16 (updated 2017-06-27): Cyber Security Notification - CrashOverride/Industroyer Malware *** --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1003&Lang… *** SMTP - Moderatley Critical - Information Disclosure - SA-CONTRIB-2017-055 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-055Project: SMTP Authentication Support (third-party module)Version: 7.x, 8.xDate: 2017-June-28Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureDescriptionThis SMTP module enables you to send mail using a third party (non-system) mail service instead of the local system mailer included with Drupal. When this module is in debugging mode, it will log privileged [...] --------------------------------------------- https://www.drupal.org/node/2890357 *** Services - Critical - SQL Injection - SA-CONTRIB-2017-054 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-054Project: Services (third-party module)Version: 7.xDate: 2017-June-28Security risk: 19/25 ( Critical) AC:None/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module doesnt sufficiently sanitize column names provided by the client when they are querying for data and trying to sort it.This vulnerability is [...] --------------------------------------------- https://www.drupal.org/node/2890353 *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2 and v5.0.2. (CVE-2017-3539, CVE-2016-9840, CVE-2016-9841,CVE-2016-9842, CVE-2016-9843) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005365 *** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1217) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004348 *** IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, *** --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/java_apr2017_advisory.asc

1 0

Tageszusammenfassung - Mittwoch 28-06-2017
by Daily end-of-shift report 28 Jun '17

28 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-06-2017 18:00 − Mittwoch 28-06-2017 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Newport XPS-Cx, XPS-Qx *** --------------------------------------------- This advisory contains mitigation details for an improper authentication vulnerability in the Newport XPS-Cx and XPS-Qx controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-178-01 *** Schroedinger’s Pet(ya) *** --------------------------------------------- Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time. Despite rampant public speculation, the following is what we can confirm from our independent analysis. --------------------------------------------- http://securelist.com/schroedingers-petya/78870/ *** Microsoft bringing EMET back as a built-in part of Windows 10 *** --------------------------------------------- The built-in exploit mitigations are getting stronger and easier to configure. --------------------------------------------- https://arstechnica.com/?p=1124813 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues .. --------------------------------------------- https://support.citrix.com/article/CTX224740 *** New ransomware, old techniques: Petya adds worm capabilities *** --------------------------------------------- On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-tech… *** DFN-CERT-2017-1114/">systemd: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff und die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1114/ *** DFN-CERT-2017-1112/">Microsoft Azure Active Directory (AD) Connect: Eine Schwachstelle ermöglicht eine Privilegieneskalation *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1112/ *** DSA-3900 openvpn - security update *** --------------------------------------------- Several issues were discovered in openvpn, a virtual private network application. --------------------------------------------- https://www.debian.org/security/2017/dsa-3900 *** Security Advisory - DoS Vulnerability of isub Service in Some Huawei Smartphones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170628-… *** HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution *** --------------------------------------------- Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution. --------------------------------------------- http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbgn03763en_us *** Linux-Kernel-Security: Torvalds bezeichnet Grsecurity als "Müll" *** --------------------------------------------- Mit seinem wie üblich wenig diplomatischen Feingefühl machte Kernel-Chefhacker Linus Torvalds auf der Kernel-Mailingliste deutlich, was er von dem auf Sicherheit fokussierten .. --------------------------------------------- https://www.golem.de/news/linux-kernel-security-torvalds-bezeichnet-grsecur… *** Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS *** --------------------------------------------- Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we recorded was:30 Mpps (millions of packets per second)80 .. --------------------------------------------- https://blog.cloudflare.com/ssdp-100gbps/

1 0

Tageszusammenfassung - Dienstag 27-06-2017
by Daily end-of-shift report 27 Jun '17

