Daily August 2017

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 31.08.2017
by Daily end-of-shift report 31 Aug '17

31 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 30-08-2017 18:00 − Donnerstag 31-08-2017 18:00 Handler: Robert Waldner Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ Dissecting the Chrome Extension Facebook malware ∗∗∗ --------------------------------------------- The Facebook malware that spread last week was dissected in a collaboration with Kaspersky Lab and Detectify. We were able to get help from the involved companies and cloud services to quickly shut down parts of the attack to mitigate it as fast as possible. --------------------------------------------- http://securelist.com/dissecting-the-chrome-extension-facebook-malware/8171… ∗∗∗ Cyber Security Assessment Netherlands 2017: Digital resilience is lagging behind the increasing threat ∗∗∗ --------------------------------------------- The digital resilience of individuals and organisations is lagging behind the increasing threat. Government, business and citizens take many steps to increase digital resilience, but this is not happening fast enough. This is apparent from the Cyber Security Assessment Netherlands 2017 (CSAN 2017), which demissionary State Secretary Dijkhoff sent to parliament in June and which is being published in English today. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/cyber-security-assessment-n… ∗∗∗ A Framework for Cyber Security Insurance ∗∗∗ --------------------------------------------- New paper: "Policy measures and cyber insurance: a framework," by Daniel Woods and Andrew Simpson, Journal of Cyber Policy, 2017.Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments and the insurance industry should pursue in support of this public-private partnership. --------------------------------------------- https://www.schneier.com/blog/archives/2017/08/a_framework_for.html ∗∗∗ Mining Adminers – Hackers Scan the Internet For DB Scripts ∗∗∗ --------------------------------------------- Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance. Despite these limitations, scanning just 1% of the internet allows attackers to discover thousands of vulnerable sites. --------------------------------------------- https://blog.sucuri.net/2017/08/mining-adminers-hackers-scan-the-internet-f… ∗∗∗ Herzschrittmacher von St. Jude Medical: Firmware-Patches gegen Sicherheitslücken ∗∗∗ --------------------------------------------- Versierte Hacker können Herzschrittmacher der Marke Abbott angreifen, um Befehle auszuführen und Patientendaten zu stehlen. Implantatträgern wird ein baldiger Arztbesuch empfohlen, um wichtige Firmware-Updates zu installieren. --------------------------------------------- https://heise.de/-3817954 ∗∗∗ Embedded IoT: Krypto-Bibliothek mbed TLS für Lauschattacken anfällig ∗∗∗ --------------------------------------------- Unter gewissen Umständen könnten Angreifer als Man in the Middle den Informationsaustausch von Geräten, die auf mbed TLS setzen, mitschneiden. Abgesicherte Versionen stehen bereit. --------------------------------------------- https://heise.de/-3819197 ∗∗∗ Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities ∗∗∗ --------------------------------------------- Today, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allows an attacker to gain full control over the victims machine. --------------------------------------------- http://blog.talosintelligence.com/2017/08/vuln-spotlight-multiple-gdk.html ===================== = Advisories = ===================== ∗∗∗ IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Compute denial of service vulnerability (CVE-2016-7498) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022227 ∗∗∗ IBM Security Bulletin: Vulnerability in libtirpc affects Power Hardware Management Console (CVE-2017-8779) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022176 ∗∗∗ IBM Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022177 ∗∗∗ IBM Security Bulletin: IBM PowerVC is impacted by python oslo.middleware package information disclosure (CVE-2017-2592) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022229 ∗∗∗ IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022228 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2017 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007046 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2017 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007002 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.08.2017
by Daily end-of-shift report 30 Aug '17

30 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 29-08-2017 18:00 − Mittwoch 30-08-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ WireX: Google entfernt 300 DDoS-Apps aus dem Playstore ∗∗∗ --------------------------------------------- Google hat ein DDoS-Botnetz aus Android-Geräten lahmgelegt - und dazu 300 Apps aus dem Playstore entfernt. Rund 70.000 Smartphones wurden infiziert. (DoS, Virus) --------------------------------------------- https://www.golem.de/news/wirex-google-entfernt-300-ddos-apps-aus-dem-plays… ∗∗∗ Introducing WhiteBear ∗∗∗ --------------------------------------------- As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure. --------------------------------------------- http://securelist.com/introducing-whitebear/81638/ ∗∗∗ Security baseline for Windows 10 “Creators Update” (v1703) – FINAL ∗∗∗ --------------------------------------------- Microsoft is pleased to announce the final release of the recommended security configuration baseline settings for Windows 10 “Creators Update,” also known as version 1703, “Redstone 2,” or RS2. The downloadable attachment to this blog post includes importable GPOs, tools for applying the GPOs, custom ADMX files for Group Policy settings, and all the settings in spreadsheet... --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-f… ∗∗∗ Proof that HMAC-DRBG has No Back Doors ∗∗∗ --------------------------------------------- New research: "Verified Correctness and Security of mbedTLS HMAC-DRBG," by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel.Abstract: We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security -- that its output is pseudorandom -- using a hybrid game-based proof. --------------------------------------------- https://www.schneier.com/blog/archives/2017/08/proof_that_hmac.html ===================== = Advisories = ===================== ∗∗∗ Update to Security Bulletin (APSB17-24) ∗∗∗ --------------------------------------------- The Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29. The August 29 updates resolve a functional regression with XFA forms functionality … --------------------------------------------- https://blogs.adobe.com/psirt/?p=1484 ∗∗∗ DFN-CERT-2017-1525: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht authentisierten Angreifer für verschiedene Denial-of-Service (DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen erfordert die Verarbeitung speziell präparierter Datenpakete oder Packet-Trace-Dateien mit den Dissektoren für IrCOMM, Modbus, Profinet I/O oder MSDP. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1525/ ∗∗∗ DFN-CERT-2017-1523: Libgcrypt: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Eine Schwachstelle in Libgcrypt ermöglicht einem lokalen, einfach authentisierten Angreifer das Ausspähen privaten Schlüsselmaterials. Das GnuPG-Projekt hat die Schwachstelle in den Versionen 1.7.9 und 1.8.1 behoben. Der Quellcode dieser Versionen steht zum Herunterladen zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1523/ ∗∗∗ Multiple vulnerabilities in RubyGems ∗∗∗ --------------------------------------------- The following vulnerabilities have been reported. * a DNS request hijacking vulnerability * an ANSI escape sequence vulnerability * a DoS vulernerability in the query command * a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files --------------------------------------------- https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-ru… ∗∗∗ Cisco unveils LabVIEW code execution flaw that won’t be patched ∗∗∗ --------------------------------------------- LabVIEW, the widely used system design and development platform developed by National Instruments, sports a memory corruption vulnerability that could lead to code execution. LabVIEW is commonly used for building data acquisition, instrument control, and industrial automation systems on a variety of operating systems: Windows, macOS, Linux and Unix. The vulnerability (CVE-2017-2779) The vulnerability was discovered by Cory Duplantis of Cisco Talos earlier this year, and reported to the company. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/30/labview-code-execution-flaw/ ∗∗∗ Abbott Laboratories’ Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01 ∗∗∗ AzeoTech DAQFactory ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01 ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in The FusionSphere OpenStack ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170830-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Algo Credit Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007392 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/support/docview.wss?uid=swg22006695 ∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022175 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Power Hardware Management Console (CVE-2017-1194) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022178 ∗∗∗ IBM Security Bulletin: IBM Transformation Extender Advanced and IBM Standards Processing Engine are susceptible to a vulnerability in 10x (CVE-2017-1152) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004796 ∗∗∗ ImageMagick Heap Overflow in TracePoint() in Processing Files Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039246 ∗∗∗ SSA-535640 (Last Update 2017-08-30): Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640… ∗∗∗ SSA-771218 (Last Update 2017-08-30): Vulnerability in 7KM PAC Switched Ethernet PROFINET expansion module from the SENTRON portfolio ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218… ∗∗∗ SSA-087240 (Last Update 2017-08-30): Vulnerabilities in SIEMENS LOGO! ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240… ∗∗∗ HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information ∗∗∗ --------------------------------------------- https://h20565.www2.hpe.com/portal/site/hpsc/template.PAGE/action.process/p… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.08.2017
by Daily end-of-shift report 29 Aug '17

29 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 28-08-2017 18:00 − Dienstag 29-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Metadata From IoT Traffic Exposes In-Home User Activity ∗∗∗ --------------------------------------------- Metadata from web traffic generated by smart devices installed in a home can reveal quite a lot of information about the owners habits and lifestyle. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/technology/metadata-from-iot-traffic-… ∗∗∗ "Die ganzen Kosten und Risiken trägt im Moment der Kunde" ∗∗∗ --------------------------------------------- Das absolut Mindeste muss sein, dass der Hersteller für alle Sicherheitslücken für den gesamten Nutzungszeitraum der Software Patches für Sicherheitslücken zur Verfügung stellen muss. Wenn es nach mir ginge, bekäme der Kunde eine Pauschale pro Arbeitsplatz und Tag ohne Patch ausgezahlt, und zwar nicht seit das Sicherheitsloch öffentlich bekannt wurde, sondern – wenn das vorher war – seit der Hersteller davon wusste. --------------------------------------------- https://www.eco.de/2017/news/die-ganzen-kosten-und-risiken-traegt-im-moment… ∗∗∗ Android und Windows: MTP-Bug lässt Dateien verschwinden ∗∗∗ --------------------------------------------- Vorsicht mit Android-Geräten, die per USB an einen PC mit Windows 10 angeschlossen sind: Bei harmlosen Aufräumarbeiten können Fotos und andere Dateien unwiderruflich verloren gehen. Betroffen sind fast alle Android-Geräte außer den neueren von Samsung. --------------------------------------------- https://heise.de/-3815535 ∗∗∗ Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet ∗∗∗ --------------------------------------------- A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle WireX, an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more --------------------------------------------- https://krebsonsecurity.com/2017/08/tech-firms-team-up-to-take-down-wirex-a… ∗∗∗ BSI-Studie zur Analyse des Linux-Zufallszahlengenerators wird fortgesetzt ∗∗∗ --------------------------------------------- Im Rahmen einer Langzeitstudie untersucht das Bundesamt für Sicherheit in der Informationstechnik (BSI) seit 2012 die kryptografische Eignung des Linux-Zufallszahlengenerators "/dev/random". Der aktuelle Untersuchungsbericht umfasst sowohl den aktuellen als auch alle vorigen Linux-Kernel und steht in englischer Sprache auf der BSI-Webseite zum Download zur Verfügung. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Studie_Linu… ===================== = Advisories = ===================== ∗∗∗ DSA-3958 fontforge - security update ∗∗∗ --------------------------------------------- It was discovered that FontForge, a font editor, did not correctlyvalidate its input. An attacker could use this flaw by tricking a userinto opening a maliciously crafted OpenType font file, thus causing adenial-of-service via application crash, or execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3958 ∗∗∗ DSA-3957 ffmpeg - security update ∗∗∗ --------------------------------------------- Several vulnerabilities have been discovered in FFmpeg, a multimediaplayer, server and encoder. These issues could lead to Denial-of-Serviceand, in some situation, the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3957 ∗∗∗ VU#403768: Akeo Consulting Rufus fails to update itself securely ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/403768 ∗∗∗ DFN-CERT-2017-1514: MISP: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1514/ ∗∗∗ DFN-CERT-2017-1512: OpenSSL: Eine Schwachstelle ermöglicht das Darstellen falscher Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1512/ ∗∗∗ DFN-CERT-2017-1515: Ghostscript: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1515/ ∗∗∗ DFN-CERT-2017-1517: SQLite: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1517/ ∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170807-… ∗∗∗ Security Advisory - App Lock Bypass Vulnerability in Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170829-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025659 ∗∗∗ Pulse Connect Secure Access Control Flaw in diag.cgi Lets Remote Users Conduct Cross-Site Request Forgery Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039242 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.08.2017
by Daily end-of-shift report 28 Aug '17

28 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 25-08-2017 18:00 − Montag 28-08-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ===================== = Advisories = ===================== ∗∗∗ Disabling Intel ME 11 via undocumented mode ∗∗∗ --------------------------------------------- .. researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, revealing a mechanism that can disable Intel ME after hardware is initialized and the main processor starts. In this article, we describe how we discovered this undocumented mode and how it is connected with the U.S. governments High Assurance Platform (HAP) program. --------------------------------------------- http://blog.ptsecurity.com/2017/08/disabling-intel-me.html ∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017 /huawei-sa-20170807-01-smartphone-en ∗∗∗ IBM Security Bulletin: OpenSSL Security Advisory [22 Sep 2016 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010571 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sametime Community Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006228 ∗∗∗ IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007242 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Sametime Web Player (CVE-2016-2980) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006447 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Sametime Connect client (CVE-2016-0243, CVE-2016-2974) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006444 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco SAN switches and directors (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010566 ∗∗∗ IBM Security Bulletin: Various Security Vulnerabilities in IBM Sametime Proxy Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006441 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.08.2017
by Daily end-of-shift report 25 Aug '17

25 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 24-08-2017 18:00 − Freitag 25-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Researcher Releases Fully Working Exploit Code for iOS Kernel Vulnerability ∗∗∗ --------------------------------------------- Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researcher-releases-fully-wo… ∗∗∗ New EMPTY CryptoMix Ransomware Variant Released ∗∗∗ --------------------------------------------- Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses EMPTY, it is clear that the developers are running out of extensions to use. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomwa… ∗∗∗ Mobile malware factories: Android apps for creating ransomware ∗∗∗ --------------------------------------------- Mobile ransomware can now be created automatically without the need to write code. Having little to no coding experience is no longer a problem for wannabe mobile malware authors, thanks to Trojan Development Kits (TDKs). Criminals can now install an app that will allow them to quickly and easily create Android ransomware with their own devices. --------------------------------------------- https://www.symantec.com/connect/blogs/mobile-malware-factories-android-app… ∗∗∗ Analysis of Ronggolawe Ransomware and How to Block It ∗∗∗ --------------------------------------------- ... Web server ransomware is not new. In fact we witnessed first evidence of it back at 2015 and most recently in the well-known attack aimed at the South Korean web hosting company NAYANA. Unfortunately, today ransomware targeted at web servers is even more popular especially given the availability of open source malware easily found in public repositories such as GitHub. Most recently we have seen reports of a new web server ransomware called Ronggolawe, the code name for AwesomeWare. --------------------------------------------- https://www.imperva.com/blog/2017/08/ronggolawe-ransomware-how-to-block-it/ ∗∗∗ The Adventure of the Final Intel AMT Problem ∗∗∗ --------------------------------------------- Its high time to learn how cunning cyber criminals can use Intel AMT powerful capabilities to achieve their malicious goals. See the captivating story of hacking Intel AMT with all its twists and turns and awe-inspiring details with your own eyes. The freshest and the hottest presentation “MythBusters: CVE-2017-5689 – How Intel AMT could be broken completely” from HITB 2017. --------------------------------------------- https://embedi.com/news/adventure-final-intel-amt-problem ∗∗∗ Sophos UTM: Update kümmert sich um alte und neue Sicherheitslücken ∗∗∗ --------------------------------------------- In der UTM von Sophos klaffen mehrere Schwachstellen. Eine fehlerbereinigte Version steht zum Download bereit. --------------------------------------------- https://heise.de/-3812308 ∗∗∗ Android Oreo: Das sind die Sicherheits-Neuerungen bei Android 8.0 ∗∗∗ --------------------------------------------- Google härtet Android mit Google Play Protect, Schutzfunktionen für die System-UI, strikteren Regeln für nachgeladenen Code aus Drittquellen und erweiterter Isolierung von Browser-Prozessen. --------------------------------------------- https://heise.de/-3812341 ===================== = Advisories = ===================== ∗∗∗ ZDI-17-697: (0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-697/ ∗∗∗ ESB-2017.2137 - [Appliance] WPLSoft, ISPSoft and PMSoft ∗∗∗ --------------------------------------------- This bulletin contains ten (10) Zero Day Initiative security advisories. --------------------------------------------- https://www.auscert.org.au/bulletins/51578/print ∗∗∗ Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01 ∗∗∗ Rockwell Automation Allen-Bradley Stratix and ArmoStratix ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-04 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007508 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.08.2017
by Daily end-of-shift report 24 Aug '17

24 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-08-2017 18:00 − Donnerstag 24-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 90% of Companies Get Attacked with Three-Year-Old Vulnerabilities ∗∗∗ --------------------------------------------- A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-… ∗∗∗ Whatsapp und Signal: Zerodium bietet 500.000 US-Dollar für Messenger-Exploits ∗∗∗ --------------------------------------------- Die staatliche Nachfrage nach Sicherheitslücken für die Quellen-TKÜ zeigt offenbar Wirkung. Schwachstellen in Whatsapp, Signal und anderen Messengern werden besser honoriert als Codeausführung in Windows. --------------------------------------------- https://www.golem.de/news/whatsapp-und-signal-zerodium-bietet-500-000-us-do… ∗∗∗ Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root ∗∗∗ --------------------------------------------- An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root. --------------------------------------------- http://threatpost.com/deprecated-insecure-apple-authorization-api-can-be-ab… ∗∗∗ Decrypting NotPetya/Petya: Tools for Recovering Your MFT After an Attack ∗∗∗ --------------------------------------------- In this blog post, we are making our findings, and tools, for decrypting NotPetya/Petya available to the general public. With the aid of the supplied tools, almost all of the Master File Table (MFT) can be successfully recovered within minutes. --------------------------------------------- https://www.crowdstrike.com/blog/decrypting-notpetya-tools-for-recovering-y… ∗∗∗ Im giving up on HPKP ∗∗∗ --------------------------------------------- HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. Whilst HPKP can offer a lot of protection, it can also cause a lot of harm too. --------------------------------------------- https://scotthelme.co.uk/im-giving-up-on-hpkp/ ∗∗∗ Crystal Finance Millennium used to spread malware ∗∗∗ --------------------------------------------- [...] it was revealed the Crystal Finance Millennium website was indeed hacked, and serving three different flavors of malware. In this short blog post, well take a look at the malware variants that were distributed, and provide minimal background. --------------------------------------------- https://bartblaze.blogspot.de/2017/08/crystal-finance-millennium-used-to.ht… ∗∗∗ Malware über Facebook-Messenger im Umlauf, greift Windows und macOS an ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen aktuell vor einer Masche, mit der Facebook-Nutzer dazu verleitet werden sollen, trojanisierte Fake-Software zu installieren. --------------------------------------------- https://heise.de/-3811842 ∗∗∗ Kritische Sicherheitslücke in HPE iLo: "So schnell wie möglich handeln" ∗∗∗ --------------------------------------------- Die Management-Software Integrated Lights-out 4 (iLO 4) von HP-Proliant-Servern enthält eine Sicherheitslücke, über die Angreifer aus der Ferne Schadcode ausführen können, ohne sich anmelden zu müssen. --------------------------------------------- https://heise.de/-3811873 ===================== = Advisories = ===================== ∗∗∗ Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1497/">Cacti: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1497/ ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects Sametime Community (CVE-2016-2183) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006212 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007428 ∗∗∗ IBM Security Bulletin: Various Security vulnerabilities in IBM Sametime Media Server (CVE-2016-2970, CVE-2016-0729, CVE-2016-4449) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006233 ∗∗∗ HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=e… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.08.2017
by Daily end-of-shift report 23 Aug '17

23 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-08-2017 18:00 − Mittwoch 23-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ROPEMAKER Lets Attackers Change Your Emails After Delivery ∗∗∗ --------------------------------------------- A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ropemaker-lets-attackers-cha… ∗∗∗ Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware ∗∗∗ --------------------------------------------- Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-play-store-security-s… ∗∗∗ Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd) ∗∗∗ --------------------------------------------- Yesterday, I found an interesting sample that I started to analyze... It reached my spam trap attached to an email in Portuguese with the subject: "Venho por meio desta solicitar orçamento dos produtos” ("I hereby request the products budget”). --------------------------------------------- https://isc.sans.edu/diary/rss/22748 ∗∗∗ Apple iCloud Keychain easily slurped, ElcomSoft says ∗∗∗ --------------------------------------------- Credentials stored in the cloud succumb to forensic software ElcomSoft, the Russia-based maker of forensic software, has managed to find a way to access the data stored in Apples iCloud Keychain, if Apple ID account credentials are available. --------------------------------------------- http://www.theregister.co.uk/2017/08/22/apple_icloud_keychain_easily_slurpe… ∗∗∗ Is the Power Grid Getting More Vulnerable to Cyber Attacks? ∗∗∗ --------------------------------------------- Rising computerization opens doors for increasingly aggressive adversaries, but defenses are better than many might think. --------------------------------------------- https://www.scientificamerican.com/article/is-the-power-grid-getting-more-v… ∗∗∗ Ukrainian Security Firm Warns of Another Massive Global Cyberattack ∗∗∗ --------------------------------------------- A new wave of cyberattacks could be launched as soon as this week, Ukrainian security firm ISSP warns, pointing out that the main objective would be taking down networks on August 24 when Ukraine celebrates the Independence Day. --------------------------------------------- http://news.softpedia.com/news/ukrainian-security-firm-warns-massive-global… ∗∗∗ Google schmeißt 500 potenzielle Spionage-Apps aus App Store ∗∗∗ --------------------------------------------- Ein Software Development Kit für Werbeeinblendungen soll Schnüffelfunktionen mitbringen. Damit ausgestattete Android-Apps weisen über 100 Millionen Downloads auf, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3810366 ∗∗∗ Hintergrund: Hardware-Fuzzing: Hintertüren und Fehler in CPUs aufspüren ∗∗∗ --------------------------------------------- Ein Prozessor-Fuzzer analysiert Hardware, der man normalerweise blind vertrauen muss. In ersten Testläufen wurde er bei nahezu allen Architekturen fündig und spürte etwa undokumentierte CPU-Befehle auf. Sandsifter ist kostenlos und frei verfügbar; der Autor hilft sogar bei der Analyse. --------------------------------------------- https://heise.de/-3809408 ===================== = Advisories = ===================== ∗∗∗ DSA-3952 libxml2 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause a denial-of-service againstthe application, information leaks, or potentially, the execution ofarbitrary code with the privileges of the user running the application. --------------------------------------------- https://www.debian.org/security/2017/dsa-3952 ∗∗∗ Automated Logic Corporation WebCTRL, i-VU, SiteScan ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 ∗∗∗ SpiderControl SCADA Web Server ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03 ∗∗∗ SpiderControl SCADA MicroBrowser ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02 ∗∗∗ Security Advisory - Two Command Injection Vulnerabilities in The FusionSphere OpenStack ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170823-… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005055 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007464 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource NTP affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22002233 ∗∗∗ Multiple GNU Binutils vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23729200 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.08.2017
by Daily end-of-shift report 22 Aug '17

22 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 21-08-2017 18:00 − Dienstag 22-08-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gestohlene Nacktfotos von Ski-Star Lindsey Vonn im Netz ∗∗∗ --------------------------------------------- Unbekannte haben das Handy von US-Skistar Lindsey Vonn (32) geknackt und Nacktfotos von ihr und ihrem Ex-Freund Tiger Woods (41) gestohlen. --------------------------------------------- https://futurezone.at/digital-life/gestohlene-nacktfotos-von-ski-star-linds… ∗∗∗ Unsichere Passwörter: Angriffe auf Microsoft-Konten um 300 Prozent gestiegen ∗∗∗ --------------------------------------------- Noch immer haben viele Nutzer schlechte Passwörter und benutzen diese gleich für mehrere Accounts. Das geht aus Microsofts eigener Sicherheitsanalyse hervor, die Trends aus dem Enterprise- und Privatkundengeschäft präsentiert. --------------------------------------------- https://www.golem.de/news/unsichere-passwoerter-angriffe-auf-microsoft-kont… ∗∗∗ Enigma ICO Heist Robs Nearly $500,000 in Ethereum From Investors ∗∗∗ --------------------------------------------- Cryptos fine and good, but make sure youre looking after the basics. --------------------------------------------- https://www.wired.com/story/enigma-ico-ethereum-heist ∗∗∗ Who’s Blocked by Bad Guys? ∗∗∗ --------------------------------------------- Just a quick post about an interesting file found in a phishing kit. Bad guys use common techniques to prevent crawlers, scanners or security companies from accessing their pages. Usually, .. --------------------------------------------- https://blog.rootshell.be/2017/08/21/whos-blocked-bad-guys/ ∗∗∗ Erpressungstrojaner WannaCry hat erneut zugeschlagen ∗∗∗ --------------------------------------------- Offenbar hat LG bei einigen Service-Systemen wichtige Sicherheitspatches nicht installiert und WannaCry infizierte diverse Computer des Unternehmens in Südkorea. Dabei soll es aber zu keinen größeren Schäden gekommen sein. --------------------------------------------- https://heise.de/-3809790 ∗∗∗ Kriminelle stehlen Telefonnummern von Bitcoin-Investoren ∗∗∗ --------------------------------------------- Bitten Mobilfunker um Transfer der Nummer auf neues Gerät – oft Verluste in Millionenhöhe --------------------------------------------- http://derstandard.at/2000062971633 ∗∗∗ Hacker drohen, "Game of Thrones"-Finale vorab online zu stellen ∗∗∗ --------------------------------------------- HBO hat sich bislang geweigert, Lösegeld zu bezahlen – zwei von sechs Folgen waren früher ins Netz gelangt --------------------------------------------- http://derstandard.at/2000062960237 ∗∗∗ Betrug: Mobilfunkbetreiber warnen vor "Ping Calls" ∗∗∗ --------------------------------------------- Hinter unbekannter Nummer auf dem Handydisplay steckt manchmal ein Betrüger --------------------------------------------- http://derstandard.at/2000062990431 ===================== = Advisories = ===================== ∗∗∗ Sicherheitsupdate: Thunderbird updaten und sicher konfigurieren ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Mozilla Thunderbird ermöglichen einem entfernten, nicht authentisierten Angreifer das Ausführen beliebigen Programmcodes, das Umgehen von Sicherheitsvorkehrungen, die Darstellung falscher Informationen und verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://www.kuketz-blog.de/sicherheitsupdate-thunderbird-updaten-und-sicher… ∗∗∗ DSA-3949 augeas - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3949 ∗∗∗ Multiple vulnerabilities in Progress Sitefinity ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.08.2017
by Daily end-of-shift report 21 Aug '17

21 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-08-2017 18:00 − Montag 21-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Researchers Win $100,000 for New Spear-Phishing Detection Method ∗∗∗ --------------------------------------------- Facebook has awarded this years Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-win-100-000-for-… ∗∗∗ Wie Hacker große Frachtschiffe ins Visier nehmen ∗∗∗ --------------------------------------------- Mithilfe von Malware können Handelsschiffe lahmgelegt und manövrierunfähig gemacht werden. Kriminelle könnten sogar die Kollision zweier Schiffe herbeiführen. --------------------------------------------- https://futurezone.at/digital-life/wie-hacker-grosse-frachtschiffe-ins-visi… ∗∗∗ Personal Security Guide – iOS/Android ∗∗∗ --------------------------------------------- We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with personal information. --------------------------------------------- https://blog.sucuri.net/2017/08/personal-security-guide-iosandroid.html ∗∗∗ Warning: Enigma Hacked; Over $470,000 in Ethereum Stolen So Far ∗∗∗ --------------------------------------------- More Ethereum Stolen! An unknown hacker has so far stolen more than $471,000 worth of Ethereum—one of the most popular and increasingly valuable cryptocurrencies—in yet another Ethereum hack that hit the popular cryptocurrency investment platform, Enigma. --------------------------------------------- http://thehackernews.com/2017/08/enigma-cryptocurrency-hack.html ∗∗∗ DNSSEC Key Signing Key Rollover ∗∗∗ --------------------------------------------- On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/08/21/DNSSEC-Key-Signing… ∗∗∗ Zero-Day-Lücken im PDF Reader: Foxit will doch patchen ∗∗∗ --------------------------------------------- Ursprünglich wollte Foxit die zwei Lücken, die Angreifern unter bestimmten Umständen die lokale Codeausführung ermöglichen, nicht schließen. Mittlerweile hat sich der Hersteller aber anders entschieden. --------------------------------------------- https://heise.de/-3807762 ∗∗∗ SyncCrypt: Neue Ransomware lauert in JPG-Dateien ∗∗∗ --------------------------------------------- Um AV-Software auszutricksen, verbirgt sich die Ransomware SyncCrypt in Bilddateien. Einmal auf dem System, wird sie per Skript extrahiert und ausgeführt. Kostenlose Entschlüsselungs-Tools gibt es bislang nicht. --------------------------------------------- https://heise.de/-3808437 ∗∗∗ Blowing the Whistle on Bad Attribution ∗∗∗ --------------------------------------------- The New York Times this week published a fascinating story about a young programmer in Ukraine whod turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. Its a good read, as long as you can ignore that the premise of the piece is completely wrong. --------------------------------------------- https://krebsonsecurity.com/2017/08/blowing-the-whistle-on-bad-attribution/ ∗∗∗ Hacker übernahmen Facebook- und Twitter-Account von Playstation ∗∗∗ --------------------------------------------- Die Hackergruppe OurMine setzte mit den Social-Media-Profilen diverse Tweets und Facebook-Posts ab --------------------------------------------- http://derstandard.at/2000062906632 ===================== = Advisories = ===================== ∗∗∗ USN-3397-1: strongSwan vulnerability ∗∗∗ --------------------------------------------- A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTSSummarystrongSwan could be made to crash or hang if it received specially craftednetwork traffic. --------------------------------------------- http://www.ubuntu.com/usn/usn-3397-1/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 affect IBM Flex System Manager(FSM) Storage Manager Install Anywhere (SMIA) configuration tool ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025471 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007209 ∗∗∗ IBM Security Bulletin: No verification of user rights for certain applications on MaaS360 Windows installations. (CVE-2017-1422). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006985 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006808 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005299 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-1000381 and CVE-2017-11499 in Node.js affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022230 ∗∗∗ IBM Security Bulletin: January 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010526 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.08.2017
by Daily end-of-shift report 18 Aug '17

18 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-08-2017 18:00 − Freitag 18-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Betrug: Verbraucherzentrale warnt vor gefälschten Youporn-Mahnungen ∗∗∗ --------------------------------------------- Eine Spam-Kampagne versendet derzeit angebliche Mahnungen für die Nutzung von Youporn im Namen einer Münchener Anwaltskanzlei. Diese warnt selbst vor den Fälschungen. --------------------------------------------- https://www.golem.de/news/betrug-verbraucherzentrale-warnt-vor-gefaelschten… ∗∗∗ OWASP 2017 Top 10 vs. 2013 Top 10 ∗∗∗ --------------------------------------------- After a long interval of four years, OWASP in April 2017 released a draft of its latest list of "Top 10 Web Application Security Vulnerabilities." The OWASP Top 10 has served as a benchmark for the world of application security for the last 14 years. It was designed to allow developers to identify and avoid [...] --------------------------------------------- http://resources.infosecinstitute.com/owasp-2017-top-10-vs-2013-top-10/ ∗∗∗ Hacker Publishes iOS Secure Enclave Firmware Decryption Key ∗∗∗ --------------------------------------------- A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor. --------------------------------------------- http://threatpost.com/hacker-publishes-ios-secure-enclave-firmware-decrypti… ∗∗∗ Cisco schließt einen Haufen Sicherheitslücken ∗∗∗ --------------------------------------------- Cisco hat 19 Sicherheitslücken in verschiedensten Produkten mit Sicherheitsupdates geschlossen. Drei der Updates sind mit hoher Priorität eingestuft. --------------------------------------------- https://heise.de/-3807549 ∗∗∗ Gefälschte A1-Rechnung installiert Schadsoftware ∗∗∗ --------------------------------------------- Eine gefälschte A1-Nachricht fordert Empfänger/innen dazu auf, dass sie eine Website aufrufen und sich auf dieser ihre Rechnung ansehen. Wer dem nachkommt, lädt die Datei „quittung.lnk“ herunter. Bei dieser handelt es sich um keine Kostenaufstellung, sondern um eine Verknüpfung zu einer Schadsoftware. Aus diesem Grund dürfen Sie die Verknüpfung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-rec… ===================== = Advisories = ===================== ∗∗∗ Philips DoseWise Portal Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for hard-coded credentials and cleartext storage of sensitive information vulnerabilities in Philips’ DoseWise Portal web application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 ∗∗∗ ZDI-17-693: Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-693/ ∗∗∗ DFN-CERT-2017-1469: ClamAV: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1469/ ∗∗∗ DFN-CERT-2017-1476: Mozilla Thunderbird: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1476/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007056 ∗∗∗ Splunk Input Validation Flaws in Web Interface Let Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2017