- Daily - CERT.at

Tageszusammenfassung - 24.08.2017
by Daily end-of-shift report 24 Aug '17

24 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 23-08-2017 18:00 − Donnerstag 24-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ 90% of Companies Get Attacked with Three-Year-Old Vulnerabilities ∗∗∗ --------------------------------------------- A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years. --------------------------------------------- https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-… ∗∗∗ Whatsapp und Signal: Zerodium bietet 500.000 US-Dollar für Messenger-Exploits ∗∗∗ --------------------------------------------- Die staatliche Nachfrage nach Sicherheitslücken für die Quellen-TKÜ zeigt offenbar Wirkung. Schwachstellen in Whatsapp, Signal und anderen Messengern werden besser honoriert als Codeausführung in Windows. --------------------------------------------- https://www.golem.de/news/whatsapp-und-signal-zerodium-bietet-500-000-us-do… ∗∗∗ Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root ∗∗∗ --------------------------------------------- An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root. --------------------------------------------- http://threatpost.com/deprecated-insecure-apple-authorization-api-can-be-ab… ∗∗∗ Decrypting NotPetya/Petya: Tools for Recovering Your MFT After an Attack ∗∗∗ --------------------------------------------- In this blog post, we are making our findings, and tools, for decrypting NotPetya/Petya available to the general public. With the aid of the supplied tools, almost all of the Master File Table (MFT) can be successfully recovered within minutes. --------------------------------------------- https://www.crowdstrike.com/blog/decrypting-notpetya-tools-for-recovering-y… ∗∗∗ Im giving up on HPKP ∗∗∗ --------------------------------------------- HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. Whilst HPKP can offer a lot of protection, it can also cause a lot of harm too. --------------------------------------------- https://scotthelme.co.uk/im-giving-up-on-hpkp/ ∗∗∗ Crystal Finance Millennium used to spread malware ∗∗∗ --------------------------------------------- [...] it was revealed the Crystal Finance Millennium website was indeed hacked, and serving three different flavors of malware. In this short blog post, well take a look at the malware variants that were distributed, and provide minimal background. --------------------------------------------- https://bartblaze.blogspot.de/2017/08/crystal-finance-millennium-used-to.ht… ∗∗∗ Malware über Facebook-Messenger im Umlauf, greift Windows und macOS an ∗∗∗ --------------------------------------------- Sicherheitsforscher warnen aktuell vor einer Masche, mit der Facebook-Nutzer dazu verleitet werden sollen, trojanisierte Fake-Software zu installieren. --------------------------------------------- https://heise.de/-3811842 ∗∗∗ Kritische Sicherheitslücke in HPE iLo: "So schnell wie möglich handeln" ∗∗∗ --------------------------------------------- Die Management-Software Integrated Lights-out 4 (iLO 4) von HP-Proliant-Servern enthält eine Sicherheitslücke, über die Angreifer aus der Ferne Schadcode ausführen können, ohne sich anmelden zu müssen. --------------------------------------------- https://heise.de/-3811873 ===================== = Advisories = ===================== ∗∗∗ Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1497/">Cacti: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1497/ ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects Sametime Community (CVE-2016-2183) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006212 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007428 ∗∗∗ IBM Security Bulletin: Various Security vulnerabilities in IBM Sametime Media Server (CVE-2016-2970, CVE-2016-0729, CVE-2016-4449) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006233 ∗∗∗ HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities ∗∗∗ --------------------------------------------- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=e… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.08.2017
by Daily end-of-shift report 23 Aug '17

23 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 22-08-2017 18:00 − Mittwoch 23-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ROPEMAKER Lets Attackers Change Your Emails After Delivery ∗∗∗ --------------------------------------------- A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ropemaker-lets-attackers-cha… ∗∗∗ Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware ∗∗∗ --------------------------------------------- Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store. --------------------------------------------- https://www.bleepingcomputer.com/news/security/google-play-store-security-s… ∗∗∗ Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd) ∗∗∗ --------------------------------------------- Yesterday, I found an interesting sample that I started to analyze... It reached my spam trap attached to an email in Portuguese with the subject: "Venho por meio desta solicitar orçamento dos produtos” ("I hereby request the products budget”). --------------------------------------------- https://isc.sans.edu/diary/rss/22748 ∗∗∗ Apple iCloud Keychain easily slurped, ElcomSoft says ∗∗∗ --------------------------------------------- Credentials stored in the cloud succumb to forensic software ElcomSoft, the Russia-based maker of forensic software, has managed to find a way to access the data stored in Apples iCloud Keychain, if Apple ID account credentials are available. --------------------------------------------- http://www.theregister.co.uk/2017/08/22/apple_icloud_keychain_easily_slurpe… ∗∗∗ Is the Power Grid Getting More Vulnerable to Cyber Attacks? ∗∗∗ --------------------------------------------- Rising computerization opens doors for increasingly aggressive adversaries, but defenses are better than many might think. --------------------------------------------- https://www.scientificamerican.com/article/is-the-power-grid-getting-more-v… ∗∗∗ Ukrainian Security Firm Warns of Another Massive Global Cyberattack ∗∗∗ --------------------------------------------- A new wave of cyberattacks could be launched as soon as this week, Ukrainian security firm ISSP warns, pointing out that the main objective would be taking down networks on August 24 when Ukraine celebrates the Independence Day. --------------------------------------------- http://news.softpedia.com/news/ukrainian-security-firm-warns-massive-global… ∗∗∗ Google schmeißt 500 potenzielle Spionage-Apps aus App Store ∗∗∗ --------------------------------------------- Ein Software Development Kit für Werbeeinblendungen soll Schnüffelfunktionen mitbringen. Damit ausgestattete Android-Apps weisen über 100 Millionen Downloads auf, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3810366 ∗∗∗ Hintergrund: Hardware-Fuzzing: Hintertüren und Fehler in CPUs aufspüren ∗∗∗ --------------------------------------------- Ein Prozessor-Fuzzer analysiert Hardware, der man normalerweise blind vertrauen muss. In ersten Testläufen wurde er bei nahezu allen Architekturen fündig und spürte etwa undokumentierte CPU-Befehle auf. Sandsifter ist kostenlos und frei verfügbar; der Autor hilft sogar bei der Analyse. --------------------------------------------- https://heise.de/-3809408 ===================== = Advisories = ===================== ∗∗∗ DSA-3952 libxml2 - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause a denial-of-service againstthe application, information leaks, or potentially, the execution ofarbitrary code with the privileges of the user running the application. --------------------------------------------- https://www.debian.org/security/2017/dsa-3952 ∗∗∗ Automated Logic Corporation WebCTRL, i-VU, SiteScan ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 ∗∗∗ SpiderControl SCADA Web Server ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03 ∗∗∗ SpiderControl SCADA MicroBrowser ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02 ∗∗∗ Security Advisory - Two Command Injection Vulnerabilities in The FusionSphere OpenStack ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170823-… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005055 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007464 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource NTP affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22002233 ∗∗∗ Multiple GNU Binutils vulnerabilities ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23729200 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.08.2017
by Daily end-of-shift report 22 Aug '17

22 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 21-08-2017 18:00 − Dienstag 22-08-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Gestohlene Nacktfotos von Ski-Star Lindsey Vonn im Netz ∗∗∗ --------------------------------------------- Unbekannte haben das Handy von US-Skistar Lindsey Vonn (32) geknackt und Nacktfotos von ihr und ihrem Ex-Freund Tiger Woods (41) gestohlen. --------------------------------------------- https://futurezone.at/digital-life/gestohlene-nacktfotos-von-ski-star-linds… ∗∗∗ Unsichere Passwörter: Angriffe auf Microsoft-Konten um 300 Prozent gestiegen ∗∗∗ --------------------------------------------- Noch immer haben viele Nutzer schlechte Passwörter und benutzen diese gleich für mehrere Accounts. Das geht aus Microsofts eigener Sicherheitsanalyse hervor, die Trends aus dem Enterprise- und Privatkundengeschäft präsentiert. --------------------------------------------- https://www.golem.de/news/unsichere-passwoerter-angriffe-auf-microsoft-kont… ∗∗∗ Enigma ICO Heist Robs Nearly $500,000 in Ethereum From Investors ∗∗∗ --------------------------------------------- Cryptos fine and good, but make sure youre looking after the basics. --------------------------------------------- https://www.wired.com/story/enigma-ico-ethereum-heist ∗∗∗ Who’s Blocked by Bad Guys? ∗∗∗ --------------------------------------------- Just a quick post about an interesting file found in a phishing kit. Bad guys use common techniques to prevent crawlers, scanners or security companies from accessing their pages. Usually, .. --------------------------------------------- https://blog.rootshell.be/2017/08/21/whos-blocked-bad-guys/ ∗∗∗ Erpressungstrojaner WannaCry hat erneut zugeschlagen ∗∗∗ --------------------------------------------- Offenbar hat LG bei einigen Service-Systemen wichtige Sicherheitspatches nicht installiert und WannaCry infizierte diverse Computer des Unternehmens in Südkorea. Dabei soll es aber zu keinen größeren Schäden gekommen sein. --------------------------------------------- https://heise.de/-3809790 ∗∗∗ Kriminelle stehlen Telefonnummern von Bitcoin-Investoren ∗∗∗ --------------------------------------------- Bitten Mobilfunker um Transfer der Nummer auf neues Gerät – oft Verluste in Millionenhöhe --------------------------------------------- http://derstandard.at/2000062971633 ∗∗∗ Hacker drohen, "Game of Thrones"-Finale vorab online zu stellen ∗∗∗ --------------------------------------------- HBO hat sich bislang geweigert, Lösegeld zu bezahlen – zwei von sechs Folgen waren früher ins Netz gelangt --------------------------------------------- http://derstandard.at/2000062960237 ∗∗∗ Betrug: Mobilfunkbetreiber warnen vor "Ping Calls" ∗∗∗ --------------------------------------------- Hinter unbekannter Nummer auf dem Handydisplay steckt manchmal ein Betrüger --------------------------------------------- http://derstandard.at/2000062990431 ===================== = Advisories = ===================== ∗∗∗ Sicherheitsupdate: Thunderbird updaten und sicher konfigurieren ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Mozilla Thunderbird ermöglichen einem entfernten, nicht authentisierten Angreifer das Ausführen beliebigen Programmcodes, das Umgehen von Sicherheitsvorkehrungen, die Darstellung falscher Informationen und verschiedener Denial-of-Service (DoS)-Angriffe. --------------------------------------------- https://www.kuketz-blog.de/sicherheitsupdate-thunderbird-updaten-und-sicher… ∗∗∗ DSA-3949 augeas - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3949 ∗∗∗ Multiple vulnerabilities in Progress Sitefinity ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.08.2017
by Daily end-of-shift report 21 Aug '17

