Daily August 2017

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - 17.08.2017
by Daily end-of-shift report 17 Aug '17

17 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-08-2017 18:00 − Donnerstag 17-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Banking Trojans Set Their Sights on Taxi and Ride-Hailing Apps ∗∗∗ --------------------------------------------- It was to be expected that Android banking trojan operators would eventually set their sights on ride-hailing applications, considering that these apps work with a users financial data on a daily basis. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/banking-trojans-set-their-si… ∗∗∗ Ransomware: Locky kehrt erneut zurück ∗∗∗ --------------------------------------------- Mit Locky kehrt eine bekannte Ransomware nach mehrmonatiger Abwesenheit zurück - mit den Dateiendungen Diablo6 und Lukitus. Immer wieder tauchen neue Versionen auf, die vermutlich von Kriminellen für erpresserische Zwecke gemietet werden. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/ransomware-locky-kehrt-erneut-zurueck-1708-129539… ∗∗∗ NotPetya: Maersk erwartet bis zu 300 Millionen Dollar Verlust ∗∗∗ --------------------------------------------- Containerterminals standen still, Schiffe konnten weder gelöscht noch beladen werden: Mehrere Wochen hielt der Trojaner den dänischen Mega-Konzern Maersk in Atem. Die Reederei Maersk Line und der Hafenbetreiber APM Terminals wurden schwer getroffen. --------------------------------------------- https://heise.de/-3804688 ∗∗∗ Handy-Ersatzteile können Malware einschleusen ∗∗∗ --------------------------------------------- Über Ersatzteile könnten Angreifer unbemerkt Malware in Smartphones schmuggeln. Erkennungsmethoden oder gar Abwehrmaßnahmen gibt es bislang keine, warnen israelische Sicherheitsforscher. --------------------------------------------- https://heise.de/-3804758 ∗∗∗ Sicherheitsupdates: Angreifer könnten Drupal-Webseiten ein bisschen umbauen ∗∗∗ --------------------------------------------- Nutzer von Drupal sollten zügig die aktuellen Versionen installieren. In diesen haben die Entwickler mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-3805042 ∗∗∗ iMessage: Neuer Betrugsversuch macht die Runde ∗∗∗ --------------------------------------------- Aktuell erreichen Nutzer Nachrichten mit Links, die sie zur Eingabe persönlicher Daten nötigen. Sie stammen angeblich von Apple. --------------------------------------------- https://heise.de/-3804878 ===================== = Advisories = ===================== ∗∗∗ DSA-3944 mariadb-10.0 - security update ∗∗∗ --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.32. Please see the MariaDB 10.0 Release Notes for furtherdetails: --------------------------------------------- https://www.debian.org/security/2017/dsa-3944 ∗∗∗ Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004 ∗∗∗ --------------------------------------------- Drupal 8.3.7 is a maintenance releases which contain fixes for security vulnerabilities.Download Drupal 8.3.7Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release. --------------------------------------------- https://www.drupal.org/SA-CORE-2017-004 ∗∗∗ Filr 3.2.1 Update ∗∗∗ --------------------------------------------- Abstract: This update provides a number of general bug fixes for Micro Focus Filr, Search and MySQL appliances including an updated Filr 3.2.1 Desktop client. --------------------------------------------- https://download.novell.com/Download?buildid=zZ3A-xIEvO0~ ∗∗∗ VU#793496: Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/793496 ∗∗∗ Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2902596 ∗∗∗ Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2902606 ∗∗∗ Views - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2902604 ∗∗∗ Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Video Communication Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure HTML Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in Apache FOP and Apache Batik affect IBM WebSphere Portal (CVE-2017-5661, CVE-2017-5662) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006871 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.08.2017
by Daily end-of-shift report 16 Aug '17

16 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 14-08-2017 18:00 − Mittwoch 16-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Millions of RDP Endpoints Exposed Online and Ready for Bad Things ∗∗∗ --------------------------------------------- An Internet-wide scan carried out by security researchers from Rapid7 has discovered over 11 million devices with 3389/TCP ports left open online, of which over 4.1 million are specifically speaking the RDP protocol. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/millions-of-rdp-endpoints-ex… ∗∗∗ Pulse Wave - New DDoS Assault Pattern Discovered ∗∗∗ --------------------------------------------- A new method of carrying out DDoS attacks named Pulse Wave is causing problems to certain DDoS mitigation solutions, allowing attackers to down servers previously thought to be secured. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/pulse-wave-new-ddos-assault-… ∗∗∗ Attackers Backdoor Another Software Update Mechanism ∗∗∗ --------------------------------------------- Researchers at Kaspersky Lab said today that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad. --------------------------------------------- http://threatpost.com/attackers-backdoor-another-software-update-mechanism/… ∗∗∗ Analysis of a Paypal phishing kit, (Wed, Aug 16th) ∗∗∗ --------------------------------------------- They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal arenice targets and we can find new fake pages almost daily. Sometimes, the web server isnt properly configured and the source code is publicly available. A few days ago, I was lucky to find a ZIP archivecontaining a very nice phishing kit targeting Paypal. I took some time to have a look at it. --------------------------------------------- https://isc.sans.edu/diary/rss/22726 ∗∗∗ Security Afterworks Spezial – DSGVO – Impulsvorträge und Diskussion ∗∗∗ --------------------------------------------- October 03, 2017 - 4:30 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-dsgvo/ ∗∗∗ Decoding Complex Malware – Step-by-Step ∗∗∗ --------------------------------------------- When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase the chances of reinfecting the site and maintaining access for as long as possible. Our research finds that in 67% of the websites we clean, there is at least one backdoor variant. --------------------------------------------- https://blog.sucuri.net/2017/08/malware-decoding-step-step-guide.html ∗∗∗ The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard ∗∗∗ --------------------------------------------- In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SJgibQgcZtQ/ ∗∗∗ ShadowPad: Spionage-Hintertür in Admintools für Unix- und Linux-Server aufgedeckt ∗∗∗ --------------------------------------------- Eine raffinierte Hintertür wurde von Angreifern per korrekt signiertem Update an die Netzwerk-Admin-Tools der koreanischen Firma NetSarang ausgeliefert. Es dauerte mehr als zwei Wochen, bis der Spionage-Trojaner im Netz eines Bankinstitutes aufflog. --------------------------------------------- https://heise.de/-3803225 ∗∗∗ EV ransomware is targeting WordPress sites ∗∗∗ --------------------------------------------- WordPress security outfit Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files. They dubbed the malware "EV ransomware", due to the .ev extension that is added to the encrypted files. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/16/wordpress-ransomware/ ===================== = Advisories = ===================== ∗∗∗ BMC Medical and 3B Medical Luna CPAP Machine ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure therapy machine. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01 ∗∗∗ Identity Reporting 5.5.1 ∗∗∗ --------------------------------------------- Abstract: This service pack provides enhancements and software fixes for Identity Reporting. For more information about these updates, see the service pack details. --------------------------------------------- https://download.novell.com/Download?buildid=iGYyq6xwjhE~ ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. --------------------------------------------- https://support.citrix.com/article/CTX225941 ∗∗∗ DFN-CERT-2017-1441: Xen: Mehrere Schwachstellen ermöglichen u.a. das Eskalieren von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1441/ ∗∗∗ DFN-CERT-2017-1442: Red Hat JBoss Data Virtualization: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1442/ ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170807-… ∗∗∗ Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei Honor 5S Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Lack of Signature Verification Vulnerability in Some Huawei APP ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006722 ∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting (CVE-2017-1338) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004138 ∗∗∗ IBM Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU – April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007149 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2016-8688, CVE-2016-8689, CVE-2017-5601, CVE-2016-10209, CVE-2016-10350, CVE-2016-10349) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006995 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998551 ∗∗∗ IBM Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006810 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by an OpenSSL vulnerability (CVE-2016-8610) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007023 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by multiple Network Time Protocol (NTP) vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007067 ∗∗∗ SSA-275839 (Last Update 2017-08-16): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-293562 (Last Update 2017-08-16): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.08.2017
by Daily end-of-shift report 14 Aug '17

14 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-08-2017 18:00 − Montag 14-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Forscher hacken Computer mit manipulierter DNA ∗∗∗ --------------------------------------------- Auch DNA ist nicht vor Schadsoftware sicher: Forscher der University of Washington konnten einen Computer mithilfe von manipulierter DNA übernehmen. --------------------------------------------- https://futurezone.at/digital-life/forscher-hacken-computer-mit-manipuliert… ∗∗∗ Remotelock LS-6i: Firmware-Update zerstört smarte Türschlösser dauerhaft ∗∗∗ --------------------------------------------- Ein Hersteller smarter Türschlösser hat mindestens 500 Geräte von Kunden durch ein falsches Firmwareupdate dauerhaft zerstört. Betroffen sind vor allem viele Airbnb-Vermieter, ein Austauschprogramm ist gestartet. --------------------------------------------- https://www.golem.de/news/remotelock-ls-6i-firmware-update-zerstoert-smarte… ∗∗∗ Sonic Spy: Forscher finden über 4.000 spionierende Android-Apps ∗∗∗ --------------------------------------------- Ein einziger Anbieter soll seit Jahresanfang rund 4.000 Apps mit bösartigem Inhalt in Umlauf gebracht haben - einige davon auch über Google Play. Die Apps können das Mikrofon aktivieren und Telefonate mitschneiden. --------------------------------------------- https://www.golem.de/news/sonic-spy-forscher-finden-ueber-4000-spionierende… ∗∗∗ Many Factors Conspire in ICS/SCADA Attacks ∗∗∗ --------------------------------------------- A report on the state of SCADA and ICS security points out that critical infrastructure operators are caught between hackers and a lack of vendor and executive support. --------------------------------------------- http://threatpost.com/many-factors-conspire-in-icsscada-attacks/127407/ ∗∗∗ Outlook Web Access based attacks, (Sat, Aug 12th) ∗∗∗ --------------------------------------------- Recently weve started seeing some attacks that utlise OWA. A person in the victim organisation sends an email to one or more of their customers informing them of change in account details. The attacker provides instructions to customers on paying their account utilising the new account details. The email is cced to other internal staff adding a level of legitimacy (also compromised accounts). --------------------------------------------- https://isc.sans.edu/diary/rss/22710 ∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Family business: Petya and its derivatives sweep over half the world as a new wave of ransomware Pay a ransom [...] --------------------------------------------- https://securityblog.switch.ch/2017/08/14/a-new-issue-of-our-switch-securit… ∗∗∗ Sicherheitsupdate: Symantecs Messaging Gateway ist für Schadcode empfänglich ∗∗∗ --------------------------------------------- Mit der aktuellen Version haben die Entwickler zwei Sicherheitslücken in der Schutzlösung geschlossen. --------------------------------------------- https://heise.de/-3799171 ∗∗∗ Datenbank-Server PostgreSQL: Lücke lässt Anmeldung ohne Passwort zu ∗∗∗ --------------------------------------------- Administratoren, die PostgreSQL-Datenbanken betreiben, sollten ihre Software updaten. Unter bestimmten Umständen können sich Angreifer an den Servern ohne Eingabe eines Passwortes anmelden, warnen die Entwickler. --------------------------------------------- https://heise.de/-3799721 ===================== = Advisories = ===================== ∗∗∗ DSA-3937 zabbix - security update ∗∗∗ --------------------------------------------- Lilith Wyatt discovered two vulnerabilities in the Zabbix networkmonitoring system which may result in execution of arbitrary code ordatabase writes by malicious proxies. --------------------------------------------- https://www.debian.org/security/2017/dsa-3937 ∗∗∗ HPESBHF03768 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗ --------------------------------------------- Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) Plat. These vulnerabilities could be exploited remotely to allow remote code execution. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ VMSA-2017-0014 ∗∗∗ --------------------------------------------- VMware NSX-V Edge updates address OSPF Protocol LSA DoS --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0014.html ∗∗∗ DSA-3936 postgresql-9.6 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3936 ∗∗∗ DSA-3935 postgresql-9.4 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3935 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010501 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005160 ∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010376 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006960 Next End-of-Day Report: 2017-08-16 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.08.2017
by Daily end-of-shift report 11 Aug '17

11 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-08-2017 18:00 − Freitag 11-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ Git und Co: Bösartige Code-Repositories können Client angreifen ∗∗∗ --------------------------------------------- Mittels spezieller SSH-URLs kann ein Angreifer Code in den Client-Tools von Quellcode-Verwaltungssystemen ausführen. Der Fehler betrifft praktisch alle verbreiteten Quellcode-Verwaltungssysteme wie Git, Subversion, Mercurial und CVS. --------------------------------------------- https://www.golem.de/news /git-und-co-boesartige-code-repositories-koennen-client-angreifen-17 08-129441.html ∗∗∗ Ukrainian Video-Blogger Arrested For Spreading Petya (NotPetya) Ransomware ∗∗∗ --------------------------------------------- Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine .. --------------------------------------------- https://thehackernews.com/2017/08/ukraine-petya-ransomware-hacker.html ∗∗∗ Russias Fancy Bear Hackers Used Leaked NSA Tool Eternal Blue" to Target Hotel Guests ∗∗∗ --------------------------------------------- The same hackers who hit the DNC and the Clinton campaign are now apparently spying on high-value travelers via Wi-Fi --------------------------------------------- https://www.wired.com/story/fancy-bear-hotel-hack ∗∗∗ Sichere Passwörter: Viele der herkömmlichen Sicherheitsregeln bringen nichts ∗∗∗ --------------------------------------------- Passwörter brauchen Sonderzeichen, Groß- und Kleinschreibung, Zahlen und müssen oft geändert werden – viele dieser Regeln erhöhen die Sicherheit nicht, sondern bewirken oft das Gegenteil. Der Urheber dieser Regeln bereut sie mittlerweile. --------------------------------------------- https://heise.de/-3797935 ∗∗∗ "Game of Thrones": HBO wollte Hackern 250.000 Dollar Lösegeld zahlen ∗∗∗ --------------------------------------------- Offenbar nur Hinhaltetaktik – Kriminelle: Versprechen wurden gebrochen --------------------------------------------- http://derstandard.at/2000062546236 ∗∗∗ Schüler deckt Google-Lücke auf, streicht 10.000 Dollar ein ∗∗∗ --------------------------------------------- Bug Bounty-Programm verschafft Schüler aus Uruguay unerwarteten Geldsegen --------------------------------------------- http://derstandard.at/2000062559352 ===================== = Advisories = ===================== ∗∗∗ DSA-3929 libsoup2.4 - security update ∗∗∗ --------------------------------------------- Aleksandar Nikolic of Cisco Talos discovered a stack-based bufferoverflow vulnerability in libsoup2.4, a HTTP library implementation inC. A remote attacker can take advantage of this flaw by sending aspecially crafted HTTP request to cause an application using .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3929 ∗∗∗ DSA-3934 git - security update ∗∗∗ --------------------------------------------- Joern Schneeweisz discovered that git, a distributed revision controlsystem, did not correctly handle maliciously constructed ssh://URLs. This allowed an attacker to run .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3934 ∗∗∗ SIMPlight SCADA Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01 ∗∗∗ Solar Controls Heating Control Downloader (HCDownloader) ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02 ∗∗∗ Solar Controls WATTConfig M Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-03 ∗∗∗ Fuji Electric Monitouch V-SFT ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04 ∗∗∗ Symantec Messaging Gateway RCE and CSRF ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates /detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&s uid=20170810_00 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.08.2017
by Daily end-of-shift report 10 Aug '17

10 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-08-2017 18:00 − Donnerstag 10-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ IT-Branche: "Sicherheitspaket" gefährdet Cybersicherheit ∗∗∗ --------------------------------------------- In einem offenen Brief warnen Vertreter der österreichischen IT-Branche vor Gefahren für die Cybersicherheit durch das von der ÖVP geplante „Sicherheitspaket“. --------------------------------------------- https://futurezone.at/netzpolitik/it-branche-sicherheitspaket-gefaehrdet-cy… ∗∗∗ Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities ∗∗∗ --------------------------------------------- An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform. --------------------------------------------- http://threatpost.com/mystery-company-offers-250000-bounty-for-vm-escape-vu… ∗∗∗ SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity ∗∗∗ --------------------------------------------- SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software. --------------------------------------------- http://threatpost.com/sap-patch-tuesday-update-resolves-19-flaws-three-high… ∗∗∗ Salesforce sacks two top security engineers for their DEF CON talk ∗∗∗ --------------------------------------------- Revealing penetration-testing tool sealed staffers fate Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.… --------------------------------------------- www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engin… ∗∗∗ Bundeskriminalamt (BK) warnt österreichische Unternehmen vor CEO-Betrug ∗∗∗ --------------------------------------------- http://www.bmi.gv.at/cms/bk/_news/start.aspx?id=534C4362372B557557664D3D&pa… ∗∗∗ The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says ∗∗∗ --------------------------------------------- An anonymous researcher has been able to identify the email address of people who have subscribed to the monthly dump service by the mysterious hacking group. --------------------------------------------- https://motherboard.vice.com/en_us/article/neejqw/the-shadow-brokers-have-m… ∗∗∗ Alleged vDOS Operators Arrested, Charged ∗∗∗ --------------------------------------------- Two young Israeli men alleged by this author to have co-founded vDOS -- until recently the largest and most profitable cyber attack-for-hire service online -- were arrested and formally indicted this week in Israel on conspiracy and hacking charges. --------------------------------------------- https://krebsonsecurity.com/2017/08/alleged-vdos-operators-arrested-charged/ ===================== = Advisories = ===================== ∗∗∗ Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2900951 ∗∗∗ Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2900966 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.08.2017
by Daily end-of-shift report 09 Aug '17

09 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-08-2017 18:00 − Mittwoch 09-08-2017 18:00 Handler: Alexander Riepl Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read ∗∗∗ --------------------------------------------- For the past couple of months I’ve been presenting my “Introduction to Windows Logical Privilege Escalation Workshop” at a few conferences. The restriction of a 2 hour slot fails to do the topic justice and some interesting tips and tricks I would like to present have to be cut out. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-a… ∗∗∗ Engineering Firm Leaks Sensitive Data on Dell, SBC and Oracle ∗∗∗ --------------------------------------------- Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet tied to Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin. --------------------------------------------- http://threatpost.com/engineering-firm-leaks-sensitive-data-on-dell-sbc-and… ∗∗∗ WTF is Mughthesec!? poking on a piece of undetected adware ∗∗∗ --------------------------------------------- Some undetected adware named "Mughthesec" is infecting Macs...lets check it out! --------------------------------------------- https://objective-see.com/blog/blog_0x20.html ∗∗∗ How are people fooled by this? Email to sign a contract provides malware instead. ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/22696 ∗∗∗ Security Afterworks – Best of Summer of Security Conferences ∗∗∗ --------------------------------------------- September 14, 2017 - 4:30 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-best-of-summer-of-s… ∗∗∗ Chip Off the Old EMV ∗∗∗ --------------------------------------------- Recently, Jason Knowles of ABC 7s I-Team asked us, "What is the security risk if your EMV chip falls off your credit card? What could someone do with that?" --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Chip-Off-the-Old-EMV/ ∗∗∗ Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev ∗∗∗ --------------------------------------------- WannaCry ransomware killer due in court August 14 British security researcher Marcus Hutchins was released on Monday from a Nevada jail after posting bail. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/08/08/marcus_hutc… ∗∗∗ FBIs spyware-laden video claims another scalp: Alleged sextortionist charged ∗∗∗ --------------------------------------------- Feds NIT punches through Tor anonymity shield The FBI’s preferred tool for unmasking Tor users has brought about another arrest: a suspected sextortionist who allegedly tricked young girls into sharing nude pics of themselves and then blackmailed his victims. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/08/09/fbis_spywar… ∗∗∗ Critical Security Fixes from Adobe, Microsoft ∗∗∗ --------------------------------------------- Adobe has released updates to fix at least 67 vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, its time once again to get your patches on. More than two dozen of the vulnerabilities fixed in todays Windows patch bundle address "critical" .. --------------------------------------------- https://krebsonsecurity.com/2017/08/critical-security-fixes-from-adobe-micr… ∗∗∗ Sonderzeichen, Ziffern und Co: Erfinder bereut Passwort-Regeln ∗∗∗ --------------------------------------------- 2003 entwarf Bill Burr für US-Behörden Passwortregeln, die sich bald global durchsetzten – und heute als unsicher gelten --------------------------------------------- http://derstandard.at/2000062463061 ===================== = Advisories = ===================== ∗∗∗ OSIsoft PI Integrator ∗∗∗ --------------------------------------------- This advisory contains mitigation details for cross-site scripting and improper authorization vulnerabilities in OSIsoft’s PI Integrator for SAP HANA 2016, PI Integrator for Business Analytics 2016 - Data Warehouse, PI Integrator for Business Analytics 2016 - Business Intelligence, PI Integrator for Business Analytics and SAP HANA SQL Utility 2016, and PI Integrator for Microsoft Azure 2016. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01 ∗∗∗ Moxa SoftNVR-IA Live Viewer ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in Moxa’s SoftNVR-IA Live Viewer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02 ∗∗∗ FortiOS IKE VendorID version information disclosure ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-073 ∗∗∗ FortiWeb SNMPv3 user password viewable in HTML source code ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-162 ∗∗∗ Sicherheitslücken in mehreren Jenkins-Plugins ∗∗∗ --------------------------------------------- https://heise.de/-3796342 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.08.2017
by Daily end-of-shift report 08 Aug '17

