- Daily - CERT.at

Tageszusammenfassung - 21.11.2017
by Daily end-of-shift report 21 Nov '17

21 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 20-11-2017 18:00 − Dienstag 21-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSL Certificate Provider StartCom Shuts Down After Browser Ban ∗∗∗ --------------------------------------------- Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ssl-certificate-provider-sta… ∗∗∗ Factsheet Building a SOC: start small ∗∗∗ --------------------------------------------- An increasingly common way to achieve visibility and control of information security is to implement a Security Operations Centre (SOC). In order for a SOC to function successfully, it must be tied in with the business processes. This makes building a SOC .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/factsheets/factsheet-building-a-… ∗∗∗ The Art of Fuzzing – Slides and Demos ∗∗∗ --------------------------------------------- Over the last weeks I presented talks on the topic of fuzzing at conferences such as DefCamp, Heise Dev Sec, IT-SeCX and BSides Vienna. As promised, I make my slides and demos available to the public with this blog post . --------------------------------------------- https://www.sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-d… ∗∗∗ Kritische Sicherheitslücke: Traffic von F5 BIG-IP-Appliances lässt sich entschlüsseln ∗∗∗ --------------------------------------------- Firewalls, Load-Balancer und andere BIG-IP-Systeme sind anfällig für einen Angriff, bei dem dritte den verschlüsselten SSL-Traffic zwischen Client und Appliance abhören können. Admins, die solche Systeme im Einsatz haben .. --------------------------------------------- https://heise.de/-3895060 ∗∗∗ Intel stopft neue Sicherheitslücken der Management Engine (SA-00086) ∗∗∗ --------------------------------------------- Intels Security Advisory SA-00086 beschreibt mehrere Fehler in der Firmware der Management Engine (ME 11.0 bis 11.7), in Trusted Execution Engine 3.0 und in den Server Platform Services (SPS 4.0). --------------------------------------------- https://heise.de/-3895175 ∗∗∗ OSX.Proton spreading through fake Symantec blog ∗∗∗ --------------------------------------------- A new variant of the OSX.Proton malware is being promoted via a fake Symantec blog site. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/o… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren ∗∗∗ --------------------------------------------- Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren 21. November 2017 Beschreibung Wie Intel meldet (INTEL-SA-00086), gibt es aktuell mehrere Schwachstellen in Systemen mit .. --------------------------------------------- http://www.cert.at/warnings/all/20171121.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-07: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities .. --------------------------------------------- https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framewo… ∗∗∗ Samba: Use-after-free vulnerability ∗∗∗ --------------------------------------------- All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-14746.html ∗∗∗ Samba: Server heap memory information leak ∗∗∗ --------------------------------------------- All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-15275.html ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009696 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010685 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.11.2017
by Daily end-of-shift report 20 Nov '17

20 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 17-11-2017 18:00 − Montag 20-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Defining and securing the Internet of Things: ENISA publishes a study on how to face cyber threats in critical information infrastructures ∗∗∗ --------------------------------------------- The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments. The ENISA report was developed in cooperation with the ENISA IoT Security Experts Group and additional key stakeholders. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/defining-and-securing-the-inter… ∗∗∗ New Open-Source IDS Tools ∗∗∗ --------------------------------------------- On November 16, 2017, [Dell] Secureworks released two open-source tools: Flowsynth and Dalton. These tools allow analysts to easily create and test network packet captures against IDS engines such as Suricata and Snort. --------------------------------------------- https://www.secureworks.com/blog/new-open-source-ids-tools ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-2081/">Procmail: Eine Schwachstelle ermöglicht u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Eine Schwachstelle in 'procmail' ermöglicht einem entfernten, nicht authentisierten Angreifer die Durchführung eines Denial-of-Service (DoS)-Angriffes oder möglicherweise die Ausführung beliebigen Programmcodes. Voraussetzung ist, dass das Opfer eine schädlich präparierte Email-Nachricht des Angreifers öffnet. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2081/ ∗∗∗ DFN-CERT-2017-2085/">Moodle: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentisierter Angreifer kann eine Schwachstelle in Moodle ausnutzen, um Informationen über Kursteilnehmer auszuspähen oder zu erraten. Moodle stellt die Versionen 3.1.9, 3.2.6, 3.3.3 und 3.4 als Sicherheitsupdates zur Behebung der Schwachstelle zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2085/ ∗∗∗ Helping to Secure your PostgreSQL Database ∗∗∗ --------------------------------------------- But what about properly securing your PostgreSQL database? There are many ways you can go about securing a PostgreSQL database. Im going to highlight a few tips that I feel are important and essential to preventing unauthorized access into your data environment. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Helping-to-Secure-your-… ∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗ --------------------------------------------- On October 16, 2017, an article titled "Key Reinstallation Attacks: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was released, which mentioned multiple security vulnerabilities in protocols Wi-Fi Protected Access (WPA) and WPA2. The researcher had reported some of these vulnerabilities to Huawei before disclosing them. Huawei immediately launched investigation and carried out technical communication with the researcher. At present, the products that are affected by vulnerabilities include Android-based Huawei smart phone and Huawei smart home products (Huawei smart router, Honor smart router and Honor TV Box). --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-… ∗∗∗ SSA-689071 (Last Update 2017-11-17): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M800 and SCALANCE S615 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-689071… ∗∗∗ OpenSSH vulnerability CVE-2017-15906 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K89621551 ∗∗∗ Vuln: Varnish Cache CVE-2017-8807 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101886 ∗∗∗ Symantec Management Console Directory Traversal ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ FortiWeb Stored XSS vulnerability on webUI certificate view page ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-131 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008478 ∗∗∗ IBM Security Bulletin: IBM Tivoli Monitoring is affected by a vulnerability in its internal web server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010554 ∗∗∗ IBM Security Bulletin: An unspecified vulnerability in Oracle Java SE affects IBM Algo One Algo Risk Application (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009930 ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Algo One – Core (CVE-2017-10115) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009138 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Modeler ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010687 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5664) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009583 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One – Algo Risk Application (CVE-2017-5648) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004763 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-12163) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010785 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010746 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010740 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010745 ∗∗∗ IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Storwize V7000 Unified (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010731 ∗∗∗ IBM Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22006357 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSH affects AIX (CVE-2017-15906) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009301 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.11.2017
by Daily end-of-shift report 17 Nov '17

17 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 16-11-2017 18:00 − Freitag 17-11-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Projekthoster: Github zeigt Sicherheitswarnungen für Projektabhängigkeiten ∗∗∗ --------------------------------------------- Vor wenigen Wochen hat der Projekthoster Github ein Werkzeug vorgestellt, das die Abhängigkeiten eines Projekts besser darstellen soll. Das Konzept wird nun um Sicherheitshinweise und Warnungen erweitert, was die Pflege deutlich erleichtern sollte. --------------------------------------------- https://www.golem.de/news/projekthoster-github-zeigt-sicherheitswarnungen-f… ∗∗∗ Here’s How To Get Solid Browser Security [Update 2017] ∗∗∗ --------------------------------------------- Of all the threats out there, browser security is often forgotten. This is tragic because browsers are a favorite target for malicious hackers. They’re the main way you interact with the Internet. You Google things, you visit blogs, buy online, pay your bills or browse Facebook. If a malicious hacker breaks in, he will find everything about [...] --------------------------------------------- https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/ ∗∗∗ Terdot banking trojan targets social media and email in addition to financial services ∗∗∗ --------------------------------------------- The Terdot banking trojan not only steals credit card information and login credentials for online financial services, but it also intercepts and modifies traffic on social media and email platforms, according to Bitdefender. --------------------------------------------- https://www.scmagazine.com/terdot-banking-trojan-targets-social-media-and-e… ∗∗∗ New White House Announcement on the Vulnerability Equities Process ∗∗∗ --------------------------------------------- The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet, but the best place to start is Cybersecurity Coordinator Rob Joyces blog post. --------------------------------------------- https://www.schneier.com/blog/archives/2017/11/new_white_house_1.html ∗∗∗ Oracle scrambles to sew up horrid security holes in PeopleSofts Tuxedo ∗∗∗ --------------------------------------------- Nothing like unauthd hijacking, Heartbleed-style bugs to patch ASAP Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/16/oracle_peop… ∗∗∗ US-CERT: Security Tip (ST17-001) Securing the Internet of Things ∗∗∗ --------------------------------------------- The Internet of Things is becoming an important part of everyday life. Being aware of the associated risks is a key part of keeping your information and devices secure. --------------------------------------------- https://www.us-cert.gov/ncas/tips/ST17-001 ∗∗∗ Over 530 cyber-activities during fifth edition of European Cyber Security Month ∗∗∗ --------------------------------------------- The 2017 European Cyber Security Month (ECSM) has ended. This was the fifth consecutive edition of the awareness campaign put together by the EU Cybersecurity Agency ENISA, the EU Commission’s DG CONNECT and their partners. ... During the month of October, some 530 activities such as conferences, workshops, seminars and online courses took place across Europe, --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/over-530-cyber-activities-durin… ∗∗∗ Supplementing Windows Audit, Alerting, and Remediation with PowerShell [PDF] ∗∗∗ --------------------------------------------- This paper outlines the use of PowerShell to supplement audit, alerting, and remediation platform for Windows environments. This answers the question of why use PowerShell for these purposes. Several examples of using PowerShell are included to start the thought process on why PowerShell should be the security multi-tool of first resort. Coverage includes how to implement these checks in a secure, automatable way. --------------------------------------------- https://www.sans.org/reading-room/whitepapers/assurance/supplementing-windo… ∗∗∗ Beware Catphishing attacks targeting the hearts of security pros ∗∗∗ --------------------------------------------- Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated. --------------------------------------------- https://www.scmagazineuk.com/beware-catphishing-attacks-targeting-the-heart… ∗∗∗ Zehn Sicherheitslücken in Wiki-Software MediaWiki ∗∗∗ --------------------------------------------- Neue MediaWiki-Versionen schützen darauf aufsetzende Wikis unter anderem effektiver vor Brute-Force-Attacken. --------------------------------------------- https://heise.de/-3892250 ===================== = Vulnerabilities = ===================== ∗∗∗ BIG-IP SSL vulnerability CVE-2017-6168 ∗∗∗ --------------------------------------------- A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. --------------------------------------------- https://support.f5.com/csp/article/K21905460 ∗∗∗ Moxa NPort 5110, 5130, and 5150 ∗∗∗ --------------------------------------------- This advisory contains mitigation details for injection, information exposure, and resource exhaustion vulnerabilities in Moxa's NPort 5110, 5130, and 5150. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01 ∗∗∗ Siemens SICAM ∗∗∗ --------------------------------------------- This advisory contains mitigation details for missing authentication for critical function, cross-site scripting, and code injection vulnerabilities in the Siemens SICAM products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-320-02 ∗∗∗ VMSA-2017-0019 ∗∗∗ --------------------------------------------- NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0019.html ∗∗∗ VMSA-2017-0018 ∗∗∗ --------------------------------------------- VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0018.html ∗∗∗ VU#817544: Windows 8.0 and later fail to properly randomize all applications if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/817544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541544 ∗∗∗ Bugtraq: [security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541543 ∗∗∗ DFN-CERT-2017-2068: Jenkins Plugin: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2068/ ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009204 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010329 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010744 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010742 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SONAS (CVE-2017-7674, CVE-2017-7675) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010747 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010321 ∗∗∗ IBM Security Bulletin: IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data. (CVE-2017-1484) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010103 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010671 ∗∗∗ IBM Security Bulletin: IBM DataQuant is affected by an Open Source Apache Poi vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010565 ∗∗∗ IBM Security Bulletin: Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2017-2619) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010689 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.11.2017
by Daily end-of-shift report 16 Nov '17