21 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 18-08-2017 18:00 − Montag 21-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Researchers Win $100,000 for New Spear-Phishing Detection Method ∗∗∗ --------------------------------------------- Facebook has awarded this years Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-win-100-000-for-… ∗∗∗ Wie Hacker große Frachtschiffe ins Visier nehmen ∗∗∗ --------------------------------------------- Mithilfe von Malware können Handelsschiffe lahmgelegt und manövrierunfähig gemacht werden. Kriminelle könnten sogar die Kollision zweier Schiffe herbeiführen. --------------------------------------------- https://futurezone.at/digital-life/wie-hacker-grosse-frachtschiffe-ins-visi… ∗∗∗ Personal Security Guide – iOS/Android ∗∗∗ --------------------------------------------- We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with personal information. --------------------------------------------- https://blog.sucuri.net/2017/08/personal-security-guide-iosandroid.html ∗∗∗ Warning: Enigma Hacked; Over $470,000 in Ethereum Stolen So Far ∗∗∗ --------------------------------------------- More Ethereum Stolen! An unknown hacker has so far stolen more than $471,000 worth of Ethereum—one of the most popular and increasingly valuable cryptocurrencies—in yet another Ethereum hack that hit the popular cryptocurrency investment platform, Enigma. --------------------------------------------- http://thehackernews.com/2017/08/enigma-cryptocurrency-hack.html ∗∗∗ DNSSEC Key Signing Key Rollover ∗∗∗ --------------------------------------------- On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/08/21/DNSSEC-Key-Signing… ∗∗∗ Zero-Day-Lücken im PDF Reader: Foxit will doch patchen ∗∗∗ --------------------------------------------- Ursprünglich wollte Foxit die zwei Lücken, die Angreifern unter bestimmten Umständen die lokale Codeausführung ermöglichen, nicht schließen. Mittlerweile hat sich der Hersteller aber anders entschieden. --------------------------------------------- https://heise.de/-3807762 ∗∗∗ SyncCrypt: Neue Ransomware lauert in JPG-Dateien ∗∗∗ --------------------------------------------- Um AV-Software auszutricksen, verbirgt sich die Ransomware SyncCrypt in Bilddateien. Einmal auf dem System, wird sie per Skript extrahiert und ausgeführt. Kostenlose Entschlüsselungs-Tools gibt es bislang nicht. --------------------------------------------- https://heise.de/-3808437 ∗∗∗ Blowing the Whistle on Bad Attribution ∗∗∗ --------------------------------------------- The New York Times this week published a fascinating story about a young programmer in Ukraine whod turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. Its a good read, as long as you can ignore that the premise of the piece is completely wrong. --------------------------------------------- https://krebsonsecurity.com/2017/08/blowing-the-whistle-on-bad-attribution/ ∗∗∗ Hacker übernahmen Facebook- und Twitter-Account von Playstation ∗∗∗ --------------------------------------------- Die Hackergruppe OurMine setzte mit den Social-Media-Profilen diverse Tweets und Facebook-Posts ab --------------------------------------------- http://derstandard.at/2000062906632 ===================== = Advisories = ===================== ∗∗∗ USN-3397-1: strongSwan vulnerability ∗∗∗ --------------------------------------------- A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTSSummarystrongSwan could be made to crash or hang if it received specially craftednetwork traffic. --------------------------------------------- http://www.ubuntu.com/usn/usn-3397-1/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 affect IBM Flex System Manager(FSM) Storage Manager Install Anywhere (SMIA) configuration tool ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025471 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007209 ∗∗∗ IBM Security Bulletin: No verification of user rights for certain applications on MaaS360 Windows installations. (CVE-2017-1422). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006985 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006808 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005299 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-1000381 and CVE-2017-11499 in Node.js affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022230 ∗∗∗ IBM Security Bulletin: January 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010526 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.08.2017
by Daily end-of-shift report 18 Aug '17

18 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 17-08-2017 18:00 − Freitag 18-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Betrug: Verbraucherzentrale warnt vor gefälschten Youporn-Mahnungen ∗∗∗ --------------------------------------------- Eine Spam-Kampagne versendet derzeit angebliche Mahnungen für die Nutzung von Youporn im Namen einer Münchener Anwaltskanzlei. Diese warnt selbst vor den Fälschungen. --------------------------------------------- https://www.golem.de/news/betrug-verbraucherzentrale-warnt-vor-gefaelschten… ∗∗∗ OWASP 2017 Top 10 vs. 2013 Top 10 ∗∗∗ --------------------------------------------- After a long interval of four years, OWASP in April 2017 released a draft of its latest list of "Top 10 Web Application Security Vulnerabilities." The OWASP Top 10 has served as a benchmark for the world of application security for the last 14 years. It was designed to allow developers to identify and avoid [...] --------------------------------------------- http://resources.infosecinstitute.com/owasp-2017-top-10-vs-2013-top-10/ ∗∗∗ Hacker Publishes iOS Secure Enclave Firmware Decryption Key ∗∗∗ --------------------------------------------- A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor. --------------------------------------------- http://threatpost.com/hacker-publishes-ios-secure-enclave-firmware-decrypti… ∗∗∗ Cisco schließt einen Haufen Sicherheitslücken ∗∗∗ --------------------------------------------- Cisco hat 19 Sicherheitslücken in verschiedensten Produkten mit Sicherheitsupdates geschlossen. Drei der Updates sind mit hoher Priorität eingestuft. --------------------------------------------- https://heise.de/-3807549 ∗∗∗ Gefälschte A1-Rechnung installiert Schadsoftware ∗∗∗ --------------------------------------------- Eine gefälschte A1-Nachricht fordert Empfänger/innen dazu auf, dass sie eine Website aufrufen und sich auf dieser ihre Rechnung ansehen. Wer dem nachkommt, lädt die Datei „quittung.lnk“ herunter. Bei dieser handelt es sich um keine Kostenaufstellung, sondern um eine Verknüpfung zu einer Schadsoftware. Aus diesem Grund dürfen Sie die Verknüpfung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-rec… ===================== = Advisories = ===================== ∗∗∗ Philips DoseWise Portal Vulnerabilities ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for hard-coded credentials and cleartext storage of sensitive information vulnerabilities in Philips’ DoseWise Portal web application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 ∗∗∗ ZDI-17-693: Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-693/ ∗∗∗ DFN-CERT-2017-1469: ClamAV: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1469/ ∗∗∗ DFN-CERT-2017-1476: Mozilla Thunderbird: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1476/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007056 ∗∗∗ Splunk Input Validation Flaws in Web Interface Let Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.08.2017
by Daily end-of-shift report 17 Aug '17

17 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 16-08-2017 18:00 − Donnerstag 17-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Banking Trojans Set Their Sights on Taxi and Ride-Hailing Apps ∗∗∗ --------------------------------------------- It was to be expected that Android banking trojan operators would eventually set their sights on ride-hailing applications, considering that these apps work with a users financial data on a daily basis. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/banking-trojans-set-their-si… ∗∗∗ Ransomware: Locky kehrt erneut zurück ∗∗∗ --------------------------------------------- Mit Locky kehrt eine bekannte Ransomware nach mehrmonatiger Abwesenheit zurück - mit den Dateiendungen Diablo6 und Lukitus. Immer wieder tauchen neue Versionen auf, die vermutlich von Kriminellen für erpresserische Zwecke gemietet werden. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/ransomware-locky-kehrt-erneut-zurueck-1708-129539… ∗∗∗ NotPetya: Maersk erwartet bis zu 300 Millionen Dollar Verlust ∗∗∗ --------------------------------------------- Containerterminals standen still, Schiffe konnten weder gelöscht noch beladen werden: Mehrere Wochen hielt der Trojaner den dänischen Mega-Konzern Maersk in Atem. Die Reederei Maersk Line und der Hafenbetreiber APM Terminals wurden schwer getroffen. --------------------------------------------- https://heise.de/-3804688 ∗∗∗ Handy-Ersatzteile können Malware einschleusen ∗∗∗ --------------------------------------------- Über Ersatzteile könnten Angreifer unbemerkt Malware in Smartphones schmuggeln. Erkennungsmethoden oder gar Abwehrmaßnahmen gibt es bislang keine, warnen israelische Sicherheitsforscher. --------------------------------------------- https://heise.de/-3804758 ∗∗∗ Sicherheitsupdates: Angreifer könnten Drupal-Webseiten ein bisschen umbauen ∗∗∗ --------------------------------------------- Nutzer von Drupal sollten zügig die aktuellen Versionen installieren. In diesen haben die Entwickler mehrere Sicherheitslücken geschlossen. --------------------------------------------- https://heise.de/-3805042 ∗∗∗ iMessage: Neuer Betrugsversuch macht die Runde ∗∗∗ --------------------------------------------- Aktuell erreichen Nutzer Nachrichten mit Links, die sie zur Eingabe persönlicher Daten nötigen. Sie stammen angeblich von Apple. --------------------------------------------- https://heise.de/-3804878 ===================== = Advisories = ===================== ∗∗∗ DSA-3944 mariadb-10.0 - security update ∗∗∗ --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.32. Please see the MariaDB 10.0 Release Notes for furtherdetails: --------------------------------------------- https://www.debian.org/security/2017/dsa-3944 ∗∗∗ Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004 ∗∗∗ --------------------------------------------- Drupal 8.3.7 is a maintenance releases which contain fixes for security vulnerabilities.Download Drupal 8.3.7Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release. --------------------------------------------- https://www.drupal.org/SA-CORE-2017-004 ∗∗∗ Filr 3.2.1 Update ∗∗∗ --------------------------------------------- Abstract: This update provides a number of general bug fixes for Micro Focus Filr, Search and MySQL appliances including an updated Filr 3.2.1 Desktop client. --------------------------------------------- https://download.novell.com/Download?buildid=zZ3A-xIEvO0~ ∗∗∗ VU#793496: Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/793496 ∗∗∗ Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2902596 ∗∗∗ Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2902606 ∗∗∗ Views - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2902604 ∗∗∗ Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco TelePresence Video Communication Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Policy Suite Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Infrastructure HTML Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in Apache FOP and Apache Batik affect IBM WebSphere Portal (CVE-2017-5661, CVE-2017-5662) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006871 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.08.2017
by Daily end-of-shift report 16 Aug '17

16 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 14-08-2017 18:00 − Mittwoch 16-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Millions of RDP Endpoints Exposed Online and Ready for Bad Things ∗∗∗ --------------------------------------------- An Internet-wide scan carried out by security researchers from Rapid7 has discovered over 11 million devices with 3389/TCP ports left open online, of which over 4.1 million are specifically speaking the RDP protocol. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/millions-of-rdp-endpoints-ex… ∗∗∗ Pulse Wave - New DDoS Assault Pattern Discovered ∗∗∗ --------------------------------------------- A new method of carrying out DDoS attacks named Pulse Wave is causing problems to certain DDoS mitigation solutions, allowing attackers to down servers previously thought to be secured. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/pulse-wave-new-ddos-assault-… ∗∗∗ Attackers Backdoor Another Software Update Mechanism ∗∗∗ --------------------------------------------- Researchers at Kaspersky Lab said today that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad. --------------------------------------------- http://threatpost.com/attackers-backdoor-another-software-update-mechanism/… ∗∗∗ Analysis of a Paypal phishing kit, (Wed, Aug 16th) ∗∗∗ --------------------------------------------- They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal arenice targets and we can find new fake pages almost daily. Sometimes, the web server isnt properly configured and the source code is publicly available. A few days ago, I was lucky to find a ZIP archivecontaining a very nice phishing kit targeting Paypal. I took some time to have a look at it. --------------------------------------------- https://isc.sans.edu/diary/rss/22726 ∗∗∗ Security Afterworks Spezial – DSGVO – Impulsvorträge und Diskussion ∗∗∗ --------------------------------------------- October 03, 2017 - 4:30 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-dsgvo/ ∗∗∗ Decoding Complex Malware – Step-by-Step ∗∗∗ --------------------------------------------- When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase the chances of reinfecting the site and maintaining access for as long as possible. Our research finds that in 67% of the websites we clean, there is at least one backdoor variant. --------------------------------------------- https://blog.sucuri.net/2017/08/malware-decoding-step-step-guide.html ∗∗∗ The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard ∗∗∗ --------------------------------------------- In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SJgibQgcZtQ/ ∗∗∗ ShadowPad: Spionage-Hintertür in Admintools für Unix- und Linux-Server aufgedeckt ∗∗∗ --------------------------------------------- Eine raffinierte Hintertür wurde von Angreifern per korrekt signiertem Update an die Netzwerk-Admin-Tools der koreanischen Firma NetSarang ausgeliefert. Es dauerte mehr als zwei Wochen, bis der Spionage-Trojaner im Netz eines Bankinstitutes aufflog. --------------------------------------------- https://heise.de/-3803225 ∗∗∗ EV ransomware is targeting WordPress sites ∗∗∗ --------------------------------------------- WordPress security outfit Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files. They dubbed the malware "EV ransomware", due to the .ev extension that is added to the encrypted files. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/16/wordpress-ransomware/ ===================== = Advisories = ===================== ∗∗∗ BMC Medical and 3B Medical Luna CPAP Machine ∗∗∗ --------------------------------------------- This medical device advisory contains mitigation details for an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure therapy machine. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01 ∗∗∗ Identity Reporting 5.5.1 ∗∗∗ --------------------------------------------- Abstract: This service pack provides enhancements and software fixes for Identity Reporting. For more information about these updates, see the service pack details. --------------------------------------------- https://download.novell.com/Download?buildid=iGYyq6xwjhE~ ∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗ --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. --------------------------------------------- https://support.citrix.com/article/CTX225941 ∗∗∗ DFN-CERT-2017-1441: Xen: Mehrere Schwachstellen ermöglichen u.a. das Eskalieren von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1441/ ∗∗∗ DFN-CERT-2017-1442: Red Hat JBoss Data Virtualization: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1442/ ∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170807-… ∗∗∗ Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei Honor 5S Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ Security Advisory - Lack of Signature Verification Vulnerability in Some Huawei APP ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006722 ∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting (CVE-2017-1338) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004138 ∗∗∗ IBM Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU – April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22007149 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2016-8688, CVE-2016-8689, CVE-2017-5601, CVE-2016-10209, CVE-2016-10350, CVE-2016-10349) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006995 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998551 ∗∗∗ IBM Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006810 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by an OpenSSL vulnerability (CVE-2016-8610) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007023 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by multiple Network Time Protocol (NTP) vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22007067 ∗∗∗ SSA-275839 (Last Update 2017-08-16): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-293562 (Last Update 2017-08-16): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.08.2017
by Daily end-of-shift report 14 Aug '17