27 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 26-06-2017 18:00 − Dienstag 27-06-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Petya Ransomware Outbreak *** --------------------------------------------- Heute hat es in mehreren Firmen in Europa IT-Ausfälle durch Ransomware gegeben. Dabei dürfte die Ransomware auch ein "lateral movement" innerhalb einer Organisation durchführen, und so eine breitflächige Infektion und damit Verschlüsselung erreichen. Die Faktenlage zu den genauen Vektoren, sowohl für die initiale Infektion, als auch für die Weiterverbreitung innerhalb des lokalen Netzes, ist noch sehr dünn und [...] --------------------------------------------- http://www.cert.at/services/blog/20170627170903-2046.html *** Second Global Ransomware Outbreak Under Way *** --------------------------------------------- A massive ransomware outbreak is spreading globally and being compared to WannaCry. --------------------------------------------- http://threatpost.com/second-global-ransomware-outbreak-under-way/126549/ *** E-Mails über angebliche Verkehrsstrafen *** --------------------------------------------- E-Mails über angebliche Verkehrsstrafen – ACHTUNG: dahinter verbirgt sich Schadsoftware --------------------------------------------- http://www.bmi.gv.at/cms/BK/betrug/files/2762017_E_Mails_ber_angebliche_Ver… *** How Spora ransomware tries to fool antivirus *** --------------------------------------------- Spora ransomware is back and its trying to confuse antivirus products and email filters. --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/fpIDs0aHpNY/ *** $1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks *** --------------------------------------------- The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/-1-million-ransomware-paymen… *** How Not to Encrypt a File - Courtesy of Microsoft *** --------------------------------------------- A client recently sent me a crypto spec which involved some, how do I say, suboptimal use of crypto primitives. They're .Net users so I decided to search for a nice msdn crypto reference to set them straight. Instead I found the likely culprit behind their confusion. --------------------------------------------- https://medium.com/@bob_parks1/how-not-to-encrypt-a-file-courtesy-of-micros… *** New Shifr RaaS Lets Any Dummy Enter the Ransomware Business *** --------------------------------------------- Several security researchers have spotted a new Ransomware-as-a-Service (RaaS) portal over the weekend that lets anyone generate their own ransomware executable just by filling in three form fields and pressing a button. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-shifr-raas-lets-any-dumm… *** What's new in Windows Defender ATP Fall Creators Update *** --------------------------------------------- When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-de… *** Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 Hot Patch 2 *** --------------------------------------------- Abstract: Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 HP2 has been released. Please see the details section below for installation instructions and the change log section for bug fixes since the last release. NOTE: Please do not continue using older versions of GMS SSLCheck. It has been superceded by GroupWise Mobility Service SSLCheck 1.1 found here: http://download.novell.com/Download?buildid=9naDJkniVtg~Document ID: 5311890Security Alert: YesDistribution Type: [...] --------------------------------------------- https://download.novell.com/Download?buildid=SIbPzOKmofQ~ *** SSA-874235 (Last Update 2017-06-26): Intel Vulnerability in Siemens Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System *** http://www-01.ibm.com/support/docview.wss?uid=swg22005209 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK Java Technology Edition Version 6, 7, 8 and IBM Runtime Environment Java Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation *** http://www.ibm.com/support/docview.wss?uid=swg22003154 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM PureApplication System (CVE-2017-3731) *** http://www.ibm.com/support/docview.wss?uid=swg22005135 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement *** http://www-01.ibm.com/support/docview.wss?uid=swg22003285 --------------------------------------------- *** IBM Security Bulletin: Security vulnerability in SWF files shipped with IBM Cúram Social Program Management (CVE-2017-1106) *** http://www-01.ibm.com/support/docview.wss?uid=swg22004580 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 26-06-2017
by Daily end-of-shift report 26 Jun '17

26 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-06-2017 18:00 − Montag 26-06-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Erneut kritische Lücke in Windows Defender & Co *** --------------------------------------------- Alle AV-Produkte aus dem Hause Microsoft wiesen einen kritischen Fehler auf, der es erlaubte, Windows-Systeme zu kapern. Dazu genügte es, wenn die AV-Software etwa eine Datei in einer E-Mail oder auf der Festplatte auf Schadcode untersucht. --------------------------------------------- https://heise.de/-3756013 *** Brutal Kangaroo: CIA-Werkzeug infiziert Rechner per USB-Stick *** --------------------------------------------- WikiLeaks hat geheime CIA-Dokumente veröffentlicht, in denen eine Werkzeug-Suite beschrieben ist, mit der sich via USB-Stick Informationen von Rechnern abgreifen lassen, die nicht mit dem Internet verbunden sind. --------------------------------------------- https://heise.de/-3754923 *** Aktuelle Intel-Prozessoren von "Albtraum"-Bug geplagt *** --------------------------------------------- Debian-Projekt spürt Fehler auf, der zu Datenverlust unter allen Betriebssystemen führen kann --------------------------------------------- http://derstandard.at/2000059819966 *** Cyber-Angriffe auf private E-Mail-Postfächer von Funktionsträgern *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet derzeit professionelle Cyber-Angriffe auf private E-Mail-Postfächer von Funktionsträgern aus Wirtschaft und Verwaltung. Bei dieser Angriffskampagne werden täuschend echt erscheinende Spearphishing-Mails an ausgewähltes Spitzenpersonal gesandt. Die Angreifer geben beispielsweise vor, Auffälligkeiten bei der Nutzung des Postfachs [...] --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Spearphishi… *** Traveling with a Laptop / Surviving a Laptop Ban: How to Let Go of "Precious", (Mon, May 29th) *** --------------------------------------------- For a few months now, passengers on flights from certain countries are no longer allowed to carry laptops and other larger electronic devices into the cabin. Many news media reported over the last weeks that this policy may be expanded to flight from Europe, or to all flights entering the US. But even if you get to keep your laptop with you during your flight, it is difficult to keep it at your site when you travel. So regardless if this ban materializes or not (right now it looks like it will [...] --------------------------------------------- https://isc.sans.edu/diary/rss/22462 *** Malware: Der unvollständige Ransomware-Schutz von Windows 10 S *** --------------------------------------------- Windows 10 S soll vor Ransomware schützen - sagt Microsoft. Einem Sicherheitsforscher gelang es trotzdem, innerhalb weniger Stunden Zugriff auf Systemprozesse zu bekommen. --------------------------------------------- https://www.golem.de/news/malware-der-unvollstaendige-ransomware-schutz-von… *** Look, But Dont Touch: One Key to Better ICS Security *** --------------------------------------------- Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united. --------------------------------------------- https://www.darkreading.com/vulnerabilities---threats/look-but-dont-touch-o… *** Blocks and Chains now available *** --------------------------------------------- Our book has just been published: Blocks and Chains: Introduction to Bitcoin, Cryptocurrencies, and Their Consensus Mechanisms. Aljosha Judmayer, Nicholas Stifter, Katharina Krombholz, and Egar Weippl --------------------------------------------- https://www.sba-research.org/2017/06/24/blocks-and-chains-now-available/ *** DFN-CERT-2017-1100: Microsoft Malware Protection Engine: Eine Schwachstelle ermöglicht die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1100/ *** Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Multiple Vulnerabilities *** --------------------------------------------- Symantec has released an update to address three issues that were discovered in the Symantec Messaging Gateway (SMG). --------------------------------------------- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s… *** Vuln: Multiple Pivotal Products CVE-2017-4974 SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/99254 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: API security restrictions can be bypassed in IBM API Connect (CVE-2017-1328) *** http://www-01.ibm.com/support/docview.wss?uid=swg22003867 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting. (CVE-2017-1234) *** http://www.ibm.com/support/docview.wss?uid=swg22004948 --------------------------------------------- *** IBM Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs. *** http://www.ibm.com/support/docview.wss?uid=swg22004947 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577) *** http://www-01.ibm.com/support/docview.wss?uid=swg22005149 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM has weak password requirements. (CVE-2016-9738) *** http://www.ibm.com/support/docview.wss?uid=swg22004926 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972) *** http://www.ibm.com/support/docview.wss?uid=swg22004925 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) *** http://www-01.ibm.com/support/docview.wss?uid=swg22003998 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator *** http://www.ibm.com/support/docview.wss?uid=swg22004713 --------------------------------------------- *** IBM Security Bulletin: Vulnerability affects WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000300 --------------------------------------------- *** IBM Security Bulletin: October 2015 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009992 --------------------------------------------- *** IBM Security Bulletin: July 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009972 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 23-06-2017
by Daily end-of-shift report 23 Jun '17