16 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 15-11-2017 18:00 − Donnerstag 16-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Suspicious Domains Tracking Dashboard, (Thu, Nov 16th) ∗∗∗ --------------------------------------------- Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how can we detect potentially malicious DNS activity if domains are not (yet) present in a blacklist? The typical case is DGAs of Domain Generation Algorithm used by some malware families. --------------------------------------------- https://isc.sans.edu/diary/rss/23046 ∗∗∗ Microsoft DDE protocol based malware attacks ∗∗∗ --------------------------------------------- Introduction: Over the past few weeks, there have been several reports about the Microsoft Dynamic Data Exchange (DDE) vulnerability. To no ones surprise, hackers have been quick to exploit this vulnerability to spread malware through rigged Microsoft Word documents. In this same timeframe, the Zscaler ThreatLabZ team has seen a number of these malicious documents using the DDE vulnerability to download and execute malware. Most of the payloads we saw were Remote Access Trojans (RATs) [...] --------------------------------------------- https://www.zscaler.com/blogs/research/microsoft-dde-protocol-based-malware… ∗∗∗ Quad9: Datenschutzfreundliche Alternative zum Google-DNS ∗∗∗ --------------------------------------------- Wer Google nicht wesentliche Teile seines Surfverhaltens anvertrauen möchte, kann ab sofort auf einen alternativen DNS-Dienst ausweichen: 9.9.9.9 statt 8.8.8.8. Doch auch dort gibt es Besonderheiten. --------------------------------------------- https://www.heise.de/newsticker/meldung/Quad9-Datenschutzfreundliche-Altern… ∗∗∗ Ciscos Voice Operating System ist empfänglich für Angreifer ∗∗∗ --------------------------------------------- Angreifer könnten die Kontrolle über Cisco-Geräte mit Voice Operating System an sich reißen. Sicherheitsupdates schließen diese und weitere Lücken in anderen Produkten. --------------------------------------------- https://heise.de/-3891402 ∗∗∗ Sharp rise in fileless attacks evading endpoint security ∗∗∗ --------------------------------------------- A new Ponemon Institute survey of 665 IT and security leaders finds that over-reliance on traditional endpoint security is leaving organizations exposed to significant risk. 54 percent of respondents said their company experienced a successful attack. Of those respondents, 77 percent were victim to fileless attack or exploit. "This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations." said Dr. Larry Ponemon [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/11/16/fileless-attacks-evading-endpoin… ===================== = Vulnerabilities = ===================== ∗∗∗ Update: Kritische Lücke in Microsoft Office ermöglicht Remote Code Execution ∗∗∗ --------------------------------------------- Researcher haben eine schwerwiegende Sicherheitslücke in Microsoft Office entdeckt. Beschreibung Wenn ein Benutzer eine speziell präparierte Datei im Microsoft Excel-Format oder Microsoft Word-Format öffnet, kann in Folge ein Angreifer beliebigen Code, mit den Rechten des angemeldeten Benutzers, auf dem System ausführen. Die Schwachstelle basiert auf der Verwendung von [...] --------------------------------------------- http://www.cert.at/warnings/all/20171011.html ∗∗∗ Security Patch Compliance does not take effect on an activated Android device ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Bugtraq: CA20171114-01: Security Notice for CA Identity Governance ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541530 ∗∗∗ Yoast SEO <= 5.7.1 - Unauthenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8960 ∗∗∗ DFN-CERT-2017-2056: FreeBSD: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2056/ ∗∗∗ DFN-CERT-2017-2046: MongoDB: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2046/ ∗∗∗ DFN-CERT-2017-2066: Webkit2GTK: Mehrere Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2066/ ∗∗∗ Security Advisory - SQL Injection Vulnerabilities in Huawei UMA Product ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-… ∗∗∗ IBM Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010512 ∗∗∗ IBM Security Bulletin: IBM MQ certain file URLs could cause a buffer overwrite (CVE-2017-9502) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005401 ∗∗∗ Broken access control & LINQ injection in Progress Sitefinity ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/broken-access-control-linq-i… ∗∗∗ Shibboleth Service Provider Error in Dynamic MetadataProvider Plugin Lets Remote Users Bypass Security Restrictions on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039808 ∗∗∗ MediaWiki Multiple Flaws Let Remote Users Modify Data, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks and Let Local Users Obtain Passwords ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039812 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.11.2017
by Daily end-of-shift report 15 Nov '17

15 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 14-11-2017 18:00 − Mittwoch 15-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitsrisiko: Oneplus-Smartphones kommen mit eingebautem Root-Zugang ∗∗∗ --------------------------------------------- Oneplus verkauft offenbar seit Jahren seine Smartphones mit einem vorinstallierten Entwicklertool von Qualcomm, das Zugriff auf zahlreiche Systemressourcen erlaubt. Per ADB ist ein Root-Zugriff auf das jeweilige Gerät möglich. Der Hersteller will die Anwendung herauspatchen. --------------------------------------------- https://www.golem.de/news/sicherheitsrisiko-oneplus-smartphones-kommen-mit-… ∗∗∗ Privater Schlüssel: DXC veröffentlicht AWS-Key und muss 64.000 US-Dollar zahlen ∗∗∗ --------------------------------------------- Private Schlüssel in freier Wildbahn sind ein verbreitetes Problem. Zuletzt traf es das Sicherheitsunternehmen DXC, das den AWS-Schlüssel versehentlich bei Github hochlud - und dann die Rechnung dafür bekam. --------------------------------------------- https://www.golem.de/news/privater-schluessel-dxc-veroeffentlicht-aws-key-u… ∗∗∗ These Campaigns Explain Why AV Detection for New Malware Remains Low ∗∗∗ --------------------------------------------- This year we saw massive spam campaigns like NonPetya or Locky fly below the radar of antivirus software and went undetected during the first hours or even days. Some of them actually went undetected even for months. Second-generation malware usually has the ability to evade detection and bypass antivirus programs users have installed on their computers to [...] --------------------------------------------- https://heimdalsecurity.com/blog/campaigns-av-detection-new-malware-low/ ∗∗∗ Confusion reigns over crypto vuln in Spanish electronic ID smartcards ∗∗∗ --------------------------------------------- Certs revoked, but where are the updates? The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/15/spanish_id_… ∗∗∗ TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318A ∗∗∗ TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer ∗∗∗ --------------------------------------------- Original release date: November 14, 2017 | Last revised: November 15, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-318B ∗∗∗ Secure Engineering Guidelines ∗∗∗ --------------------------------------------- Some best practices for building and trusting software. --------------------------------------------- https://medium.com/@HockeyInJune/secure-engineering-guidelines-3b8845ac3265 ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates available in Foxit MobilePDF for iOS 6.1 ∗∗∗ --------------------------------------------- Foxit has released Foxit MobilePDF for iOS 6.1, which addresses potential security and stability issues. --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php ∗∗∗ Microsoft Security Updates ∗∗∗ --------------------------------------------- MS17-023 Security Update for Adobe Flash Player MS17-022 Security Update for Microsoft XML Core Services MS17-021 Security Update for Windows DirectShow MS17-020 Security Update for Windows DVD Maker MS17-019 Security Update for Active Directory Federation Services MS17-018 Security Update for Windows Kernel-Mode Drivers MS17-017 Security Update for Windows Kernel MS17-016 Security Update for Windows IIS MS17-015 Security Update for Microsoft Exchange Server MS17-014 Security Update for [...] --------------------------------------------- https://technet.microsoft.com/en-us/security/bulletins ∗∗∗ QNX-2017-001 Multiple vulnerabilities impact BlackBerry QNX Software Development Platform ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01 ∗∗∗ ABB TropOS ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-318-02 ∗∗∗ Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01 ∗∗∗ Cisco Security Advisories and Alerts ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ DFN-CERT-2017-2041: Oracle Fusion Middleware, Oracle Tuxedo: Mehrere Schwachstellen ermöglichen u.a. eine vollständige Komprommittierung ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2041/ ∗∗∗ Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ Security Advisory - Multiple Vulnerabilities in MTK Platform ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171115-… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Java vulnerability CVE-2017-10176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K05911127 ∗∗∗ Linux kernel vulnerability CVE-2017-11176 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K56450659 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.11.2017
by Daily end-of-shift report 14 Nov '17

14 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 13-11-2017 18:00 − Dienstag 14-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Breaking security controls using subdomain hijacking ∗∗∗ --------------------------------------------- Users obtain a domain name to establish a unique identity on the Internet. Domain names are not only used to serve names and addresses of computers and services but also to store security controls, such as SPF or CAA records. --------------------------------------------- https://securityblog.switch.ch/2017/11/14/subdomain-hijacking/ ∗∗∗ Investigating Command and Control Infrastructure (Emotet) ∗∗∗ --------------------------------------------- Although the majority of botnets still use a basic client-server model, with most relying on HTTP servers to receive commands, many prominent threats now use more advanced infrastructure to evade endpoint blacklisting and be resilient to take-down. In this article I will go through and explain my process of identifying Command and Control (C2) servers and understanding their topology, using Emotet as an example. --------------------------------------------- https://www.malwaretech.com/2017/11/investigating-command-and-control-infra… ∗∗∗ XZZX Cryptomix Ransomware Variant Released ∗∗∗ --------------------------------------------- A new CryptoMix Ransomware variant has been discovered that appends the .XZZX extension to encrypted files. This article will discuss the changes found in this new variant. --------------------------------------------- https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-va… ===================== = Vulnerabilities = ===================== ∗∗∗ SQL Injection in bbPress ∗∗∗ --------------------------------------------- During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug --------------------------------------------- https://blog.sucuri.net/2017/11/sql-injection-bbpress.html ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Flash Player (APSB17-33), Photoshop CC (APSB17-34), Connect (APSB17-35), Acrobat and Reader (APSB17-36), DNG Converter (APSB17-37), InDesign CC (APSB17-38), Digital Editions (APSB17-39), Shockwave Player (APSB17-40) and Adobe Experience Manager (APSB17-41). --------------------------------------------- https://blogs.adobe.com/psirt/?p=1510 ∗∗∗ #AVGater: Systemübernahme via Quarantäne-Ordner ∗∗∗ --------------------------------------------- Eine neue Angriffstechnik nutzt die Wiederherstellungs-Funktion der Anti-Viren-Quarantäne, um Systeme via Malware zu kapern. Bislang reagierten sechs Software-Hersteller mit Updates. --------------------------------------------- https://heise.de/-3889107 ∗∗∗ Authentication bypass, cross-site scripting & code execution in Siemens SICAM RTU SM-2556 ∗∗∗ --------------------------------------------- The Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00) are affected by an authentication bypass vulnerability as the authentication checks are only performed client-side (JavaScript). Furthermore, the device is affected by cross site scripting vulnerabilities and outdated webserver software which allows code execution. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/authentication-bypass-cross-… ∗∗∗ Vulnerability in windows antivirus products (IK-SA-2017-0002) ∗∗∗ --------------------------------------------- A privilege escalation and arbitrary write vulnerability was found in all our windows antivirus products. [...] Successful exploitation of this issue would allow an attacker to overwrite any memory region (including kernel) in the client machine with elevated privileges. --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-w… ∗∗∗ SAP Security Patch Day - November 2017 ∗∗∗ --------------------------------------------- On 14th of November 2017, SAP Security Patch Day saw the release of 13 Security Notes. Additionally, there were 9 updates to previously released security notes. --------------------------------------------- https://blogs.sap.com/2017/11/14/sap-security-patch-day-november-2017/ ∗∗∗ DFN-CERT-2017-2025/">OTRS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2025/ ∗∗∗ DFN-CERT-2017-2024/">Symantec Endpoint Encryption: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2024/ ∗∗∗ IBM Security Bulletin: Vulnerability may affect IBM® SDK for Node.js™ (CVE-2017-14919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009851 ∗∗∗ IBM Security Bulletin: IBM® Db2® is affected by vulnerabilities in the IBM® SDK, Java Technology Edition Quarterly Critical Patch Updates (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010282 ∗∗∗ IBM Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009145 ∗∗∗ Cacti Input Validation Flaw in Page Refresh Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039774 ∗∗∗ jQuery vulnerability CVE-2016-7103 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K95208524 ∗∗∗ Java vulnerability CVE-2017-10135 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23489380 ∗∗∗ Java vulnerability CVE-2017-10198 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K04734043 ∗∗∗ Java SE and JRockit vulnerability CVE-2017-10243 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K54747614 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.11.2017
by Daily end-of-shift report 13 Nov '17