14 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 11-08-2017 18:00 − Montag 14-08-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Forscher hacken Computer mit manipulierter DNA ∗∗∗ --------------------------------------------- Auch DNA ist nicht vor Schadsoftware sicher: Forscher der University of Washington konnten einen Computer mithilfe von manipulierter DNA übernehmen. --------------------------------------------- https://futurezone.at/digital-life/forscher-hacken-computer-mit-manipuliert… ∗∗∗ Remotelock LS-6i: Firmware-Update zerstört smarte Türschlösser dauerhaft ∗∗∗ --------------------------------------------- Ein Hersteller smarter Türschlösser hat mindestens 500 Geräte von Kunden durch ein falsches Firmwareupdate dauerhaft zerstört. Betroffen sind vor allem viele Airbnb-Vermieter, ein Austauschprogramm ist gestartet. --------------------------------------------- https://www.golem.de/news/remotelock-ls-6i-firmware-update-zerstoert-smarte… ∗∗∗ Sonic Spy: Forscher finden über 4.000 spionierende Android-Apps ∗∗∗ --------------------------------------------- Ein einziger Anbieter soll seit Jahresanfang rund 4.000 Apps mit bösartigem Inhalt in Umlauf gebracht haben - einige davon auch über Google Play. Die Apps können das Mikrofon aktivieren und Telefonate mitschneiden. --------------------------------------------- https://www.golem.de/news/sonic-spy-forscher-finden-ueber-4000-spionierende… ∗∗∗ Many Factors Conspire in ICS/SCADA Attacks ∗∗∗ --------------------------------------------- A report on the state of SCADA and ICS security points out that critical infrastructure operators are caught between hackers and a lack of vendor and executive support. --------------------------------------------- http://threatpost.com/many-factors-conspire-in-icsscada-attacks/127407/ ∗∗∗ Outlook Web Access based attacks, (Sat, Aug 12th) ∗∗∗ --------------------------------------------- Recently weve started seeing some attacks that utlise OWA. A person in the victim organisation sends an email to one or more of their customers informing them of change in account details. The attacker provides instructions to customers on paying their account utilising the new account details. The email is cced to other internal staff adding a level of legitimacy (also compromised accounts). --------------------------------------------- https://isc.sans.edu/diary/rss/22710 ∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗ --------------------------------------------- Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Family business: Petya and its derivatives sweep over half the world as a new wave of ransomware Pay a ransom [...] --------------------------------------------- https://securityblog.switch.ch/2017/08/14/a-new-issue-of-our-switch-securit… ∗∗∗ Sicherheitsupdate: Symantecs Messaging Gateway ist für Schadcode empfänglich ∗∗∗ --------------------------------------------- Mit der aktuellen Version haben die Entwickler zwei Sicherheitslücken in der Schutzlösung geschlossen. --------------------------------------------- https://heise.de/-3799171 ∗∗∗ Datenbank-Server PostgreSQL: Lücke lässt Anmeldung ohne Passwort zu ∗∗∗ --------------------------------------------- Administratoren, die PostgreSQL-Datenbanken betreiben, sollten ihre Software updaten. Unter bestimmten Umständen können sich Angreifer an den Servern ohne Eingabe eines Passwortes anmelden, warnen die Entwickler. --------------------------------------------- https://heise.de/-3799721 ===================== = Advisories = ===================== ∗∗∗ DSA-3937 zabbix - security update ∗∗∗ --------------------------------------------- Lilith Wyatt discovered two vulnerabilities in the Zabbix networkmonitoring system which may result in execution of arbitrary code ordatabase writes by malicious proxies. --------------------------------------------- https://www.debian.org/security/2017/dsa-3937 ∗∗∗ HPESBHF03768 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗ --------------------------------------------- Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) Plat. These vulnerabilities could be exploited remotely to allow remote code execution. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ VMSA-2017-0014 ∗∗∗ --------------------------------------------- VMware NSX-V Edge updates address OSPF Protocol LSA DoS --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0014.html ∗∗∗ DSA-3936 postgresql-9.6 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3936 ∗∗∗ DSA-3935 postgresql-9.4 - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3935 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010501 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005160 ∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010376 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006960 Next End-of-Day Report: 2017-08-16 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.08.2017
by Daily end-of-shift report 11 Aug '17

11 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 10-08-2017 18:00 − Freitag 11-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ Git und Co: Bösartige Code-Repositories können Client angreifen ∗∗∗ --------------------------------------------- Mittels spezieller SSH-URLs kann ein Angreifer Code in den Client-Tools von Quellcode-Verwaltungssystemen ausführen. Der Fehler betrifft praktisch alle verbreiteten Quellcode-Verwaltungssysteme wie Git, Subversion, Mercurial und CVS. --------------------------------------------- https://www.golem.de/news /git-und-co-boesartige-code-repositories-koennen-client-angreifen-17 08-129441.html ∗∗∗ Ukrainian Video-Blogger Arrested For Spreading Petya (NotPetya) Ransomware ∗∗∗ --------------------------------------------- Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine .. --------------------------------------------- https://thehackernews.com/2017/08/ukraine-petya-ransomware-hacker.html ∗∗∗ Russias Fancy Bear Hackers Used Leaked NSA Tool Eternal Blue" to Target Hotel Guests ∗∗∗ --------------------------------------------- The same hackers who hit the DNC and the Clinton campaign are now apparently spying on high-value travelers via Wi-Fi --------------------------------------------- https://www.wired.com/story/fancy-bear-hotel-hack ∗∗∗ Sichere Passwörter: Viele der herkömmlichen Sicherheitsregeln bringen nichts ∗∗∗ --------------------------------------------- Passwörter brauchen Sonderzeichen, Groß- und Kleinschreibung, Zahlen und müssen oft geändert werden – viele dieser Regeln erhöhen die Sicherheit nicht, sondern bewirken oft das Gegenteil. Der Urheber dieser Regeln bereut sie mittlerweile. --------------------------------------------- https://heise.de/-3797935 ∗∗∗ "Game of Thrones": HBO wollte Hackern 250.000 Dollar Lösegeld zahlen ∗∗∗ --------------------------------------------- Offenbar nur Hinhaltetaktik – Kriminelle: Versprechen wurden gebrochen --------------------------------------------- http://derstandard.at/2000062546236 ∗∗∗ Schüler deckt Google-Lücke auf, streicht 10.000 Dollar ein ∗∗∗ --------------------------------------------- Bug Bounty-Programm verschafft Schüler aus Uruguay unerwarteten Geldsegen --------------------------------------------- http://derstandard.at/2000062559352 ===================== = Advisories = ===================== ∗∗∗ DSA-3929 libsoup2.4 - security update ∗∗∗ --------------------------------------------- Aleksandar Nikolic of Cisco Talos discovered a stack-based bufferoverflow vulnerability in libsoup2.4, a HTTP library implementation inC. A remote attacker can take advantage of this flaw by sending aspecially crafted HTTP request to cause an application using .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3929 ∗∗∗ DSA-3934 git - security update ∗∗∗ --------------------------------------------- Joern Schneeweisz discovered that git, a distributed revision controlsystem, did not correctly handle maliciously constructed ssh://URLs. This allowed an attacker to run .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3934 ∗∗∗ SIMPlight SCADA Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01 ∗∗∗ Solar Controls Heating Control Downloader (HCDownloader) ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02 ∗∗∗ Solar Controls WATTConfig M Software ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-03 ∗∗∗ Fuji Electric Monitouch V-SFT ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04 ∗∗∗ Symantec Messaging Gateway RCE and CSRF ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates /detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&s uid=20170810_00 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.08.2017
by Daily end-of-shift report 10 Aug '17

10 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-08-2017 18:00 − Donnerstag 10-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ IT-Branche: "Sicherheitspaket" gefährdet Cybersicherheit ∗∗∗ --------------------------------------------- In einem offenen Brief warnen Vertreter der österreichischen IT-Branche vor Gefahren für die Cybersicherheit durch das von der ÖVP geplante „Sicherheitspaket“. --------------------------------------------- https://futurezone.at/netzpolitik/it-branche-sicherheitspaket-gefaehrdet-cy… ∗∗∗ Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities ∗∗∗ --------------------------------------------- An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform. --------------------------------------------- http://threatpost.com/mystery-company-offers-250000-bounty-for-vm-escape-vu… ∗∗∗ SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity ∗∗∗ --------------------------------------------- SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software. --------------------------------------------- http://threatpost.com/sap-patch-tuesday-update-resolves-19-flaws-three-high… ∗∗∗ Salesforce sacks two top security engineers for their DEF CON talk ∗∗∗ --------------------------------------------- Revealing penetration-testing tool sealed staffers fate Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.… --------------------------------------------- www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engin… ∗∗∗ Bundeskriminalamt (BK) warnt österreichische Unternehmen vor CEO-Betrug ∗∗∗ --------------------------------------------- http://www.bmi.gv.at/cms/bk/_news/start.aspx?id=534C4362372B557557664D3D&pa… ∗∗∗ The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says ∗∗∗ --------------------------------------------- An anonymous researcher has been able to identify the email address of people who have subscribed to the monthly dump service by the mysterious hacking group. --------------------------------------------- https://motherboard.vice.com/en_us/article/neejqw/the-shadow-brokers-have-m… ∗∗∗ Alleged vDOS Operators Arrested, Charged ∗∗∗ --------------------------------------------- Two young Israeli men alleged by this author to have co-founded vDOS -- until recently the largest and most profitable cyber attack-for-hire service online -- were arrested and formally indicted this week in Israel on conspiracy and hacking charges. --------------------------------------------- https://krebsonsecurity.com/2017/08/alleged-vdos-operators-arrested-charged/ ===================== = Advisories = ===================== ∗∗∗ Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2900951 ∗∗∗ Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2900966 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.08.2017
by Daily end-of-shift report 09 Aug '17