23 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-06-2017 18:00 − Freitag 23-06-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Getting ready for the European Cyber Security Month 2017 *** --------------------------------------------- 100 days left for the launch of the European Cyber Security Month, the EU annual advocacy campaign which takes place in October supported by ENISA and EC DG CONNECT with the participation of many partners from all over Europe. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/getting-ready-for-the-european-… *** Microsoft Says Fireball Threat ‘Overblown’ *** --------------------------------------------- Check Point has toned down its initial estimates on the number of Fireball malware infections from 250 million machines and 20 percent of corporate networks to 40 million computers. --------------------------------------------- http://threatpost.com/microsoft-says-fireball-threat-overblown/126472/ *** DSA-3894 graphite2 - security update *** --------------------------------------------- Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3894 *** ZDI-17-441: Apple Safari Node Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-441/ *** DSA-3896 apache2 - security update *** --------------------------------------------- Several vulnerabilities have been found in the Apache HTTPD server. --------------------------------------------- https://www.debian.org/security/2017/dsa-3896 *** Smart burglars will ride the surf of inter-connected hackability *** --------------------------------------------- Let’s invent a dustbin that throws itself away Something for the Weekend, Sir? What the world needs now is an intelligent dustbin. It would be the pinnacle of achievement for the Internet of Things sector. --------------------------------------------- www.theregister.co.uk/2017/06/23/smart_burglars_will_ride_the_surf_of_inter… *** Mutmaßlich russische Hacker stahlen Daten britischer Politiker *** --------------------------------------------- http://derstandard.at/2000059699661 *** Deutsches Sicherheitsamt warnt vor Cyber-Attacken auf Verwaltung *** --------------------------------------------- Ähnlich wie auf US-Demokraten und französische Partei von Präsident Macron --------------------------------------------- http://derstandard.at/2000059699049 *** Node.js: Hälfte der NPM-Pakete durch schwache Passwörter verwundbar *** --------------------------------------------- Der NPM-Dienst hat vor zwei Wochen Passwörter von Entwicklern zurückgezogen. Jetzt ist klar warum: Ein Hacker konnte schwache Passwörter sammeln und hätte damit wohl die Hälfte des .. --------------------------------------------- https://www.golem.de/news/node-js-haelfte-der-npm-pakete-durch-schwache-pas… *** Microsoft weist Vorwürfe von Antivirenhersteller zurück *** --------------------------------------------- Microsoft betont in einem Blogpost die Bedeutung der Zusammenarbeit mit Antivirenherstellern im Rahmen der Microsoft Virus Initiative. Die Veröffentlichung kann als direkte Reaktion auf die Beschwerde von Kaspersky bei Kartellwächtern verstanden werden. --------------------------------------------- https://heise.de/-3754148 *** Video: So kaperten Hacker ein Stromkraftwerk *** --------------------------------------------- 2015 haben Hacker den Strom für über 200.000 Personen in der Ukraine ausfallen lassen. Ein Video zeigt, wie sie die Steuer-PCs übernommen haben. --------------------------------------------- https://futurezone.at/digital-life/video-so-kaperten-hacker-ein-stromkraftw… *** FBI: Extortion, CEO Fraud Among Top Online Fraud Complaints in 2016 *** --------------------------------------------- Online extortion, tech support scams and phishing attacks that spoof the boss were among the most costly cyber scams reported by consumers and businesses last year, according to new figures from the FBIs Internet Crime Complaint Center (IC3). The IC3 report released .. --------------------------------------------- https://krebsonsecurity.com/2017/06/fbi-extortion-ceo-fraud-among-top-onlin…

1 0

Tageszusammenfassung - Donnerstag 22-06-2017
by Daily end-of-shift report 22 Jun '17

22 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-06-2017 18:00 − Donnerstag 22-06-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities *** --------------------------------------------- Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Multiple vulnerabilities in Cisco Prime Infrastructure *** --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Multiple vulnerabilities in Cisco Identity Services *** --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Multiple vulnerabilities in Cisco IOS XR *** --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Cisco Firepower Management Center Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Kritischer Bug in Kompressions-Bibliothek RAR gefährdet AV-Software *** --------------------------------------------- Fehler beim Auspacken von Archiven sind kritisch, weil sie sich besonders einfach ausnutzen lassen – etwa wenn die Antiviren-Software nach Schadcode sucht. Umso bitterer ist es, wenn die sich fünf Jahre nach ihrer Entdeckung noch ausnutzen lassen. --------------------------------------------- https://heise.de/-3751528 *** Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003 *** --------------------------------------------- https://www.drupal.org/SA-CORE-2017-003 *** TeslaWare Plays Russian Roulette with your Files *** --------------------------------------------- I was told about a new ransomware called TeslaWare that is being promoted on a black hat criminal site. After a quick search, I was able to find a sample that was compiled yesterday .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/teslaware-plays-russian-roul… *** Locky Ransomware Returns, but Targets Only Windows XP & Vista *** --------------------------------------------- The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/locky-ransomware-returns-but… *** NSA-Backed OpenC2.org Aims to Defend Systems at Machine Speed *** --------------------------------------------- Security experts, vendors, business and the NSA are developing a standardized language that rather than autonomously understands threats, acts on them. --------------------------------------------- http://threatpost.com/nsa-backed-openc2-org-aims-to-defend-systems-at-machi… *** Web Application Pentest Guide Part-I *** --------------------------------------------- In this article, we are going to pentest a web application which was developed by HP for scanner evaluation purpose. We will be demonstrating the complete process .. --------------------------------------------- http://resources.infosecinstitute.com/web-application-pentest-guide-part/ *** Windows-Trojaner nutzt NSA-Hintertür um verdeckt Kryptowährungen zu schürfen *** --------------------------------------------- Die DOUBLEPULSAR-Hintertür der NSA wird momentan missbraucht, um ungeschützte Windows-Rechner mit einem Trojaner zu infizieren, der heimlich die Kryptowährung Monero (XMR) schürft. --------------------------------------------- https://heise.de/-3751247 *** [2017-06-22] Multiple vulnerabilities in Cisco Prime Infrastructure *** --------------------------------------------- Multiple security vulnerabilities in Cisco Prime Infrastructure < 3.1.6 could allow local low-privileged user to read arbitrary files such as wireless access point configurations, read the hashed passwords of all the users including the administrator from database and infect other users with JavaScript trojan. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Understanding the true size of “Fireball” *** --------------------------------------------- ... when recent reports of the “Fireball” cybersecurity threat operation were presented as a new discovery, our teams knew .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/06/22/understanding-the-true-… *** IBM Security Bulletin: Multiple vulnerabilities in EBICS client in IBM Sterling B2B Integrator (CVE-2017-1132, CVE-2017-1347, CVE-2017-1348) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004199 *** IBM Security Bulletin: HTTP verb tampering vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1131) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004270 *** Why So Many Top Hackers Hail from Russia *** --------------------------------------------- Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information .. --------------------------------------------- https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russi… *** DSA-3892 tomcat7 - security update *** --------------------------------------------- Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet andJSP engine, static error pages used the original requests HTTP methodto serve content, instead of systematically using .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3892 *** DSA-3891 tomcat8 - security update *** --------------------------------------------- Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet andJSP engine, static error pages used the original requests HTTP methodto serve content, instead of systematically .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3891

1 0

Tageszusammenfassung - Mittwoch 21-06-2017
by Daily end-of-shift report 21 Jun '17

21 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-06-2017 18:00 − Mittwoch 21-06-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Partnering with the AV ecosystem to protect our Windows 10 customers *** --------------------------------------------- On Friday May 12th, and for several days afterwards, more than a quarter-million computers around the world fell victim to the ransomware known .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/06/20/partnering-with-the-av-… *** Unwanted “Shorte St” Ads in Unpatched Newspaper Theme *** --------------------------------------------- Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that they never installed on their sites themselves. My colleague Denis Sinegubko of UnmaskParasites .. --------------------------------------------- https://blog.sucuri.net/2017/06/unwanted-shorte-st-ads-in-unpatched-newspap… *** Hacker exposed bank loophole to buy luxury cars and a face tattoo *** --------------------------------------------- ♪ Im gonna wait... til the midnight hour, when theres no one else around A UK hacker who stole £100,000 from his bank after spotting a loophole in its systems has been jailed for 16 months. --------------------------------------------- www.theregister.co.uk/2017/06/20/face_tattoo_bank_hacker/ *** More Android apps from dangerous Ztorg family sneak into Google Play *** --------------------------------------------- Almost 100 such apps, with >1 million downloads, found so far (but not by Google). --------------------------------------------- https://arstechnica.com/security/2017/06/more-android-apps-from-dangerous-z… *** Minimalist Alina PoS Variant Starts Using SSL *** --------------------------------------------- More than four years ago, we published a series of blogs discussing in-depth analysis of Alina Point of Sale (PoS) malware. And for the past four years, it is interesting to see .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Minimalist-Alina-PoS-Variant… *** Nach Leak: Studio zahlte "Orange Is the New Black"-Erpresser *** --------------------------------------------- Hacker hatten etwa 50.000 US-Dollar gefordert --------------------------------------------- http://derstandard.at/2000059577414 *** Wannacry: Honda stoppt Autobau wegen Ransomware *** --------------------------------------------- Autowerk im japanischen Sayana setzt vorübergehend Produktion aus --------------------------------------------- http://derstandard.at/2000059583968 *** Decline in Rig Exploit Kit *** --------------------------------------------- Unit 42 investigates recent developments in the EITest & psuedo-Darkleech campaigns contributing to the decline of Rig exploit kits. --------------------------------------------- https://researchcenter.paloaltonetworks.com/2017/06/unit42-decline-rig-expl…

1 0

Tageszusammenfassung - Dienstag 20-06-2017
by Daily end-of-shift report 20 Jun '17

20 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-06-2017 18:00 − Dienstag 20-06-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Apache HTTPD Bugs Let Remote Users Deny Service and Bypass Authentication in Certain Cases *** --------------------------------------------- Fix Available: Yes Vendor Confirmed: Yes Version(s): 2.2.0 - 2.2.32, 2.4.0 - 2.4.25 Description: Several vulnerabilities were reported in Apache HTTPD. A remote user can cause the target service to crash. A remote user can bypass authentication. --------------------------------------------- http://www.securitytracker.com/id/1038711 *** Bugtraq: [security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/540745 *** McAfee Labs Threats Report Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit *** --------------------------------------------- We got a little carried away in the McAfee Labs Threats Report: June 2017, published today. This quarter's report has expanded to a rather hefty 83 pages! It contains three highly educational topics, in addition to the usual set of threats statistics: We broadly examine evasion techniques and how malware authors use them to accomplish... --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-labs-threats-report-… *** Glibc Stack/Heap Memory Allocation Error Lets Local Users Gain Elevated Privileges *** --------------------------------------------- A local user can supply specially crafted LD_LIBRARY_PATH values to trigger a stack memory allocation flaw in certain cases and execute arbitrary code on the target system with elevated privileges. The stack guard-page memory gap can be "jumped" in cases where heap memory and stack memory are adjacent. --------------------------------------------- http://www.securitytracker.com/id/1038712 *** [2017-06-20] Multiple Reflected Cross Site Scripting (XSS) issues in Ubiquiti Networks products *** --------------------------------------------- Multiple Ubiquiti Networks products with firmware XM v6.0, SW v1.3.3 and AF24 v3.2 are affected by a POST-request based cross site scripting vulnerability. Malicious JavaScript code can be executed in the browser of the user and cookies can be stolen. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** DFN-CERT-2017-1052/">Exim: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- Betroffene Software: Exim <= 4.89 In Exim existiert eine Schwachstelle, weil durch die Mehrfachverwendung von '-p' als Befehlszeilenargument Speicher reserviert werden kann, der nicht wieder freigegeben wird. Ein lokaler, nicht authentisierter Angreifer kann dies nur in Verbindung mit einer anderen Schwachstelle ausnutzen, um beliebigen Programmcode zur Ausführung zu bringen und möglicherweise auch eine Rechteerweiterung auf Root-Privilegien durchzuführen. Debian stellt für die stabile Distribution Stretch und die alte stabile Distribution Jessie jeweils Backport-Sicherheitsupdates bereit. CVE-2017-1000369 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1052/ *** Oracle Security Alert for CVE-2017-3629 *** --------------------------------------------- This Security Alert addresses CVE-2017-3629 and two other vulnerabilities affecting Oracle Solaris. These are local privilege escalation vulnerabilities that may only be exploited over a network with a valid username and password. Together, these vulnerabilities may allow privilege escalation to root. --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-375… *** Vuln: SAP Business Objects DS Open Redirection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/99143 *** Xen Security Advisories *** --------------------------------------------- XSA-216: blkif responses leak backend stack data XSA-217: page transfer may allow PV guest to elevate privilege XSA-218: Races in the grant table unmap code XSA-219: x86: insufficient reference counts during shadow emulation XSA-220: x86: PKRU and BND* leakage between vCPU-s XSA-221: NULL pointer deref in event channel poll XSA-222: stale P2M mappings due to insufficient error checking XSA-223: ARM guest disabling interrupt may crash Xen XSA-224: grant table operations mishandle reference --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2017-06/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1022142 --------------------------------------------- *** IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1304) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010230 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere MQ Internet Pass-Thru *** http://www.ibm.com/support/docview.wss?uid=swg22001701 --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Security Directory Suite (CVE-2016-0378, CVE-2016-5983 and CVE-2016-5986) *** http://www.ibm.com/support/docview.wss?uid=swg22002049 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 19-06-2017
by Daily end-of-shift report 19 Jun '17

19 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-06-2017 18:00 − Montag 19-06-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Bugtraq: ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station *** --------------------------------------------- http://www.securityfocus.com/archive/1/540738 *** VU#768399: HPE SiteScope contains multiple vulnerabilities *** --------------------------------------------- HPEs SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication. Description HPEs SiteScope is vulnerable to several vulnerabilities. --------------------------------------------- http://www.kb.cert.org/vuls/id/768399 *** Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security *** --------------------------------------------- On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-… *** DSA-3884 gnutls28 - security update *** --------------------------------------------- Hubert Kario discovered that GnuTLS, a library implementing the TLS and SSL protocols, does not properly decode a status response TLS extension,allowing a remote attacker to cause an application using the GnuTLS library to crash (denial of service). --------------------------------------------- https://www.debian.org/security/2017/dsa-3884 *** In eigener Sache: Umstellung der Tageszusammenfassungen *** --------------------------------------------- In eigener Sache: Umstellung der Tageszusammenfassungen19. Juni 2017In der Woche vom 3.-7. 7. 2017 werden wir das Format unserer Tageszusammenfassungen anpassen. Inhaltlich bleibt alles wie gewohnt, wir werden aber der besseren Übersichtlichkeit halber den Inhalt in mehrere Sektionen unterteilen. Damit sollte es .. --------------------------------------------- http://www.cert.at/services/blog/20170619121641-2037.html *** D-Link DSL-2640U - Unauthenticated DNS Change *** --------------------------------------------- The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with .. --------------------------------------------- https://www.exploit-db.com/exploits/42195/ *** -Link DSL-2640B - Unauthenticated Remote DNS Change *** --------------------------------------------- The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with .. --------------------------------------------- https://www.exploit-db.com/exploits/42197/ *** IBM Security Bulletin: IBM MQ Trace enablement could cause denial of service (CVE-2017-1117) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22001468 *** IoT Malware Activity Already More Than Doubled 2016 Numbers *** --------------------------------------------- The number of new malware samples in the wild this year targeting connected internet-of-things (IoT) devices has already more than doubled last year’s total. --------------------------------------------- http://threatpost.com/iot-malware-activity-already-more-than-doubled-2016-n…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2017