13 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 10-11-2017 18:00 − Montag 13-11-2017 18:00 Handler: Stephan Richter Co-Handler: Nina Bieringer ===================== = News = ===================== ∗∗∗ Detecting reflective DLL loading with Windows Defender ATP ∗∗∗ --------------------------------------------- Todays attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In recent blogs we described how attackers use basic... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/11/13/detecting-reflective-dl… ∗∗∗ Keep An Eye on your Root Certificates, (Sat, Nov 11th) ∗∗∗ --------------------------------------------- A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers which silently installs a root certificate[1]. The risks associated with this kind of behaviour are multiple, the most important remains performing MitM attacks. New root certificates are not always the result of an attack or infection by a malware. Corporate end-points might also get new root certificates. --------------------------------------------- https://isc.sans.edu/diary/rss/23030 ∗∗∗ Sicherheitsupdate: VMware AirWatch Launcher for Android als Sprungbrett für Angreifer ∗∗∗ --------------------------------------------- VMware schließt mehrere Sicherheitslücken in AirWatch Launcher und AirWatch Console for Android. Davon gilt keine als kritisch. --------------------------------------------- https://heise.de/-3888725 ∗∗∗ Hintergrund: Cardiac Scan: Herzbewegung als biometrisches Authentifizierungsmerkmal ∗∗∗ --------------------------------------------- Zu den gängigen biometrischen Identifikationsmerkmalen wie Fingerabdrücken, Iris-Scans oder Gesichtserkennung könnte sich bald auch das menschliche Herz gesellen. Denn keines bewegt sich wie das andere. --------------------------------------------- https://heise.de/-3842874 ∗∗∗ Ordinypt: Vermeintlicher Erpressungstrojaner-Ausbruch in Deutschland gibt Rätsel auf ∗∗∗ --------------------------------------------- Die vor kurzem aufgetauchte Ransomware Ordinypt löscht Dateien, statt sie zu verschlüsseln und hat es mit Fake-PDF-Dateien auf deutsche Personalabteilungen abgesehen. Allerdings gibt es bisher kaum Anzeichen auf Infektionen in freier Wildbahn. --------------------------------------------- https://heise.de/-3889143 ∗∗∗ Keine Bank Austria-Kundendaten aktualisieren ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Bank Austria-Nachricht. Darin fordern sie Empfänger/innen dazu auf, dass sie eine Website aufrufen und auf dieser ihre persönlichen Kund/innendaten aktualisieren. Wer der Aufforderung nachkommt, übermittelt OnlineBanking-Zugangsdaten an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-bank-austria-kundendaten-a… ∗∗∗ Fighting persistent malware with a UEFI scanner, or ‘What’s it all about UEFI?” ∗∗∗ --------------------------------------------- The biggest news in malware so far this year has been WannaCryptor a.k.a. WannaCry, and one reason that particular ransomware spread so fast was because it used a "top secret" exploit developed by the NSA, an agency known to have dabbled in UEFI compromise. --------------------------------------------- https://www.welivesecurity.com/2017/11/10/uefi-scanner-fighting-persistent-… ===================== = Vulnerabilities = ===================== ∗∗∗ Vulnerability Spotlight: Multiple Vulnerabilities in Foscam C1 Indoor HD Cameras ∗∗∗ --------------------------------------------- These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryThe Foscam C1 Indoor HD Camera is a network-based camera that is marketed for use in a variety of applications, including use as a home security monitoring device. Talos recently identified several vulnerabilities present in these devices, and worked with Foscam to develop fixes for them, which we published the details for in a blog post here. --------------------------------------------- http://blog.talosintelligence.com/2017/11/foscam-multiple-vulns.html ∗∗∗ DSA-4031 ruby2.3 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4031 ∗∗∗ DSA-4032 imagemagick - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4032 ∗∗∗ Vuln: ManageEngine ServiceDesk CVE-2017-11511 Arbitrary File Download Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101788 ∗∗∗ WP Support Plus Responsive Ticket System <= 8.0.7 - Remote Code Execution (RCE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8949 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.11.2017
by Daily end-of-shift report 10 Nov '17

10 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 09-11-2017 18:00 − Freitag 10-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ "Eavesdropper" Vulnerability Exposes Millions of Private Conversations ∗∗∗ --------------------------------------------- Security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service. --------------------------------------------- https://www.bleepingcomputer.com/news/security/-eavesdropper-vulnerability-… ∗∗∗ Google Ranks Phishing Above Keyloggers & Password Reuse as Bigger Threat to Users ∗∗∗ --------------------------------------------- Research carried out by Google engineers and academics from the University of California, Berkeley and the International Computer Science Institute has revealed that phishing attacks pose a more significant threat to users losing access to their Google accounts when compared to keyloggers or password reuse. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-ranks-phishing-above-… ∗∗∗ First Android Malware Detected Using New "Toast Overlay" Attack ∗∗∗ --------------------------------------------- A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time. --------------------------------------------- https://www.bleepingcomputer.com/news/security/first-android-malware-detect… ∗∗∗ Ordinypt: Erpressungstrojaner bedroht deutsche Firmen ∗∗∗ --------------------------------------------- Allem Anschein nach geht in Deutschland ein neuer Trojaner um, der auf Personalabteilungen zielt und Lösegeld erpresst. Der in Delphi verfasste Trojaner lässt Opfern allerdings keine Chance, ihre Daten wiederzubekommen. --------------------------------------------- https://heise.de/-3887249 ∗∗∗ Achtung: Abzocker-Version des Windows Movie Maker ist Nummer Eins bei Google ∗∗∗ --------------------------------------------- Eine gefälschte Version des nicht mehr von Microsoft angebotenen Windows Movie Maker verführt Opfer zum Download und bittet sie dann zur Kasse. Die Betrüger-Webseite hat es sogar ganz vorne in die Ergebnisse vieler Suchmaschinen geschafft. --------------------------------------------- https://heise.de/-3887323 ===================== = Vulnerabilities = ===================== ∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-36) ∗∗∗ --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, November 14, 2017. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1508 ∗∗∗ AutomationDirect CLICK, C-More, C-More Micro, GS Drives, and SL-Soft SOLO ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-01 ∗∗∗ Schneider Electric InduSoft Web Studio and InTouch Machine Edition ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-313-02 ∗∗∗ iOS 11.1.1 ∗∗∗ --------------------------------------------- https://support.apple.com/kb/HT208255 ∗∗∗ DFN-CERT-2017-1998/">PostgreSQL: Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1998/ ∗∗∗ DFN-CERT-2017-1995/">GitLab: Mehrere Schwachstellen ermöglichen das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1995/ ∗∗∗ IBM Security Bulletin: IBM Content Classification is affected by a Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010229 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM QRadar Network Security Manager component of IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007568 ∗∗∗ SSA-901333 (Last Update 2017-11-09): KRACK Attacks Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-901333… ∗∗∗ VMSA-2017-0017 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0017.html ∗∗∗ VMSA-2017-0016 ∗∗∗ --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0016.html -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.11.2017
by Daily end-of-shift report 09 Nov '17

09 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 08-11-2017 18:00 − Donnerstag 09-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Evil pixels: researcher demos data-theft over screen-share protocols ∗∗∗ --------------------------------------------- Users see white noise, attackers see whatever they just stole from you Its the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/09/evil_pixels… ∗∗∗ Tausende Cisco-Switches offen im Internet – Angriffe laufen bereits ∗∗∗ --------------------------------------------- Über 200.000 Cisco Switches sind übers Internet erreichbar und lassen sich umkonfigurieren oder komplett übernehmen; mehrere tausend davon allein in Deutschland. Die Systeme werden bereits angegriffen, doch der Hersteller sieht keine Schwachstelle. --------------------------------------------- https://heise.de/-3882810 ∗∗∗ Hacker dringt weiter in Intels Management Engine vor ∗∗∗ --------------------------------------------- Maxim Goryachy von der Beratungsfirma Positive Technologies konnte eine Programmierschnittstelle zu Intels Managemet Engine öffnen, während Google-Experten die Firmware-Alternative NERF entwickeln. --------------------------------------------- https://heise.de/-3884928 ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4022 libreoffice - security update ∗∗∗ --------------------------------------------- Marcin Noga discovered two vulnerabilities in LibreOffice, which couldresult in the execution of arbitrary code if a malformed PPT or DOCdocument is opened. --------------------------------------------- https://www.debian.org/security/2017/dsa-4022 ∗∗∗ BlackBerry powered by Android Security Bulletin – November 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ VU#739007: IEEE P1735 implementations may have weak cryptographic protections ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/739007 ∗∗∗ 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0 ∗∗∗ --------------------------------------------- https://technet.microsoft.com/en-us/library/security/4053440 ∗∗∗ Vuln: Multiple Asterisk Products CDR Remote Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101760 ∗∗∗ DFN-CERT-2017-1987: Jenkins: Zwei Schwachstellen ermöglichen u.a. Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1987/ ∗∗∗ DFN-CERT-2017-1991: Roundcube Webmail: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1991/ ∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant GUI affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-1710) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010788 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in libtasn1 (CVE-2015-2806, CVE-2015-3622) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010224 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007609 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000357 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10115, CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009304 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010191 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.11.2017
by Daily end-of-shift report 08 Nov '17

08 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 07-11-2017 18:00 − Mittwoch 08-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSH Server "Time to Live"? Less than a cup of coffee!, (Wed, Nov 8th) ∗∗∗ --------------------------------------------- After the stories I posted last week on SSH, I had some folks ask me about putting an SSH server on the public internet - apparently lots of lots of folks still think that's a safe thing to do. --------------------------------------------- https://isc.sans.edu/diary/rss/23020 ∗∗∗ BSI veröffentlicht Bericht zur Lage der IT-Sicherheit in Deutschland 2017 ∗∗∗ --------------------------------------------- Der Lagebericht der nationalen Cyber-Sicherheitsbehörde beschreibt und analysiert die aktuelle IT-Sicherheitslage, die Ursachen von Cyber-Angriffen sowie die verwendeten Angriffsmittel und -methoden. Daraus abgeleitet zeigt das BSI Lösungsansätze zur Verbesserung der IT-Sicherheit in Deutschland auf. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Bericht_zur… ∗∗∗ Amazon Updates AWS Dashboard to Warn Admins When Theyre Exposing S3 Buckets ∗∗∗ --------------------------------------------- Following a long string of data leaks caused by misconfigured S3 servers, Amazon has decided to add a visible warning to the AWS backend dashboard panel that will let server admins know if one of their buckets (storage environments) is publicly accessible and exposing potentially sensitive data on the Internet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-updates-aws-dashboard… ∗∗∗ Windows 10: Microsoft stellt Sicherheitsrichtlinien für Windows-PCs auf ∗∗∗ --------------------------------------------- Ein aktueller Prozessor, UEFI 2.4 und am besten ein TPM-Chip: Neue Sicherheitsrichtlinien machen Systeme mit Fall Creators Update laut Microsoft erst sicher. Die 8-GByte-RAM-Regel kann jedoch etwa das eigene Surface Pro teils nicht einhalten. (Windows 10, Microsoft) --------------------------------------------- https://www.golem.de/news/windows-10-microsoft-stellt-sicherheitsrichtlinie… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory - Denial of Service Vulnerability on Huawei Smartphones ∗∗∗ --------------------------------------------- There is a denial of service vulnerability on Huawei Smartphones. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot. (Vulnerability ID: HWPSIRT-2017-09085) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15345. Huawei has released software updates to fix this vulnerability. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Information Leak Vulnerability in Huawei FusionSphere OpenStack ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Three Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ Security Advisory - Command Injection Vulnerability in OpsMonitor ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171108-… ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact affected by IBM® SDK Java™ Technology Edition Quarterly CPU – Jul 2017 – Includes Oracle Jul 2017 CPU vulnerabilities in IBM WebSphere Application Server ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010162 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Guardium Data Redaction (multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008888 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010223 ∗∗∗ Kernel vulnerabilities CVE-2017-12192 and CVE-2017-15274 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33567812 ∗∗∗ Java vulnerability CVE-2017-10118 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K42185012 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.11.2017
by Daily end-of-shift report 07 Nov '17