09 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-08-2017 18:00 − Mittwoch 09-08-2017 18:00 Handler: Alexander Riepl Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read ∗∗∗ --------------------------------------------- For the past couple of months I’ve been presenting my “Introduction to Windows Logical Privilege Escalation Workshop” at a few conferences. The restriction of a 2 hour slot fails to do the topic justice and some interesting tips and tricks I would like to present have to be cut out. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-a… ∗∗∗ Engineering Firm Leaks Sensitive Data on Dell, SBC and Oracle ∗∗∗ --------------------------------------------- Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet tied to Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin. --------------------------------------------- http://threatpost.com/engineering-firm-leaks-sensitive-data-on-dell-sbc-and… ∗∗∗ WTF is Mughthesec!? poking on a piece of undetected adware ∗∗∗ --------------------------------------------- Some undetected adware named "Mughthesec" is infecting Macs...lets check it out! --------------------------------------------- https://objective-see.com/blog/blog_0x20.html ∗∗∗ How are people fooled by this? Email to sign a contract provides malware instead. ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/22696 ∗∗∗ Security Afterworks – Best of Summer of Security Conferences ∗∗∗ --------------------------------------------- September 14, 2017 - 4:30 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-best-of-summer-of-s… ∗∗∗ Chip Off the Old EMV ∗∗∗ --------------------------------------------- Recently, Jason Knowles of ABC 7s I-Team asked us, "What is the security risk if your EMV chip falls off your credit card? What could someone do with that?" --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Chip-Off-the-Old-EMV/ ∗∗∗ Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev ∗∗∗ --------------------------------------------- WannaCry ransomware killer due in court August 14 British security researcher Marcus Hutchins was released on Monday from a Nevada jail after posting bail. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/08/08/marcus_hutc… ∗∗∗ FBIs spyware-laden video claims another scalp: Alleged sextortionist charged ∗∗∗ --------------------------------------------- Feds NIT punches through Tor anonymity shield The FBI’s preferred tool for unmasking Tor users has brought about another arrest: a suspected sextortionist who allegedly tricked young girls into sharing nude pics of themselves and then blackmailed his victims. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/08/09/fbis_spywar… ∗∗∗ Critical Security Fixes from Adobe, Microsoft ∗∗∗ --------------------------------------------- Adobe has released updates to fix at least 67 vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, its time once again to get your patches on. More than two dozen of the vulnerabilities fixed in todays Windows patch bundle address "critical" .. --------------------------------------------- https://krebsonsecurity.com/2017/08/critical-security-fixes-from-adobe-micr… ∗∗∗ Sonderzeichen, Ziffern und Co: Erfinder bereut Passwort-Regeln ∗∗∗ --------------------------------------------- 2003 entwarf Bill Burr für US-Behörden Passwortregeln, die sich bald global durchsetzten – und heute als unsicher gelten --------------------------------------------- http://derstandard.at/2000062463061 ===================== = Advisories = ===================== ∗∗∗ OSIsoft PI Integrator ∗∗∗ --------------------------------------------- This advisory contains mitigation details for cross-site scripting and improper authorization vulnerabilities in OSIsoft’s PI Integrator for SAP HANA 2016, PI Integrator for Business Analytics 2016 - Data Warehouse, PI Integrator for Business Analytics 2016 - Business Intelligence, PI Integrator for Business Analytics and SAP HANA SQL Utility 2016, and PI Integrator for Microsoft Azure 2016. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01 ∗∗∗ Moxa SoftNVR-IA Live Viewer ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in Moxa’s SoftNVR-IA Live Viewer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02 ∗∗∗ FortiOS IKE VendorID version information disclosure ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-073 ∗∗∗ FortiWeb SNMPv3 user password viewable in HTML source code ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-162 ∗∗∗ Sicherheitslücken in mehreren Jenkins-Plugins ∗∗∗ --------------------------------------------- https://heise.de/-3796342 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.08.2017
by Daily end-of-shift report 08 Aug '17

08 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 07-08-2017 18:00 − Dienstag 08-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ Hotspot Shield: VPN-Provider soll Nutzer per Javascript ausspionieren ∗∗∗ --------------------------------------------- Der VPN-Provider Hotspot soll seine Nutzer durch Javascript-Elemente und Werbung ausspionieren - obwohl er genau das Gegenteil behauptet. Das wirft eine US-Bürgerrechtsorganisation dem Unternehmen vor und hat Beschwerde bei der FTC eingereicht. --------------------------------------------- https://www.golem.de/news/hotspot-shield-vpn-provider-soll-javascript-in-ve… ∗∗∗ Google Patches 10 Critical Bugs in August Android Security Bulletin ∗∗∗ --------------------------------------------- Googles August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Googles Pixel and Nexus handsets. --------------------------------------------- http://threatpost.com/google-patches-10-critical-bugs-in-august-android-sec… ∗∗∗ Microsoft to remove WoSign and StartCom certificates in Windows 10 ∗∗∗ --------------------------------------------- Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wos… ∗∗∗ How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players ∗∗∗ --------------------------------------------- Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/chat-app-discord… ∗∗∗ Practical Analysis of the Cybersecurity of European Smart Grids ∗∗∗ --------------------------------------------- This paper summarizes the experience gained during a series of practical cybersecurity assessments of various components of Europe’s smart electrical grids. --------------------------------------------- http://digitalsubstation.com/en/2017/08/07/practical-analysis-of-nbsp-the-c… ∗∗∗ Google warnt Entwickler von Chrome-Erweiterungen vor Phishing-Mails ∗∗∗ --------------------------------------------- Betrüger sind auf der Jagd nach Log-in-Daten von Entwickler-Accounts, um Chrome-Erweiterungen mit Schadcode zu verseuchen und anschließend zu verteilen, warnt Google. --------------------------------------------- https://heise.de/-3795160 ∗∗∗ Hacker erpressen HBO mit weiteren "Game of Thrones"-Folgen ∗∗∗ --------------------------------------------- Erpresser haben Skript zu Folge 5 von Staffel 7 veröffentlicht und fordern Geld, um weitere Publizierungen zu unterlassen --------------------------------------------- http://derstandard.at/2000062391623 ∗∗∗ IWF warnt: Cyber-Angriffe gefährden weltweite Finanzstabilität ∗∗∗ --------------------------------------------- Attacken von Hackern und Kriminellen immer raffinierter --------------------------------------------- http://derstandard.at/2000062403498 ===================== = Advisories = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-23), Adobe Acrobat and Reader (APSB17-24), Adobe Experience Manager (APSB17-26) and Adobe Digital Editions (APSB17-27). Adobe recommends users update their product installations to the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1480 ∗∗∗ Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux ∗∗∗ --------------------------------------------- August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2017
by Daily end-of-shift report 07 Aug '17

07 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-08-2017 18:00 − Montag 07-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ You Can Trick Self-Driving Cars by Defacing Street Signs ∗∗∗ --------------------------------------------- A team of eight researchers has discovered that by altering street signs, an adversary could confuse self-driving cars and cause their machine-learning systems to misclassify signs and take .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/you-can-trick-self-driving-c… ∗∗∗ Passwortmanager: Lastpass ab sofort doppelt so teuer ∗∗∗ --------------------------------------------- Wer den Passwortmanager Lastpass nutzt, muss künftig mehr bezahlen. Nutzern der kostenfreien Version werden einige Funktionen gestrichten. Außerdem kündigt .. --------------------------------------------- https://www.golem.de/news/passwortmanager-lastpass-ab-sofort-doppelt-so-teu… ∗∗∗ Links in phishing-like emails lead to tech support scam ∗∗∗ --------------------------------------------- Tech support scams continue to evolve, with scammers exploring more ways to reach potential victims. Recently, we have observed spam campaigns distributing links that lead to tech support scam websites. Anti-spam filters in Microsoft Exchange .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/07/links-in-phishing-like-… ∗∗∗ Increase of phpMyAdmin scans ∗∗∗ --------------------------------------------- PMA (or phpMyAdmin) is a well-known MySQL front-end written in PHP that brings MySQL to the web as stated on the web site[1]. The tool is very popularamongst web developers because it helps to maintain databases just by using a web browser. This also means that the front-end might be publicly exposed! It is a common findingin many penetration tests to find an old PMA interface left byan admin. --------------------------------------------- https://isc.sans.edu/diary/rss/22688 ∗∗∗ ESET Spreading FUD About Torrent Files, Clients ∗∗∗ --------------------------------------------- An anonymous reader writes: ESET has taken fear mongering, something that some security firms continue to do, to a new level by issuing a blanket warning to users to view torrent files and clients as a threat. The warning came from the companys so-called security evangelist Ondrej Kubovic, (who used extremely patchy data to try and .. --------------------------------------------- https://it.slashdot.org/story/17/08/04/1938242/eset-spreading-fud-about-tor… ∗∗∗ Tale of the Two Payloads – TrickBot and Nitol ∗∗∗ --------------------------------------------- A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Tale-of-the-Two-Payloads-%e2… ∗∗∗ Erpressungstrojaner Cerber soll Bitcoins klauen ∗∗∗ --------------------------------------------- Offenbar ist den Malware-Entwicklern von Cerber das Lösegeld nicht genug: Der Verschlüsselungstrojaner soll sich nun auch Bitcoin-Wallets und Passwörter unter den Nagel reißen. --------------------------------------------- https://heise.de/-3793763 ∗∗∗ FireEye dementiert Hacker-Angriff auf US-Sicherheitsfirma Mandiant ∗∗∗ --------------------------------------------- Ein unbekannter Hacker brüstete sich damit, dass er das Netzwerk von Mandiant und Computer von Mitarbeitern kompromittiert hat. FireEye erklärt nun, dass das nicht stimmt. --------------------------------------------- https://heise.de/-3794454 ∗∗∗ Hackercamp SHA2017: All Computers are broken ∗∗∗ --------------------------------------------- ACAB mag in anderen Kreisen etwas anderes bedeuten, doch für Hacker ist die Sache klar: All Computers are broken. Das wurde auf dem niederländischen Hackercamp SHA2017 deutlich. --------------------------------------------- https://heise.de/-3794575 ∗∗∗ Hintergrund: Die Geschichte von Junipers enteigneter Hintertür ∗∗∗ --------------------------------------------- In einem mehrfach ausgezeichneten Paper liefern Forscher eine Art Krypto-Krimi. Sie dokumentieren minutiös, wie der Netzwerkausrüster Juniper eine versteckte Hintertür in seine Produkte einbaute – und wie ein externer Angreifer sie später umfunktionierte. --------------------------------------------- https://heise.de/-3794610 ∗∗∗ Gefälschte GMX-Nachricht: Konto gesperrt ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte GMX-Nachricht mit dem Betreff „GMX Konto Gesperrt“. Darin behaupten sie, dass das E-Mailkonto der Empfänger/innen gelöscht werde. Kund/innen, die das verhindern wollen, sollen ihre Zugangsdaten auf einer gefälschten GMX-Website .. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-gmx-nachricht-konto-… ===================== = Advisories = ===================== ∗∗∗ DSA-3926 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3926 ∗∗∗ DSA-3925 qemu - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3925 ∗∗∗ Eaton ELCSoft Vulnerabilities ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-216-01-0 ∗∗∗ WP Live Chat Support <= 7.1.04 - Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8880 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.08.2017
by Daily end-of-shift report 04 Aug '17

04 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-08-2017 18:00 − Freitag 04-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Week In Review – 4th August 2017 ∗∗∗ --------------------------------------------- Creating Fake Identities Everything today seems to be linked to your identity; or perhaps more specifically, to your digital identity. While safeguarding ones identity is important, it is also equally important to find ways to stop people from creating fake identities. Kevin Mitnick belonged to an earlier generation that many of this generations up and comers may not have heard of. While today he is a respectable information security professional, he wasn’t always quite a white hat, and [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/week-in-review-4th-aug… ∗∗∗ JavaScript Packages Caught Stealing Environment Variables ∗∗∗ --------------------------------------------- On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/javascript-packages-caught-s… ∗∗∗ Verseuchte Chrome-Erweiterung infiziert eine Million User ∗∗∗ --------------------------------------------- Die Erweiterung Web Developer wurde gekapert und durch eine Version mit Schadsoftware ausgetauscht und an User verteilt. --------------------------------------------- https://futurezone.at/digital-life/verseuchte-chrome-erweiterung-infiziert-… ∗∗∗ Verhaftung nach Black Hat: Wanna-Cry-Hacker soll Bankingtrojaner entwickelt haben ∗∗∗ --------------------------------------------- Ein britischer Sicherheitsforscher und Hacker ist in den USA verhaftet worden. Der 23-Jährige hatte unabsichtlich dazu beigetragen, die Ausbreitung von Wanna Cry zu verlangsamen. Er soll an der Entwicklung des Kronos-Bankentrojaners beteiligt gewesen sein. --------------------------------------------- https://www.golem.de/news/wanna-cry-sicherheitsforscher-malwaretech-in-den-… ∗∗∗ Weekly Security Roundup ∗∗∗ --------------------------------------------- This week, we’ve published an article about session hijacking, a dangerous hacking method that takes control of a user’s account as they are live and using it. Security articles of the week (July 31st – August 4th, 2017) The biggest story from the beginning of this week was the HBO hack that ended up with leaked [...] --------------------------------------------- https://heimdalsecurity.com/blog/weekly-security-roundup/ ∗∗∗ Cisco schließt Super-Admin-Lücke ∗∗∗ --------------------------------------------- Der Netzwerkausrüster stellt elf Sicherheitsupdates für diverse Produkte bereit. Von den Lücken soll ein mittleres bis hohes Risiko ausgehen. --------------------------------------------- https://heise.de/-3793025 ===================== = Advisories = ===================== ∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-24) ∗∗∗ --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 8, 2017. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1478 ∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in Schneider Electric’s Pro-face GP-Pro EX. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-215-01 ∗∗∗ IBM Security Bulletin: A vulnerability in libtirpc affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025258 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004331 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005297 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006551 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006550 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.08.2017
by Daily end-of-shift report 03 Aug '17

03 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-08-2017 18:00 − Donnerstag 03-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Defender ATP machine learning: Detecting new and unusual breach activity ∗∗∗ --------------------------------------------- Microsoft has been investing heavily in next-generation security technologies. These technologies use our ability to consolidate large sets of data and build intelligent systems that learn from that data. These machine learning (ML) systems flag and surface threats that would otherwise remain unnoticed amidst the continuous hum of billions of normal events and the inability... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-ma… ∗∗∗ Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain ∗∗∗ --------------------------------------------- Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that monetizes its traffic via adverts he may be exposed to malicious advertising. Tailored ads shown in the browser are initiated on-the-fly via a process known as Real-time Bidding (RTB). --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/08/enemy-at-the-gates-reviewi… ∗∗∗ The Retefe Saga ∗∗∗ --------------------------------------------- Surprisingly, there is a lot of media attention going on at the moment on a macOS malware called OSX/Dok. In the recent weeks, various anti-virus vendors and security researchers published blog posts on this threat, presenting their analysis and findings. While some findings where very interesting, others were misleading or simply wrong. --------------------------------------------- https://www.govcert.admin.ch/blog/33/the-retefe-saga ∗∗∗ Warnung vor Fake-Mail "Ihr Konto wurde limitiert" ∗∗∗ --------------------------------------------- [...] Diese E-Mail gibt sich als PayPal (service@ ppal.com) aus, PayPal hat mit der Betrugsmasche jedoch nichts zu tun. PayPal selbst wurde hier Opfer, indem sein Name missbräuchlich verwendet wird, um Nutzer in die Falle zu locken! --------------------------------------------- http://www.mimikama.at/allgemein/ihr-konto/ ∗∗∗ Sicherheitspatches: Varnish anfällig für DoS-Attacke ∗∗∗ --------------------------------------------- In verschiedenen Versionen von Varnish klafft eine Schwachstelle, über die Angreifer Server attackieren könnten. --------------------------------------------- https://heise.de/-3791311 ∗∗∗ Pwned Passwords: Neuer Dienst macht geknackte Passwörter auffindbar ∗∗∗ --------------------------------------------- Wurde mein Lieblings-Passwort schon einmal in einem Datenleck veröffentlicht und kann deswegen einfach für Bruteforce-Angriffe verwendet werden? Diese Frage beantwortet ein neuer Webdienst des Sicherheitsforschers Troy Hunt. --------------------------------------------- https://heise.de/-3792707 ∗∗∗ Malicious content delivered over SSL/TLS has more than doubled in six months ∗∗∗ --------------------------------------------- Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year. “Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/03/malicious-content-ssl-tls/ ∗∗∗ Gefälschte Bank Austria-Nachricht: Änderungen im OnlineBanking ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht schreiben Kriminelle, dass es zu einer Änderung im OnlineBanking-System gekommen sei. Das führt zu Fehlern, weshalb Kund/innen ihre Zugangsdaten auf einer Website nennen sollen. Empfänger/innen der Nachricht, die dem nachkommen, übermitteln ihre Passwörter an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-bank-austria-nachric… ===================== = Advisories = ===================== ∗∗∗ Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance.The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy ... --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22003928 ∗∗∗ IBM Security Bulletin: Apache Commons Collection Java Deserialization Vulnerability in Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009711 ∗∗∗ IBM Security Bulletin: CVE-2015-4000 Diffie-Hellman Export Cipher Suite Vulnerabilities in Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009681 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.08.2017
by Daily end-of-shift report 02 Aug '17

02 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-08-2017 18:00 − Mittwoch 02-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Ein paar Thesen zu aktuellen Gesetzesentwürfen ∗∗∗ --------------------------------------------- Ein paar Thesen zu aktuellen Gesetzesentwürfen31. Juli 2017Das Thema "LE going dark in the age of encrytion" kocht mal wieder hoch, und noch schnell vor den Neuwahlen wurden entsprechende Gesetzesentwürfe eingebracht. Ich will hier aus technischer Sicht ein paar Argumente in die Diskussion einwerfen, .. --------------------------------------------- http://www.cert.at/services/blog/20170731130131-2076.html ∗∗∗ Auch bei Amazon: Android-Smartphones mit vorinstallierter Malware im Umlauf ∗∗∗ --------------------------------------------- Vorinstallierte Malware auf dem Smartphone dürfte für viele Nutzer ein Albtraum sein. In einem aktuellen Fall sollen günstige Smartphones des Herstellers Nomu betroffen sein. Diese sind auch in Deutschland bestellbar. --------------------------------------------- https://www.golem.de/news/auch-bei-amazon-android-smartphones-mit-vorinstal… ∗∗∗ WannaCry Inspires Banking Trojan to Add Self-Spreading Ability ∗∗∗ --------------------------------------------- Although the wave of WannaCry and Petya ransomware has now been slowed down, money-motivated hackers and cyber criminals have taken lessons from the global outbreaks to make their malware more powerful. Security researchers have now discovered at least one group of cyber criminals that are attempting to .. --------------------------------------------- https://thehackernews.com/2017/08/trickbot-banking-trojan.html ∗∗∗ Invisible Man malware runs keylogger on your Android banking apps ∗∗∗ --------------------------------------------- Top tip: Dont fetch and install dodgy Flash updates from random websites A new breed of Android malware is picking off mobile banking customers, particularly those in the UK and Germany, were told. --------------------------------------------- http://www.theregister.co.uk/2017/08/02/banking_android_malware_in_uk/ ∗∗∗ Sorry, psycho bosses, its not OK to keylog your employees ∗∗∗ --------------------------------------------- In Germany, at least, youre gonna have to get your jollies some other way Installing keylogging software on your employees computers and using what you find to fire them is not OK, a German court has decided. --------------------------------------------- http://www.theregister.co.uk/2017/08/02/keylogging_software_for_employees/ ∗∗∗ Exposed IoT servers let hackers unlock prison cells, modify pacemakers ∗∗∗ --------------------------------------------- A researcher has found an often misconfigured protocol (MQTT) puts heart monitors, oil pipelines or particle accelerators at risk of attack. --------------------------------------------- http://www.zdnet.com/article/exposed-servers-hack-prison-cells-alter-pacema… ∗∗∗ Sicherheitsupdates: VMware vCenter Server und Tools angreifbar ∗∗∗ --------------------------------------------- Die Entwickler schließen mehrere Schwachstellen in ihrer Software. Keine Lücke gilt als kritisch. --------------------------------------------- https://heise.de/-3790197 ∗∗∗ Most damaging threat vector for companies? Malicious insiders ∗∗∗ --------------------------------------------- According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. Furthermore, nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions .. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/02/malicious-insiders-threat-vector/ ===================== = Advisories = ===================== ∗∗∗ Mitsubishi Electric Europe B.V. E-Designer ∗∗∗ --------------------------------------------- This advisory contains mitigation details for heap-based buffer overflow, stack-based buffer overflow, and out-of-bounds write vulnerabilities in the Mitsubishi Electric Europe B.V. E-Designer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 ∗∗∗ Schneider Electric Trio TView ∗∗∗ --------------------------------------------- This advisory contains mitigation details for multiple vulnerabilities for Java Runtime Environment in Schneider Electric’s Trio TView software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-213-02 ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170801-… ∗∗∗ Security Advisory - DoS Vulnerability of Audio Driver in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Bastet of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-… ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2017-1504) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006803 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-Site Scripting Vulnerability (CVE-2017-1327) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22003664 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting (XSS) Attack (CVE-2017-1199) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006618 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to multiple OpenSSL vulnerabilities (CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006602 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.08.2017
by Daily end-of-shift report 01 Aug '17

01 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 31-07-2017 18:00 − Dienstag 01-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hacker bremsen Tesla Model X aus der Ferne ∗∗∗ --------------------------------------------- Chinesische Sicherheitsforscher konnten die Firmware manipulieren und zahlreiche Funktionen des Fahrzeugs kontrollieren. --------------------------------------------- https://futurezone.at/produkte/hacker-bremsen-tesla-model-x-aus-der-ferne/2… ∗∗∗ Rooting Out Hosts that Support Older Samba Versions, (Tue, Aug 1st) ∗∗∗ --------------------------------------------- Ive had a number of people ask how they can find services on their network that still support SMBv1. In an AD Domain you can generally have good control of patching and the required registry keys to disable SMBv1. However, for non-domain members thats tougher. --------------------------------------------- https://isc.sans.edu/diary/rss/22672 ∗∗∗ Windows Hacking Kurs – Durchführungsgarantie ∗∗∗ --------------------------------------------- November 30, 2017 - December 01, 2017 - All Day SBA Research Favoritenstraße 16 Vienna --------------------------------------------- https://www.sba-research.org/events/windows-hacking-kurs-durchfuhrungsgaran… ∗∗∗ CISSP Training – Durchführungsgarantie ∗∗∗ --------------------------------------------- September 11, 2017 - September 15, 2017 - All Day SBA Research Favoritenstraße 16 Vienna --------------------------------------------- https://www.sba-research.org/events/cissp-training-durchfuhrungsgarantie-6/ ∗∗∗ Incident Response Kurs – Durchführungsgarantie ∗∗∗ --------------------------------------------- September 27, 2017 - September 29, 2017 - All Day SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/incident-response-kurs-durchfuhrungsgar… ∗∗∗ Cobalt strikes back: an evolving multinational threat to finance ∗∗∗ --------------------------------------------- Cobalt has attacked banks, financial exchanges, insurance companies, investment funds, and other financial organizations. The group is not afraid to use the names of regulatory authorities or security topics to trick recipients into opening phishing messages from illegitimate domains. Now they actively use Supply Chain Attacks to leverage the infrastructure and accounts of actual employees at one company, in order to forge convincing emails targeting a different partner organization --------------------------------------------- http://blog.ptsecurity.com/2017/08/cobalt-group-2017-cobalt-strikes-back.ht… ∗∗∗ Reddoxx: Angreifer können TÜV-geprüfte Mail-Archivierungssoftware kapern ∗∗∗ --------------------------------------------- Ein einfacher Ping-Befehl, der über ein Admin-Interface ausgelöst wird lässt sich von jedermann aus der Ferne missbrauchen, um beliebigen Code auszuführen. So können Angreifer die E-Mail-Software für rechtssichere Archivierung übernehmen. --------------------------------------------- https://heise.de/-3785041 ∗∗∗ Phisher bringen Chrome-Erweiterung Copyfish unter ihre Kontrolle ∗∗∗ --------------------------------------------- Wer die aktuelle Version von Copyfish installiert hat, wird von Werbeeinblendungen genervt. Nun hat Google die von Betrügern manipulierte Chrome-Erweiterung offline genommen. --------------------------------------------- https://heise.de/-3787978 ∗∗∗ NeoCoolCam: Chinesische IP-Kameras mit massiven Sicherheitslücken ∗∗∗ --------------------------------------------- Sicherheitsforscher haben wieder einmal gravierende Sicherheitslücken in IP-Kameras aufgedeckt. Mindestens 175.000 Geräte des Herstellers Shenzhen Neo Electronics lassen sich mit einfachen Mitteln aus dem Netz kapern. --------------------------------------------- https://heise.de/-3788061 ∗∗∗ Hackers can turn Amazon Echo into a covert listening device ∗∗∗ --------------------------------------------- New research released by MWR InfoSecurity reveals how attackers can compromise the Amazon Echo and turn it into a covert listening device, without affecting its overall functionality. Found to be susceptible to a physical attack, which allows an attacker to gain a root shell on the Linux Operating Systems and install malware, the Amazon Echo would enable hackers to covertly monitor and listen in on users and steal private data without their permission or knowledge. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/01/amazon-echo-covert-listening/ ∗∗∗ Hinweis auf betrügerische Bestellung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine E-Mail, in der sie von einer Online-Bestellung sprechen. Sie sei von „Schwindlern begangen" worden. Empfänger/innen können Angaben zu der betrügerischen Bestellung auf einer Website herunterladen. Wenn sie das tun, installieren Nutzer/innen Schadsoftware auf ihrem Computer. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/hinweis-auf-betrue… ∗∗∗ KRITIS: Erster branchenspezifischer Sicherheitsstandard anerkannt ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Erster_bran… ===================== = Advisories = ===================== ∗∗∗ DFN-CERT-2017-1328: Red Hat JBoss Enterprise Application Platform: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1328/ ∗∗∗ DFN-CERT-2017-1330: McAfee Security Scan Plus: Eine Schwachstelle ermöglicht die Ausführung beliebiger Programme mit Benutzerrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1330/ ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to retrieval of access credentials by highly privileged users ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006068 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to a privilege escalation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006067 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005803 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server has a network layer security vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006063 ∗∗∗ IBM Security Bulletin: Session fixation defect in IBM Security AppScan Enterprise (CVE-2016-9981) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006430 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.07.2017
by Daily end-of-shift report 31 Jul '17