08 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 07-08-2017 18:00 − Dienstag 08-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ Hotspot Shield: VPN-Provider soll Nutzer per Javascript ausspionieren ∗∗∗ --------------------------------------------- Der VPN-Provider Hotspot soll seine Nutzer durch Javascript-Elemente und Werbung ausspionieren - obwohl er genau das Gegenteil behauptet. Das wirft eine US-Bürgerrechtsorganisation dem Unternehmen vor und hat Beschwerde bei der FTC eingereicht. --------------------------------------------- https://www.golem.de/news/hotspot-shield-vpn-provider-soll-javascript-in-ve… ∗∗∗ Google Patches 10 Critical Bugs in August Android Security Bulletin ∗∗∗ --------------------------------------------- Googles August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Googles Pixel and Nexus handsets. --------------------------------------------- http://threatpost.com/google-patches-10-critical-bugs-in-august-android-sec… ∗∗∗ Microsoft to remove WoSign and StartCom certificates in Windows 10 ∗∗∗ --------------------------------------------- Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wos… ∗∗∗ How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players ∗∗∗ --------------------------------------------- Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/chat-app-discord… ∗∗∗ Practical Analysis of the Cybersecurity of European Smart Grids ∗∗∗ --------------------------------------------- This paper summarizes the experience gained during a series of practical cybersecurity assessments of various components of Europe’s smart electrical grids. --------------------------------------------- http://digitalsubstation.com/en/2017/08/07/practical-analysis-of-nbsp-the-c… ∗∗∗ Google warnt Entwickler von Chrome-Erweiterungen vor Phishing-Mails ∗∗∗ --------------------------------------------- Betrüger sind auf der Jagd nach Log-in-Daten von Entwickler-Accounts, um Chrome-Erweiterungen mit Schadcode zu verseuchen und anschließend zu verteilen, warnt Google. --------------------------------------------- https://heise.de/-3795160 ∗∗∗ Hacker erpressen HBO mit weiteren "Game of Thrones"-Folgen ∗∗∗ --------------------------------------------- Erpresser haben Skript zu Folge 5 von Staffel 7 veröffentlicht und fordern Geld, um weitere Publizierungen zu unterlassen --------------------------------------------- http://derstandard.at/2000062391623 ∗∗∗ IWF warnt: Cyber-Angriffe gefährden weltweite Finanzstabilität ∗∗∗ --------------------------------------------- Attacken von Hackern und Kriminellen immer raffinierter --------------------------------------------- http://derstandard.at/2000062403498 ===================== = Advisories = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-23), Adobe Acrobat and Reader (APSB17-24), Adobe Experience Manager (APSB17-26) and Adobe Digital Editions (APSB17-27). Adobe recommends users update their product installations to the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1480 ∗∗∗ Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux ∗∗∗ --------------------------------------------- August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2017
by Daily end-of-shift report 07 Aug '17

07 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-08-2017 18:00 − Montag 07-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ You Can Trick Self-Driving Cars by Defacing Street Signs ∗∗∗ --------------------------------------------- A team of eight researchers has discovered that by altering street signs, an adversary could confuse self-driving cars and cause their machine-learning systems to misclassify signs and take .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/you-can-trick-self-driving-c… ∗∗∗ Passwortmanager: Lastpass ab sofort doppelt so teuer ∗∗∗ --------------------------------------------- Wer den Passwortmanager Lastpass nutzt, muss künftig mehr bezahlen. Nutzern der kostenfreien Version werden einige Funktionen gestrichten. Außerdem kündigt .. --------------------------------------------- https://www.golem.de/news/passwortmanager-lastpass-ab-sofort-doppelt-so-teu… ∗∗∗ Links in phishing-like emails lead to tech support scam ∗∗∗ --------------------------------------------- Tech support scams continue to evolve, with scammers exploring more ways to reach potential victims. Recently, we have observed spam campaigns distributing links that lead to tech support scam websites. Anti-spam filters in Microsoft Exchange .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/07/links-in-phishing-like-… ∗∗∗ Increase of phpMyAdmin scans ∗∗∗ --------------------------------------------- PMA (or phpMyAdmin) is a well-known MySQL front-end written in PHP that brings MySQL to the web as stated on the web site[1]. The tool is very popularamongst web developers because it helps to maintain databases just by using a web browser. This also means that the front-end might be publicly exposed! It is a common findingin many penetration tests to find an old PMA interface left byan admin. --------------------------------------------- https://isc.sans.edu/diary/rss/22688 ∗∗∗ ESET Spreading FUD About Torrent Files, Clients ∗∗∗ --------------------------------------------- An anonymous reader writes: ESET has taken fear mongering, something that some security firms continue to do, to a new level by issuing a blanket warning to users to view torrent files and clients as a threat. The warning came from the companys so-called security evangelist Ondrej Kubovic, (who used extremely patchy data to try and .. --------------------------------------------- https://it.slashdot.org/story/17/08/04/1938242/eset-spreading-fud-about-tor… ∗∗∗ Tale of the Two Payloads – TrickBot and Nitol ∗∗∗ --------------------------------------------- A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Tale-of-the-Two-Payloads-%e2… ∗∗∗ Erpressungstrojaner Cerber soll Bitcoins klauen ∗∗∗ --------------------------------------------- Offenbar ist den Malware-Entwicklern von Cerber das Lösegeld nicht genug: Der Verschlüsselungstrojaner soll sich nun auch Bitcoin-Wallets und Passwörter unter den Nagel reißen. --------------------------------------------- https://heise.de/-3793763 ∗∗∗ FireEye dementiert Hacker-Angriff auf US-Sicherheitsfirma Mandiant ∗∗∗ --------------------------------------------- Ein unbekannter Hacker brüstete sich damit, dass er das Netzwerk von Mandiant und Computer von Mitarbeitern kompromittiert hat. FireEye erklärt nun, dass das nicht stimmt. --------------------------------------------- https://heise.de/-3794454 ∗∗∗ Hackercamp SHA2017: All Computers are broken ∗∗∗ --------------------------------------------- ACAB mag in anderen Kreisen etwas anderes bedeuten, doch für Hacker ist die Sache klar: All Computers are broken. Das wurde auf dem niederländischen Hackercamp SHA2017 deutlich. --------------------------------------------- https://heise.de/-3794575 ∗∗∗ Hintergrund: Die Geschichte von Junipers enteigneter Hintertür ∗∗∗ --------------------------------------------- In einem mehrfach ausgezeichneten Paper liefern Forscher eine Art Krypto-Krimi. Sie dokumentieren minutiös, wie der Netzwerkausrüster Juniper eine versteckte Hintertür in seine Produkte einbaute – und wie ein externer Angreifer sie später umfunktionierte. --------------------------------------------- https://heise.de/-3794610 ∗∗∗ Gefälschte GMX-Nachricht: Konto gesperrt ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte GMX-Nachricht mit dem Betreff „GMX Konto Gesperrt“. Darin behaupten sie, dass das E-Mailkonto der Empfänger/innen gelöscht werde. Kund/innen, die das verhindern wollen, sollen ihre Zugangsdaten auf einer gefälschten GMX-Website .. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-gmx-nachricht-konto-… ===================== = Advisories = ===================== ∗∗∗ DSA-3926 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3926 ∗∗∗ DSA-3925 qemu - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3925 ∗∗∗ Eaton ELCSoft Vulnerabilities ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-216-01-0 ∗∗∗ WP Live Chat Support <= 7.1.04 - Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8880 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.08.2017
by Daily end-of-shift report 04 Aug '17

04 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-08-2017 18:00 − Freitag 04-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Week In Review – 4th August 2017 ∗∗∗ --------------------------------------------- Creating Fake Identities Everything today seems to be linked to your identity; or perhaps more specifically, to your digital identity. While safeguarding ones identity is important, it is also equally important to find ways to stop people from creating fake identities. Kevin Mitnick belonged to an earlier generation that many of this generations up and comers may not have heard of. While today he is a respectable information security professional, he wasn’t always quite a white hat, and [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/week-in-review-4th-aug… ∗∗∗ JavaScript Packages Caught Stealing Environment Variables ∗∗∗ --------------------------------------------- On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/javascript-packages-caught-s… ∗∗∗ Verseuchte Chrome-Erweiterung infiziert eine Million User ∗∗∗ --------------------------------------------- Die Erweiterung Web Developer wurde gekapert und durch eine Version mit Schadsoftware ausgetauscht und an User verteilt. --------------------------------------------- https://futurezone.at/digital-life/verseuchte-chrome-erweiterung-infiziert-… ∗∗∗ Verhaftung nach Black Hat: Wanna-Cry-Hacker soll Bankingtrojaner entwickelt haben ∗∗∗ --------------------------------------------- Ein britischer Sicherheitsforscher und Hacker ist in den USA verhaftet worden. Der 23-Jährige hatte unabsichtlich dazu beigetragen, die Ausbreitung von Wanna Cry zu verlangsamen. Er soll an der Entwicklung des Kronos-Bankentrojaners beteiligt gewesen sein. --------------------------------------------- https://www.golem.de/news/wanna-cry-sicherheitsforscher-malwaretech-in-den-… ∗∗∗ Weekly Security Roundup ∗∗∗ --------------------------------------------- This week, we’ve published an article about session hijacking, a dangerous hacking method that takes control of a user’s account as they are live and using it. Security articles of the week (July 31st – August 4th, 2017) The biggest story from the beginning of this week was the HBO hack that ended up with leaked [...] --------------------------------------------- https://heimdalsecurity.com/blog/weekly-security-roundup/ ∗∗∗ Cisco schließt Super-Admin-Lücke ∗∗∗ --------------------------------------------- Der Netzwerkausrüster stellt elf Sicherheitsupdates für diverse Produkte bereit. Von den Lücken soll ein mittleres bis hohes Risiko ausgehen. --------------------------------------------- https://heise.de/-3793025 ===================== = Advisories = ===================== ∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-24) ∗∗∗ --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 8, 2017. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1478 ∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in Schneider Electric’s Pro-face GP-Pro EX. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-215-01 ∗∗∗ IBM Security Bulletin: A vulnerability in libtirpc affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025258 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004331 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005297 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006551 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006550 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.08.2017
by Daily end-of-shift report 03 Aug '17

03 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-08-2017 18:00 − Donnerstag 03-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Defender ATP machine learning: Detecting new and unusual breach activity ∗∗∗ --------------------------------------------- Microsoft has been investing heavily in next-generation security technologies. These technologies use our ability to consolidate large sets of data and build intelligent systems that learn from that data. These machine learning (ML) systems flag and surface threats that would otherwise remain unnoticed amidst the continuous hum of billions of normal events and the inability... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-ma… ∗∗∗ Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain ∗∗∗ --------------------------------------------- Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that monetizes its traffic via adverts he may be exposed to malicious advertising. Tailored ads shown in the browser are initiated on-the-fly via a process known as Real-time Bidding (RTB). --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/08/enemy-at-the-gates-reviewi… ∗∗∗ The Retefe Saga ∗∗∗ --------------------------------------------- Surprisingly, there is a lot of media attention going on at the moment on a macOS malware called OSX/Dok. In the recent weeks, various anti-virus vendors and security researchers published blog posts on this threat, presenting their analysis and findings. While some findings where very interesting, others were misleading or simply wrong. --------------------------------------------- https://www.govcert.admin.ch/blog/33/the-retefe-saga ∗∗∗ Warnung vor Fake-Mail "Ihr Konto wurde limitiert" ∗∗∗ --------------------------------------------- [...] Diese E-Mail gibt sich als PayPal (service@ ppal.com) aus, PayPal hat mit der Betrugsmasche jedoch nichts zu tun. PayPal selbst wurde hier Opfer, indem sein Name missbräuchlich verwendet wird, um Nutzer in die Falle zu locken! --------------------------------------------- http://www.mimikama.at/allgemein/ihr-konto/ ∗∗∗ Sicherheitspatches: Varnish anfällig für DoS-Attacke ∗∗∗ --------------------------------------------- In verschiedenen Versionen von Varnish klafft eine Schwachstelle, über die Angreifer Server attackieren könnten. --------------------------------------------- https://heise.de/-3791311 ∗∗∗ Pwned Passwords: Neuer Dienst macht geknackte Passwörter auffindbar ∗∗∗ --------------------------------------------- Wurde mein Lieblings-Passwort schon einmal in einem Datenleck veröffentlicht und kann deswegen einfach für Bruteforce-Angriffe verwendet werden? Diese Frage beantwortet ein neuer Webdienst des Sicherheitsforschers Troy Hunt. --------------------------------------------- https://heise.de/-3792707 ∗∗∗ Malicious content delivered over SSL/TLS has more than doubled in six months ∗∗∗ --------------------------------------------- Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year. “Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/03/malicious-content-ssl-tls/ ∗∗∗ Gefälschte Bank Austria-Nachricht: Änderungen im OnlineBanking ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht schreiben Kriminelle, dass es zu einer Änderung im OnlineBanking-System gekommen sei. Das führt zu Fehlern, weshalb Kund/innen ihre Zugangsdaten auf einer Website nennen sollen. Empfänger/innen der Nachricht, die dem nachkommen, übermitteln ihre Passwörter an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-bank-austria-nachric… ===================== = Advisories = ===================== ∗∗∗ Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance.The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy ... --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22003928 ∗∗∗ IBM Security Bulletin: Apache Commons Collection Java Deserialization Vulnerability in Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009711 ∗∗∗ IBM Security Bulletin: CVE-2015-4000 Diffie-Hellman Export Cipher Suite Vulnerabilities in Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009681 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2017