07 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 06-11-2017 18:00 − Dienstag 07-11-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Security: Malware mit legitimen Zertifikaten weit verbreitet ∗∗∗ --------------------------------------------- Aktuelle Forschungen werfen erneut ein schlechtes Licht auf den Umgang mit Zertifikaten. Fast 200 Malware-Proben sind mit legitimen digitalen Unterschriften ausgestattet gewesen. Damit kann die Schadsoftware Prüfungen durch Sicherheitssoftware bestehen. (Security, Virus) --------------------------------------------- https://www.golem.de/news/security-malware-mit-legitimen-zertifikaten-weit-… ∗∗∗ NCSC publishes factsheet Post-quantum cryptography ∗∗∗ --------------------------------------------- The emergence of quantum computers can have major implications for organizations that process sensitive information. Using a future quantum computer, one can decrypt data that is encrypted with popular cryptographic algorithms. The consequences are, however, even more serious. Encrypted data may already be intercepted, awaiting the possibility to decrypt the data with a future quantum computer. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-po… ∗∗∗ The Apple iOS 11 Privacy and Security Settings You Should Check ∗∗∗ --------------------------------------------- Heads up, iPhone owners. iOS 11 comes with a batch of security features that merit your attention. --------------------------------------------- https://www.wired.com/story/ios-11-privacy-security-settings ∗∗∗ Warnung vor gefälschter Bank Austria-Sicherheits-App ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht fordern Kriminelle Empfänger/innen dazu auf, dass sie eine Sicherheits-App installieren. Die Installation der Anwendung sei erforderlich, damit Kund/innen weiterhin das OnlineBanking ihrer Bank nützen können. In Wahrheit ist die Sicherheits-App Schadsoftware. Sie hilft den Betrüger/innen dabei, das Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/warnung-vor-gefaelschter-bank-au… ===================== = Vulnerabilities = ===================== ∗∗∗ Oh Brother: Hackers can crash your unpatched printers – researchers ∗∗∗ --------------------------------------------- DoSsing for fun and profit not just a nuisance, they warn Security researchers have said theyve uncovered a new way for hackers to crash Brother printers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/07/brother_pri… ∗∗∗ DFN-CERT-2017-1975/">Chrome OS: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung betroffener Systeme ∗∗∗ --------------------------------------------- Betroffene Software: Chrome OS < 62.0.3202.74 Betroffene Plattformen: Chrome OS Lösung: Patch; Chrome Stable Channel Update for Chrome OS, 27.10.2017 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1975/ ∗∗∗ DFN-CERT-2017-1972/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Betroffene Software * Google Android Operating System < 5.0.2 2017-11-06 * Google Android Operating System < 5.1.1 2017-11-06 * Google Android Operating System < 6.0 2017-11-06 * Google Android Operating System < 6.0.1 2017-11-06 * Google Android Operating System < 7.0 2017-11-06 * Google Android Operating System < 7.1.1 2017-11-06 * Google Android Operating System < 7.1.2 2017-11-06 * Google Android Operating System < 8.0 2017-11-06 * LG Mobile Android < SMR-NOV-2017 * Samsung Mobile Android < SMR-NOV-2017 Betroffene Plattformen * Google Nexus * Google Pixel * Google Android Operating System * LG Mobile Android * Samsung Mobile Android --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1972/ ∗∗∗ Vulnerabilities in multiple third party TYPO3 CMS extensions ∗∗∗ --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: * "File manager" (ameos_filemanager) * "T3Blog Extbase" (t3extblog) * "Recommend page " (pb_recommend_page) * "Formhandler" (formhandler) * "restler" (restler) * "CAB FAL search" (falsearch) * "Multishop" (multishop) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2017/000413.html ∗∗∗ [20171103] - Core - Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/ZBmazG0EZeU/715-20171103-c… ∗∗∗ [20171102] - Core - 2-factor-authentication bypass ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/KWysQZRrTWQ/713-20171102-c… ∗∗∗ [20171101] - Core - LDAP Information Disclosure ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_Ud0fZdMIyg/714-20171101-c… ∗∗∗ DFN-CERT-2017-1973/">Symantec Endpoint Protection: Mehrere Schwachstellen ermöglichen u.a. die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1973/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008552 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2017 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010650 ∗∗∗ IBM Security Bulletin: A vulnerability in the SQLite component of the Response Time agent affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007610 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004827 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010154 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008814 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.11.2017
by Daily end-of-shift report 06 Nov '17

06 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 03-11-2017 18:00 − Montag 06-11-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2017-1961/">Tor Browser: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten URL, die von einem Benutzer des Tor Browsers aufgerufen wird, eine direkte Verbindung des Systems zu entfernten Hosts erzwingen und dadurch die echte IP-Adresse des betroffenen Systems ausspähen. Das Tor Projekt informiert über die Schwachstelle im Tor Browser auf Linux- und macOS-Systemen und stellt die Versionen 7.0.7 und 7.5a7 als Sicherheitsupdates zur Verfügung. Benutzer von Tails und dem vom Tor Projekt veröffentlichten Sandboxed Tor Browser sind nicht betroffen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1961/ ∗∗∗ Bugtraq: Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec) ∗∗∗ --------------------------------------------- The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 ... XSS vulnerability that leads to Remote Code Execution CSRF Schedule arbitrary commands Server Side Request Forgery --------------------------------------------- http://www.securityfocus.com/archive/1/541481 ∗∗∗ Vuln: Avaya IP Office Contact Center CVE-2017-12969 Remote Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- Avaya IP Office Contact Center is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the user. Failed attempts will likely cause a denial-of-service condition. Avaya IP Office (IPO) versions 9.1.0 through 10.1 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/101667 ∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is affected by an Apache Commons FileUpload vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010215 ∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009870 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009242 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009240 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009591 ∗∗∗ IBM Security Bulletin: Security vulnerability in IBM Business Process Manager affects IBM Cloud Orchestrator (CVE-2017-1140) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000354 ∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2017-1137) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000349 ∗∗∗ BIG-IP FastL4 TMM vulnerability CVE-2017-6166 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K65615624 ∗∗∗ PHP vulnerability CVE-2017-11628 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K75543432 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.11.2017
by Daily end-of-shift report 03 Nov '17

03 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 02-11-2017 18:00 − Freitag 03-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ E-Government: Estland blockiert 760.000 eID-Zertifikate ∗∗∗ --------------------------------------------- Die von einer Sicherheitslücke betroffenen Zertifikate der estnischen eID-Karte werden nun doch zurückgezogen, nachdem der RSA-Bug von Infineon öffentlich ist. Estland will die Zertifikate updaten und künftig auf elliptische Kurven setzen. --------------------------------------------- https://www.golem.de/news/e-government-estland-blockiert-760-000-eid-zertif… ∗∗∗ Savitech: USB-Audiotreiber installiert Root-Zertifikat ∗∗∗ --------------------------------------------- Ein Treiber von Savitech installiert Root-Zertifikate in Windows, mit denen theoretisch HTTPS-Verbindungen angegriffen werden können. Genutzt wird der USB-Audiotreiber in Geräten von Asus, Dell oder auch Audio-Technica. Die Zertifikate waren für Windows XP gedacht und wurden vergessen. --------------------------------------------- https://www.golem.de/news/savitech-usb-audiotreiber-installiert-root-zertif… ∗∗∗ Attacking SSH Over the Wire - Go Red Team!, (Thu, Nov 2nd) ∗∗∗ --------------------------------------------- So, now that we've talked about securing SSH and auditing SSH over the last few days, how about attacking SSH? --------------------------------------------- https://isc.sans.edu/diary/rss/23000 ∗∗∗ QtBot downloader discovered in geo-based Locky-Trickbot campaign ∗∗∗ --------------------------------------------- Researchers from Palo Alto Networks have uncovered QtBot, an intermediate-stage downloader that helps to deliver the final payload in geography-based Locky-Trickbot malspam campaigns. --------------------------------------------- https://www.scmagazine.com/qtbot-downloader-discovered-in-geo-based-locky-t… ∗∗∗ Call for Speakers - 30th Annual FIRST Conference ∗∗∗ --------------------------------------------- The 30th Annual FIRST Conference is coming back to Asia next June 24-29, 2018 and we are looking for engaging speakers to present on relevant incident response and information security topics. FIRST brings together a wide variety of security and incident response professionals from public, private and academic sectors around the world in an information exchange and co-operation of trust on issues of mutual interest. --------------------------------------------- https://www.first.org/conference/2018/cfp ∗∗∗ Sicherheitsupdates: Cisco schützt unter anderem Firewalls vor feindlicher Übernahme ∗∗∗ --------------------------------------------- Der Netzwerkausrüster Cisco schließt mehrere Sicherheitslücken in zum Beispiel der Aironet-Serie, Firepower-Reihe und im WebEx Meetings Server. --------------------------------------------- https://heise.de/-3878040 ∗∗∗ Mobile Pwn2Own: Hacker knacken Samsung S8 mittels beachtlicher Sicherheitslücken-Combo ∗∗∗ --------------------------------------------- Auf dem Mobile-Pwn2Own-Wettbewerb haben Hacker zwei Tage lang mobile Geräte von Apple, Huawei und Samsung erfolgreich attackiert. Der Veranstalter schüttete dafür in der Summe 515.000 US-Dollar aus. --------------------------------------------- https://heise.de/-3878099 ∗∗∗ BEC scammers are robbing art galleries and collectors ∗∗∗ --------------------------------------------- BEC scammers are targeting art galleries, collectors and artists, swindling them out of money and, on occasion, ruining their businesses. According to The Art Newspaper, nine art galleries in the UK and the US have been hit, some of them successfully. Insurance broker Adam Prideaux told the publication, the actual number of targets is likely considerably higher. The scammers’ MO The scammers start by finding a way to compromise an art dealer’s email account, and [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/11/03/bec-scammers-robbing-art-galleri… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DSA-4015 openjdk-8 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4015 ∗∗∗ DFN-CERT-2017-1954: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1954/ ∗∗∗ DFN-CERT-2017-1955: Red Hat JBoss Fuse, Red Hat JBoss A-MQ: Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Daten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1955/ ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory - Seven vulnerabilities in Google Dnsmasq ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171103-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.11.2017
by Daily end-of-shift report 02 Nov '17