31 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-07-2017 18:00 − Montag 31-07-2017 18:00 Handler: Robert Waldner Co-Handler: ===================== = News = ===================== ∗∗∗ Ein paar Thesen zu aktuellen Gesetzentwürfen ∗∗∗ --------------------------------------------- Ein paar Thesen zu aktuellen Gesetzentwürfen31. Juli 2017Das Thema "LE going dark in the age of encrytion" kocht mal wieder hoch, und noch schnell vor den Neuwahlen wurden entsprechende Gesetzesentwürfe eingebracht. Ich will hier aus technischer Sicht ein paar Argumente in die Diskussion einwerfen, beschränke mich hier aber rein auf den Aspekt Überwachung trotz Verschlüsselung. --------------------------------------------- http://www.cert.at/services/blog/20170731130131-2076.html ∗∗∗ Reverse Engineering a JavaScript Obfuscated Dropper ∗∗∗ --------------------------------------------- 1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is using a JavaScript (js) dropper. A js dropper represents, in most attack scenarios, the first stage of a malware infection. It happens because Windows systems allow the execution of various scripting language using the Windows Script Host (WScript). This […]The post Reverse Engineering a JavaScript Obfuscated Dropper appeared first on InfoSec Resources. --------------------------------------------- http://resources.infosecinstitute.com/reverse-engineering-javascript-obfusc… ∗∗∗ A new era in mobile banking Trojans ∗∗∗ --------------------------------------------- In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. --------------------------------------------- http://securelist.com/a-new-era-in-mobile-banking-trojans/79198/ ∗∗∗ LeakerLocker Mobile Ransomware Threatens to Expose User Information ∗∗∗ --------------------------------------------- While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tDsXJe6LJ0g/ ∗∗∗ Das Millionengeschäft mit Softwarefehlern ∗∗∗ --------------------------------------------- Softwarefehler können enormen Schaden anrichten, wie zuletzt die großangelegte Cyberattacke mit der Schadsoftware „NotPetya“ gezeigt hat. Das Aufspüren solcher Schwachstellen ist die Aufgabe von Bug-Kopfgeldjägern, die damit oft gut verdienen. Interesse an den Diensten der Hacker gibt es dabei nicht nur vonseiten der Hersteller. --------------------------------------------- http://orf.at/stories/2397792/2397793/ ∗∗∗ Container security: The seven biggest mistakes companies are making ∗∗∗ --------------------------------------------- As enterprises increase adoption of containers, they also risk increasing the number of mistakes they make with the technology. Given that many companies are still wrapping their heads around the potential of container technology and how to best leverage it, that stands to reason. With that said, however, companies must ensure that they are establishing a solid foundation for security as they continue to identify strategies and workloads that make sense on a container platform. … More --------------------------------------------- https://www.helpnetsecurity.com/2017/07/31/container-security-seven-biggest… ===================== = Advisories = ===================== ∗∗∗ CAN Bus Standard Vulnerability ∗∗∗ --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01 ∗∗∗ Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking ∗∗∗ --------------------------------------------- Security researchers have revealed a recently discovered vulnerability in modern, high-speed cell networks, which they say can allow low-cost phone surveillance and location tracking. --------------------------------------------- http://www.zdnet.com/article/stingray-security-flaw-cell-networks-phone-tra… ∗∗∗ Cloud-Antivirensoftware hilft beim Datenklau aus luftdichten Netzwerken ∗∗∗ --------------------------------------------- Mindestens vier Virenscanner, die verdächtige Daten zur Analyse in die Cloud hochladen, helfen beim Datenklau von ansonsten in ihrer Kommunikationsfähigkeit beschränkten PCs. Auch Virustotal ist betroffen. --------------------------------------------- https://heise.de/-3786507 ∗∗∗ Attacking industrial pumps by adjusting valves to create bubbles in the pipes. ∗∗∗ --------------------------------------------- https://twitter.com/KraftCERT/status/891929915200856064 ∗∗∗ DFN-CERT-2017-1309/">FreeRDP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1309/ ∗∗∗ [webapps] GitHub Enterprise < 2.8.7 - Remote Code Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42392/?rss ∗∗∗ IBM Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022204 ∗∗∗ IBM Security Bulletin: 10x vulnerability in IBM Control Center could allow an outside user to obtain the ID (CVE-2017-1152) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006361 ∗∗∗ IBM Security Bulletin: Non-configured connections could cause denial of service in IBM WebSphere MQ Internet Pass-Thru (CVE-2017-1118 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006580 ∗∗∗ IBM Security Bulletin: A vulnerability in Java runtime from IBM affects IBM WebSphere MQ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005123 ∗∗∗ Fortinet FortiOS Input Validation Flaws Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039020 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.07.2017
by Daily end-of-shift report 28 Jul '17

28 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-07-2017 18:00 − Freitag 28-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Google Study Quantifies Ransomware Profits ∗∗∗ --------------------------------------------- A ransomware study released Google revealed the malware earned criminals $25 million over the past two years. --------------------------------------------- http://threatpost.com/google-study-quantifies-ransomware-revenue/127057/ ∗∗∗ Attack Uses Docker Containers To Hide, Persist, Plant Malware ∗∗∗ --------------------------------------------- Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers. --------------------------------------------- http://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-m… ∗∗∗ The Cloak & Dagger Attack That Bedeviled Android For Months ∗∗∗ --------------------------------------------- Not all Android attacks come from firmware mistakes. --------------------------------------------- https://www.wired.com/story/cloak-and-dagger-android-malware ∗∗∗ Hacker Says He Broke Through Samsungs Secure Smartphone Platform ∗∗∗ --------------------------------------------- When his rooting exploit worked on plenty of Android devices but failed on the Samsung Galaxy S7 Edge, researcher Di Shen decided to dig into KNOX. --------------------------------------------- https://motherboard.vice.com/en_us/article/pad5jn/hacker-says-he-broke-thro… ∗∗∗ OPC Data Access IDAPython script ∗∗∗ --------------------------------------------- An IDAPython script for IDA Pro that helps reverse engineer binaries that are using the OPC Data Access protocol. --------------------------------------------- https://github.com/eset/malware-research/blob/master/industroyer/README.adoc ∗∗∗ Internet der Dinge: Wenn die Waschstraße angreift ∗∗∗ --------------------------------------------- Sicherheitsforscher haben diverse Schwachstellen in automatisierten Autowaschstraßen gefunden, die sich sogar übers Internet missbrauchen lassen. Durch ferngesteuerte Tore, Roboterarme und Hochdruck-Wasserstrahle könnte es sogar zu Personenschäden kommen. --------------------------------------------- https://heise.de/-3785654 ∗∗∗ Microsoft opens fuzz testing service to the wider public ∗∗∗ --------------------------------------------- Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry. --------------------------------------------- https://www.helpnetsecurity.com/2017/07/28/microsoft-fuzz-testing-service/ ===================== = Advisories = ===================== ∗∗∗ Continental AG Infineon S-Gold 2 (PMB 8876) ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow and an improper restriction of operations within the bounds of a memory buffer vulnerability in Continental AGs Infineon S-Gold 2 (PMB 8876). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 ∗∗∗ Mirion Technologies Telemetry Enabled Devices ∗∗∗ --------------------------------------------- This advisory contains mitigation details for use of hard-coded cryptographic key and inadequate encryption strength vulnerabilities in Mirion Technologies Telemetry Enabled Devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02 ∗∗∗ PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authentication and missing encryption of sensitive data affecting PDQ Manufacturing, Inc.s LaserWash, LaserJet, and ProTouch car washes. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03 ∗∗∗ Multiple Cisco Products OSPF LSA Manipulation Vulnerability ∗∗∗ --------------------------------------------- Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic.The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2017-0012 ∗∗∗ --------------------------------------------- VMware VIX API VM Direct Access Function security issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0012.html ∗∗∗ VMSA-2017-0013 ∗∗∗ --------------------------------------------- VMware vCenter Server and Tools updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0013.html ∗∗∗ Vuln: Cloud Foundry Cloud Controller API CVE-2017-8036 Incomplete Fix Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/100002 ∗∗∗ DFN-CERT-2017-1305: PHPMailer: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1305/ ∗∗∗ DFN-CERT-2017-1310: Microsoft Outlook: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1310/ ∗∗∗ FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-104 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005830 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1332) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005233 ∗∗∗ IBM Security Bulletin: Multiple security vunerabilities in Oracle Java SE and Java SE Embedded affects IBM InfoSphere Master Data Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006603 ∗∗∗ IBM Security Bulletin: IBM System Networking Switch Center is affected by a Jsch vulnerability (CVE-2016-5725) ∗∗∗ --------------------------------------------- http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM User Interface (CVE-2016-9714) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006608 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method – TRACE discovered in MDM User Interface (CVE-2016-9718) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006606 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery discovered in MDM User Interface (CVE-2016-9716) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006610 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting Attack (CVE-2016-9715) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006611 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities might affect IBM® SDK for Node.js™ ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22006298 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025538 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in qemu-kvm and libguestfs affect SmartCloud Entry (CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 CVE-2015-8869) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025529 ∗∗∗ IBM Security Bulletin: IBM i is affected by an OSPF vulnerability (CVE-2017-1460) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022191 ∗∗∗ IBM Security Bulletin: The BigFix Platform has a vulnerability that can cause denial of service ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22003222 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a X-Frame-Options Header ClickJacking attack (CVE-2016-9719 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006607 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006605 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025397 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.07.2017
by Daily end-of-shift report 27 Jul '17

27 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-07-2017 18:00 − Donnerstag 27-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ IoT-Geräte in Österreich: 31.000 von 280.000 unsicher ∗∗∗ --------------------------------------------- In Österreich gibt es eine beträchtlich hohe Zahl ungeschützter Router und Webcams im Internet, so eine neue Studie von Avast. Warum das ein Problem ist und was man tun kann. --------------------------------------------- https://futurezone.at/produkte/iot-geraete-in-oesterreich-31-000-von-280-00… ∗∗∗ Lipizzan: Google findet neue Staatstrojaner-Familie für Android ∗∗∗ --------------------------------------------- Erneut hat Google eine Android-Spyware einer isrealischen Firma gefunden. Die Software tarnte sich als harmlose App im Playstore, die Rooting-Funktion wird dann nachgeladen. --------------------------------------------- https://www.golem.de/news/lipizzan-google-findet-neue-staatstrojaner-famili… ∗∗∗ Announcing the Windows Bounty Program ∗∗∗ --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-… ∗∗∗ Extending Microsoft Edge Bounty Program ∗∗∗ --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edg… ∗∗∗ Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets ∗∗∗ --------------------------------------------- Fully remote exploits that allow for compromise of a target without any user interaction have become something of a myth in recent years. While some are occasionally still found against insecure and unpatched targets such as routers, various IoT devices or old versions of Windows, practically no remotely exploitable bugs that reliably bypass DEP and ASLR have been found on Android and iOS. In order to compromise these devices, attackers [...] --------------------------------------------- https://blog.exodusintel.com/2017/07/26/broadpwn/ ∗∗∗ DeepINTEL Schedule updated – Psychology and Power Grids ∗∗∗ --------------------------------------------- We have updated the schedule for DeepINTEL 2017. The human mind and power grids are both critical infrastructure. Both can be manipulated and switched off, arguably. And most of us use both every day. So this is why we added two more presentations to the schedule. --------------------------------------------- http://blog.deepsec.net/deepintel-schedule-updated-psychology-power-grids/ ∗∗∗ Black Hat: Strahlungsmessgeräte per Funk manipulierbar ∗∗∗ --------------------------------------------- Ein Hacker hat Sicherheitslücken in stationären und mobilen Messgeräten für radioaktive Strahlung gefunden. Kriminelle könnten so radioaktives Material durch Kontrollen schleusen oder Fehlalarme in Kernreaktoren auslösen. Updates wird es nicht geben. --------------------------------------------- https://heise.de/-3784966 ∗∗∗ Slowloris all the things ∗∗∗ --------------------------------------------- At DEFCON, some researchers are going to announce a Slowloris-type exploit for SMB -- SMBloris. I thought Id write up some comments.The original Slowloris from several years creates a ton of connections to a web server, but only sends partial headers. The server allocates a large amount of memory to handle the requests, expecting to free that memory soon when the requests are completed. But the requests are never completed, so the memory remains tied up indefinitely. --------------------------------------------- http://blog.erratasec.com/2017/07/slowloris-all-things.html ===================== = Advisories = ===================== ∗∗∗ McAfee Releases Security Bulletin for Web Gateway ∗∗∗ --------------------------------------------- Original release date: July 27, 2017 McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/07/27/McAfee-Releases-Se… ∗∗∗ VU#547255: Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/547255 ∗∗∗ Cisco Access Control System Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1295: FortiNet FortiOS, FortiAnalyzer: Mehrere Schwachstellen ermöglichen u.a die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1295/ ∗∗∗ DFN-CERT-2017-1303: Foxit PDF Compressor: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1303/ ∗∗∗ HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocal of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-… ∗∗∗ Security Advisory - BroadPwn Remote Code Execute Vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170727-… ∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005722 ∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect (CVE-2017-1386) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004981 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates April 2017 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005840 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1303) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004979 ∗∗∗ [2017-07-27] Kathrein UFSconnect 916 multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… ∗∗∗ [2017-07-27] Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2017
by Daily end-of-shift report 26 Jul '17

26 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-07-2017 18:00 − Mittwoch 26-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Smart Drawing Pads Used for DDoS Attacks, IoT Fish Tank Used in Casino Hack ∗∗∗ --------------------------------------------- Some clever hackers found new ways to use the smart devices surrounding us, according to a report published last week by UK-based cyber-defense company Darktrace. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/smart-drawing-pads-used-for-… ∗∗∗ IOS Forensics ∗∗∗ --------------------------------------------- 1. INTRODUCTION Day by day, Smart phones and tablets are becoming popular, and hence technology used in development to add new features or improve the security of such devices is advancing too fast. iPhone and iPod are the game changer products launched by Apple. Apple operating system (IOS) devices started growing popular in the mobile [...] --------------------------------------------- http://resources.infosecinstitute.com/ios-forensics/ ∗∗∗ Windows SMB Zero Day to Be Disclosed During DEF CON ∗∗∗ --------------------------------------------- Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON. --------------------------------------------- http://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/1… ∗∗∗ WikiLeaks drops another cache of ‘Vault7’ stolen tools ∗∗∗ --------------------------------------------- Latest dump is a trove of malware from Raytheon used for surveillance and data collection --------------------------------------------- https://nakedsecurity.sophos.com/2017/07/26/wikileaks-drops-another-cache-o… ∗∗∗ Where are the holes in machine learning – and can we fix them? ∗∗∗ --------------------------------------------- Machine learning algorithms are increasingly a target for the bad guys - but the industry is working to stop them, explains Sophos chief data scientist Joshua Saxe --------------------------------------------- https://nakedsecurity.sophos.com/2017/07/26/where-are-the-holes-in-machine-… ∗∗∗ How a Citadel Trojan Developer Got Busted ∗∗∗ --------------------------------------------- A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught. --------------------------------------------- https://krebsonsecurity.com/2017/07/how-a-citadel-trojan-developer-got-bust… ===================== = Advisories = ===================== ∗∗∗ CRASHOVERRIDE Malware ∗∗∗ --------------------------------------------- CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers. Additional modules include a data-wiping component and a module capable of causing a denial of service (DoS) to Siemens SIPROTEC devices. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-206-01 ∗∗∗ NXP i.MX Product Family ∗∗∗ --------------------------------------------- This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for stack-based buffer overflow and improper certificate validation vulnerabilities in the NXP i.MX Product Family. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 ∗∗∗ Bugtraq: [SECURITY] [DSA 3919-1] openjdk-8 security update ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/540926 ∗∗∗ DFN-CERT-2017-1288: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1288/ ∗∗∗ Security Advisory - Two DoS Vulnerabilities in Call Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-… ∗∗∗ Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in Java shipped as a component of IBM Security Privileged Identity Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006547 ∗∗∗ SSA-323211 (Last Update 2017-07-25): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211… ∗∗∗ SSA-822184 (Last Update 2017-07-26): Microsoft Web Server and HP Client Automation Vulnerabilities in Molecular Imaging Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2017
by Daily end-of-shift report 25 Jul '17

25 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Montag 24-07-2017 18:00 − Dienstag 25-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Fruit Fly 2: Mysteriöse Mac-Malware seit Jahren aktiv ∗∗∗ --------------------------------------------- Auch Mac-Nutzer sind nicht vor Schadsoftware sicher: Eine Malware soll seit mehr als fünf Jahren aktiv sein, aber nur einige hundert Nutzer befallen haben. Die Software ermöglicht einen weitgehenden Zugriff auf den Rechner und private Informationen. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/fruit-fly-2-mysterioese-mac-malware-seit-jahren-a… ∗∗∗ CowerSnail, from the creators of SambaCry ∗∗∗ --------------------------------------------- We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. --------------------------------------------- http://securelist.com/cowersnail-from-the-creators-of-sambacry/79087/ ∗∗∗ Novel Attack Tricks Servers to Cache, Expose Personal Data ∗∗∗ --------------------------------------------- Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers. --------------------------------------------- http://threatpost.com/novel-attack-tricks-servers-to-cache-expose-personal-… ∗∗∗ SBA Research co-organizes ROOTS 2017 ∗∗∗ --------------------------------------------- November 16, 2017 - November 17, 2017 - All Day The Imperial Riding School Vienna Ungargasse 60 Vienna --------------------------------------------- https://www.sba-research.org/events/sba-research-co-organizes-roots-2017/ ∗∗∗ Alternatives to Government-Mandated Encryption Backdoors ∗∗∗ --------------------------------------------- Policy essay: "Encryption Substitutes," by Andrew Keane Woods --------------------------------------------- https://www.schneier.com/blog/archives/2017/07/alternatives_to_1.html ∗∗∗ ShieldFS Is a Clever New Tool That Shuts Down Ransomware Before Its Too Late ∗∗∗ --------------------------------------------- By sniffing out ransomware in real-time, ShieldFS might be the cure to the internets latest security scourge. --------------------------------------------- https://www.wired.com/story/shieldfs-ransomware-protection-tool ∗∗∗ ENISA invites European utilities to join EE-ISAC Expert meeting in September ∗∗∗ --------------------------------------------- Together with the DG Energy of the European Commission, ENISA is organising a full-day expert seminar, which will be held on 7th September, 2017 in Athens. Registration is now open. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-invites-european-utilitie… ===================== = Advisories = ===================== ∗∗∗ VU#350135: Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin ∗∗∗ --------------------------------------------- Vulnerability Note VU#350135 Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin Original Release date: 07 Jun 2017 | Last revised: 24 Jul 2017 Overview WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device. --------------------------------------------- http://www.kb.cert.org/vuls/id/350135 ∗∗∗ VU#838200: Telerik Web UI contains cryptographic weakness ∗∗∗ --------------------------------------------- Vulnerability Note VU#838200 Telerik Web UI contains cryptographic weakness Original Release date: 25 Jul 2017 | Last revised: 25 Jul 2017 Overview The Telerik Web UI, versions R2 2017 (2017.2.503) and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys. --------------------------------------------- http://www.kb.cert.org/vuls/id/838200 ∗∗∗ [20170704] - Core - Installer: Lack of Ownership Verification ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Installer Severity: High Versions: 1.0.0 through 3.7.3 Exploit type: Lack of Ownership Verification Reported Date: 2017-Apr-06 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11364 Description The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control. Please note: Already installed sites are not affected, as this issue is limited to the installer application! --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/dsijOki-S50/700-20170704-c… ∗∗∗ [20170705] - Core - XSS Vulnerability ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Severity: Low Versions: 1.5.0 through 3.7.3 Exploit type: XSS Reported Date: 2017-April-26 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11612 Description Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uutSEqYQKbU/701-20170605-c… ∗∗∗ DFN-CERT-2017-1285: Cacti: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1285/ ∗∗∗ Vulnerability in Citrix NetScaler SD-WAN Enterprise & Standard Edition and Citrix CloudBridge Virtual WAN Edition Could Result in Unauthenticated Remote Code Execution ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX225990 ∗∗∗ IBM Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2017-1496) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006175 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSource GNU Glibc affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005677 ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2017-1370) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005868 ∗∗∗ IBM Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22002754 ∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities affect IBM Network Advisor ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010466 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM WebSphere Portal Rich Media Edition ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005279 ∗∗∗ [2017-07-24] Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… ∗∗∗ [2017-07-24] Open Redirect issue in multiple Ubiquiti Networks products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2017
by Daily end-of-shift report 24 Jul '17

24 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-07-2017 18:00 − Montag 24-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ New Version of DarkHotel Malware Spotted Going After Political Figures ∗∗∗ --------------------------------------------- The DarkHotel hacking group, a threat actor known to engage in advanced cyber-espionage tactics, has shifted operations from targeting CEOs and businessmen to political figures. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-version-of-darkhotel-mal… ∗∗∗ How was the #TurrisHack17 ? ∗∗∗ --------------------------------------------- Since the beginning of the Turris project, we have been very happy for the opportunity to cooperate closely with our community. Without it, the project would not have been where it is now. It was largely the interest of potential […] --------------------------------------------- http://en.blog.nic.cz/2017/07/22/how-was-the-turrishack17/ ∗∗∗ FIRST releases inaugural annual report ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams releases inaugural annual report, covering the scope of its activities from the 2016 conference in Seoul, through its 2017 annual event in Puerto Rico. --------------------------------------------- https://www.first.org/newsroom/releases/20170724 ∗∗∗ Hacking: Microsoft beschlagnahmt Fancy-Bear-Infrastruktur ∗∗∗ --------------------------------------------- Um gegen die Hackergruppe Fancy Bear vorzugehen, nutzt Microsoft das Markenrecht und beschlagnahmt Domains. Die kriminellen Aktivitäten der Gruppe würden "die Marke und den Ruf" des Unternehmens schädigen. Komplett stoppen lassen sich die Aktivitäten aber auch auf diesem Wege nicht. (Microsoft, Server) --------------------------------------------- https://www.golem.de/news/hacking-microsoft-beschlagnahmt-fancy-bear-infras… ∗∗∗ Uber drivers new threat: the "passenger", (Mon, Jul 24th) ∗∗∗ --------------------------------------------- This week I was told about a scam attack that surprised me due to the criminals creativity. A NYC Uber driver had his Uber account and days incomings stolen by someone who was supposed to be his next passenger. --------------------------------------------- https://isc.sans.edu/diary/rss/22626 ∗∗∗ DMARC: an imperfect solution that can make a big difference ∗∗∗ --------------------------------------------- US Senator Ron Wyden has asked the Department of Homeland Security to implement DMARC. Martijn Grooten looks at what difference this could make for phishing attacks impersonating the US federal governent. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/07/dmarc-imperfect-solution-can… ===================== = Advisories = ===================== ∗∗∗ HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗ --------------------------------------------- Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ rt-sa-2017-009 ∗∗∗ --------------------------------------------- Remote Command Execution as root in REDDOXX Appliance --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-009.txt ∗∗∗ rt-sa-2017-007 ∗∗∗ --------------------------------------------- Undocumented Administrative Service Account in REDDOXX Appliance --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-007.txt ∗∗∗ VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/586501 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22003790 ∗∗∗ IBM Security Bulletin: Vulnerability in Samba affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005381 ∗∗∗ Palo Alto PAN-OS Unspecified Bug in DNS Proxy Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038976 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect External Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038975 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Management Web Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038974 ∗∗∗ Python and Jython vulnerability CVE-2013-1752 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53192206 ∗∗∗ Python and Jython vulnerability CVE-2014-7185 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78825687 ∗∗∗ SNMP vulnerability CVE-2007-5846 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33151296 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.07.2017
by Daily end-of-shift report 21 Jul '17

21 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-07-2017 18:00 − Freitag 21-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 14 Warning Signs that Your Computer is Malware-Infected ∗∗∗ --------------------------------------------- Malware attacks affect us all. The increasing number of Internet users worldwide creates an equal (or larger) number of opportunities for cyber criminals to take advantage of our systems. As we become more dependent on the online environment, we can clearly see a massive growth in malware and cyber criminal activities all across the globe. --------------------------------------------- https://heimdalsecurity.com/blog/warning-signs-operating-system-infected-ma… ∗∗∗ Practical Android Phone Forensics ∗∗∗ --------------------------------------------- Introduction Today’s world is Android World. Almost 90% of devices are running on Android, and each one of us is using Android in some or the other way. There are various devices which run on Android, but Android is widely used on Smart Phones. Also, if you check the Global Smart Phone Market Share Android [...] --------------------------------------------- http://resources.infosecinstitute.com/practical-android-phone-forensics/ ∗∗∗ BKA will mächtigeren Staatstrojaner angeblich noch 2017 einsatzbereit haben ∗∗∗ --------------------------------------------- Laut einem geleakten Dokument ist man beim Bundeskriminalamt optimistisch, noch 2017 einen Staatstrojaner einsatzbereit zu haben, der deutlich mächtiger ist als sein Vorgänger. Damit sollen auch Smartphones gehackt werden, nachdem das nun erlaubt wurde. --------------------------------------------- https://heise.de/-3779770 ∗∗∗ Companies unprepared to measure incident response ∗∗∗ --------------------------------------------- Companies struggle to keep up with and respond to cyberattacks due to lack of resources, according to Demisto. For example, more than 40 percent of respondents said their organizations are not prepared to measure incident response, and only 14.5 percent of respondents are measuring MTTR (Mean Time to Respond). While organizations are hit with an average of nearly 350 incidents per week, 30 percent of respondents reported they have no playbooks, runbooks or other documentation [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/07/21/measure-incident-response/ ∗∗∗ Smartphone mit Sicherheitslücken verkauft: Klage gegen Media Markt ∗∗∗ --------------------------------------------- Deutsche Verbraucherschützer gehen gegen Händler vor, es handelt sich um einen Präzedenzfall --------------------------------------------- http://derstandard.at/2000061599440 ∗∗∗ Cyber-Angriffe auf die Wirtschaft – jedes zweite Unternehmen betroffen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Cyber-Angri… ===================== = Advisories = ===================== ∗∗∗ DFN-CERT-2017-1269: Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1269/ ∗∗∗ DFN-CERT-2017-1263: GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen und die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1263/ ∗∗∗ DFN-CERT-2017-1270: Red Hat 3scale API Management Platform: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1270/ ∗∗∗ IBM Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004785 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004786 ∗∗∗ IBM Security Bulletin: API Connect is affected by SSH vulnerability (CVE-1999-1085) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005718 ∗∗∗ IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010137 ∗∗∗ IBM Security Bulletin: Cross-site Scripting vulnerabilities affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006052 ∗∗∗ IBM Security Bulletin:IBM Emptoris Supplier Lifecycle Management is affected by a Cross Site Scripting vulnerability (CVE-2016-6118) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005824 ∗∗∗ IBM Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000316 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005076 ∗∗∗ SSA-275839 (Last Update 2017-07-21): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-293562 (Last Update 2017-07-21): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562… ∗∗∗ SSA-731239 (Last Update 2017-07-21): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239… ∗∗∗ libxml2 vulnerability CVE-2015-8710 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45439210 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2017
by Daily end-of-shift report 20 Jul '17

20 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-07-2017 18:00 − Donnerstag 20-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vault 7 Data Leak: Analyzing the CIA files ∗∗∗ --------------------------------------------- Digging the Vault 7 dumps In a first post on the Vault7 dump, we analyzed the information contained in files leaked by Wikileaks and allegedly originating from a network of the U.S. Central Intelligence Agency (CIA). At the time, we analyzed the following CIA projects: The Year Zero that revealed CIA hacking exploits for hardware and software. The Dark Matter dump […]The post Vault 7 Data Leak: Analyzing the CIA files appeared first on InfoSec Resources. --------------------------------------------- http://resources.infosecinstitute.com/vault-7-data-leak-analyzing-cia-files… ∗∗∗ DDoS Tools availability Online, a worrisome trend ∗∗∗ --------------------------------------------- Experts warn of an increased availability of DDoS tools online, many wannabe hackers download and use them without awareness on consequences. As cyber crime reaches new levels with new malware & viruses being realized online on a daily basis it also becomes apparent that the increase in DDoS tools that require no apparent skills to […]The post DDoS Tools availability Online, a worrisome trend appeared first on Security Affairs. --------------------------------------------- http://securityaffairs.co/wordpress/61188/hacking/ddos-tools-online.html ∗∗∗ EU Court to Rule On Right to Be Forgotten Outside Europe ∗∗∗ --------------------------------------------- The European Unions top court is set to decide whether the blocs "right to be forgotten" policy stretches beyond Europes borders, a test of how far national laws can -- or should -- stretch when regulating cyberspace. From a report: The case stems from France, where the highest administrative court on Wednesday asked the EUs Court of Justice to weigh in on a dispute between Alphabets Google and Frances privacy regulator over how broadly to apply the right (Editors note: the link could --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RSt2wRvb9ho/eu-court-to-rul… ∗∗∗ No one still thinks iOS is invulnerable to malware, right? Well, knock it off ∗∗∗ --------------------------------------------- As platforms popularity continues to rise, so does its allure to miscreants The comforting notion that iOS devices are immune to malicious code attacks has taken a knock following the release of a new study by mobile security firm Skycure.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/07/20/ios_securit… ∗∗∗ IETF: Streit über TLS-Überwachung führt zum Eklat ∗∗∗ --------------------------------------------- Für die einen ist es passives Monitoring im Rechenzentrum. Für die anderen ist der Nachschlüssel für Netzadministratoren ein Einstieg in die Massenüberwachung und der GAU für das neue TLS-Protokoll. --------------------------------------------- https://heise.de/-3777578 ∗∗∗ Google Play Protect schützt vor Malware-Apps ∗∗∗ --------------------------------------------- Google rollt einen neuen Sicherheitsmechanismus für Android-Smartphones aus, der installierte Apps laufend überprüft. Google Play Protect funktioniert auch mit Anwendungen, die nicht aus dem Play Store stammen. --------------------------------------------- https://heise.de/-3778162 ∗∗∗ Bugfix- und Sicherheitsupdates für watchOS und tvOS ∗∗∗ --------------------------------------------- Das Apple-Watch-Betriebssystem erreicht Version 3.2.3 und das Apple-TV-4-OS Version 10.2.2. Es gibt Fehlerbehebungen und sicherheitsrelevante Fixes. --------------------------------------------- https://heise.de/-3777843 ∗∗∗ Assessing the habits and tactics of organized credit card fraud gangs ∗∗∗ --------------------------------------------- By analyzing hundreds of criminal forums, Digital Shadows discovered a new trend in the form of remote learning ‘schools’. Available to Russian speakers only, these six-week courses comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material. An advertisement for the WWH online course In exchange for $745 (plus $200 for course fees), aspiring cyber criminals have the potential to make $12k a month, based on a standard 40-hour --------------------------------------------- https://www.helpnetsecurity.com/2017/07/20/organized-credit-card-fraud-gang… ===================== = Advisories = ===================== ∗∗∗ Apple Sicherheitsupdates für Mac OS X und macOS Sierra ∗∗∗ --------------------------------------------- Das Betriebssystem Mac OS X ist der Standard auf Apple Laptops und Desktop-Geräten.Das von Apple entwickelte Betriebssystem macOS Sierra ist der namentliche Nachfolger von Mac OS X ab Version 10.12 für Macintosh-Systeme (Desktop und Server).Apple veröffentlicht macOS Sierra 10.12.6 und schließt damit Sicherheitslücken, durch die ein nicht angemeldeter Angreifer aus dem Internet intendierte Sicherheitsmaßnahmen umgehen, Daten auf Ihrem Rechner ausspähen oder --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Sicherheitsupdate auf Apple iOS 10.3.3 ∗∗∗ --------------------------------------------- iOS ist das Standardbetriebssystem auf Apple-Geräten wie iPhone, iPod touch und iPad. Es wurde auf Basis des Betriebssystems MAC OS X entwickelt.In verschiedenen von Apple iOS bis einschließlich Version 10.3.2 intern verwendeten Komponenten existieren mehrere, zum Teil schwerwiegende Sicherheitslücken. Ein Angreifer aus dem Internet kann diese insgesamt 47 Sicherheitslücken für das Ausführen beliebigen Programmcodes, auch mit erweiterten Privilegien, das --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Apple veröffentlicht Sicherheitsupdates für den Safari Webbrowser ∗∗∗ --------------------------------------------- Der Webbrowser Safari wurde von Apple für MAC OS X entwickelt.Apple schließt mit der neuen Safari Version für OS X Yosemite, OS X El Capitan und macOS Sierra mehrere Sicherheitslücken, durch die ein Angreifer aus dem Internet unter anderem beliebigen Programmcode auf Ihrem System ausführen, Informationen ausspähen sowie falsche Informationen darstellen kann. Insbesondere durch die Ausführung beliebigen Programmcodes kann ihr System nachhaltig geschädigt --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Vuln: Genivia gSOAP CVE-2017-9765 Stack Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/99868 ∗∗∗ Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1253: Apple iCloud: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1253/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU – Apr 2017 – Includes Oracle Apr 2017 CPU affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005616 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily