Daily July 2017

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - 31.07.2017
by Daily end-of-shift report 31 Jul '17

31 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-07-2017 18:00 − Montag 31-07-2017 18:00 Handler: Robert Waldner Co-Handler: ===================== = News = ===================== ∗∗∗ Ein paar Thesen zu aktuellen Gesetzentwürfen ∗∗∗ --------------------------------------------- Ein paar Thesen zu aktuellen Gesetzentwürfen31. Juli 2017Das Thema "LE going dark in the age of encrytion" kocht mal wieder hoch, und noch schnell vor den Neuwahlen wurden entsprechende Gesetzesentwürfe eingebracht. Ich will hier aus technischer Sicht ein paar Argumente in die Diskussion einwerfen, beschränke mich hier aber rein auf den Aspekt Überwachung trotz Verschlüsselung. --------------------------------------------- http://www.cert.at/services/blog/20170731130131-2076.html ∗∗∗ Reverse Engineering a JavaScript Obfuscated Dropper ∗∗∗ --------------------------------------------- 1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is using a JavaScript (js) dropper. A js dropper represents, in most attack scenarios, the first stage of a malware infection. It happens because Windows systems allow the execution of various scripting language using the Windows Script Host (WScript). This […]The post Reverse Engineering a JavaScript Obfuscated Dropper appeared first on InfoSec Resources. --------------------------------------------- http://resources.infosecinstitute.com/reverse-engineering-javascript-obfusc… ∗∗∗ A new era in mobile banking Trojans ∗∗∗ --------------------------------------------- In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. --------------------------------------------- http://securelist.com/a-new-era-in-mobile-banking-trojans/79198/ ∗∗∗ LeakerLocker Mobile Ransomware Threatens to Expose User Information ∗∗∗ --------------------------------------------- While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tDsXJe6LJ0g/ ∗∗∗ Das Millionengeschäft mit Softwarefehlern ∗∗∗ --------------------------------------------- Softwarefehler können enormen Schaden anrichten, wie zuletzt die großangelegte Cyberattacke mit der Schadsoftware „NotPetya“ gezeigt hat. Das Aufspüren solcher Schwachstellen ist die Aufgabe von Bug-Kopfgeldjägern, die damit oft gut verdienen. Interesse an den Diensten der Hacker gibt es dabei nicht nur vonseiten der Hersteller. --------------------------------------------- http://orf.at/stories/2397792/2397793/ ∗∗∗ Container security: The seven biggest mistakes companies are making ∗∗∗ --------------------------------------------- As enterprises increase adoption of containers, they also risk increasing the number of mistakes they make with the technology. Given that many companies are still wrapping their heads around the potential of container technology and how to best leverage it, that stands to reason. With that said, however, companies must ensure that they are establishing a solid foundation for security as they continue to identify strategies and workloads that make sense on a container platform. … More --------------------------------------------- https://www.helpnetsecurity.com/2017/07/31/container-security-seven-biggest… ===================== = Advisories = ===================== ∗∗∗ CAN Bus Standard Vulnerability ∗∗∗ --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01 ∗∗∗ Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking ∗∗∗ --------------------------------------------- Security researchers have revealed a recently discovered vulnerability in modern, high-speed cell networks, which they say can allow low-cost phone surveillance and location tracking. --------------------------------------------- http://www.zdnet.com/article/stingray-security-flaw-cell-networks-phone-tra… ∗∗∗ Cloud-Antivirensoftware hilft beim Datenklau aus luftdichten Netzwerken ∗∗∗ --------------------------------------------- Mindestens vier Virenscanner, die verdächtige Daten zur Analyse in die Cloud hochladen, helfen beim Datenklau von ansonsten in ihrer Kommunikationsfähigkeit beschränkten PCs. Auch Virustotal ist betroffen. --------------------------------------------- https://heise.de/-3786507 ∗∗∗ Attacking industrial pumps by adjusting valves to create bubbles in the pipes. ∗∗∗ --------------------------------------------- https://twitter.com/KraftCERT/status/891929915200856064 ∗∗∗ DFN-CERT-2017-1309/">FreeRDP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1309/ ∗∗∗ [webapps] GitHub Enterprise < 2.8.7 - Remote Code Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42392/?rss ∗∗∗ IBM Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022204 ∗∗∗ IBM Security Bulletin: 10x vulnerability in IBM Control Center could allow an outside user to obtain the ID (CVE-2017-1152) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006361 ∗∗∗ IBM Security Bulletin: Non-configured connections could cause denial of service in IBM WebSphere MQ Internet Pass-Thru (CVE-2017-1118 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006580 ∗∗∗ IBM Security Bulletin: A vulnerability in Java runtime from IBM affects IBM WebSphere MQ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005123 ∗∗∗ Fortinet FortiOS Input Validation Flaws Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039020 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.07.2017
by Daily end-of-shift report 28 Jul '17

28 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-07-2017 18:00 − Freitag 28-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Google Study Quantifies Ransomware Profits ∗∗∗ --------------------------------------------- A ransomware study released Google revealed the malware earned criminals $25 million over the past two years. --------------------------------------------- http://threatpost.com/google-study-quantifies-ransomware-revenue/127057/ ∗∗∗ Attack Uses Docker Containers To Hide, Persist, Plant Malware ∗∗∗ --------------------------------------------- Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers. --------------------------------------------- http://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-m… ∗∗∗ The Cloak & Dagger Attack That Bedeviled Android For Months ∗∗∗ --------------------------------------------- Not all Android attacks come from firmware mistakes. --------------------------------------------- https://www.wired.com/story/cloak-and-dagger-android-malware ∗∗∗ Hacker Says He Broke Through Samsungs Secure Smartphone Platform ∗∗∗ --------------------------------------------- When his rooting exploit worked on plenty of Android devices but failed on the Samsung Galaxy S7 Edge, researcher Di Shen decided to dig into KNOX. --------------------------------------------- https://motherboard.vice.com/en_us/article/pad5jn/hacker-says-he-broke-thro… ∗∗∗ OPC Data Access IDAPython script ∗∗∗ --------------------------------------------- An IDAPython script for IDA Pro that helps reverse engineer binaries that are using the OPC Data Access protocol. --------------------------------------------- https://github.com/eset/malware-research/blob/master/industroyer/README.adoc ∗∗∗ Internet der Dinge: Wenn die Waschstraße angreift ∗∗∗ --------------------------------------------- Sicherheitsforscher haben diverse Schwachstellen in automatisierten Autowaschstraßen gefunden, die sich sogar übers Internet missbrauchen lassen. Durch ferngesteuerte Tore, Roboterarme und Hochdruck-Wasserstrahle könnte es sogar zu Personenschäden kommen. --------------------------------------------- https://heise.de/-3785654 ∗∗∗ Microsoft opens fuzz testing service to the wider public ∗∗∗ --------------------------------------------- Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry. --------------------------------------------- https://www.helpnetsecurity.com/2017/07/28/microsoft-fuzz-testing-service/ ===================== = Advisories = ===================== ∗∗∗ Continental AG Infineon S-Gold 2 (PMB 8876) ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow and an improper restriction of operations within the bounds of a memory buffer vulnerability in Continental AGs Infineon S-Gold 2 (PMB 8876). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 ∗∗∗ Mirion Technologies Telemetry Enabled Devices ∗∗∗ --------------------------------------------- This advisory contains mitigation details for use of hard-coded cryptographic key and inadequate encryption strength vulnerabilities in Mirion Technologies Telemetry Enabled Devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02 ∗∗∗ PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authentication and missing encryption of sensitive data affecting PDQ Manufacturing, Inc.s LaserWash, LaserJet, and ProTouch car washes. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03 ∗∗∗ Multiple Cisco Products OSPF LSA Manipulation Vulnerability ∗∗∗ --------------------------------------------- Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic.The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2017-0012 ∗∗∗ --------------------------------------------- VMware VIX API VM Direct Access Function security issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0012.html ∗∗∗ VMSA-2017-0013 ∗∗∗ --------------------------------------------- VMware vCenter Server and Tools updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0013.html ∗∗∗ Vuln: Cloud Foundry Cloud Controller API CVE-2017-8036 Incomplete Fix Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/100002 ∗∗∗ DFN-CERT-2017-1305: PHPMailer: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1305/ ∗∗∗ DFN-CERT-2017-1310: Microsoft Outlook: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1310/ ∗∗∗ FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-104 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005830 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1332) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005233 ∗∗∗ IBM Security Bulletin: Multiple security vunerabilities in Oracle Java SE and Java SE Embedded affects IBM InfoSphere Master Data Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006603 ∗∗∗ IBM Security Bulletin: IBM System Networking Switch Center is affected by a Jsch vulnerability (CVE-2016-5725) ∗∗∗ --------------------------------------------- http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM User Interface (CVE-2016-9714) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006608 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method – TRACE discovered in MDM User Interface (CVE-2016-9718) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006606 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery discovered in MDM User Interface (CVE-2016-9716) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006610 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting Attack (CVE-2016-9715) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006611 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities might affect IBM® SDK for Node.js™ ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22006298 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025538 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in qemu-kvm and libguestfs affect SmartCloud Entry (CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 CVE-2015-8869) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025529 ∗∗∗ IBM Security Bulletin: IBM i is affected by an OSPF vulnerability (CVE-2017-1460) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022191 ∗∗∗ IBM Security Bulletin: The BigFix Platform has a vulnerability that can cause denial of service ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22003222 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a X-Frame-Options Header ClickJacking attack (CVE-2016-9719 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006607 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006605 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025397 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.07.2017
by Daily end-of-shift report 27 Jul '17

27 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-07-2017 18:00 − Donnerstag 27-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ IoT-Geräte in Österreich: 31.000 von 280.000 unsicher ∗∗∗ --------------------------------------------- In Österreich gibt es eine beträchtlich hohe Zahl ungeschützter Router und Webcams im Internet, so eine neue Studie von Avast. Warum das ein Problem ist und was man tun kann. --------------------------------------------- https://futurezone.at/produkte/iot-geraete-in-oesterreich-31-000-von-280-00… ∗∗∗ Lipizzan: Google findet neue Staatstrojaner-Familie für Android ∗∗∗ --------------------------------------------- Erneut hat Google eine Android-Spyware einer isrealischen Firma gefunden. Die Software tarnte sich als harmlose App im Playstore, die Rooting-Funktion wird dann nachgeladen. --------------------------------------------- https://www.golem.de/news/lipizzan-google-findet-neue-staatstrojaner-famili… ∗∗∗ Announcing the Windows Bounty Program ∗∗∗ --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-… ∗∗∗ Extending Microsoft Edge Bounty Program ∗∗∗ --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edg… ∗∗∗ Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets ∗∗∗ --------------------------------------------- Fully remote exploits that allow for compromise of a target without any user interaction have become something of a myth in recent years. While some are occasionally still found against insecure and unpatched targets such as routers, various IoT devices or old versions of Windows, practically no remotely exploitable bugs that reliably bypass DEP and ASLR have been found on Android and iOS. In order to compromise these devices, attackers [...] --------------------------------------------- https://blog.exodusintel.com/2017/07/26/broadpwn/ ∗∗∗ DeepINTEL Schedule updated – Psychology and Power Grids ∗∗∗ --------------------------------------------- We have updated the schedule for DeepINTEL 2017. The human mind and power grids are both critical infrastructure. Both can be manipulated and switched off, arguably. And most of us use both every day. So this is why we added two more presentations to the schedule. --------------------------------------------- http://blog.deepsec.net/deepintel-schedule-updated-psychology-power-grids/ ∗∗∗ Black Hat: Strahlungsmessgeräte per Funk manipulierbar ∗∗∗ --------------------------------------------- Ein Hacker hat Sicherheitslücken in stationären und mobilen Messgeräten für radioaktive Strahlung gefunden. Kriminelle könnten so radioaktives Material durch Kontrollen schleusen oder Fehlalarme in Kernreaktoren auslösen. Updates wird es nicht geben. --------------------------------------------- https://heise.de/-3784966 ∗∗∗ Slowloris all the things ∗∗∗ --------------------------------------------- At DEFCON, some researchers are going to announce a Slowloris-type exploit for SMB -- SMBloris. I thought Id write up some comments.The original Slowloris from several years creates a ton of connections to a web server, but only sends partial headers. The server allocates a large amount of memory to handle the requests, expecting to free that memory soon when the requests are completed. But the requests are never completed, so the memory remains tied up indefinitely. --------------------------------------------- http://blog.erratasec.com/2017/07/slowloris-all-things.html ===================== = Advisories = ===================== ∗∗∗ McAfee Releases Security Bulletin for Web Gateway ∗∗∗ --------------------------------------------- Original release date: July 27, 2017 McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/07/27/McAfee-Releases-Se… ∗∗∗ VU#547255: Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/547255 ∗∗∗ Cisco Access Control System Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1295: FortiNet FortiOS, FortiAnalyzer: Mehrere Schwachstellen ermöglichen u.a die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1295/ ∗∗∗ DFN-CERT-2017-1303: Foxit PDF Compressor: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1303/ ∗∗∗ HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocal of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-… ∗∗∗ Security Advisory - BroadPwn Remote Code Execute Vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170727-… ∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005722 ∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect (CVE-2017-1386) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004981 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates April 2017 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005840 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1303) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004979 ∗∗∗ [2017-07-27] Kathrein UFSconnect 916 multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… ∗∗∗ [2017-07-27] Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2017
by Daily end-of-shift report 26 Jul '17

26 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-07-2017 18:00 − Mittwoch 26-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Smart Drawing Pads Used for DDoS Attacks, IoT Fish Tank Used in Casino Hack ∗∗∗ --------------------------------------------- Some clever hackers found new ways to use the smart devices surrounding us, according to a report published last week by UK-based cyber-defense company Darktrace. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/smart-drawing-pads-used-for-… ∗∗∗ IOS Forensics ∗∗∗ --------------------------------------------- 1. INTRODUCTION Day by day, Smart phones and tablets are becoming popular, and hence technology used in development to add new features or improve the security of such devices is advancing too fast. iPhone and iPod are the game changer products launched by Apple. Apple operating system (IOS) devices started growing popular in the mobile [...] --------------------------------------------- http://resources.infosecinstitute.com/ios-forensics/ ∗∗∗ Windows SMB Zero Day to Be Disclosed During DEF CON ∗∗∗ --------------------------------------------- Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON. --------------------------------------------- http://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/1… ∗∗∗ WikiLeaks drops another cache of ‘Vault7’ stolen tools ∗∗∗ --------------------------------------------- Latest dump is a trove of malware from Raytheon used for surveillance and data collection --------------------------------------------- https://nakedsecurity.sophos.com/2017/07/26/wikileaks-drops-another-cache-o… ∗∗∗ Where are the holes in machine learning – and can we fix them? ∗∗∗ --------------------------------------------- Machine learning algorithms are increasingly a target for the bad guys - but the industry is working to stop them, explains Sophos chief data scientist Joshua Saxe --------------------------------------------- https://nakedsecurity.sophos.com/2017/07/26/where-are-the-holes-in-machine-… ∗∗∗ How a Citadel Trojan Developer Got Busted ∗∗∗ --------------------------------------------- A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught. --------------------------------------------- https://krebsonsecurity.com/2017/07/how-a-citadel-trojan-developer-got-bust… ===================== = Advisories = ===================== ∗∗∗ CRASHOVERRIDE Malware ∗∗∗ --------------------------------------------- CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers. Additional modules include a data-wiping component and a module capable of causing a denial of service (DoS) to Siemens SIPROTEC devices. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-206-01 ∗∗∗ NXP i.MX Product Family ∗∗∗ --------------------------------------------- This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for stack-based buffer overflow and improper certificate validation vulnerabilities in the NXP i.MX Product Family. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 ∗∗∗ Bugtraq: [SECURITY] [DSA 3919-1] openjdk-8 security update ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/540926 ∗∗∗ DFN-CERT-2017-1288: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1288/ ∗∗∗ Security Advisory - Two DoS Vulnerabilities in Call Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-… ∗∗∗ Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in Java shipped as a component of IBM Security Privileged Identity Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006547 ∗∗∗ SSA-323211 (Last Update 2017-07-25): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211… ∗∗∗ SSA-822184 (Last Update 2017-07-26): Microsoft Web Server and HP Client Automation Vulnerabilities in Molecular Imaging Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2017
by Daily end-of-shift report 25 Jul '17

25 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Montag 24-07-2017 18:00 − Dienstag 25-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Fruit Fly 2: Mysteriöse Mac-Malware seit Jahren aktiv ∗∗∗ --------------------------------------------- Auch Mac-Nutzer sind nicht vor Schadsoftware sicher: Eine Malware soll seit mehr als fünf Jahren aktiv sein, aber nur einige hundert Nutzer befallen haben. Die Software ermöglicht einen weitgehenden Zugriff auf den Rechner und private Informationen. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/fruit-fly-2-mysterioese-mac-malware-seit-jahren-a… ∗∗∗ CowerSnail, from the creators of SambaCry ∗∗∗ --------------------------------------------- We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. --------------------------------------------- http://securelist.com/cowersnail-from-the-creators-of-sambacry/79087/ ∗∗∗ Novel Attack Tricks Servers to Cache, Expose Personal Data ∗∗∗ --------------------------------------------- Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers. --------------------------------------------- http://threatpost.com/novel-attack-tricks-servers-to-cache-expose-personal-… ∗∗∗ SBA Research co-organizes ROOTS 2017 ∗∗∗ --------------------------------------------- November 16, 2017 - November 17, 2017 - All Day The Imperial Riding School Vienna Ungargasse 60 Vienna --------------------------------------------- https://www.sba-research.org/events/sba-research-co-organizes-roots-2017/ ∗∗∗ Alternatives to Government-Mandated Encryption Backdoors ∗∗∗ --------------------------------------------- Policy essay: "Encryption Substitutes," by Andrew Keane Woods --------------------------------------------- https://www.schneier.com/blog/archives/2017/07/alternatives_to_1.html ∗∗∗ ShieldFS Is a Clever New Tool That Shuts Down Ransomware Before Its Too Late ∗∗∗ --------------------------------------------- By sniffing out ransomware in real-time, ShieldFS might be the cure to the internets latest security scourge. --------------------------------------------- https://www.wired.com/story/shieldfs-ransomware-protection-tool ∗∗∗ ENISA invites European utilities to join EE-ISAC Expert meeting in September ∗∗∗ --------------------------------------------- Together with the DG Energy of the European Commission, ENISA is organising a full-day expert seminar, which will be held on 7th September, 2017 in Athens. Registration is now open. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-invites-european-utilitie… ===================== = Advisories = ===================== ∗∗∗ VU#350135: Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin ∗∗∗ --------------------------------------------- Vulnerability Note VU#350135 Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin Original Release date: 07 Jun 2017 | Last revised: 24 Jul 2017 Overview WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device. --------------------------------------------- http://www.kb.cert.org/vuls/id/350135 ∗∗∗ VU#838200: Telerik Web UI contains cryptographic weakness ∗∗∗ --------------------------------------------- Vulnerability Note VU#838200 Telerik Web UI contains cryptographic weakness Original Release date: 25 Jul 2017 | Last revised: 25 Jul 2017 Overview The Telerik Web UI, versions R2 2017 (2017.2.503) and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys. --------------------------------------------- http://www.kb.cert.org/vuls/id/838200 ∗∗∗ [20170704] - Core - Installer: Lack of Ownership Verification ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Installer Severity: High Versions: 1.0.0 through 3.7.3 Exploit type: Lack of Ownership Verification Reported Date: 2017-Apr-06 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11364 Description The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control. Please note: Already installed sites are not affected, as this issue is limited to the installer application! --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/dsijOki-S50/700-20170704-c… ∗∗∗ [20170705] - Core - XSS Vulnerability ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Severity: Low Versions: 1.5.0 through 3.7.3 Exploit type: XSS Reported Date: 2017-April-26 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11612 Description Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uutSEqYQKbU/701-20170605-c… ∗∗∗ DFN-CERT-2017-1285: Cacti: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1285/ ∗∗∗ Vulnerability in Citrix NetScaler SD-WAN Enterprise & Standard Edition and Citrix CloudBridge Virtual WAN Edition Could Result in Unauthenticated Remote Code Execution ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX225990 ∗∗∗ IBM Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2017-1496) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006175 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSource GNU Glibc affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005677 ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2017-1370) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005868 ∗∗∗ IBM Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22002754 ∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities affect IBM Network Advisor ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010466 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM WebSphere Portal Rich Media Edition ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005279 ∗∗∗ [2017-07-24] Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… ∗∗∗ [2017-07-24] Open Redirect issue in multiple Ubiquiti Networks products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2017
by Daily end-of-shift report 24 Jul '17

24 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-07-2017 18:00 − Montag 24-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ New Version of DarkHotel Malware Spotted Going After Political Figures ∗∗∗ --------------------------------------------- The DarkHotel hacking group, a threat actor known to engage in advanced cyber-espionage tactics, has shifted operations from targeting CEOs and businessmen to political figures. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-version-of-darkhotel-mal… ∗∗∗ How was the #TurrisHack17 ? ∗∗∗ --------------------------------------------- Since the beginning of the Turris project, we have been very happy for the opportunity to cooperate closely with our community. Without it, the project would not have been where it is now. It was largely the interest of potential […] --------------------------------------------- http://en.blog.nic.cz/2017/07/22/how-was-the-turrishack17/ ∗∗∗ FIRST releases inaugural annual report ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams releases inaugural annual report, covering the scope of its activities from the 2016 conference in Seoul, through its 2017 annual event in Puerto Rico. --------------------------------------------- https://www.first.org/newsroom/releases/20170724 ∗∗∗ Hacking: Microsoft beschlagnahmt Fancy-Bear-Infrastruktur ∗∗∗ --------------------------------------------- Um gegen die Hackergruppe Fancy Bear vorzugehen, nutzt Microsoft das Markenrecht und beschlagnahmt Domains. Die kriminellen Aktivitäten der Gruppe würden "die Marke und den Ruf" des Unternehmens schädigen. Komplett stoppen lassen sich die Aktivitäten aber auch auf diesem Wege nicht. (Microsoft, Server) --------------------------------------------- https://www.golem.de/news/hacking-microsoft-beschlagnahmt-fancy-bear-infras… ∗∗∗ Uber drivers new threat: the "passenger", (Mon, Jul 24th) ∗∗∗ --------------------------------------------- This week I was told about a scam attack that surprised me due to the criminals creativity. A NYC Uber driver had his Uber account and days incomings stolen by someone who was supposed to be his next passenger. --------------------------------------------- https://isc.sans.edu/diary/rss/22626 ∗∗∗ DMARC: an imperfect solution that can make a big difference ∗∗∗ --------------------------------------------- US Senator Ron Wyden has asked the Department of Homeland Security to implement DMARC. Martijn Grooten looks at what difference this could make for phishing attacks impersonating the US federal governent. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/07/dmarc-imperfect-solution-can… ===================== = Advisories = ===================== ∗∗∗ HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗ --------------------------------------------- Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ rt-sa-2017-009 ∗∗∗ --------------------------------------------- Remote Command Execution as root in REDDOXX Appliance --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-009.txt ∗∗∗ rt-sa-2017-007 ∗∗∗ --------------------------------------------- Undocumented Administrative Service Account in REDDOXX Appliance --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-007.txt ∗∗∗ VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/586501 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22003790 ∗∗∗ IBM Security Bulletin: Vulnerability in Samba affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005381 ∗∗∗ Palo Alto PAN-OS Unspecified Bug in DNS Proxy Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038976 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect External Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038975 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Management Web Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038974 ∗∗∗ Python and Jython vulnerability CVE-2013-1752 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53192206 ∗∗∗ Python and Jython vulnerability CVE-2014-7185 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78825687 ∗∗∗ SNMP vulnerability CVE-2007-5846 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33151296 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.07.2017
by Daily end-of-shift report 21 Jul '17

21 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-07-2017 18:00 − Freitag 21-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 14 Warning Signs that Your Computer is Malware-Infected ∗∗∗ --------------------------------------------- Malware attacks affect us all. The increasing number of Internet users worldwide creates an equal (or larger) number of opportunities for cyber criminals to take advantage of our systems. As we become more dependent on the online environment, we can clearly see a massive growth in malware and cyber criminal activities all across the globe. --------------------------------------------- https://heimdalsecurity.com/blog/warning-signs-operating-system-infected-ma… ∗∗∗ Practical Android Phone Forensics ∗∗∗ --------------------------------------------- Introduction Today’s world is Android World. Almost 90% of devices are running on Android, and each one of us is using Android in some or the other way. There are various devices which run on Android, but Android is widely used on Smart Phones. Also, if you check the Global Smart Phone Market Share Android [...] --------------------------------------------- http://resources.infosecinstitute.com/practical-android-phone-forensics/ ∗∗∗ BKA will mächtigeren Staatstrojaner angeblich noch 2017 einsatzbereit haben ∗∗∗ --------------------------------------------- Laut einem geleakten Dokument ist man beim Bundeskriminalamt optimistisch, noch 2017 einen Staatstrojaner einsatzbereit zu haben, der deutlich mächtiger ist als sein Vorgänger. Damit sollen auch Smartphones gehackt werden, nachdem das nun erlaubt wurde. --------------------------------------------- https://heise.de/-3779770 ∗∗∗ Companies unprepared to measure incident response ∗∗∗ --------------------------------------------- Companies struggle to keep up with and respond to cyberattacks due to lack of resources, according to Demisto. For example, more than 40 percent of respondents said their organizations are not prepared to measure incident response, and only 14.5 percent of respondents are measuring MTTR (Mean Time to Respond). While organizations are hit with an average of nearly 350 incidents per week, 30 percent of respondents reported they have no playbooks, runbooks or other documentation [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/07/21/measure-incident-response/ ∗∗∗ Smartphone mit Sicherheitslücken verkauft: Klage gegen Media Markt ∗∗∗ --------------------------------------------- Deutsche Verbraucherschützer gehen gegen Händler vor, es handelt sich um einen Präzedenzfall --------------------------------------------- http://derstandard.at/2000061599440 ∗∗∗ Cyber-Angriffe auf die Wirtschaft – jedes zweite Unternehmen betroffen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Cyber-Angri… ===================== = Advisories = ===================== ∗∗∗ DFN-CERT-2017-1269: Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1269/ ∗∗∗ DFN-CERT-2017-1263: GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen und die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1263/ ∗∗∗ DFN-CERT-2017-1270: Red Hat 3scale API Management Platform: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1270/ ∗∗∗ IBM Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004785 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004786 ∗∗∗ IBM Security Bulletin: API Connect is affected by SSH vulnerability (CVE-1999-1085) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005718 ∗∗∗ IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010137 ∗∗∗ IBM Security Bulletin: Cross-site Scripting vulnerabilities affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006052 ∗∗∗ IBM Security Bulletin:IBM Emptoris Supplier Lifecycle Management is affected by a Cross Site Scripting vulnerability (CVE-2016-6118) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005824 ∗∗∗ IBM Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000316 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005076 ∗∗∗ SSA-275839 (Last Update 2017-07-21): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-293562 (Last Update 2017-07-21): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562… ∗∗∗ SSA-731239 (Last Update 2017-07-21): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239… ∗∗∗ libxml2 vulnerability CVE-2015-8710 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45439210 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2017
by Daily end-of-shift report 20 Jul '17

20 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-07-2017 18:00 − Donnerstag 20-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vault 7 Data Leak: Analyzing the CIA files ∗∗∗ --------------------------------------------- Digging the Vault 7 dumps In a first post on the Vault7 dump, we analyzed the information contained in files leaked by Wikileaks and allegedly originating from a network of the U.S. Central Intelligence Agency (CIA). At the time, we analyzed the following CIA projects: The Year Zero that revealed CIA hacking exploits for hardware and software. The Dark Matter dump […]The post Vault 7 Data Leak: Analyzing the CIA files appeared first on InfoSec Resources. --------------------------------------------- http://resources.infosecinstitute.com/vault-7-data-leak-analyzing-cia-files… ∗∗∗ DDoS Tools availability Online, a worrisome trend ∗∗∗ --------------------------------------------- Experts warn of an increased availability of DDoS tools online, many wannabe hackers download and use them without awareness on consequences. As cyber crime reaches new levels with new malware & viruses being realized online on a daily basis it also becomes apparent that the increase in DDoS tools that require no apparent skills to […]The post DDoS Tools availability Online, a worrisome trend appeared first on Security Affairs. --------------------------------------------- http://securityaffairs.co/wordpress/61188/hacking/ddos-tools-online.html ∗∗∗ EU Court to Rule On Right to Be Forgotten Outside Europe ∗∗∗ --------------------------------------------- The European Unions top court is set to decide whether the blocs "right to be forgotten" policy stretches beyond Europes borders, a test of how far national laws can -- or should -- stretch when regulating cyberspace. From a report: The case stems from France, where the highest administrative court on Wednesday asked the EUs Court of Justice to weigh in on a dispute between Alphabets Google and Frances privacy regulator over how broadly to apply the right (Editors note: the link could --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RSt2wRvb9ho/eu-court-to-rul… ∗∗∗ No one still thinks iOS is invulnerable to malware, right? Well, knock it off ∗∗∗ --------------------------------------------- As platforms popularity continues to rise, so does its allure to miscreants The comforting notion that iOS devices are immune to malicious code attacks has taken a knock following the release of a new study by mobile security firm Skycure.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/07/20/ios_securit… ∗∗∗ IETF: Streit über TLS-Überwachung führt zum Eklat ∗∗∗ --------------------------------------------- Für die einen ist es passives Monitoring im Rechenzentrum. Für die anderen ist der Nachschlüssel für Netzadministratoren ein Einstieg in die Massenüberwachung und der GAU für das neue TLS-Protokoll. --------------------------------------------- https://heise.de/-3777578 ∗∗∗ Google Play Protect schützt vor Malware-Apps ∗∗∗ --------------------------------------------- Google rollt einen neuen Sicherheitsmechanismus für Android-Smartphones aus, der installierte Apps laufend überprüft. Google Play Protect funktioniert auch mit Anwendungen, die nicht aus dem Play Store stammen. --------------------------------------------- https://heise.de/-3778162 ∗∗∗ Bugfix- und Sicherheitsupdates für watchOS und tvOS ∗∗∗ --------------------------------------------- Das Apple-Watch-Betriebssystem erreicht Version 3.2.3 und das Apple-TV-4-OS Version 10.2.2. Es gibt Fehlerbehebungen und sicherheitsrelevante Fixes. --------------------------------------------- https://heise.de/-3777843 ∗∗∗ Assessing the habits and tactics of organized credit card fraud gangs ∗∗∗ --------------------------------------------- By analyzing hundreds of criminal forums, Digital Shadows discovered a new trend in the form of remote learning ‘schools’. Available to Russian speakers only, these six-week courses comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material. An advertisement for the WWH online course In exchange for $745 (plus $200 for course fees), aspiring cyber criminals have the potential to make $12k a month, based on a standard 40-hour --------------------------------------------- https://www.helpnetsecurity.com/2017/07/20/organized-credit-card-fraud-gang… ===================== = Advisories = ===================== ∗∗∗ Apple Sicherheitsupdates für Mac OS X und macOS Sierra ∗∗∗ --------------------------------------------- Das Betriebssystem Mac OS X ist der Standard auf Apple Laptops und Desktop-Geräten.Das von Apple entwickelte Betriebssystem macOS Sierra ist der namentliche Nachfolger von Mac OS X ab Version 10.12 für Macintosh-Systeme (Desktop und Server).Apple veröffentlicht macOS Sierra 10.12.6 und schließt damit Sicherheitslücken, durch die ein nicht angemeldeter Angreifer aus dem Internet intendierte Sicherheitsmaßnahmen umgehen, Daten auf Ihrem Rechner ausspähen oder --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Sicherheitsupdate auf Apple iOS 10.3.3 ∗∗∗ --------------------------------------------- iOS ist das Standardbetriebssystem auf Apple-Geräten wie iPhone, iPod touch und iPad. Es wurde auf Basis des Betriebssystems MAC OS X entwickelt.In verschiedenen von Apple iOS bis einschließlich Version 10.3.2 intern verwendeten Komponenten existieren mehrere, zum Teil schwerwiegende Sicherheitslücken. Ein Angreifer aus dem Internet kann diese insgesamt 47 Sicherheitslücken für das Ausführen beliebigen Programmcodes, auch mit erweiterten Privilegien, das --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Apple veröffentlicht Sicherheitsupdates für den Safari Webbrowser ∗∗∗ --------------------------------------------- Der Webbrowser Safari wurde von Apple für MAC OS X entwickelt.Apple schließt mit der neuen Safari Version für OS X Yosemite, OS X El Capitan und macOS Sierra mehrere Sicherheitslücken, durch die ein Angreifer aus dem Internet unter anderem beliebigen Programmcode auf Ihrem System ausführen, Informationen ausspähen sowie falsche Informationen darstellen kann. Insbesondere durch die Ausführung beliebigen Programmcodes kann ihr System nachhaltig geschädigt --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Vuln: Genivia gSOAP CVE-2017-9765 Stack Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/99868 ∗∗∗ Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1253: Apple iCloud: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1253/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU – Apr 2017 – Includes Oracle Apr 2017 CPU affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005616 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2017
by Daily end-of-shift report 19 Jul '17

19 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-07-2017 18:00 − Mittwoch 19-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk ∗∗∗ --------------------------------------------- Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development --------------------------------------------- https://thehackernews.com/2017/07/gsoap-iot-device-hacking.html ∗∗∗ Sicherheitslücke in allen Node.js-Versionen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke macht viele Node.js-Anwendungen anfällig für Denial-of-Service-Attacken. Die Entwickler haben korrigierte Versionen von Node.js 4, 6, 7 und 8 bereitgestellt und raten dringend zum Update. --------------------------------------------- https://heise.de/-3775843 ∗∗∗ Adware the series, the final: Tools section ∗∗∗ --------------------------------------------- The final episode of our adware series talks specifically about the tools that we use in identifying adware and the places where it lurks on a system.Categories: PUPTags: adwareFileASSASSINfrstPieter Arntzprocess explorerResource Monitorrootkitthe more you knowtoolstrojan(Read more...)The post Adware the series, the final: Tools section appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/puppum/2017/07/adware-the-series-the-final-to… ===================== = Advisories = ===================== ∗∗∗ DSA-3914 imagemagick - security update ∗∗∗ --------------------------------------------- This updates fixes several vulnerabilities in imagemagick: Variousmemory handling problems and cases of missing or incomplete inputsanitising may result in denial of service, memory disclosure or theexecution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNGfiles are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3914 ∗∗∗ WP Statistics 12.0.9 - Authenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8866 ∗∗∗ DFN-CERT-2016-1068: Apache Commons FileUpload, Apache Tomcat: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1068/ ∗∗∗ DFN-CERT-2017-1240: Apache Software Foundation HTTP-Server: Eine Schwachstelle ermöglicht das Ausspähen von Informationen und einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1240/ ∗∗∗ DFN-CERT-2017-1245: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1245/ ∗∗∗ DFN-CERT-2017-1249: Symfony: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1249/ ∗∗∗ IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010329 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform Reports Privilege Escalation (CVE-2017-1373) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004677 ∗∗∗ Oracle Critical Patch Update Advisory - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html ∗∗∗ Solaris Third Party Bulletin - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.h… ∗∗∗ Oracle Linux Bulletin - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832… ∗∗∗ Oracle VM Server for x86 Bulletin - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-383236… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.07.2017
by Daily end-of-shift report 18 Jul '17

18 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Montag 17-07-2017 18:00 − Dienstag 18-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: ===================== = News = ===================== ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗ --------------------------------------------- Für unser "Daily Business" suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich hier: https://www.cert.at/about/jobs/jobs.html --------------------------------------------- https://www.cert.at/services/blog/20170718152748-2072.html ∗∗∗ Exploit Derived From ETERNALSYNERGY Upgraded to Target Newer Windows Versions ∗∗∗ --------------------------------------------- Thai security researcher Worawit Wang has put together an exploit based on ETERNALENERGY that can also target newer versions of the Windows operating system. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-derived-from-eternal… ∗∗∗ Economic losses from cyber attack ‘akin to natural disaster’ ∗∗∗ --------------------------------------------- Not just a disaster for your data, a major attack could cost the global economy up to $120bn, according to new study. --------------------------------------------- https://www.htbridge.com/blog/economic-losses-from-cyber-attack-akin-to-nat… ∗∗∗ Linux Users Urged to Update as a New Threat Exploits SambaCry ∗∗∗ --------------------------------------------- A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker could open a command shell in a vulnerable device and take control of --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/lri-dU9kM1o/ ===================== = Advisories = ===================== ∗∗∗ Cisco WebEx Browser Extension Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows.The --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Bitdefender Remote Stack Buffer Overflow via 7z PPMD ∗∗∗ --------------------------------------------- submitted by /u/landave [link] [comments] --------------------------------------------- https://www.reddit.com/r/netsec/comments/6o0gji/bitdefender_remote_stack_bu… ∗∗∗ Bitdefender Remote Stack Buffer Overflow via 7z PPMD ∗∗∗ --------------------------------------------- https://www.reddit.com/r/netsec/comments/6o0gji/bitdefender_remote_stack_bu… ∗∗∗ DFN-CERT-2017-1230/">XML::LibXML: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1230/ ∗∗∗ [webapps] Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42333/?rss ∗∗∗ [webapps] Sophos Web Appliance 4.3.0.2 - trafficType Remote Command Injection (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42332/?rss ∗∗∗ [remote] Belkin NetCam F7D7601 - Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42331/?rss ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is affected by a user password being stored in plain text vulnerability (CVE-2017-1309) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005437 ∗∗∗ IBM Security Bulletin: BigFix Family WebUI Component Has Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005246 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Direct for UNIX (CVE-2017-3731) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005893 ∗∗∗ IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct for UNIX (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005891 ∗∗∗ IBM Security Bulletin: The BigFix Platform versions 9.1 and 9.2 have security vulnerabilities that have been addressed via patch releases ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006014 ∗∗∗ IBM Security Bulletin: Detailed error messages in IBM Emptoris Contract Management are vulnerable to attacks (CVE-2016-6018) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005664 ∗∗∗ IBM Tivoli Enterprise Portal Server Bugs Let Remote Users Execute Arbitrary Commands and Modify SQL Queries and Let Local Users Gain Elevated Privileges ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038913 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily July 2017