02 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 31-10-2017 18:00 − Donnerstag 02-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Bericht: Log-in-Daten in iOS-Apps können ausgespäht werden ∗∗∗ --------------------------------------------- Die Log-in-Daten können bei 111 der 200 populärsten iOS-Apps einfach ausgelesen werden. Möglich wird das durch eine unsaubere Implementierung von HTTPs. --------------------------------------------- https://futurezone.at/digital-life/bericht-log-in-daten-in-ios-apps-koennen… ∗∗∗ CLDAP is Now the No.3 Reflection Amplified DDoS Attack Vector, Surpassing SSDP and CharGen ∗∗∗ --------------------------------------------- With our DDoSMon, we are able to perform continuous and near real-time monitoring on global DDoS attacks. For quite a long time, DNS, NTP, CharGen and SSDP have been the most frequently abused services in DDoS reflection amplification attacks. They rank respectively 1st, 2nd, 3rd and [...] --------------------------------------------- http://blog.netlab.360.com/cldap-is-now-the-3rd-reflection-amplified-ddos-a… ∗∗∗ ENGELSYSTEM - User notification ∗∗∗ --------------------------------------------- [...] ab dem 12. Dezember 2015 wurden zwei professionelle Phishingdomains fuer das engelsystem, engelsystem.com und engelsystem.net, eingerichtet. Diese wurden erst jetzt von uns gefunden und danach zeitnah, nach einer Abuse-Meldung von uns, vom Hoster offline genommen. --------------------------------------------- https://engelsystem.de/usernotification.html ∗∗∗ Goodbye, login. Hello, heart scan. ∗∗∗ --------------------------------------------- A new non-contact, remote biometric tool could be the next advance in computer security. --------------------------------------------- http://www.buffalo.edu/news/releases/2017/09/034.html ∗∗∗ macOS 10.12 und 10.11: KRACK-Lücke gestopft, Loch im Schlüsselbund bleibt ∗∗∗ --------------------------------------------- Apple hat ein Sicherheitsupdate für Sierra und El Capitan veröffentlicht, in dem ein vieldiskutiertes WLAN-Problem behoben wurde. Ein anderer schwerwiegender Fehler wurde hingegen offenbar nicht angegangen. --------------------------------------------- https://heise.de/-3876491 ∗∗∗ Jetzt patchen! SQL-Injection-Lücke bedroht WordPress ∗∗∗ --------------------------------------------- Die abgesicherte WordPress-Version 4.8.3 ist erschienen. Nutzer sollten diese zügig installieren, da Angreifer Webseiten via SQL-Injection-Attacke übernehmen könnten. --------------------------------------------- https://heise.de/-3876623 ∗∗∗ Misconfigured Amazon S3 Buckets allowing man-in-the-middle attacks ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/misconfigured-amazon-s3-buckets-allowing-… ===================== = Vulnerabilities = ===================== ∗∗∗ Advantech WebAccess ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and untrusted pointer dereference vulnerabilities in Advantechs WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02 ∗∗∗ Apple Releases Multiple Security Updates ∗∗∗ --------------------------------------------- Original release date: October 31, 2017 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates: Cloud for Windows 7.1 iOS 11.1 iTunes 12.7.1 for Windows macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update [...] --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/10/31/Apple-Releases-Mul… ∗∗∗ OpenSSL Security Advisory [02 Nov 2017] ∗∗∗ --------------------------------------------- bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) --------------------------------------------- https://www.openssl.org/news/secadv/20171102.txt ∗∗∗ Vuln: EMC AppSync CVE-2017-14376 Local Hardcoded Credentials Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101626 ∗∗∗ DFN-CERT-2017-1928: FortiClient: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1928/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ HPESBHF03787 rev.1 - Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en… ∗∗∗ Security Advisory - Three Out-of-bounds Read Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171101-… ∗∗∗ Security Notice - Statement on a Security Vulnerability of Huawei Mate9 Pro Demonstrated at the Mobile Pwn20wn Contest in the PacSec Conference ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171101-01-… ∗∗∗ EMC Unisphere for VMAX Virtual Appliance Authentication Bypass Lets Remote Users Access the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039704 ∗∗∗ Java SE vulnerability CVE-2017-10116 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35104614 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.10.2017
by Daily end-of-shift report 31 Oct '17

31 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 30-10-2017 18:00 − Dienstag 31-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Flaws in Googles Bug Tracker Exposed Companys Vulnerability Database ∗∗∗ --------------------------------------------- A Romanian bug hunter has found three flaws in Googles official bug tracker, one of which could have been used to exposed sensitive vulnerabilities to unauthorized intruders. --------------------------------------------- https://www.bleepingcomputer.com/news/security/flaws-in-googles-bug-tracker… ∗∗∗ New VibWrite System Uses Finger Vibrations to Authenticate Users ∗∗∗ --------------------------------------------- Rutgers engineers have created a new type of user authentication system that relies on transmitting vibrations through a surface and having the user touch the surface to generate a unique signature. This signature is then used to approve or deny a user access to an app, room, or building. --------------------------------------------- https://www.bleepingcomputer.com/news/technology/new-vibwrite-system-uses-f… ∗∗∗ Tales from the blockchain ∗∗∗ --------------------------------------------- We will tell you two unusual success stories that happened on the "miner front". The first story echoes the TinyNuke event and, in many respects gives an idea of the situation with miners. The second one proves that to get crypto-currency, you don’t need to "burn" the processor. --------------------------------------------- http://securelist.com/tales-from-the-blockchain/82971/ ∗∗∗ Engineers at Work: Automatic Static Detection of Malicious JavaScript ∗∗∗ --------------------------------------------- Our engineers at work examine the automatic static detection of malicious JavaScript. --------------------------------------------- https://researchcenter.paloaltonetworks.com/2017/10/engineers-work-automati… ∗∗∗ Say what? Another reCaptcha attack, now against audio challenges ∗∗∗ --------------------------------------------- unCaptcha is the sound of security crumbling Whatever Google has in mind to replace its reCaptcha had better be ready soon: another research group has found a way to defeat it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/31/uncaptcha_r… ∗∗∗ Ebury and Mayhem server malware families still active ∗∗∗ --------------------------------------------- Ebury and Mayhem, two families of Linux server malware, about which VB published papers back in 2014, are still active and have received recent updates. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/10/ebury-and-mayhem-server-malw… ∗∗∗ [SANS ISC] Some Powershell Malicious Code ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.org: "Some Powershell Malicious Code". Powershell is a great language that can interact at a low-level with Microsoft Windows. While hunting, I found a nice piece of Powershell code. After some deeper checks, it appeared that the code was not brand new [...] --------------------------------------------- https://blog.rootshell.be/2017/10/31/sans-isc-powershell-malicious-code/ ∗∗∗ WordPress 4.8.3 Security Release ∗∗∗ --------------------------------------------- WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. --------------------------------------------- https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ ∗∗∗ IoT-Botnetz ist wohl kleiner als angenommen ∗∗∗ --------------------------------------------- Aktuellen Analysen zufolge soll das Reaper-Botnetz mit 10.000 bis 20.000 IoT-Geräten wesentlich kleiner sein als zuvor angenommen. Der zugrunde liegende optimierte Mirai-Quellcode birgt aber viel Potenzial für erfolgreiche (DDoS-)Angriffe. --------------------------------------------- https://heise.de/-3876165 ∗∗∗ WhatsApp Messenger-Konto läuft nicht ab ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte WhatsApp-E-Mail. Darin behaupten sie, dass das Konto von Nutzer/innen ablaufe. Das Konto müssen Kund/innen für die weitere Verwendung des Programms verlängern. Dafür ist die Bekanntgabe von Kreditkartendaten notwendig. Wer der betrügerischen Aufforderung nachkommt, wird Opfer eines Datendiebstahls. --------------------------------------------- https://www.watchlist-internet.at/phishing/whatsapp-messenger-konto-laeuft-… ∗∗∗ Antimalware Day: Genesis of viruses… and computer defense techniques ∗∗∗ --------------------------------------------- To honor the work of Dr. Fred Cohen and Professor Len Adleman, and the foundation they laid for research of computer threats, we decided to declare November 3 as the first ever Antimalware Day. --------------------------------------------- https://www.welivesecurity.com/2017/10/31/antimalware-day-genesis-viruses/ ===================== = Vulnerabilities = ===================== ∗∗∗ ABB FOX515T ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in ABBs FOX515T communication interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-304-01 ∗∗∗ Trihedral Engineering Limited VTScada ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper access control and uncontrolled search path element vulnerabilities in Trihedral Engineering Limiteds VTScada software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-304-02 ∗∗∗ NetIQ Access Manager 4.2 Support Pack 5 4.2.5.0-17 ∗∗∗ --------------------------------------------- Abstract: NetIQ Access Manager 4.2 Support Pack 5 build (version 4.2.5.0-17). This file contains updates for services contained in the NetIQ Access Manager 4.2 product. NetIQ recommends that all customers running Access Manager 4.2 release code apply this patch. The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.2 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, [...] --------------------------------------------- https://download.novell.com/Download?buildid=HcH_x-A_kgo~ ∗∗∗ Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017100212 ∗∗∗ DSA-4011 quagga - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4011 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ HPESBHF03788 rev.1 - Hewlett Packard Enterprise Intelligent Management Center flexFileUpload Directory Traversal Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03788en_us ∗∗∗ RPC portmapper vulnerability CVE-1999-0632 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62832776 ∗∗∗ Apache OpenOffice patches four vulnerabilities in 4.1.4 update ∗∗∗ --------------------------------------------- https://www.scmagazineuk.com/news/apache-openoffice-patches-four-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.10.2017
by Daily end-of-shift report 30 Oct '17

30 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 27-10-2017 18:00 − Montag 30-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Cybercrime-Report 2016: Zahl der Anzeigen 2016 fast um ein Drittel gestiegen ∗∗∗ --------------------------------------------- Das Bundeskriminalamt präsentierte am 30. Oktober 2017 den Cybercrime-Report 2016. Demnach ist die Zahl der Cybercrime-Anzeigen 2016 im Vergleich zum Jahr davor um fast ein Drittel gestiegen. --------------------------------------------- http://www.bmi.gv.at/news.aspx?id=5062565A4F35476A2B38453D ∗∗∗ Matrix Ransomware Being Distributed by the RIG Exploit Kit ∗∗∗ --------------------------------------------- The Matrix Ransomware has started to be distributed through the RIG exploit kit. This article will provide information on what vulnerabilities are being targeted and how to protect yourself. --------------------------------------------- https://www.bleepingcomputer.com/news/security/matrix-ransomware-being-dist… ∗∗∗ Firefox to Get a Better Password Manager ∗∗∗ --------------------------------------------- Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefoxs built-in password management." --------------------------------------------- https://www.bleepingcomputer.com/news/software/firefox-to-get-a-better-pass… ∗∗∗ Pharmahersteller: Merck musste wegen NotPetya-Angriff Medikamente leihen ∗∗∗ --------------------------------------------- Auch das Pharmaunternehmen Merck Sharp und Dohme merkt den NotPetya-Angriff in seiner Bilanz: Rund 375 Millionen US-Dollar Ausfall gibt das Unternehmen durch die Ransomware an. Um den Betrieb trotz Produktionsausfällen aufrechtzuerhalten, hat sich die Firma sogar Medikamente bei den US-Behörden geliehen. --------------------------------------------- https://www.golem.de/news/pharmahersteller-merck-musste-wegen-notpetya-angr… ∗∗∗ Freie Linux-Firmware: Google will Server ohne Intel ME und UEFI ∗∗∗ --------------------------------------------- Nach dem Motto "Habt ihr Angst? Wir schon!" arbeitet ein Team von Googles Coreboot-Entwicklern mit Kollegen daran, Intels ME und das proprietäre UEFI auch in Servern unschädlich zu machen. Und das wohl mit Erfolg. --------------------------------------------- https://www.golem.de/news/freie-linux-firmware-google-will-server-ohne-inte… ∗∗∗ "Catch-All" Google Chrome Malicious Extension Steals All Posted Data, (Fri, Oct 27th) ∗∗∗ --------------------------------------------- It seems that malicious Google Chrome extensions are on the rise. A couple of months ago, I posted here about two of them which stole user credentials posted on banking websites and alike. Now, while analyzing a phishing e-mail, I went through a new malware with a slight different approach: instead of monitoring specific URLs and focusing .. --------------------------------------------- https://isc.sans.edu/diary/rss/22976 ∗∗∗ IOActive disclosed 2 critical flaws in global satellite telecommunications Inmarsat’s SATCOM systems ∗∗∗ --------------------------------------------- Flaws in Stratos Global AmosConnect 8 PC-based SATCOM service impact thousands of customers worldwide running the newest version of the platform that is used in vessels. Security researchers at IOActive have disclosed critical security vulnerabilities in the maritime Stratos Global’s AmosConnect 8.4.0 satellite-based shipboard communication .. --------------------------------------------- http://securityaffairs.co/wordpress/64902/breaking-news/satcom-amosconnect-… ∗∗∗ Hackers Can Steal Windows Login Credentials Without User Interaction ∗∗∗ --------------------------------------------- Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction. The hack is easy to carry out and doesn't involve advanced technical skills to pull off. All the attacker needs to do is to place a malicious SCF file inside publicly accessible Windows folders. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-can-steal-windows-lo… ∗∗∗ McAfee stoppt Einblick in den Quellcode ∗∗∗ --------------------------------------------- Der amerikanische Antivirenspezialist gibt im Rahmen eines grundsätzlichen Strategiewechsels seit einiger Zeit fremden Regierungen keinen Zugang mehr zum Quellcode. --------------------------------------------- https://heise.de/-3875393 ∗∗∗ HTTPS-Verschlüsselung: Google verabschiedet sich vom Pinning ∗∗∗ --------------------------------------------- Das Festnageln von Zertifikaten sollte gegen Missbrauch schützen. In der Praxis wurde es jedoch selten eingesetzt. Zu kompliziert und zu fehlerträchtig lautet nun das Verdikt; demnächst soll die Unterstützung aus Chrome wieder entfernt werden. --------------------------------------------- https://heise.de/-3876078 ∗∗∗ Windigo Still not Windigone: An Ebury Update ∗∗∗ --------------------------------------------- In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury .. --------------------------------------------- https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/ ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-4008 wget - security update ∗∗∗ --------------------------------------------- Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server. --------------------------------------------- https://www.debian.org/security/2017/dsa-4008 ∗∗∗ DSA-4010 git-annex - security update ∗∗∗ --------------------------------------------- It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. --------------------------------------------- https://www.debian.org/security/2017/dsa-4010 ∗∗∗ Oracle Security Alert Advisory - CVE-2017-10151 ∗∗∗ --------------------------------------------- This Security Alert addresses CVE-2017-10151, a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability, and will be updated when patches in addition to the workaround are available. --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-40… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ F5 Security Advisories ∗∗∗ --------------------------------------------- https://support.f5.com/csp/new-updated-articles ∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171030-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.10.2017
by Daily end-of-shift report 27 Oct '17

27 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-10-2017 18:00 − Freitag 27-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Reaper IoT botnet aint so scary, contains fewer than 20,000 drones ∗∗∗ --------------------------------------------- But numbers arent everything, are they, Dyn? The Reaper IoT botnet is nowhere near as threatening as previously suggested, according to new research.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/27/reaper_iot_… ∗∗∗ A Bug in a Popular Maritime Platform Left Ships Exposed ∗∗∗ --------------------------------------------- The AmosConnect 8 web platform has vulnerabilities that could allow data to be exposed—underscoring deeper problems with maritime security. --------------------------------------------- https://www.wired.com/story/bug-in-popular-maritime-platform-isnt-getting-f… ∗∗∗ SANS Reading Room ∗∗∗ --------------------------------------------- The SANS Reading Room features over 2,730 original computer security white papers in 105 different categories. --------------------------------------------- https://www.sans.org/reading-room/ ∗∗∗ Sicherheitslücken in FortiOS mit hohem Angriffsrisiko ∗∗∗ --------------------------------------------- Im Betriebssystem FortiOS klaffen zwei Schwachstellen. Sicherheitsupdates reparieren das System. --------------------------------------------- https://heise.de/-3873331 ∗∗∗ The race to quantum supremacy and its cybersecurity impact ∗∗∗ --------------------------------------------- Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is possible. Most experts now agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application will happen. Optimistic estimates for commercialization by the private sector vary between 5 and 15 years, while more conservative estimates by academics put it at [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/10/26/quantum-supremacy/ ∗∗∗ Please don’t buy this: smart locks ∗∗∗ --------------------------------------------- The announcement of Amazon Key, a smart lock paired with a security camera that lets couriers into your home, spawned our new series called "Please dont buy this." --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/10/please-dont-buy-this-s… ∗∗∗ How to secure your router to prevent IoT threats? ∗∗∗ --------------------------------------------- The router is the first device that you must consider, since it not only controls the perimeter of your network, but all your traffic and information pass through it. --------------------------------------------- https://www.welivesecurity.com/2017/10/26/secure-your-router-prevent-iot-th… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗ --------------------------------------------- On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ BlackBerry powered by Android Security Bulletin – October 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Korenix JetNet ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 ∗∗∗ Rockwell Automation Stratix 5100 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02 ∗∗∗ Bugtraq: October 2017 - Bamboo - Critical Security Advisory ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541424 ∗∗∗ DFN-CERT-2017-1898/">F-Secure KEY: Mehrere Schwachstellen ermöglichen das Ausspähen von Anmeldeinformationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1898/ ∗∗∗ DFN-CERT-2017-1904/">GNU Wget: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1904/ ∗∗∗ DFN-CERT-2017-1905/">Node.js: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1905/ ∗∗∗ DFN-CERT-2017-1890/">PHP: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1890/ ∗∗∗ F5 Security Advisories ∗∗∗ --------------------------------------------- https://support.f5.com/csp/new-updated-articles ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-… ∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171027-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.10.2017
by Daily end-of-shift report 25 Oct '17

25 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-10-2017 18:00 − Mittwoch 25-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Whois Maintainer Accidentally Makes Password Hashes Available For Download ∗∗∗ --------------------------------------------- Whois maintainer for Asia Pacific notifies customers of an error where hashed authentication details for were inadvertently available for download. --------------------------------------------- http://threatpost.com/whois-maintainer-accidentally-makes-password-hashes-a… ∗∗∗ Malvertising Campaign Redirects Browsers To Terror Exploit Kit ∗∗∗ --------------------------------------------- Hackers behind the Terror exploit kit ramp up distribution via a two-month long malvertising campaign. --------------------------------------------- http://threatpost.com/malvertising-campaign-redirects-browsers-to-terror-ex… ∗∗∗ #BadRabbit: Wohl immer mehr Ziele von neuem Kryptotrojaner getroffen ∗∗∗ --------------------------------------------- Die russische Nachrichtenagentur Interfax ist am Dienstag durch einen Hackerangriff lahmgelegt worden. Fast alle Server seien betroffen, sagte der stellvertretende Generaldirektor Alexej Gorschkow. Es sei unklar, wann das Problem behoben werden könne. --------------------------------------------- https://heise.de/-3870349 ∗∗∗ DUHK: Zufallszahlengenerator ermöglicht Abhör-Attacke auf zehntausende Geräte ∗∗∗ --------------------------------------------- Mehr als 25.000 übers Internet erreichbare Fortinet-Geräte sind anfällig für passive Lauschangriffe gegen verschlüsselte Verbindungen. Verantwortlich ist fehlender Zufall. --------------------------------------------- https://heise.de/-3872013 ∗∗∗ Secure remote browsing: A different approach to thwart ever-changing threats ∗∗∗ --------------------------------------------- A defense-in-depth strategy is essential to modern enterprises, and organizations must deepen their defenses as quickly as possible to fully protect themselves. One promising technology proposes to achieve this by removing web browsing activity from endpoints altogether, while still enabling users to seamlessly and securely interact with the web-based content they need in order to do their jobs. The key to this approach? Secure remote browsing. --------------------------------------------- https://www.helpnetsecurity.com/2017/10/25/secure-remote-browsing/ ∗∗∗ Dell Lost Control of Key Customer Support Domain for a Month in 2017 ∗∗∗ --------------------------------------------- A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called "Dell Backup and Recovery Application." Its designed to help customers restore their data and computers to their pristine, factory default state should a problem occur [...] --------------------------------------------- https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-suppo… ∗∗∗ Digital forensics: How to recover deleted files ∗∗∗ --------------------------------------------- What happens exactly when you delete a file, and how easy or hard is it to recover deleted files? Learn the differences between delete, erase, and overwrite according to digital forensics. --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/10/digital-forensics-reco… ===================== = Vulnerabilities = ===================== ∗∗∗ FortiOS DoS on webUI through params JSON parameter ∗∗∗ --------------------------------------------- An authenticated user may pass a specially crafted payload to the params parameter of the JSON web API (URLs with /json) , which can cause the web user interface to be temporarily unresponsive. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-206 ∗∗∗ FortiOS web GUI logindisclaimer redir parameter XSS vulnerability ∗∗∗ --------------------------------------------- A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable by a remote unauthenticated attacker, via sending a maliciously crafted URL to a victim who has an open session on the web GUI. Visiting that malicious URL may cause the execution of arbitrary javascript code in the security context of the victims browser. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-113 ∗∗∗ osTicket 1.10.1 Shell Upload ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017100187 ∗∗∗ DSA-4006 mupdf - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4006 ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025973 ∗∗∗ IBM Security Bulletin: The BigFix Platform has vulnerabilities that have been addressed in patch releases ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009673 ∗∗∗ IBM Security Bulletin: Network Time Protocol (NTP) vulnerability in AIX which is used by IBM OS Images in IBM PureApplication Systems (CVE-2016-9310) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009301 ∗∗∗ IBM Security Bulletin: A vulnerability in the agent core framework affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004193 ∗∗∗ XSA-236 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-236.html Next End-of-Day report: 2017-10-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.10.2017
by Daily end-of-shift report 24 Oct '17

24 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 23-10-2017 18:00 − Dienstag 24-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Achieving Online Anonymity Using Tails OS ∗∗∗ --------------------------------------------- Achieving anonymity while browsing the internet is the main concern for many people; everybody wants to make their communications secure and private. However, few in the world have really achieved this objective and many are still facing difficulties and trying different techniques to achieve online privacy. The InfoSec community has produced various tools and techniques that utilize the TOR network to send the data securely and privately. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/achieving-online-anony… ∗∗∗ DUHK Crypto Attack Recovers Encryption Keys, Exposes VPN Connections, More ∗∗∗ --------------------------------------------- After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Dont Use Hard-coded Keys) [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/duhk-crypto-attack-recovers-… ∗∗∗ Stop relying on file extensions, (Tue, Oct 24th) ∗∗∗ --------------------------------------------- Yesterday, I found an interesting file in my spam trap. It was called '16509878451.XLAM'. To be honest, I was not aware of this extension and I found this on the web: "A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that [...] --------------------------------------------- https://isc.sans.edu/diary/rss/22962 ∗∗∗ Study: 18% of fed agencies embrace DMARC yet 25% of email fraudulent, unauthenticated ∗∗∗ --------------------------------------------- Of the 18 percent of agencies that do have DMARC in play, only half are maximizing the benefits of the standard by quarantining or rejecting unauthenticated email to prevent domain name spoofing. --------------------------------------------- https://www.scmagazine.com/study-18-of-fed-agencies-embrace-dmarc-yet-25-of… ∗∗∗ News Feature: Google Security interview "human solutions - the way to go." ∗∗∗ --------------------------------------------- Google has launched of a range of personal and corporate security enhancements (below) this month. Google security expert Allison Miller, spoke to SC about the organisations approach to security and privacy concerns. --------------------------------------------- https://www.scmagazine.com/news-feature-google-security-interview-human-sol… ∗∗∗ Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta ∗∗∗ --------------------------------------------- Plus: Azure gets all Cray-cray A below-the-radar security feature in the Windows 10 Fall Creators Update, aka version 1709 released last week, can stop ransomware and other file-scrambling nasties dead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/23/fyi_windows… ∗∗∗ Let’s Enhance ! How we found @rogerkver’s $1000 wallet obfuscated private key. ∗∗∗ --------------------------------------------- We could have simply named this post “How great QR code are and how we recovered one from almost nothing” but it’s much more interesting when the QR code is the key to a $1000 Bitcoin wallet. --------------------------------------------- https://medium.com/@SassanoM/lets-enhance-how-we-found-rogerkver-s-1000-wal… ∗∗∗ Android-Schädling Lokibot ist eine Transformer-Malware ∗∗∗ --------------------------------------------- In erster Linie ist Lokibot auf Bankdaten aus. Wer gegen den Trojaner vorgeht, bekommt ein anderes Gesicht des Schädlings zu sehen und sieht sich mit Erpressung konfrontiert. --------------------------------------------- https://heise.de/-3868947 ∗∗∗ Hackerangriff: Russische Nachrichtenagentur Interfax wohl von Kryptotrojaner getroffen ∗∗∗ --------------------------------------------- Die russische Nachrichtenagentur Interfax ist am Dienstag durch einen Hackerangriff lahmgelegt worden. Fast alle Server seien betroffen, sagte der stellvertretende Generaldirektor Alexej Gorschkow. Es sei unklar, wann das Problem behoben werden könne. --------------------------------------------- https://heise.de/-3870349 ∗∗∗ Reaper: Calm Before the IoT Security Storm? ∗∗∗ --------------------------------------------- Its been just over a year since the world witnessed some of the worlds top online Web sites being taken down for much of the day by "Mirai," a zombie malware strain that enslaved "Internet of Things" (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware [...] --------------------------------------------- https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-sto… ∗∗∗ Keine Aktualisierung bei Netflix notwendig ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Netflix-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie ihre Zahlungsinformationen auf einer Website aktualisieren. Wer das macht, übermittelt sensible Daten an die Betrüger/innen. Sie können auf Kosten ihres Opfers einkaufen gehen und Verbrechen unter seinem Namen begehen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-aktualisierung-bei-netflix… ∗∗∗ Reducing Vulnerability to Cyberattacks ∗∗∗ --------------------------------------------- The need for secure systems is a growing priority for Industry Control System (ICS) operators. Recent high profile cyber-attacks against critical infrastructure, coupled with the growing list of published equipment [...] --------------------------------------------- http://blog.schneider-electric.com/cyber-security/2017/10/23/reducing-vulne… ∗∗∗ Kiev metro hit with a new variant of the infamous Diskcoder ransomware ∗∗∗ --------------------------------------------- Public sources have confirmed that computer systems in the Kiev Metro, Odessa naval port, Odessa airport, Ukrainian ministries of infrastructure and finance, and also a number of organizations in Russia are among the affected organizations.The post Kiev metro hit with a new variant of the infamous Diskcoder ransomware appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamo… ===================== = Vulnerabilities = ===================== ∗∗∗ Citrix XenServer Security Update for CVE-2017-15597 ∗∗∗ --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. --------------------------------------------- https://support.citrix.com/article/CTX229057 ∗∗∗ Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Java Server Faces (JSF) used by WebSphere Application Server (CVE-2017-1583, CVE-2011-4343) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008707 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Functional Tester (CVE-2017-10115, CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008877 ∗∗∗ IBM Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009670 ∗∗∗ IBM Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009715 ∗∗∗ cURL Buffer Overread in Processing IMAP FETCH Response Data Lets Remote Users Deny Service or Obtain Potentially Sensitive Information ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039644 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.10.2017
by Daily end-of-shift report 23 Oct '17

23 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-10-2017 18:00 − Montag 23-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ National Cybersecurity Awareness Month – Words to Avoid ∗∗∗ --------------------------------------------- TGIF (Thank Goodness, It’s Friday)! Yes, I altered the ‘G’ to be politically correct, but being politically correct has little...The post National Cybersecurity Awareness Month – Words to Avoid appeared first on BeyondTrust. --------------------------------------------- https://www.beyondtrust.com/blog/national-cybersecurity-awareness-month-wor… ∗∗∗ Performing & Preventing SSL Stripping: A Plain-English Primer ∗∗∗ --------------------------------------------- Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks. The KRACK Attack effectively allows interception of traffic on wireless networks secured by the WPA2 protocol. Whilst it is possible to backward patch [...] --------------------------------------------- https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-eng… ∗∗∗ Krack-Angriff: AVM liefert erste Updates für Repeater und Powerline ∗∗∗ --------------------------------------------- Nach dem Bekanntwerden der WPA2-Schwäche Krack hat AVM nun erste Geräte gepatcht. Weitere Patches sollen folgen, jedoch nicht für Fritzboxen. --------------------------------------------- https://www.golem.de/news/krack-angriff-avm-liefert-erste-updates-fuer-repe… ∗∗∗ Mirai-Nachfolger: Experten warnen vor "Cyber-Hurrican" durch neues Botnetz ∗∗∗ --------------------------------------------- Kriminelle nutzen Sicherheitslücken in IoT-Geräten zum Aufbau eines großen Botnetzes aus. Dabei verwendet der Bot Code von Mirai, unterscheidet sich jedoch von seinem prominenten Vorgänger. --------------------------------------------- https://www.golem.de/news/mirai-nachfolger-experten-warnen-vor-cyber-hurric… ∗∗∗ Security+ Domain #6: Cryptography ∗∗∗ --------------------------------------------- Cryptography falls into the sixth and last domain of CompTIA’s Security+ exam (SYO-401) and contributes 12% to the exam score. The Security+ exam tests the candidate’s knowledge of cryptography and how it relates to the security of networked and stand-alone systems in organizations. To pass the Security+ exam, the candidates must understand both symmetric and [...] --------------------------------------------- http://resources.infosecinstitute.com/security-domain-6-cryptography/ ∗∗∗ Introducing Windows Defender Application Control ∗∗∗ --------------------------------------------- Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control flips the model from one where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. Many organizations, like [...] --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/10/23/introducing-windows-def… ∗∗∗ Google to add "DNS over TLS" security feature to Android OS ∗∗∗ --------------------------------------------- No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications. But do you know — ISPs can still see all of your DNS requests, allowing them to know what websites you visit. Google is working on a new security feature for Android that could prevent your Internet traffic from network spoofing attacks. Almost every Internet activity starts with a [...] --------------------------------------------- https://thehackernews.com/2017/10/android-dns-over-tls.html ∗∗∗ TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗ --------------------------------------------- Original release date: October 20, 2017 | Last revised: October 21, 2017 Systems Affected Domain ControllersFile ServersEmail Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-293A ∗∗∗ New FakeNet-NG Feature: Content-Based Protocol Detection ∗∗∗ --------------------------------------------- I (Matthew Haigh) recently contributed to FLARE’s FakeNet-NG network simulator by adding content-based protocol detection and configuration. This feature is useful for analyzing malware that uses a protocol over a non-standard port; for example, HTTP over port 81. The new feature also detects and adapts to SSL so that any protocol can be used with SSL and handled appropriately by FakeNet-NG. We were motivated to add this feature since it was a feature of the original FakeNet and it was [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-p… ∗∗∗ Krypto-Mining im Browser: Software-Hersteller wollen Nutzer besser schützen ∗∗∗ --------------------------------------------- Mining-Skripte zwacken beim Surfen heimlich Rechenleistung zum Schürfen von Krypto-Währungen ab. Adblocker- und Browser-Hersteller erarbeiten Gegenstrategien. Einige Skript-Entwickler reagieren ihrerseits, indem sie Nutzer künftig um Erlaubnis fragen. --------------------------------------------- https://heise.de/-3865577 ∗∗∗ Kanadischer Geheimdienst veröffentlicht erstmals Sicherheitssoftware ∗∗∗ --------------------------------------------- CSE gilt als besonders schweigsam. Nun überraschen die Spione mit der Herausgabe eines Dateiformats sowie eines Frameworks. Es soll helfen, in vielen Dateien gleichzeitig Malware aufzuspüren. --------------------------------------------- https://heise.de/-3867343 ∗∗∗ Mac-Shareware-Downloads mit signiertem Trojaner ∗∗∗ --------------------------------------------- Die Apps Folx und Elmedia Player wurden nach einem Hack über deren Websites inklusive der "Proton"-Malware vertrieben. Der Hersteller empfiehlt eine Neuinstallation betroffener Maschinen. --------------------------------------------- https://heise.de/-3867420 ∗∗∗ "Cyber Conflict" Decoy Document Used In Real Cyber Conflict ∗∗∗ --------------------------------------------- This post was authored by Warren Mercer, Paul Rascagneres and Vitor VenturaUpdate 10/23: CCDCOE released a statement today on their websiteIntroductionCisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference. --------------------------------------------- http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco AMP for Endpoints Static Key Vulnerability ∗∗∗ --------------------------------------------- On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1859: OpenJFX: Zwei Schwachstellen ermöglichen eine komplette Kompromittierung der Software ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1859/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009296 ∗∗∗ IBM Security Bulletin: IBM b-type Network/Storage switches is affected by Open Source OpenSSL Vulnerabilities (OpenSSL and Node.JS consumers). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010726 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in cURL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009692 ∗∗∗ BMC Remedy IT Service Management Suite Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information and Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039637 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.10.2017
by Daily end-of-shift report 20 Oct '17

20 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-10-2017 18:00 − Freitag 20-10-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KRACK-Entdecker: "Sicherheitsupdates einfordern" ∗∗∗ --------------------------------------------- Der belgische Sicherheitsforscher Mathy Vanhoef, der die Sicherheitslücke KRACK in WLAN-Netzwerken entdeckt hat, geht davon aus, dass viele Geräte kein Update erhalten werden. --------------------------------------------- https://futurezone.at/digital-life/krack-entdecker-sicherheitsupdates-einfo… ∗∗∗ Canadian spooks release their own malware detection tool ∗∗∗ --------------------------------------------- Canuck NSA/GCHQ equivalent open-sources Assemblyline, to make us all as safe as Canada Canadas Communications Security Establishment has open-sourced its own malware detection tool.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/20/canadian_co… ===================== = Vulnerabilities = ===================== ∗∗∗ Boston Scientific ZOOM LATITUDE PRM Vulnerabilities ∗∗∗ --------------------------------------------- This advisory contains compensating controls for use of hard-coded cryptographic key and missing encryption of sensitive data vulnerabilities in Boston Scientific’s ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01 ∗∗∗ SpiderControl MicroBrowser ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in SpiderControls MicroBrowser. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01 ∗∗∗ Cisco Nexus Series Switches CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack.The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco-Updates schließen mehrere Lücken ∗∗∗ --------------------------------------------- Mit aktuellen Updates schließt Cisco insgesamt 17 Sicherheitslücken. Eine davon ist kritisch und erlaubt den Remote-Zugriff auf die Cloud Services Platform (CSP) 2100. --------------------------------------------- https://heise.de/-3865704 ∗∗∗ Oracle Critical Patch Update Advisory - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ Security Notice - Statement on App Lock Bypass Vulnerability in Huawei EMUI ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170922-01-… ∗∗∗ IBM Security Bulletin: A vulnerability in libsoup affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025834 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache HTTPD affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025773 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2017-1583, CVE-2011-4343) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009704 ∗∗∗ IBM Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025771 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025779 ∗∗∗ IBM Security Bulletin: Vulnerabilities in TigerVNC affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025772 ∗∗∗ IBM Security Bulletin: Vulnerabilities in glibc affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025781 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PostgreSQL affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025764 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenLDAP affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025766 ∗∗∗ IBM Security Bulletin: Vulnerabilities in git affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025756 ∗∗∗ IBM Security Bulletin: A vulnerability in Spice affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025754 ∗∗∗ IBM Security Bulletin: Vulnerabilities in tcpdump affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025768 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Planning Analytics Express and IBM Cognos Express. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009518 ∗∗∗ SafeNet External Network HSM script vulnerability CVE-2017-6165 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74759095 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.10.2017
by Daily end-of-shift report 19 Oct '17

19 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-10-2017 18:00 − Donnerstag 19-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BoundHook Attack Exploits Intel Skylake MPX Feature ∗∗∗ --------------------------------------------- A new attack method takes advantage a feature in Intel’s Skylake microprocessor allowing for post-intrusion application hooking and stealth manipulation of applications. --------------------------------------------- http://threatpost.com/boundhook-attack-exploits-intel-skylake-mpx-feature/1… ∗∗∗ US-CERT study predicts machine learning, transport systems to become security risks ∗∗∗ --------------------------------------------- Youve been warned The Carnegie-Mellon Universitys Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/19/cert_cc_thr… ∗∗∗ A Look at Locky Ransomware’s Recent Spam Activities ∗∗∗ --------------------------------------------- Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sDep2mrz5v0/ ∗∗∗ New Attacker Scanning for SSH Private Keys on Websites ∗∗∗ --------------------------------------------- Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem. --------------------------------------------- https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ ∗∗∗ Baselining Servers to Detect Outliers ∗∗∗ --------------------------------------------- This week I came across an interesting incident response scenario that was more likely a blind hunt. The starting point was the suspicion that a breach may have occurred in one or more of ~500 web servers of a big company on a given date range, even though there was no evidence of leaked data or any other IOC to guide the investigation. To overcome [...] --------------------------------------------- https://isc.sans.edu/diary/rss/22940 ===================== = Vulnerabilities = ===================== ∗∗∗ KRACK Key Reinstall in FT Handshake - PoC ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017100142 ∗∗∗ Bugtraq: WebKitGTK+ Security Advisory WSA-2017-0008 ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541370 ∗∗∗ DFN-CERT-2017-1836: Lucene/Solr: Eine Schwachstelle ermöglicht die Ausführung beliebigen Prorgammcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1836/ ∗∗∗ DFN-CERT-2017-1837: Suricata: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1837/ ∗∗∗ DFN-CERT-2017-1846: GitLab: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1846/ ∗∗∗ Cisco Security Advisories and Alerts ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory – Multiple “BlueBorne” vulnerabilities on Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-… ∗∗∗ Security Advisory - App Lock Bypass Vulnerability in Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171019-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.10.2017
by Daily end-of-shift report 18 Oct '17

18 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-10-2017 18:00 − Mittwoch 18-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RSA-Sicherheitslücke: Infineon erzeugt Millionen unsicherer Krypto-Schlüssel ∗∗∗ --------------------------------------------- RSA-Schlüssel von Hardware-Kryptomodulen der Firma Infineon lassen sich knacken. Das betrifft unter anderem Debian-Entwickler, Anbieter qualifizierter Signatursysteme, TPM-Chips in Laptops und estnische Personalausweise. --------------------------------------------- https://www.golem.de/news/rsa-sicherheitsluecke-infineon-erzeugt-millionen-… ∗∗∗ Browser security beyond sandboxing ∗∗∗ --------------------------------------------- Security is now a strong differentiator in picking the right browser. We all use browsers for day-to-day activities like staying in touch with loved ones, but also for editing sensitive private and corporate documents, and even managing our financial assets. A single compromise through a web browser can have catastrophic results. It doesn’t help that... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond… ∗∗∗ uBlock Origin ad-blocker knocked for blocking hack attack squawking ∗∗∗ --------------------------------------------- Block all the things! No, wait, not the XSS security alerts Top ad-blocking plugin uBlock Origin has come under fire for being a little too eager in its quest to murder nasty stuff on the internet: it prevents browsers from sounding the alarm on hacking attacks. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/17/ublock_orig… ∗∗∗ Hancitor malspam uses DDE attack ∗∗∗ --------------------------------------------- Malicious spam (malspam) pushing Hancitor malware (also known as Chanitor or Tordal) changed tactics on Monday 2017-10-16. Instead of pushing Microsoft Word documents with malicious macros, this malspam began pushing Word documents taking advantage of Microsofts Dynamic Data Exchange (DDE) technique. --------------------------------------------- https://isc.sans.edu/diary/22936 ∗∗∗ Klage wegen Urheberrechtsverletzung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- In erfundenen Schreiben behaupten unbekannte Absender/innen, dass Empfänger/innen eine Urheberrechtsverletzung begangen haben und deshalb verklagt werden. Für weiterführende Informationen dazu sollen Adressat/innen eine ZIP-Datei herunterladen. Sie verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/klage-wegen-urheberrechtsve… ===================== = Vulnerabilities = ===================== ∗∗∗ HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data. --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en… ∗∗∗ Progea Movicon SCADA/HMI ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01 ∗∗∗ IC3 Issues Alert on IoT Devices ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/10/17/IC3-Issues-Alert-I… ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM Connections Portlets For WebSphere Portal (CVE-2015-0254) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006285 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025909 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+ ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009532 ∗∗∗ JSA10826 - 2017-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 17.1R1 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10826&actp=RSS ∗∗∗ Critical Patch Update - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ Solaris Third Party Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinoct2017-3958668.h… ∗∗∗ Oracle Linux Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2017-4005… ∗∗∗ Oracle VM Server for x86 Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2017-400589… ∗∗∗ Multiple vulnerabilities in Linksys E-series products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Multiple vulnerabilities in Afian AB FileRun ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ SSA-523365 (Last Update 2017-10-18): Vulnerability in SIMATIC PCS 7 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-523365… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.10.2017
by Daily end-of-shift report 17 Oct '17

17 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 16-10-2017 18:00 − Dienstag 17-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Heres a Video of the Latest ATM Malware Sold on the Dark Web ∗∗∗ --------------------------------------------- A hacker or hacker group is selling a strain of ATM malware that can make ATMs spit out cash just by connecting to its USB port and running the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/heres-a-video-of-the-latest-… ∗∗∗ Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones ∗∗∗ --------------------------------------------- Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices. --------------------------------------------- http://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-andr… ∗∗∗ Estonia releases update on Digital ID card vulnerability ∗∗∗ --------------------------------------------- The Estonia government issued an update on a vulnerability potentially affecting digital use of ID cards issued since October 2014. --------------------------------------------- https://www.scmagazineuk.com/estonia-releases-update-on-digital-id-card-vul… ∗∗∗ Microsoft responded quietly after detecting secret database hack in 2013 ∗∗∗ --------------------------------------------- (Reuters) - Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database. --------------------------------------------- https://www.reuters.com/article/us-microsoft-cyber-insight/microsoft-respon… ∗∗∗ KRACK: Hersteller-Updates und Stellungnahmen ∗∗∗ --------------------------------------------- Mittlerweile haben einige von der WPA2-Lücke KRACK betroffene Hersteller Patches veröffentlicht, die die Gefahr abwehren. Andere meldeten sich in Stellungnahmen zu Wort. --------------------------------------------- https://heise.de/-3863455 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-05: Security Update for OTRS Business Solution™ ∗∗∗ --------------------------------------------- October 17, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://www.otrs.com/security-advisory-2017-05-security-update-otrs-busines… ∗∗∗ BSRT-2017-006 Vulnerabilities in Workspaces Server components impact BlackBerry Workspaces ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ VU#307015: Infineon RSA library does not properly generate RSA key pairs ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/307015 ∗∗∗ VU#228519: Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/228519 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Cross site scripting in Webtrekk Pixel ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-webt… ∗∗∗ EMC NetWorker Buffer Overflow in nsrd Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039583 ∗∗∗ Java vulnerability CVE-2017-10053 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28418435 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.10.2017
by Daily end-of-shift report 16 Oct '17

16 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-10-2017 18:00 − Montag 16-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected ∗∗∗ --------------------------------------------- Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/tpm-chipsets-generate-insecu… ∗∗∗ List of Firmware & Driver Updates for KRACK WPA2 Vulnerability ∗∗∗ --------------------------------------------- This article will contain an udpated list of firmware and driver updates that resolve the Krack WPA2 vulnerability. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-… ∗∗∗ Es steht KRACK auf dem Speiseplan! ∗∗∗ --------------------------------------------- [...] heute wurden Details zu den sogenannten "Key Reinstallation Attacks", kurz "KRACK", veröffentlicht (technisches Paper / Webseite). Kurz zusammengefasst stellen diese Schwachstellen die ersten [...] --------------------------------------------- http://www.cert.at/services/blog/20171016132413-2092.html ∗∗∗ Auto: Subaru-Funkschlüssel lässt sich einfach klonen ∗∗∗ --------------------------------------------- Autoschlüssel mit Funkverbindung sind ein beliebtes Ziel für Sicherheitsforscher - und oft eher Opfer als Gegner. Aktuell ist Subaru betroffen, zahlreiche Fahrzeuge des Herstellers sind für einen Angriff verwundbar. Das Unternehmen hat bislang nicht reagiert. --------------------------------------------- https://www.golem.de/news/auto-subaru-funkschluessel-laesst-sich-einfach-kl… ∗∗∗ Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack ∗∗∗ --------------------------------------------- Remember NotPetya? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of [...] --------------------------------------------- https://thehackernews.com/2017/10/ukraine-notpetya-cyberattack.html ∗∗∗ How Power Grid Hacks Work, and When You Should Panic ∗∗∗ --------------------------------------------- After months of reports of energy grid breaches, time to distinguish the elite intrusions from just another spearphishing attack. --------------------------------------------- https://www.wired.com/story/hacking-a-power-grid-in-three-not-so-easy-steps ∗∗∗ Erneut Malware-Angriff auf Kreditkartendaten bei Hyatt ∗∗∗ --------------------------------------------- Wieder ist es Angreifern gelungen, Software in die IT-Systeme der Hotelkette Hyatt einzuschleusen, die Kreditkartendaten der Kunden abgriff. Das sei nun aber behoben, versichert das Unternehmen, das 2015 ähnlich angegriffen wurde. --------------------------------------------- https://heise.de/-3862121 ∗∗∗ Bank Austria überprüft keine Identität mit Probe-SMS ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht behaupten Kriminelle, dass Kund/innen ihre Identität mit einer Probe-SMS überprüfen lassen müssen. Dafür ist es notwendig, dass sie auf einer Website ihre Verfügernummer, ihr Passwort und ihre Telefonnummer bekannt geben. Es folgt ein Anruf der Täter/innen, mit dem sie die Bekanntgabe eines TAN-Codes fordern. Der TAN-Code ermöglicht es ihnen, das Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/bank-austria-ueberprueft-keine-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar ∗∗∗ --------------------------------------------- Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2017-11292 Entsprechend fehlerbereinigte Versionen sind verfügbar. Auswirkungen Durch Ausnützen dieser Lücke kann ein Angreifer laut Adobe beliebigen Code auf betroffenen Systemen [...] --------------------------------------------- https://www.cert.at/warnings/all/20171016.html ∗∗∗ Bugtraq: [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541342 ∗∗∗ Vuln: Atlassian Bamboo CVE-2017-9514 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101269 ∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1814/: Jenkins: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1814/ ∗∗∗ Multiple vulnerabilities in OpenText Documentum Content Server ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541333 ∗∗∗ FortiWLC XSS injection via crafted HTTP POST request ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-106 ∗∗∗ FortiMail reflected XSS vulnerability under customized webmail login page ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-099 ∗∗∗ FortiWLC file management OS Command Injection vulnerability ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-119 ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-… ∗∗∗ IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q3 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009259 ∗∗∗ Multiple vulnerabilities in Micro Focus VisiBroker C++ ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ OpenSSL vulnerability CVE-2017-3735 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21462542 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily