- Daily - CERT.at

Tageszusammenfassung - Freitag 5-05-2017
by Daily end-of-shift report 05 May '17

05 May '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-05-2017 18:00 − Freitag 05-05-2017 18:00 Handler: Robert Waldner Co-Handler: Petr Sikuta *** Bondnet botnet goes after vulnerable Windows servers *** --------------------------------------------- A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, "earning" him around $1,000 per day. GuardiCore researchers first spotted it in December 2016, and have been mapping it out and following its evolution since then. The've dubbed it Bondnet, after the handle its herder uses online [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/05/04/compromised-windows-servers/ *** Unpatched WordPress Password Reset Vulnerability Lingers *** --------------------------------------------- A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a users password and in turn, gain access to their account. --------------------------------------------- http://threatpost.com/unpatched-wordpress-password-reset-vulnerability-ling… *** 1 Million Gmail Users Impacted by Google Docs Phishing Attack *** --------------------------------------------- Researchers said good social engineering and users' trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday's Google Docs phishing attacks would spread quickly. --------------------------------------------- http://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishin… *** New Mac Malware Manages to Spy on Encrypted Browser Traffic *** --------------------------------------------- This blog was written by Douglas McKee. There's a new cyberattack targeted at Mac OS users'a malware program called OSX/Dok. Discovered late last week primarily in Europe, the program is capable of spying on encrypted browser traffic to steal sensitive information. You heard correctly: it can eavesdrop on all of your web browsing. How does [...] --------------------------------------------- https://securingtomorrow.mcafee.com/business/new-mac-malware-manages-spy-en… *** Dridex and Locky Return Via PDF Attachments in Latest Campaigns *** --------------------------------------------- Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new large campaigns. While the PDF downloader described in this post is responsible for spreading both Dridex and Locky, for the purposes of this blog, we will be discussing the PDF downloader and the Dridex [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/05/dridex_and_lockyret.html *** Intel ME-Firmware: Hersteller kündigen Patches für Intel-Exploit an *** --------------------------------------------- Bald sollen die ersten Updates für die Schwachstelle in der Management Engine von Intel-Systemen erscheinen. Derweil gibt es Unklarheit über Details zu der Sicherheitslücke. --------------------------------------------- https://www.golem.de/news/intel-me-firmware-hersteller-kuendigen-patches-fu… *** Carbanak Attackers Devise Clever New Persistence Trick *** --------------------------------------------- Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to more effectively pull off financially motivated crimes. --------------------------------------------- http://threatpost.com/carbanak-attackers-devise-clever-new-persistence-tric… *** [SANS ISC] HTTP Headers' the Achilles' heel of many applications *** --------------------------------------------- When browsing a target web application, a pentester is looking for all "entry" or "injection" points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a [...] --------------------------------------------- https://blog.rootshell.be/2017/05/05/sans-isc-http-headers-achilles-heel-ma… *** Snake malware ported from Windows to Mac *** --------------------------------------------- Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in 2014. Now, it appears to have been ported to Mac.Categories: MacThreat analysisTags: Adobe Flash PlayerApplemacMac TrojanmalwareSnaketrojanTurlaUroburos [...] --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-… *** More Android phones than ever are covertly listening for inaudible sounds in ads *** --------------------------------------------- Your Android phone may be listening to ultrasonic ad beacons without your knowledge. --------------------------------------------- https://arstechnica.com/security/2017/05/theres-a-spike-in-android-apps-tha… *** DFN-CERT-2017-0790: LibreSSL : Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0790/ *** Linux kernel vulnerability CVE-2017-7308 *** --------------------------------------------- Linux kernel vulnerability CVE-2017-7308. Security Advisory. Security Advisory Description. The packet_set_ring function ... --------------------------------------------- https://support.f5.com/csp/article/K82224417 *** Apache Tomcat vulnerability CVE-2017-5647 *** --------------------------------------------- Apache Tomcat vulnerability CVE-2017-5647. Security Advisory. Security Advisory Description. A bug in the handling of ... --------------------------------------------- https://support.f5.com/csp/article/K49000195 *** Hikvision Cameras *** --------------------------------------------- This advisory contains mitigation details for use of improper authentication and password in configuration file vulnerabilities in Hikvision's cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 *** Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras *** --------------------------------------------- This advisory contains mitigation details for use of password hash instead of password for authentication and password in configuration file vulnerabilities in Dahua Technology Co., Ltd digital video recorders and IP cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02 *** Advantech WebAccess *** --------------------------------------------- This advisory contains mitigation details for an absolute path traversal vulnerability in Advantech's WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03 *** Rockwell Automation ControlLogix 5580 and CompactLogix 5380 *** --------------------------------------------- This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for use a resource exhaustion vulnerability in Rockwell Automations ControlLogix 5580 and CompactLogix 5380. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in bind affects SmartCloud Entry (CVE-2016-9147) *** http://www.ibm.com/support/docview.wss?uid=isg3T1025133 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in memcached affects SmartCloud Entry (CVE-2016-8704, CVE-2016-8705) *** http://www.ibm.com/support/docview.wss?uid=isg3T1025081 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2016-8745) *** http://www.ibm.com/support/docview.wss?uid=swg22000781 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect IBM Rational Quality Manager and IBM Rational Team Concert with potential for security attacks *** http://www.ibm.com/support/docview.wss?uid=swg22002429 --------------------------------------------- *** IBM Security Bulletin: Cross Site Scripting (XSS) vulnerability affects Cognos Analytics *** https://www-01.ibm.com/support/docview.wss?uid=swg21999791 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Net-SNMP affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-5621) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000624 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 4-05-2017
by Daily end-of-shift report 04 May '17

04 May '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-05-2017 18:00 − Donnerstag 04-05-2017 18:00 Handler: Olaf Schwarz Co-Handler: Petr Sikuta Co-Handler: Robert Waldner *** Researcher: "Baseless Assumptions" Exist About Intel AMT Vulnerability *** --------------------------------------------- Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw. --------------------------------------------- http://threatpost.com/researcher-baseless-assumptions-exist-about-intel-amt… *** Intel-ME-Sicherheitslücke: Erste Produktliste, noch keine Updates *** --------------------------------------------- Zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Management Engine (ME) gibt es einige neue Informationen, aber noch keine Updates. --------------------------------------------- https://heise.de/-3703356 *** WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit *** --------------------------------------------- This advisory reveals details of exploitation of the PHPMailer vulnerability (CVE-2016-10033) in WordPress Core which (contrary to what was believed and announced by WordPress security team) was affected by the vulnerability. --------------------------------------------- https://cxsecurity.com/issue/WLB-2017050014 *** Kazuar: Multiplatform Espionage Backdoor with API Access *** --------------------------------------------- Unit 42 researchers have uncovered Kazuar, a backdoor Trojan used in an espionage campaign.The post Kazuar: Multiplatform Espionage Backdoor with API Access appeared first on Palo Alto Networks Blog. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatf… *** A set of tutorials about code injection for Windows. *** --------------------------------------------- Injectopi is a set of tutorials that Ive decided to write down in order to learn about various injection techniques in the Windows environment. --------------------------------------------- https://github.com/peperunas/injectopi *** Master-Fingerabdruck: Forscher können fast alle Smartphones entsperren *** --------------------------------------------- Mithilfe von Maschinenlernen Trefferquote von 65 Prozent erreicht - Aktuelle Scanner zu niedrig aufgelöst --------------------------------------------- http://derstandard.at/2000056971421 *** Checker ATM Security: Sicherheitslücke ermöglicht Übernahme von Geldautomaten *** --------------------------------------------- Eine Sicherheitslücke in einer Sicherheitslösung für Geldautomaten konnte von Angreifern ausgenutzt werden, um illegal Geld auszuzahlen. Der Hersteller beschwichtigt und hat einen Patch bereitgestellt. --------------------------------------------- https://www.golem.de/news/checker-atm-security-sicherheitsluecke-ermoeglich… *** DFN-CERT-2017-0775/">LibTIFF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- Mehrere Schwachstellen in LibTIFF ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe und das Ausspähen von Informationen mit Hilfe speziell präparierter Bilddateien. Betroffene Plattformen Debian Linux 8.7 Jessie Debian Linux 9.0 Stretch --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0775/ *** USB-Sticks: IBM liefert Installationsmedien mit Malware aus *** --------------------------------------------- Vom USB-Stick auf das Betriebssystem: Eine Schadsoftware verteilt sich von IBM-Produkten selbstständig. Betroffen sind die mitgelieferten Sticks mehrerer Storwize-Geräte. IBM rät, den USB-Stick zu formatieren oder gleich zu zerstören. --------------------------------------------- https://www.golem.de/news/usb-sticks-ibm-liefert-installationsmedien-mit-ma… *** Cisco Security Advisories *** --------------------------------------------- *** Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XR Software Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence ICMP Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco CallManager Express Unauthorized Access Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002624 --------------------------------------------- *** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002507 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001731 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998469 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications *** http://www.ibm.com/support/docview.wss?uid=swg22002517 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Controller (CVE-2016-7055) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002309 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Active Bypass (CVE-2016-7055) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002310 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource ICU4C may affect IBM Streams (CVE-2016-6293, CVE-2016-7415) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002225 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-6153 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996590 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the BigFix Platform (CVE-2016-2177 CVE-2016-6304 CVE-2016-6305 CVE-2016-2182 CVE-2016-6306 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002870 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 3-05-2017
by Daily end-of-shift report 03 May '17

03 May '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-05-2017 18:00 − Mittwoch 03-05-2017 18:00 Handler: Olaf Schwarz Co-Handler: Petr Sikuta Co-Handler: Stephan Richter *** Malware Hunter - Shodans new tool to find Malware C&C Servers *** --------------------------------------------- Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks. But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and [...] --------------------------------------------- https://thehackernews.com/2017/05/shodan-malware-hunter.html *** Disambiguate "Zero-Day" Before Considering Countermeasures *** --------------------------------------------- "Zero-day" is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we've accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion I've seen "zero-day" used to describe two related, but independent concepts. First,... Read more --------------------------------------------- https://zeltser.com/zero-day-terminology/ *** Outlook Forms and Shells *** --------------------------------------------- I set out to try and find another way to get a shell through Outlook, in the case of us having valid credentials[...] Fortunately for us, Outlook has a massive attack surface and provides several other interesting automation features. One of these is Outlook Forms. --------------------------------------------- https://sensepost.com/blog/2017/outlook-forms-and-shells/ *** Compromising Industrial Robots: The Fallacy of Industrial Routers in the Industry 4.0 Ecosystem *** --------------------------------------------- The increased connectivity of computer and robot systems in the industry 4.0. ecosystem, is, and will be exposing robots to cyber attacks in the future. Indeed, industrial robots - originally conceived to be isolated - have evolved, and are now exposed to corporate networks and the internet.While this provides synergy effects and higher efficiency in production, the security posture is not on par. In our latest report Rogue Robots: Testing the Limits of an Industrial Robot's [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6F0kroJASMA/ *** Steps to Stronger Passwords *** --------------------------------------------- A journey of password The utilization of passwords is known to be old. Sentries would challenge those wishing to enter a territory or moving toward it to supply a secret word, and would just enable a man or gathering to pass if they knew the secret key. In present day times, username and passwords are [...] --------------------------------------------- http://resources.infosecinstitute.com/steps-make-stronger-passwords/ *** Deutsche Bankkonten über UMTS-Sicherheitslücken ausgeräumt *** --------------------------------------------- Kriminelle Hacker haben Konten von deutschen Bankkunden über Sicherheitslücken im Mobilfunknetz ausgeräumt, die seit Jahren bekannt sind. Eigentlich wollten die Provider schon 2014 entsprechende Gegenmaßnahmen ergreifen. --------------------------------------------- https://heise.de/-3702194 *** Diskurs|Digital - Einblicke in gelebte Partizipation *** --------------------------------------------- May 23, 2017 - 6:00 pm - 8:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/diskursdigital-einblicke-in-gelebte-par… *** Linuxwochen gastieren wieder in Wien *** --------------------------------------------- Sowohl technische als auch netzpolitische Vorträge - Von Open Source bis Softwarepatenten --------------------------------------------- http://derstandard.at/2000056925982 *** DFN-CERT-2017-0755: Intel Active Management Technology (AMT), Intel Small Business Technology (SBT), Intel Standard Manageability (ISM): Eine Schwachstelle ermöglicht die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0755/ *** Android Security Bulletin—May 2017 *** --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site. Security patch levels of May 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level. --------------------------------------------- https://source.android.com/security/bulletin/2017-05-01 *** Schneider Electric Wonderware Historian Client *** --------------------------------------------- This advisory contains mitigation details for an improper XML parser configuration vulnerability in Schneider Electric's Wonderware Historian Client. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01 *** CyberVision Kaa IoT Platform *** --------------------------------------------- This advisory contains mitigation details for a code injection vulnerability in CyberVision's Kaa IoT Platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-02 *** Advantech B+B SmartWorx MESR901 *** --------------------------------------------- This advisory contains mitigation details for a use of client-side authentication vulnerability in the Advantech B+B SmartWorx MESR901 Modbus gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Open Redirect Vulnerability in IBM WebSphere Portal (CVE-2017-1156) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000153 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Identity Governance (CVE-2016-8610 CVE-2017-3731) *** http://www.ibm.com/support/docview.wss?uid=swg22002387 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM JAVA Runtime affect AppScan Source (CVE-2016-5547 CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg22002633 --------------------------------------------- *** IBM Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg22002189 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus *** http://www.ibm.com/support/docview.wss?uid=swg22002242 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Open Source openSSL affect IBM Security Identity Governance Appliance *** http://www.ibm.com/support/docview.wss?uid=swg22002397 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions *** http://www-01.ibm.com/support/docview.wss?uid=swg22002374 --------------------------------------------- *** IBM Security Bulletin: Privilege escalation vulnerability affects IBM DB2 LUW (CVE-2017-1134) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002573 --------------------------------------------- *** IBM Security Bulletin: Cross Site Scripting vulnerability in IBM Marketing Platform (CVE-2016-0255) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001950 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 2-05-2017
by Daily end-of-shift report 02 May '17

02 May '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-04-2017 18:00 − Dienstag 02-05-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Exploiting .NET Managed DCOM *** --------------------------------------------- Posted by James Forshaw, Project ZeroOne of the more interesting classes of security vulnerabilities are those affecting interoperability technology. This is because these vulnerabilities typically affect any application using the technology, regardless of what the application actually does. Also in many cases they’re difficult .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/exploiting-net-managed-dcom.h… *** 2017 Verizon DBIR: Sex Sells, But the Basics Get It Done *** --------------------------------------------- This year’s Verizon Data Breach Investigations Report has been published, and as with its prior nine incarnations, the report is .. --------------------------------------------- https://www.beyondtrust.com/blog/2017-verizon-dbir-sex-sells-basics-get-don… *** DSA-3838 ghostscript - security update *** --------------------------------------------- Several vulnerabilities were discovered in Ghostscript, the GPLPostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3838 *** 7 Reasons Why IoT Hacks Will Keep Happening *** --------------------------------------------- Hacks happen almost on a daily basis, if not every minute of every day. In fact, some say that .. --------------------------------------------- https://safeandsavvy.f-secure.com/2017/04/28/7-reasons-why-iot-device-hacks… *** DSA-3839 freetype - security update *** --------------------------------------------- Several vulnerabilities were discovered in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3839 *** Forschern gelingt Autohack für 20 Euro *** --------------------------------------------- Billige Gadgets kopieren Entsperrsignal des Schlüssels – immer noch viele Autos betroffen --------------------------------------------- http://derstandard.at/2000056487404 *** Orange is the new Black: Hacker leaken Staffel 5 *** --------------------------------------------- Laut den Hackern ist dies nur der Vorgeschmack. Sie drohen damit weitere Filme und Serien zu veröffentlichen, die offiziell erst in Monaten erscheinen. --------------------------------------------- https://futurezone.at/digital-life/orange-is-the-new-black-hacker-leaken-st… *** "Dok": Neue Mac-Malware spioniert Browser aus *** --------------------------------------------- Kann gesamte Browser-Kommunikation belauschen – derzeit vor allem europäische User im Visier --------------------------------------------- http://derstandard.at/2000056812916 *** Carbanak Continues To Evolve: Quietly Creeping into Remote Hosts *** --------------------------------------------- Introduction I recently engaged in an investigation involving two new Carbanak campaigns targeting the hospitality .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Carbanak-Continues-To-E… *** Intels remote AMT vulnerablity *** --------------------------------------------- Intel just announced a vulnerability in their Active Management Technology stack. Heres what we know so far.Background Intel chipsets for some years have included a Management Engine, a small microprocessor that runs independently of the main CPU and operating .. --------------------------------------------- http://mjg59.dreamwidth.org/48429.html *** IBM Warns Customers That Some of Its USB Flash Drives May Contain Malware *** --------------------------------------------- IBM has issued a security alert last week, warning customers that some USB flash drives shipped with IBM Storwize products may contain malicious code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ibm-warns-customers-that-som… *** Sicherheitsupdates: Jenkins vielfältig angreifbar *** --------------------------------------------- Unter gewissen Voraussetzungen könnten Angreifer sich höhere Rechte erschleichen oder sogar Schadcode ausführen. --------------------------------------------- https://heise.de/-3700838 *** Spam and phishing in Q1 2017 *** --------------------------------------------- Although the beginning of Q1 2017 was marked by a decline in the amount of spam in overall global email traffic, in March the situation became more stable, and the average share of .. --------------------------------------------- http://securelist.com/analysis/quarterly-spam-reports/78221/spam-and-phishi… *** Cerber Version 6 Shows How Far the Ransomware Has Come (and How Far it’ll Go) *** --------------------------------------------- Cerber set itself apart from other file-encrypting malware when its developers commoditized the malware, adopting a business model where fellow cybercriminals can buy the ransomware as a service. The developers earn through commissions—as much as 40%—for every .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomwar… *** New Shodan Tool Can Find Malware Command and Control (C&C) Servers *** --------------------------------------------- Shodan and Recorded Future have launched today a search engine for discovering malware command-and-control (C&C) servers. Named Malware Hunter, this new tool is integrated into .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-shodan-tool-can-find-mal… *** Security Scoring and Grading for Containers and Images *** --------------------------------------------- We have just rolled out an update to the interface of the Red Hat Container Catalog that helps provide the answer to the question of whether or not a particular container image we provide .. --------------------------------------------- https://access.redhat.com/blogs/product-security/posts/container-security-s… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious .. --------------------------------------------- https://support.citrix.com/article/CTX223291

1 0

Tageszusammenfassung - Freitag 28-04-2017
by Daily end-of-shift report 28 Apr '17

28 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-04-2017 18:00 − Freitag 28-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** GE Multilin SR Protective Relays *** --------------------------------------------- This advisory contains mitigation details for a weak cryptography for passwords vulnerability in GEs Multilin SR protective relays. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01 *** Chrome to Mark More HTTP Pages ‘Not Secure’ *** --------------------------------------------- Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, .. --------------------------------------------- http://threatpost.com/chrome-to-mark-more-http-pages-not-secure/125255/ *** Russian-controlled telecom hijacks financial services’ Internet traffic *** --------------------------------------------- Visa, MasterCard, and Symantec among dozens affected by "suspicious" BGP mishap. --------------------------------------------- https://arstechnica.com/security/2017/04/russian-controlled-telecom-hijacks… *** DSA-3836 weechat - security update *** --------------------------------------------- It was discovered that weechat, a fast and light chat client, is proneto a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC. --------------------------------------------- https://www.debian.org/security/2017/dsa-3836 *** DSA-3837 libreoffice - security update *** --------------------------------------------- It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened. --------------------------------------------- https://www.debian.org/security/2017/dsa-3837 *** New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic *** --------------------------------------------- Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apples Mac computers were up 744% in 2016, and its researchers .. --------------------------------------------- https://thehackernews.com/2017/04/apple-mac-malware.html *** Http 81 Botnet: the Comparison against MIRAI and New Findings *** --------------------------------------------- OverviewIn our previous blog, we introduced a new IoT botnet spreading over http 81. We will name it in this blog the http81 IoT botnet, while some anti-virus software name it Persirai, and some .. --------------------------------------------- http://blog.netlab.360.com/http-81-botnet-the-comparison-against-mirai-and-… *** Facebook und Google überwiesen Betrüger 100 Millionen Dollar *** --------------------------------------------- Litauer gab sich als Vertreter von Hardware-Zulieferer aus, Beträge zu großem Teil zurückgeholt --------------------------------------------- http://derstandard.at/2000056723656

1 0

Tageszusammenfassung - Donnerstag 27-04-2017
by Daily end-of-shift report 27 Apr '17

27 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-04-2017 18:00 − Donnerstag 27-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Picture this: Senate staffers’ ID cards have photo of smart chip, no security *** --------------------------------------------- https://arstechnica.com/information-technology/2017/04/picture-this-senate-… *** FIRST TC Amsterdam 2017 Wrap-Up *** --------------------------------------------- Here is my quick wrap-up of the FIRST Technical Colloquium hosted by Cisco in Amsterdam. This is my first participation to a FIRST event. FIRST is .. --------------------------------------------- https://blog.rootshell.be/2017/04/26/first-tc-amsterdam-2017-wrap/ *** A vigilante is putting a huge amount of work into infecting IoT devices *** --------------------------------------------- https://arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount… *** Homebrew crypto SNAFU on electrical grid sees GE rush patches *** --------------------------------------------- Boffins turned up hard-coded password in ancient controllers General Electric is pushing patches for protection .. --------------------------------------------- www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_o… *** DSA-3835 python-django - security update *** --------------------------------------------- Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3835 *** Cyberkriminalität: So machen Sie Ihr Unternehmen sicher *** --------------------------------------------- Bei der Roadshow "IT-Sicherheit und Datenschutz" der WKÖ und des BMI im Rahmen von "Gemeinsam.Sicher mit .. --------------------------------------------- https://futurezone.at/b2b/cyberkriminalitaet-so-machen-sie-ihr-unternehmen-… *** Peace in our time! Symantec says it can end Google cert spat *** --------------------------------------------- Its basically a promise to do better and not mess things up Symantec is hoping to get its certificates back on Googles trust list. --------------------------------------------- www.theregister.co.uk/2017/04/27/symantec_ca_proposal_for_google/ *** Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets *** --------------------------------------------- Verizon super depressing reports in Cyberespionage and ransomware attacks are on the increase, according .. --------------------------------------------- www.theregister.co.uk/2017/04/27/verizon_breach_report/ *** nomx: The worlds most (in)secure communications protocol *** --------------------------------------------- I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, .. --------------------------------------------- https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protoco… *** APT Trends report, Q1 2017 *** --------------------------------------------- Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries. During the first quarter of 2017, there were 33 private .. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/78169/apt-trends-r… *** StringBleed ist kein zweites Heartbleed *** --------------------------------------------- Es wird mal wieder eine benamste Schwachstellen-Kuh durch die IT-Security Community getrieben. Der Name soll offensichtlich an Heartbleed erinnern, aber soweit wir das jetzt einschätzen können, .. --------------------------------------------- http://www.cert.at/services/blog/20170427115946-1972.html *** Cracking APT28 traffic in a few seconds *** --------------------------------------------- Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly .. --------------------------------------------- http://securityaffairs.co/wordpress/58435/apt/cracking-apt28-traffic.html *** Windows 10: Microsoft liefert Updates auch außerhalb des Patchdays *** --------------------------------------------- Microsoft will Windows 10 nach dem Creators Update nun auch außerhalb des Patchdays mit Updates versorgen. Allerdings .. --------------------------------------------- https://heise.de/-3698302 *** Broadcom-Sicherheitslücken: Samsung schützt Nutzer nicht vor WLAN-Angriffe *** --------------------------------------------- Googles Project Zero hat kürzlich in Broadcom-Chips und -Treibern zahlreiche kritische Sicherheitslücken gefunden, mit denen sich Smartphones übernehmen lassen. Wir haben .. --------------------------------------------- https://www.golem.de/news/broadcom-sicherheitsluecken-samsung-schuetzt-nutz…

1 0

Tageszusammenfassung - Mittwoch 26-04-2017
by Daily end-of-shift report 26 Apr '17

26 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-04-2017 18:00 − Mittwoch 26-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** FortiOS XSS via srcintf during Firewall Policy Creation *** --------------------------------------------- An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a remote (malicious) Javascript in a logged in browser. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-017 *** Analyzing Cyber Insurance Policies *** --------------------------------------------- Theres a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract:In this research paper, we seek to answer .. --------------------------------------------- https://www.schneier.com/blog/archives/2017/04/analyzing_cyber.html *** Kritische Lücken: VMware sichert Anwendungen gegenüber Schadcode ab *** --------------------------------------------- Sicherheitsupdates schließen mehrere Schwachstellen in verschiedenen VMware-Anwendungen zum Umgang mit virtuellen Maschinen und für den Fernzugriff. Davon sind alle Betriebssysteme betroffen. --------------------------------------------- https://heise.de/-3696740 *** BrickerBot vs Mirai: Malware-Wettstreit um Internetkameras und Co. *** --------------------------------------------- Neue Generationen von BrickerBot versuchen schlecht geschützte Geräte zu beschädigen, und entziehen so Mirai die Grundlage --------------------------------------------- http://derstandard.at/2000056608656 *** Terror EK going ‘pro’? Not quite yet *** --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/04/terror-ek-going-pro-not-qu… *** AIT beim Citizen Science Award 2017 *** --------------------------------------------- [...] Im Rahmen des Citizen Science Awards 2017 sind Schulklassen der Unter- und Oberstufe sowie Einzelpersonen eingeladen, aktiv an der Erarbeitung möglicher Strategien gegen Cyberattacken mitzuwirken und gemeinsam das digitale Minispiel „Phishing Wars“ weiterzuentwickeln. Anhand dieses Spiels wird trainiert, worauf es beim Erkennen von Phishing-Mails ankommt, um nicht Opfer von Cyberattacken zu werden. --------------------------------------------- http://science.apa.at/site/kultur_und_gesellschaft/detail.html?key=SCI_2017… *** If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again), (Wed, Apr 26th) *** --------------------------------------------- Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22346

1 0

Tageszusammenfassung - Dienstag 25-04-2017
by Daily end-of-shift report 25 Apr '17

25 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-04-2017 18:00 − Dienstag 25-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Frankreich-Wahl: Russische Hacker sollen Macron ins Visier nehmen *** --------------------------------------------- Experten bringen Gruppe mit russischen Militärgeheimdienst in Verbindung --------------------------------------------- http://derstandard.at/2000056465269 *** The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27 Year Prison Sentence *** --------------------------------------------- Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record .. --------------------------------------------- https://krebsonsecurity.com/2017/04/the-backstory-behind-carder-kingpin-rom… *** Analysis of the Shadow Z118 PayPal phishing site, (Mon, Apr 24th) *** --------------------------------------------- [This is a guest post submitted by Remco Verhoef. Got something interesting to share? Please use our contact form to suggest your topic] Today I got lucky walking around within a phishing site and found some left-over .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22338 *** Alert: If youre running SquirrelMail, Sendmail... why? And oh yeah, remote code vuln found *** --------------------------------------------- This is nuts Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project. --------------------------------------------- www.theregister.co.uk/2017/04/24/squirrelmail_vuln/ *** AV provider Webroot melts down as update nukes hundreds of legit files *** --------------------------------------------- https://arstechnica.com/security/2017/04/av-provider-webroot-melts-down-as-… *** BrickerBot, the permanent denial-of-service botnet, is back with a vengeance *** --------------------------------------------- https://arstechnica.com/security/2017/04/brickerbot-the-permanent-denial-of… *** Western Digital My Cloud 2.21.126 Authentication Bypass *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040164 *** Bis zu 100.000 Rechner mit geleakter NSA-Malware infiziert *** --------------------------------------------- Sicherheitsforscher finden "Doublepulsar" auf zigtausenden Maschinen, darunter auch Rechner in Österreich --------------------------------------------- http://derstandard.at/2000056481284 *** Angreifer könnten Drupal-Webseiten ausspionieren *** --------------------------------------------- Im Versionsstrang 8.x klafft eine als kritisch eingestufte Sicherheitslücke. Abgesicherte Versionen schließen die Schwachstelle. --------------------------------------------- https://heise.de/-3693082 *** Doskozil: Bundesheer soll Gegner im Cyberwar auch angreifen *** --------------------------------------------- Minister: Angriffe sollen nicht nur abgewehrt werden – Wöchentlich fünf bis sechs ernste Attacken --------------------------------------------- http://derstandard.at/2000056452452 *** Sicherheitspatches in Sicht: Zehn Lücken gefährden Linksys-Router *** --------------------------------------------- Verschiedene Modelle der Smart-Wi-Fi-Serie von Linksys sind laut Sicherheitsforschern angreifbar. Unter gewissen Voraussetzungen sollen Angreifer Befehle auf Routern ausführen können. --------------------------------------------- https://heise.de/-3693136 *** New IoT Botnet Rises Feeding on Vulnerable Security Cameras *** --------------------------------------------- A new botnet is slowly building critical mass on the back of unsecured webcams and IP cameras, .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-iot-botnet-rises-feeding… *** Hard Target: Fileless Malware *** --------------------------------------------- Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend. --------------------------------------------- http://threatpost.com/hard-target-fileless-malware/125054/ *** DSA-3833 libav - security update *** --------------------------------------------- Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full list of the changes is available .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3833 *** Ashley Madison users blackmailed again *** --------------------------------------------- Criminals are still trying to shake down users of the Ashley Madison dating/cheating online service. As you might remember, the service was hacked in 2015, and the attackers .. --------------------------------------------- https://www.helpnetsecurity.com/2017/04/25/ashley-madison-blackmail/ *** SAP NetWeaver durch Lücken gefährdet *** --------------------------------------------- In verschiedenen Komponenten der NetWeaver-Plattform klaffen Sicherheitslücken. Sicherheitsforschern zufolge könnten Angreifer über die Schlupflöcher unter anderem an Log-in-Daten kommen. --------------------------------------------- https://heise.de/-3693658 *** Security Bulletin Posted for ColdFusion (APSB17-14) *** --------------------------------------------- Adobe has published a Security Bulletin (APSB17-14) announcing the availability of hotfixes for ColdFusion versions 2016, 11 and 10. These hotfixes resolve an input validation .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1460 *** Hackers uncork experimental Linux-targeting malware *** --------------------------------------------- SSH... its Shishiga Hackers have unleashed a new malware strain that targets Linux-based systems. --------------------------------------------- www.theregister.co.uk/2017/04/25/linux_malware/ *** [2017-04-25] Portrait Display SDK Service privilege escalation *** --------------------------------------------- The Portrait Display SDK Service (PdiService.exe) configuration was found to be writable for every authenticated user in a default installation. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** [20170402] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerab… *** [20170403] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/685-20170403-core-xss-vulnerab… *** [20170404] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/686-20170404-core-xss-vulnerab… *** [20170405] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/687-20170405-core-xss-vulnerab…

1 0

Tageszusammenfassung - Montag 24-04-2017
by Daily end-of-shift report 24 Apr '17

24 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-04-2017 18:00 − Montag 24-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Eingebauter Node.js-Server: Per Nvidia-Treiber lassen sich Schädlinge einschleusen *** --------------------------------------------- Nvidia-Treiber enthalten einen Node.js-Server - keine gute Idee: Damit lassen sich Sicherungsmechanismen wie Application Whitelisting umgehen. --------------------------------------------- https://heise.de/-3691119 *** OWASP Top 10: Die zehn wichtigsten Sicherheitsrisiken bekommen ein Update *** --------------------------------------------- Risiken durch Injections, Fehler beim Session Management und XSS bleiben weiterhin hoch. Im vorliegenden Entwurf finden sich neben bekannten Sicherheitslücken .. --------------------------------------------- https://www.golem.de/news/owasp-top-10-die-zehn-wichtigsten-sicherheitsrisi… *** SquirrelMail < 1.4.22 - Remote Code Execution *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040157 *** Shellcode Analysis- Basics *** --------------------------------------------- In this article, we will look at how what shellcode is, what is its purpose and various shellcode patterns, etc. Please note that this article will not cover how a shellcode is .. --------------------------------------------- http://resources.infosecinstitute.com/shellcode-analysis-basics/ *** FIN7 Evolution and the Phishing LNK *** --------------------------------------------- FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html *** Amazon: Phishing-Kampagne ködert mit Datenschutzgrundverordnung *** --------------------------------------------- Angebliche von Amazon versendete Mails sind derzeit häufig im E-Mail-Postfach zu finden. Nach gefälschten Umsatzsteuerrechnungen gibt es neuerdings eine Phishing-Kampagne, die .. --------------------------------------------- https://www.golem.de/news/amazon-phishing-kampagne-koedert-mit-datenschutzg… *** Sicherheitsupdate: Angreifer könnten Inhalte von Confluence-Wikis einsehen *** --------------------------------------------- Wer Confluence einsetzt, sollte eine der ab sofort verfügbaren abgesicherte Version installieren. --------------------------------------------- https://heise.de/-3692816

1 0

Tageszusammenfassung - Freitag 21-04-2017
by Daily end-of-shift report 21 Apr '17

21 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-04-2017 18:00 − Freitag 21-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** 20 Linksys Router Models Vulnerable To Attack *** --------------------------------------------- Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company. --------------------------------------------- http://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/ *** The History of Fileless Malware - Looking Beyond the Buzzword *** --------------------------------------------- What's the deal with "fileless malware"? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use... Read more --------------------------------------------- https://zeltser.com/fileless-malware-beyond-buzzword/ *** Archive.org Abused to Deliver Phishing Pages *** --------------------------------------------- The Internet Archive is a well-known website and more precisely for its "WaybackMachine" service. It allows you to search for and display old versions of websites. The current Alexa ranking is 262 which makes it a "popular and trusted" website. Indeed, like I explained in a recent SANS ISC diary, whitelists [...] --------------------------------------------- https://blog.rootshell.be/2017/04/20/archive-org-abused-deliver-phishing-pa… *** Analysis of a Maldoc with Multiple Layers of Obfuscation, (Fri, Apr 21st) *** --------------------------------------------- Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called Invoice_6083.doc (which was delivered in a zip archive). I had a quick look [...] --------------------------------------------- https://isc.sans.edu/diary/Analysis+of+a+Maldoc+with+Multiple+Layers+of+Obf… *** TLS-Interception: Sophos-Firewall wird von Chrome-Änderung überrascht *** --------------------------------------------- Nutzer, die den Chrome-Browser hinter einer Firewall von Sophos nutzen, sehen zur Zeit nur Zertifikatswarnungen. Die neue Chrome-Version ignoriert den sogenannten CommonName, der schon seit 17 Jahren als veraltet gilt. (Sophos, Browser) --------------------------------------------- https://www.golem.de/news/tls-interception-sophos-firewall-wurd-von-chrome-… *** Domain Fronting *** --------------------------------------------- In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for [...] --------------------------------------------- http://resources.infosecinstitute.com/domain-fronting/ *** Top-ranked programming Web tutorials introduce vulnerabilities into software *** --------------------------------------------- Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The process The researchers identified popular tutorials by inputing search terms such as "mysql tutorial", [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabil… *** Security vulnerability in unmaintained Drupal contrib module puts 120000 sites at risk *** --------------------------------------------- [...] The module is currently used by over 120 000 individual Drupal installations, but is no longer maintained. The last update was done in February 2013. Unfortunately a critical security vulnerability in this references module has been reported by the Drupal core security team as SA-CONTRIB-2017-38: [...] --------------------------------------------- http://drupal.sh/vulnerable-drupal-contrib-module-puts-120000-sites-at-risk *** References - Unsupported - SA-CONTRIB-2017-38 *** --------------------------------------------- [...] Updates: 2017-04-18 -- This issue has been resolved with the release of references 7.x-2.2 --------------------------------------------- https://www.drupal.org/node/2869138 *** cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038341 *** SSHD vulnerability CVE-2017-6128 *** --------------------------------------------- https://support.f5.com/csp/article/K92140924 *** DFN-CERT-2017-0704: FreeType: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0704/ *** Security Advisory - Buffer Overflow vulnerability in the GaussDB *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170420-… *** Security updates available in Foxit Reader 8.3 and Foxit PhantomPDF 8.3 *** --------------------------------------------- Foxit has released Foxit Reader 8.3 and Foxit PhantomPDF 8.3, which address potential security and stability issues. --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php *** Vuln: Linux Kernel CVE-2017-7645 Multiple Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/97950 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274) *** http://www.ibm.com/support/docview.wss?uid=swg22002280 --------------------------------------------- *** IBM Security Bulletin: Plugin Uploads in IBM UrbanCode Deploy Vulnerable to XML Injection (CVE-2016-9007) *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000289 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM BigFix Remote Control. *** http://www-01.ibm.com/support/docview.wss?uid=swg22000544 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-5556, CVE-2016-5597 and CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996985 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000580 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM Marketing Software products suite (CVE-2014-3625) *** http://www.ibm.com/support/docview.wss?uid=swg22002110 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002204 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 20-04-2017
by Daily end-of-shift report 20 Apr '17

20 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-04-2017 18:00 − Donnerstag 20-04-2017 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** DFN-CERT-2017-0683/">GnuTLS: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0683/ *** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASA Software DNS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Network Registrar DNS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco FindIT Network Probe Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller User Session Hijacking Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Command Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software SSL/TLS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software IPsec Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Bereiten Sie sich schon 2017 auf die Datenschutz-Grundverordnung vor: Wichtige Fragen *** --------------------------------------------- Die neue Datenschutz-Grundverordnung wird in diesem Jahr in vielen Branchen bei Entscheidungen zu Sicherheitslösungen eine wichtige Rolle spielen. Die Höhe der möglichen Geldbußen .. --------------------------------------------- https://securingtomorrow.mcafee.com/languages/german/bereiten-sie-sich-scho… *** Drupal Core - Critical - Access Bypass - SA-CORE-2017-002 *** --------------------------------------------- https://www.drupal.org/SA-CORE-2017-002 *** Organizations are not effectively dealing with open source security threats *** --------------------------------------------- Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation .. --------------------------------------------- https://www.helpnetsecurity.com/2017/04/20/open-source-security-threats/ *** DNS Query Length... Because Size Does Matter, (Thu, Apr 20th) *** --------------------------------------------- In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass securitycontrols. DNS tunnelling is a common way to establish .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22326 *** Malware: Schadsoftware bei 1.200 Holiday-Inn- und Crown-Plaza-Hotels *** --------------------------------------------- Wer im vergangenen Jahr auf Geschäftsreise oder im Urlaub in den USA gewesen ist, sollte seine Kreditkartenabrechnungen prüfen: Zahlungsterminals zahlreicher .. --------------------------------------------- https://www.golem.de/news/malware-schadsoftware-bei-1-200-holiday-inn-und-c… *** Spyware Disguised as System Update Survived on Play Store for Almost Three Years *** --------------------------------------------- An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/spyware-disguised-as-system-… *** [R2] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities *** --------------------------------------------- On 2017-04-18, security researcher "agix" published an exploit for the remote command execution flaw (VulnDB 153135). As such, customers are more strongly encouraged to upgrade immediately. --------------------------------------------- https://www.tenable.com/security/tns-2017-07 *** Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) *** --------------------------------------------- In the last few months, I have been testing several Trend Micro products with Steven Seeley (@steventseeley). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities .. --------------------------------------------- http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-se… *** Stealing sensitive browser data with the W3C Ambient Light Sensor API *** --------------------------------------------- In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your // --------------------------------------------- https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c… *** Combating a spate of Java malware with machine learning in real-time *** --------------------------------------------- In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-jav… *** Browser-Updates für Chrome und Firefox stopfen kritische Lücken *** --------------------------------------------- Sowohl Google als auch Mozilla haben kritische Sicherheitslücken in ihren Web-Browsern gestopft. Diese können von Angreifern für Drive-By-Attacken missbraucht werden. --------------------------------------------- https://heise.de/-3689571 *** Abusing NVIDIAs node.js to bypass application whitelisting *** --------------------------------------------- Application WhitelistingApplication whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a .. --------------------------------------------- http://blog.sec-consult.com/2017/04/application-whitelisting-application.ht… *** DNSSEC: ISC läutet Schlüsseltausch für BIND9 ein *** --------------------------------------------- Das Update ist für alle BIND9-Betreiber wichtig, die die Software zum Validieren von signierten DNS-Antworten einsetzen, aber kein automatisches Schlüssel-Update eingerichtet haben. --------------------------------------------- https://heise.de/-3689170

1 0

Tageszusammenfassung - Mittwoch 19-04-2017
by Daily end-of-shift report 19 Apr '17

19 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-04-2017 18:00 − Mittwoch 19-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Trojaner greift gezielt österreichische Banken-Apps an *** --------------------------------------------- Eine kürzlich im Play Store entdeckte Malware versucht Bankdaten von 400 Apps abzugreifen, darunter Bawag, Erste Bank und Volksbank. --------------------------------------------- https://futurezone.at/digital-life/trojaner-greift-gezielt-oesterreichische… *** Hajime IoT worm infects devices to head off Mirai *** --------------------------------------------- Mirai is the name of the worm that has taken control of many IoT devices around the world and used them to mount DDoS attacks, the most high-profile of which was directed against US-based DNS provider Dyn and resulted in many websites and online services being inaccessible for hours on end. Its source code was leaked by the author, which lead to the creation of more botnets, and an increased fear that [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/04/19/hajime-iot-worm/ *** Firmware-Status von AVM-Routern checken: Kritisches Sicherheitsloch in Fritzbox-Firmware gestopft *** --------------------------------------------- Durch eine kritische Sicherheitslücke in FritzOS könnten Angreifer beliebte Fritzbox-Modelle wie die 7490 aus der Ferne kapern. AVM hat die Lücke in den Routern bereits mit Firmware-Version 6.83 geschlossen - allerdings ohne es zu wissen. --------------------------------------------- https://heise.de/-3687437 *** Hunting for Malicious Excel Sheets, (Wed, Apr 19th) *** --------------------------------------------- Recently, I found a malicious Excel sheet which contained a VBA macro. One particularity of this file was that useful information was stored in cells. The VBA macro read and used them to download the malicious PE file. The Excel file looked classic, asking the user to enable macros: But below, around the 1000th row, some cells were hidden: Once expanded, they revealed interesting values: The macro code used the contain of those cells: [...] --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22322&rss *** Owncloud/Nextcloud: Passwörter im Bugtracker *** --------------------------------------------- Wer bei Owncloud oder Nextcloud einen Bugreport melden möchte, wird nach dem Inhalt seiner Konfigurationsdatei gefragt. Viele Nutzer kamen dem nach - und gaben damit ihre Passwörter öffentlich preis. --------------------------------------------- https://www.golem.de/news/owncloud-nextcloud-passwoerter-im-bugtracker-1704… *** A Remote Attack on the Bosch Drivelog Connector Dongle *** --------------------------------------------- In this blog post, I discuss the vulnerabilities of the Bosch Drivelog Connector OBD-II dongle found by the Argus Research Team. The vulnerabilities allowed us to stop the engine of a moving vehicle using the Drivelog platform. --------------------------------------------- https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/ *** Internet routing weakness could cost Bitcoin users *** --------------------------------------------- A flaw in the underlying design of the Internet could be very expensive for Bitcoin users, researchers find. --------------------------------------------- https://nakedsecurity.sophos.com/2017/04/18/internet-routing-weakness-could… *** Meet PINLogger, the drive-by exploit that steals smartphone PINs *** --------------------------------------------- Sensors in phones running both iOS and Android reveal all kinds of sensitive info. --------------------------------------------- https://arstechnica.com/security/2017/04/meet-pinlogger-the-drive-by-exploi… *** BrickerBot Permanent Denial-of-Service Attack (Update A) *** --------------------------------------------- This updated alert is a follow-up to the original alert titled ICS-ALERT-17-102-01A BrickerBot Permanent Denial-of-Service Attack that was published April 12, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of open-source reports of "BrickerBot" attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of service (PDoS). This family of botnets, which consists of BrickerBot.1 and BrickerBot.2, was described in a Radware Attack Report. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01A *** Cryptographic security risks are amplified in DevOps settings *** --------------------------------------------- Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications, according to a study conducted by Dimensional Research. According to the study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments. These problems are especially acute among organizations that are in the midst of adopting DevOps practices, but even organizations that say their [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/04/19/devops-settings/ *** What is File Integrity Monitoring and Why You Need It *** --------------------------------------------- The news is rife with stories of successful attacks against servers, point-of-sale (POS) systems, IoT devices and more where an attacker has gained access to an organization's IT assets and changed or inserted new files and data to do something malicious. Just a search on malware highlights a seemingly-endless list of variants including the recent exposure of NSA-backed malware that exploits Windows systems, the re-emergence of Dridex (designed to capture banking credentials), new malware [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/what-is-file-integrity… *** HPESBGN03734 rev.1 - HPE Vertica Analytics Platform, Remote Gain Privileged Access *** --------------------------------------------- A potential security vulnerability has been identified in HPE Vertica Analytics Platform. This vulnerability could be remotely exploited to gain privileged access. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn037… *** VMSA-2017-0008 *** --------------------------------------------- VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0008.html *** Oracle Critical Patch Update - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html *** Solaris Third Party Bulletin - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinapr2017-3680911.h… *** Oracle Linux Bulletin - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2017-3664… *** Oracle VM Server for x86 Bulletin - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinapr2017-366462… *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - OpenSSL Montgomery multiplication may produce incorrect results Vulnerability *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Some Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - Input Validation Vulnerability in Multiple Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - Plaintext Storage of Users' Safe Passwords in the Files APP in Huawei Mobile Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in zlib affect IBM SDK for Node.js (CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843) *** http://www.ibm.com/support/docview.wss?uid=swg22001567 --------------------------------------------- *** IBM Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997868 --------------------------------------------- *** IBM Security Bulletin: Fix available for Sensitive Data Exposure Vulnerability in IBM Cúram Social Program Management (CVE-2016-9978) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001782 --------------------------------------------- *** IBM Security Bulletin: Fix available for DOM based Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9979) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001780 --------------------------------------------- *** IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9980) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001779 --------------------------------------------- *** IBM Security Bulletin: Fix available for a Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2016-8923) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001774 --------------------------------------------- *** IBM Security Bulletin: Access Manager Client in IBM DataPower Gateways is vulnerable to a denial of service attack. *** http://www.ibm.com/support/docview.wss?uid=swg22001789 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010111 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem model V840 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010112 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 18-04-2017
by Daily end-of-shift report 18 Apr '17

18 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-04-2017 18:00 − Dienstag 18-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Protecting customers and evaluating risk *** --------------------------------------------- Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-an… *** Ab sofort keine Updates mehr für Windows 7 und 8.1-Nutzer mit neuer Hardware *** --------------------------------------------- Es bleibt den Usern somit nur mehr das Upgrade auf Windows 10 --------------------------------------------- http://derstandard.at/2000056017223 *** Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers *** --------------------------------------------- Microsoft fixed critical vulnerabilities in uncredited update released in March. --------------------------------------------- https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-wer… *** Warnung - Betrugsversuche *** --------------------------------------------- Wir weisen darauf hin, dass E-Mails im Umlauf sind, die von gefälschten OeNB-Absende-Adressen aus verschickt werden. [...] Die versendeten E-Mails beinhalten Schadsoftware [...] --------------------------------------------- https://www.oenb.at/Ueber-Uns/Rechtliche-Grundlagen/warnung-betrugsversuche… *** Email Tracking Pixels Used for Pre-Hack Info Gathering *** --------------------------------------------- A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/email-tracking-pixels-used-f… *** FIRST releases twenty years of conference materials *** --------------------------------------------- The leading association of incident response and security teams publishes its repository of twenty years of incident response learnings. --------------------------------------------- https://www.first.org/newsroom/releases/20170418 *** Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts *** --------------------------------------------- Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims. Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/edge-plagued-by-various-secu… *** Wartungsarbeiten Donnerstag, 20. 4. 2017 *** --------------------------------------------- Am Donnerstag, 20. April 2017, ab etwa 19h, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen,... --------------------------------------------- http://www.cert.at/services/blog/20170418151642-1969.html *** VU#676632: IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow *** --------------------------------------------- Vulnerability Note VU#676632 IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow Original Release date: 17 Apr 2017 | Last revised: 17 Apr 2017 Overview IBM Lotus Domino server, versions IMAP service contains a stack-based buffer overflow vulnerability in the EXAMINE command. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server Description IBM Lotus Domino includes an IMAP server. This server contains a stack buffer... --------------------------------------------- http://www.kb.cert.org/vuls/id/676632 *** NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control *** --------------------------------------------- ProSAFE Plus Configuration Utility is vulnerable to improper access control. --------------------------------------------- http://jvn.jp/en/jp/JVN08740778/ *** Security Notice - Statement on Command Injection Vulnerability in Huawei HG532n Product *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170418-01-… *** 2107-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1. *** --------------------------------------------- Multiple vulnerabilities have been resolved in the NorthStar Controller Application starting from version 2.1.0 Service Pack 1 and all subsequent releases. --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10783&cat=SIRT_1… *** cURL and libcurl vulnerabilities in F5 products *** --------------------------------------------- https://support.f5.com/csp/article/K84940705 https://support.f5.com/csp/article/K85235351 https://support.f5.com/csp/article/K17742627 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tealeaf Customer Experience (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000439 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-8610 and CVE-2017-3731 ) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021869 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent (CVE-2017-3731, CVE-2017-3732) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1025103 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000386 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service (CVE-2016-4483) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001680 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010105 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010106 --------------------------------------------- *** IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On *** http://www-01.ibm.com/support/docview.wss?uid=swg22000445 --------------------------------------------- *** IBM Security Bulletin: Multiple ZLIB vulnerabilities affect IBM Mobile Connect *** http://www.ibm.com/support/docview.wss?uid=swg22000094 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products. *** http://www-01.ibm.com/support/docview.wss?uid=swg22000816 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg22001712 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010012 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization *** http://www.ibm.com/support/docview.wss?uid=swg21992598 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 14-04-2017
by Daily end-of-shift report 14 Apr '17

14 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-04-2017 18:00 − Freitag 14-04-2017 18:02 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Zero Day Exploit: Magento-Onlineshops sind wieder gefährdet *** --------------------------------------------- Wer eine Magento-basierte Onlineshop-Lösung verwendet, sollte dringend seine Einstellungen überprüfen. Ein Sicherheitslücke erlaubt die Kompromittierung der Installation und bringt die Kunden in Gefahr. Der Hersteller arbeitet wohl an einem Patch, kommuniziert dies jedoch nicht vernünftig. --------------------------------------------- https://www.golem.de/news/zero-day-exploit-magento-onlineshops-sind-wieder-… *** Exploit Kit Activity Quiets, But Is Far From Silent *** --------------------------------------------- Here are the exploit kits to watch for over the next three to six months. --------------------------------------------- http://threatpost.com/exploit-kit-activity-quiets-but-is-far-from-silent/12… *** Shadow Brokers Release New Batch of Files Containing Windows and SWIFT Exploits *** --------------------------------------------- On Good Friday and ahead of the Easter holiday, the Shadow Brokers have dumped a new collection of files, containing what appears to be exploits and hacking tools targeting Microsofts Windows OS and the SWIFT banking system. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/shadow-brokers-release-new-b… *** BSI definiert Mindeststandard für sichere Web-Browser *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat Mindestanforderungen für sichere Web-Browser veröffentlicht. In einer Tabelle vergleicht die Behörde vier aktuelle Browser - einer wies demnach eine schwerwiegende Einschränkung auf. --------------------------------------------- https://heise.de/-3686044 *** Phishing with Unicode Domains *** --------------------------------------------- If I told you this could be a phishing site, would you believed me? tl;dr: check out the proof-of-concept --------------------------------------------- https://www.xudongz.com/blog/2017/idn-phishing/ *** Critical Patch Update - April 2017 - Pre-Release Announcement *** --------------------------------------------- Critical Patch Update - April 2017 - Pre-Release Announcement --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html *** 2017-04 Security Bulletin: EX Series: Crafted IPv6 NDP packet causing a slow memory leak on EX Series Switches (CVE-2017-2315) *** --------------------------------------------- A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switches to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10781 *** Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution *** --------------------------------------------- A heap overflow vulnerability has been identified in Citrix NetScaler Gateway that could allow a remote, authenticated user to execute arbitrary commands on the NetScaler Gateway appliance as a root user. --------------------------------------------- https://support.citrix.com/article/CTX222657 *** cURL and libcurl vulnerability CVE-2016-8622 *** --------------------------------------------- cURL and libcurl vulnerability CVE-2016-8622. Security Advisory. Security Advisory Description. ** RESERVED ** This candidate ... --------------------------------------------- https://support.f5.com/csp/article/K23391972 *** VMSA-2017-0007 *** --------------------------------------------- VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0007.html *** Wecon Technologies LEVI Studio HMI Editor *** --------------------------------------------- This advisory contains mitigation details for heap-based buffer overflow and stack-based buffer overflow vulnerabilities in the Wecon Technologies LEVI Studio HMI Editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-103-01 *** Schneider Electric Modicon M221 PLCs and SoMachine Basic *** --------------------------------------------- This advisory contains mitigation details for use of hard-coded cryptographic key and protection mechanism failure vulnerabilities in Schneider Electric's Modicon M221 PLCs and SoMachine Basic. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-103-02 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160) *** http://www.ibm.com/support/docview.wss?uid=swg22001574 --------------------------------------------- *** IBM Security Bulletin: IBM API Connect Developer Portal is vulnerable to unauthenticated remote code execution (CVE-2017-1161) *** http://www.ibm.com/support/docview.wss?uid=swg22000316 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services *** http://www.ibm.com/support/docview.wss?uid=swg22001536 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by tar vulnerabilities (CVE-2010-0624 CVE-2016-6321) *** http://www.ibm.com/support/docview.wss?uid=isg3T1025085 --------------------------------------------- *** IBM Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998864 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight *** http://www.ibm.com/support/docview.wss?uid=swg21999652 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 *** http://www.ibm.com/support/docview.wss?uid=swg21999649 --------------------------------------------- *** IBM Security Bulletin: Unvalidated redirection URL vulnerability in IBM Marketing Platform (CVE-2016-0228) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001952 --------------------------------------------- Next End-of-Shift report: 2017-04-18

1 0

Tageszusammenfassung - Donnerstag 13-04-2017
by Daily end-of-shift report 13 Apr '17

13 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-04-2017 18:00 − Donnerstag 13-04-2017 18:02 Handler: Alexander Riepl Co-Handler: n/a *** BrickerBot Permanent Denial-of-Service Attack *** --------------------------------------------- NCCIC/ICS-CERT is aware of open-source reports of “BrickerBot” attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01 *** India to world+dog: Go ahead, please hack our elections ... if you can *** --------------------------------------------- Не волнуйтесь. Мы уже это сделали, товарищи Following demands for an investigation into the security of Indias electronic voting machines, the countrys .. --------------------------------------------- www.theregister.co.uk/2017/04/12/india_electronic_election_hacking/ *** Hintergrund: Forensik-Tools patzen bei neuer Windows-Kompression *** --------------------------------------------- Mit Hilfe einer noch weitgehend unbekannten Dateikompression namens 'Compact OS' könnten sich Schad-Programme und andere Beweismittel einer forensischen Untersuchung eines PCs entziehen. Wir haben sechs Standard-Forensik-Tools getestet. --------------------------------------------- https://heise.de/-3676075 *** WordPress plugin "WP Statistics" vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN62392065/ *** SAP schließt kritische Lücke in der Search Engine TREX *** --------------------------------------------- TREX ist in über einem Dutzend SAP-Produkten verbaut und erlaubte fast zwei Jahre das Einschleusen und Ausführen von Code. Diese und 14 weitere Lücken schließt der Hersteller im Rahmen des April-Patchdays. --------------------------------------------- https://heise.de/-3685632 *** Akamai reports UDP DDOS Using C-LDAP reaching 24Gbps, (Thu, Apr 13th) *** --------------------------------------------- Akamai researchers Jose Arteaga Wilber Mejia have posted details on a new reflected DDOS apprach, using the Connectionless LDAP protocol (on udp/389). Reflected UDP attacks arent new, but using CLDAP seems to be. Which made me wonder who are the folks that decided that their AD (or other LDAP directory) .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22300 *** Samsung: Keine Sicherheitslücken in Smart-TVs *** --------------------------------------------- Der Elektronikkonzern will die Sicherheit seines in die Kritik geratenen Betriebssystems Tizen ins rechte Licht rücken und verkündet, dass weder Smart TVs noch Smartwatches .. --------------------------------------------- https://heise.de/-3685732

1 0

Tageszusammenfassung - Mittwoch 12-04-2017
by Daily end-of-shift report 12 Apr '17

12 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-04-2017 18:00 − Mittwoch 12-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Fake News at Work in Spam Kingpin’s Arrest? *** --------------------------------------------- Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there .. --------------------------------------------- https://krebsonsecurity.com/2017/04/fake-news-at-work-in-spam-kingpins-arre… *** Schneider Electric Modicon Modbus Protocol *** --------------------------------------------- This advisory contains mitigation details for authentication bypass by capture-replay and violation of secure design principles vulnerabilities in Schneider Electric’s Modicon Modbus protocol. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01 *** Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) *** --------------------------------------------- Posted by Gal Beniamini, Project ZeroIn this blog post well continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms… *** CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler *** --------------------------------------------- FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handl… *** Patchday: Adobe stopft kritische Lücken in Acrobat, Reader, Flash und Photoshop *** --------------------------------------------- Kritische Lücken in Flash sowie in Adobe Acrobat und Reader benötigen sofortige Aufmerksamkeit. Auf ungepatchten Systemen können Angreifer Schadcode aus der Ferne ausführen. Photoshop ist diesmal auch mit Sicherheitslücken beim Patchday dabei. --------------------------------------------- https://heise.de/-3682970 *** Malicious Image Defacement Hidden from Search Engines *** --------------------------------------------- After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or website. In a recent blog post, we discussed a case in which a .. --------------------------------------------- https://blog.sucuri.net/2017/04/malicious-image-defacement-hidden-from-sear… *** JSA10753 - 2016-07 Security Bulletin: SRX Series: Upgrades using partition option may allow unauthenticated root login (CVE-2016-1278) *** --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753 *** Sundown EK gone missing, Terror EK flavours seen in active drive-by campaigns *** --------------------------------------------- With another player out at the moment, we take a look at a rebranded exploit kit in current malware .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/04/sundown-ek-gone-missi… *** IT-Sicherheit: Wie ich mein Passwort im Stack Trace fand *** --------------------------------------------- Unser Autor hat versehentlich das MySQL-Passwort seiner Webseite veröffentlicht. Hier schreibt er, wie es dazu kam. Er berichtet, warum Fehler selbst dann passieren, wenn .. --------------------------------------------- https://www.golem.de/news/it-sicherheit-wie-ich-mein-passwort-im-stack-trac… *** Patchday: Microsoft sichert Office gegen aktive Angriffe ab *** --------------------------------------------- Im April verteilt Microsoft zwölf Sicherheitsupdates und stopft mehrere als kritisch eingestufte Schwachstellen. Aktuell haben es Angreifer gezielt auf eine Office-Lücke abgesehen. --------------------------------------------- https://heise.de/-3683358 *** Investigation Finds Inmates Built Computers, Hid Them In Prison Ceiling *** --------------------------------------------- An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late .. --------------------------------------------- https://hardware.slashdot.org/story/17/04/12/0328239/investigation-finds-in… *** Kelihos.E *** --------------------------------------------- Kelihos.E Botnet – Law Enforcement Takedown On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator. The .. --------------------------------------------- http://blog.shadowserver.org/2017/04/12/kelihos-e/ *** New NAS Vulnerabilities are as Bad as they Get *** --------------------------------------------- If you have a QNAP network attached storage (NAS) device, you’d better make sure the firmware is updated. Earlier this year, F-Secure Senior Security .. --------------------------------------------- https://safeandsavvy.f-secure.com/2017/04/12/new-nas-vulnerabilities-are-pr…

1 0

Tageszusammenfassung - Dienstag 11-04-2017
by Daily end-of-shift report 11 Apr '17

11 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-04-2017 18:00 − Dienstag 11-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Longhorn: Tools used by cyberespionage group linked to Vault 7 *** --------------------------------------------- Spying tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn. Symantec has been protecting its .. --------------------------------------------- https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-g… *** Mirai Botnet Temporarily Adds Bitcoin Mining Component, Removes It After a Week *** --------------------------------------------- For around a week at the end of March, one of the many versions of the Mirai malware was spotted delivering a Bitcoin-mining module to its infected .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mirai-botnet-temporarily-add… *** Support-Ende erreicht: Tschüss, Vista *** --------------------------------------------- Am heutigen 11. April endet der Support für Windows Vista. Eine Träne wird deswegen wohl kaum jemand vergießen, dabei steckten viele tolle Neuerungen darin. --------------------------------------------- https://heise.de/-3675983 *** Understanding and Discovering Open Redirect Vulnerabilities *** --------------------------------------------- One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as "Unvalidated Redirects and Forwards"). A website is vulnerable to .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Understanding-and-Disco… *** Microsoft Word 0day used to push dangerous Dridex malware on millions *** --------------------------------------------- Blast could give a boost to Dridex, one of the Internets worst bank-fraud threats. --------------------------------------------- https://arstechnica.com/security/2017/04/microsoft-word-0day-used-to-push-d… *** Malware belauscht Sensoren und knackt Handysperre *** --------------------------------------------- Von Forschern geschriebener Schädling nutzt Browserleck und neuronales Netzwerk, um Sperrcode zu errechnen --------------------------------------------- http://derstandard.at/2000055738573 *** Breaking Signal: A Six-Month Journey *** --------------------------------------------- Researchers spent six months poking holes in Signal and urge a bigger spotlight on security testing. --------------------------------------------- http://threatpost.com/breaking-signal-a-six-month-journey/124888/ *** DSA-3828 dovecot - security update *** --------------------------------------------- It was discovered that the Dovecot email server is vulnerable to adenial of service attack. When the dict passdb and userdb are usedfor user authentication, the .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3828 *** Security Bulletins posted *** --------------------------------------------- Adobe has published security bulletins for Adobe Campaign (APSB17-09), Adobe Flash Player (APSB17-10), Adobe Acrobat and Reader (APSB17-11), Adobe Photoshop (APSB17-12) and the Creative Cloud Desktop Application (APSB17-13). Adobe recommends users update their product installations to the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1457 *** Nach Hacker-Festnahme: FBI will Kelihos-Botnetz endgültig stilllegen *** --------------------------------------------- Schon kurz nachdem der mutmaßlich verantwortliche Cyberkriminelle in Spanien festgenommen wurde, haben US-Behörden offenbar mehrere Maßnahmen eingeleitet, um das Botnetz Kelihos ein für alle mal außer Gefecht zu setzen. --------------------------------------------- https://heise.de/-3682746

1 0

Tageszusammenfassung - Montag 10-04-2017
by Daily end-of-shift report 10 Apr '17

10 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-04-2017 18:00 − Montag 10-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Sicherheitsforscher: IoT-Hersteller machen es Bugjägern unnötig schwer *** --------------------------------------------- Ein Sicherheitsexperte hat nicht nur diverse Bugs in Kameras, NAS-Laufwerken, mobilen Routern oder einem Retinascanner gefunden, sondern auch dokumentiert, wie wenig die betroffenen Hersteller mit solchen Meldungen anfangen können. --------------------------------------------- https://heise.de/-3678493 *** Apache Struts 2 Exploits Installing Cerber Ransomware *** --------------------------------------------- Attackers are attempting to exploit the recent Apache Struts vulnerability on Windows servers and the payload is a variant of the Cerber ransomware. --------------------------------------------- http://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware… *** Matrix Ransomware Spreads to Other PCs Using Malicious Shortcuts *** --------------------------------------------- The Matrix Ransomware gears up for higher distribution by using EITest, the Rig Exploit kit, while .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/matrix-ransomware-spreads-to… *** Baseband Zero Day Exposes Millions of Mobile Phones to Attack *** --------------------------------------------- A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules .. --------------------------------------------- http://threatpost.com/baseband-zero-day-exposes-millions-of-mobile-phones-t… *** Malware auf Zerstörungsjagd: BrickerBot legt unsichere IoT-Geräte still *** --------------------------------------------- Unsichere IoT-Geräte werden meist im Stillen gekapert und als Hilfsarmee für DDoS-Attacken eingesetzt. Jetzt .. --------------------------------------------- https://heise.de/-3678861 *** A quick look at the Ikea Trådfri lighting platform *** --------------------------------------------- Ikea recently launched their Trådfri smart lighting platform in the US. The idea of Ikea plus internet security together at last seems like a pretty terrible one, but having taken a look its surprisingly competent. Hardware-wise, .. --------------------------------------------- http://mjg59.dreamwidth.org/47803.html *** Equation Group: Die Shadow Brokers veröffentlichen NSA-Geheimnisse *** --------------------------------------------- Die Shadow Brokers haben keine Lust mehr - oder sind von Donald Trump wirklich enttäuscht. Das Passwort zum verschlüsselten Archiv ist jetzt im Netz. Die Gruppe hatte Exploits .. --------------------------------------------- https://www.golem.de/news/equation-group-die-shadow-brokers-veroeffentliche… *** Apple finally teaches Android music app to validate certificates *** --------------------------------------------- Cupertinos so keen on Android it took eight months to repair interception bug If youre so .. --------------------------------------------- www.theregister.co.uk/2017/04/10/apple_music_vulnerability/ *** Hackers set off Dallas’ 156 emergency sirens over a dozen times *** --------------------------------------------- https://arstechnica.com/security/2017/04/hackers-set-off-dallas-156-emergen… *** Alleged Spam King Pyotr Levashov Arrested *** --------------------------------------------- Authorities in Spain have arrested a Russian computer programmer thought to be one of the worlds most notorious spam kingpins. Spanish police arrested Pyotr .. --------------------------------------------- https://krebsonsecurity.com/2017/04/alleged-spam-king-pyotr-levashov-arrest… *** WP Statistics <= 12.0.4 - Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8794 *** Telekom Austria war von NSA-Angriff betroffen *** --------------------------------------------- Laut Daten der Hackergruppe Shadow Brokers hat die NSA vor Jahren Rechner der Telekom Austria unter ihre Kontrolle gebracht. Die Telekom untersucht dies. --------------------------------------------- https://futurezone.at/digital-life/telekom-austria-war-von-nsa-angriff-betr… *** Schwerwiegende Microsoft Word-Lücke erlaubt Fremdzugriff *** --------------------------------------------- McAfee berichtet von Exploit, mit dem Angreifer Code auf Zielcomputer ausführen kann --------------------------------------------- http://derstandard.at/2000055670310 *** SQL Injection in extension "Event management and registration" (sf_event_mgt) *** --------------------------------------------- https://typo3.org/news/article/sql-injection-in-extension-event-management-… *** SQL Injection in extension "News system" (news) *** --------------------------------------------- https://typo3.org/news/article/sql-injection-in-extension-news-system-news/ *** Hacker nehmen zunehmend Amazon-Händler ins Visier *** --------------------------------------------- Drittanbieter auf der Handelsplattform Amazon geraten zunehmend ins Visier von Cyber-Betrügern. --------------------------------------------- https://futurezone.at/digital-life/hacker-nehmen-zunehmend-amazon-haendler-… *** Notes on Windows Uniscribe Fuzzing *** --------------------------------------------- Posted by Mateusz Jurczyk of Google Project ZeroAmong the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/notes-on-windows-uniscribe-fu… *** Symantec dokumentiert Verbindung zwischen angeblichen CIA-Tools und weltweiten Attacken *** --------------------------------------------- In mindestens 16 Ländern attackierte eine Gruppe namens Longhorn Firmen, Organisationen und Regierungen. Und Longhorn nutzte dabei die jetzt von Wikileaks als Vault 7 veröffentlichten, angeblichen CIA-Tools, stellt Symantec fest. --------------------------------------------- https://heise.de/-3680265

1 0

Tageszusammenfassung - Freitag 7-04-2017
by Daily end-of-shift report 07 Apr '17

07 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-04-2017 18:00 − Freitag 07-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Ransomware Gang Made Over $100,000 by Exploiting Apache Struts Zero-Day *** --------------------------------------------- For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-gang-made-over-10… *** Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-11) *** --------------------------------------------- A prenotification Security Advisory (APSB17-11) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, April 11, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1454 *** Tracking Website Defacers with HTTP Referers, (Fri, Apr 7th) *** --------------------------------------------- In a previous diary, I explained how pictures may affect your website reputation[1]. Although asuggestedrecommendation was to prevent cross-linking by using the HTTP referer, this is a control that I do not implement on my personal blog, purely for research purposes. And it successfully worked! My website and all its components are constantly monitored but Im also monitoring online services like pastebin.com to track references to... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22268&rss *** Brickerbot: Hacker zerstören das Internet of Insecure Things *** --------------------------------------------- Unbekannte versuchen zurzeit, sich in ungesicherte IoT-Geräte zu hacken und diese aktiv zu zerstören. Offenbar ein Versuch, die Geräte unschädlich zu machen, bevor sie Teil von Botnetzen wie Mirai werden. --------------------------------------------- https://www.golem.de/news/brickerbot-hacker-zerstoeren-das-internet-of-inse… *** Global DDoS Threat Landscape: What's new? *** --------------------------------------------- The Current Global DDoS Threat Landscape In this post, we analyze the current Global DDoS threat landscape focusing on the economic aspect of this kind of criminal activity. The extortion crimes continue to represent a serious threat to businesses and organizations worldwide; ransomware infections and DDoS attacks are becoming daily problems. Security experts at Imperva... --------------------------------------------- http://resources.infosecinstitute.com/global-ddos-threat-landscape-whats-ne… *** QNAP NAS devices open to remote command execution *** --------------------------------------------- If you're using one of the many QNAP NAS devices and you haven't yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don't want it to fall prey to attackers. Among the vulnerabilities fixed by QNAP in this latest firmware version, released on March 21, are three command injection flaws in the web user interface that can be exploited to gain remote command execution on a vulnerable device as... --------------------------------------------- https://www.helpnetsecurity.com/2017/04/07/qnap-nas-vulnerability/ *** ClearEnergy - The "In the Wild" SCADA Ransomware Attacks That Never Were *** --------------------------------------------- A mini-controversy broke out this week in the infosec community after cyber-security firm CRITIFENCE led journalists and other security experts to believe that theyve detected in-the-wild attacks with a new ransomware called ClearEnergy, specialized in targeting ICS/SCADA industrial equipment. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/clearenergy-the-in-the-wild-… *** Sathurbot: Distributed WordPress password attack *** --------------------------------------------- This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts. --------------------------------------------- https://www.welivesecurity.com/2017/04/06/sathurbot-distributed-wordpress-p… *** New IoT/Linux Malware Targets DVRs, Forms Botnet *** --------------------------------------------- Unit 42 researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which we are calling "Amnesia". The Amnesia botnet targets an unpatched remote code execution vulnerability that was publicly disclosed over a year ago in March 2016 in DVR (digital video recorder) devices made by TVT Digital and branded by over 70 vendors worldwide. Based on our scan data shown below in Figure 1, this [...] --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malw… *** [2017-04-07] Server-Side Request Forgery in MyBB forum *** --------------------------------------------- The "Change Avatar" function in MyBB allows an attacker to perform server-side request forgery (SSRF) attacks if the cURL functions are disabled. It is possible to send requests to internal networks and perform port scans. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service ( CVE-2016-3627 ) *** --------------------------------------------- DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22001676

1 0

Tageszusammenfassung - Donnerstag 6-04-2017
by Daily end-of-shift report 06 Apr '17

06 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-04-2017 18:00 − Donnerstag 06-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Forscher warnen vor Gefahr durch Viren-Signaturen *** --------------------------------------------- Mit Hilfe der von Antiviren-Software eingesetzten Signaturen könnten Angreifer gezielt Fehlalarme auslösen. Im schlimmsten Fall kann das ein Opfer das komplette Mail-Archiv kosten. --------------------------------------------- https://heise.de/-3675819 *** Teenager Arrested in Austria for Spreading Philadelphia Ransomware *** --------------------------------------------- Austrian police arrested a 19-year-old teenager from Linz for infecting the network of a local company with the Philadelphia ransomware. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/teenager-arrested-in-austria… *** Trust issues: Know the limits of SSL certificates *** --------------------------------------------- Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation's Let's Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to... --------------------------------------------- http://www.cio.com/article/3187881/internet/trust-issues-know-the-limits-of… *** Cisco Access Points: Zugriff mit offenen Default-Accounts *** --------------------------------------------- Bis zum Mittwoch konnten sich Angreifer mittels Default-Zugangsdaten Zugriff auf Cisco WLAN Access Points der Aeronet-Serie verschaffen. Ein Sicherheits-Update fixt das. Drei weitere schließen Einfallstore für DoS-Angriffe auf WLAN-Controller. --------------------------------------------- https://heise.de/-3677288 *** Wie Sie verschlüsselte Dateien wiederherstellen können *** --------------------------------------------- Mit einem Verschlüsselungstrojaner können Kriminelle Dateien von Opfern unbrauchbar machen. Sie verlangen Geld dafür, dass sie den Schaden beseitigen. Die Website nomoreransom.org/de hilft Opfern, die Dateien selbstständig wiederherzustellen, ohne dass sie dafür Geld an die Verbrecher/innen zahlen müssen. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/wie-sie-verschluesselte-dat… *** Moodle Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Obtain Usernames and Conduct SQL Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038174 *** Bugtraq: Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) *** --------------------------------------------- http://www.securityfocus.com/archive/1/540375 *** SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) 3.x Command Injection Remote Code Execution Vulnerability *** --------------------------------------------- Trend Micro has released new Critical Patches (CP) for Trend Micro Smart Protection Server (Standalone) versions 3.0 and 3.1. These CPs resolve a vulnerability in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. --------------------------------------------- https://success.trendmicro.com/solution/1117033 *** BlackBerry powered by Android Security Bulletin - April 2017 *** --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000039276 *** Certec EDV GmbH atvise scada *** --------------------------------------------- This advisory contains mitigation details for cross-site scripting and header injection vulnerabilities in the Certec EDV GmbH atvise scada. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services session identifier vulnerability (CVE-2017-1152) *** http://www.ibm.com/support/docview.wss?uid=swg22001551 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition, affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5549) (CVE-2016-5548) (CVE-2016-5547) (CVE-2016-5546) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999271 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Mobile Connect (CVE-2017-3272,CVE-2017-5548,CVE-2017-3261,CVE-2017-3231,CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg22000443 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX *** http://aix.software.ibm.com/aix/efixes/security/java_jan2017_advisory.asc --------------------------------------------- *** Novell Patches *** --------------------------------------------- *** eDirectory 8.8 SP8 Patch 10 *** https://download.novell.com/Download?buildid=VYtYu65T21Y~ --------------------------------------------- *** iManager 3.0.3 *** https://download.novell.com/Download?buildid=3jd0pzoyux0~ --------------------------------------------- *** iManager 2.7 Support Pack 7 - Patch 10 *** https://download.novell.com/Download?buildid=5NqajLP7bSo~ --------------------------------------------- *** eDirectory 9.0.3 *** https://download.novell.com/Download?buildid=D1U-cCj1YEs~ --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Director Virtual Machine Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager SQL Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Registered Envelope Service Open Redirect Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software Startup Script Local Command Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XR Software Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Redirection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 5-04-2017
by Daily end-of-shift report 05 Apr '17

05 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-04-2017 18:00 − Mittwoch 05-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** WordPress Security - Unwanted Redirects via Infected JavaScript Files *** --------------------------------------------- We've been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into almost every .js file it can find. Previous versions of this malware injected only jquery.js files, but now we remove this code from hundreds of infected files. Due to a bug in the injector code, it also infects files whose extensions contain ".js" (such as .js.php or .json). --------------------------------------------- https://blog.sucuri.net/2017/04/wordpress-security-unwanted-redirects-via-i… *** Encryption inside Utility Industrial Control Systems (ICS) communication protocols: a must to preserve the confidentiality of information and reliability of the industrial process, (Tue, Apr 4th) *** --------------------------------------------- Industrial control systems are sensitive systems that must make decisions in real time to ensure the operation of the industrial process they govern. The latency and reliability in packet transmission is fundamental, since the protocols are connection-oriented but because of the main speed goal, many of them do not have included error recovery schemes other than those included in the TCP / IP stack. Where is it possible to use encryption without affecting the operation of the industrial control... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22260&rss *** Schneider Electric still shipping passwords in firmware *** --------------------------------------------- Youd think a vendor of critical infrastructure would at least pretend to care about security That "dont use hard-coded passwords" infosec rule? Someone needs to use a needle to write it on the corner of Schneider Electrics developers eyes so they dont forget it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/04/05/schneider_i… *** Internetplattform unterstützt Opfer von digitaler Erpressung *** --------------------------------------------- Für Betroffene von digitaler Erpressung ist es besonders wichtig, ihre Dateien schnell und einfach wiederherzustellen. Unter www.nomoreransom.org können verschiedene Entschlüsselungstools nun auch auf Deutsch aufgerufen werden. --------------------------------------------- http://www.bmi.gv.at/cms/bmi/_news/bmi.aspx?id=537A58584930536354666F3D&pag… *** 500.000 US-Dollar Lösegeld: Ransomware-Gangs nehmen Unternehmen aufs Korn *** --------------------------------------------- Sicherheitsforscher haben mindestens acht Gruppen ausgemacht, die sich auf Ransomware-Attacken auf Unternehmen spezialisiert haben. Je nach Anzahl der infizierten PCs und Server steigt das Lösegeld. Summen von bis zu 500.000 US-Dollar sind im Spiel. --------------------------------------------- https://heise.de/-3675612 *** Whitelists: The Holy Grail of Attackers, (Wed, Apr 5th) *** --------------------------------------------- As a defender, take the time to put yourself in the place of a bad guy for a few minutes. Youre writing some malicious code and you need to download payloads from the Internet or hide your code on a website. Once your malicious code spread in the wild, it will be quickly captured by honeypots, IDS, ... (name your best tool) and analysed automatically of manually by the good guys. Their goal of this is to extract abehavioural analysis of the code and generate indicators (IOCs) which will help to... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22262&rss *** Broadcom-Sicherheitslücke: Angriff über den WLAN-Chip *** --------------------------------------------- Googles Project Zero zeigt, wie man ein Smartphone per WLAN übernehmen kann. WLAN-Chips haben heute eigene Betriebssysteme, denen jedoch alle modernen Sicherheitsmechanismen fehlen. --------------------------------------------- https://www.golem.de/news/broadcom-sicherheitsluecke-angriff-ueber-den-wlan… *** Report: 30% of malware is zero-day, missed by legacy antivirus *** --------------------------------------------- At least 30 percent of malware today is new, zero-day malware that is missed by traditional antivirus defenses, according to a new report."Were gathering threat data from hundreds of thousands of customers and network security appliances," said Corey Nachreiner, CTO at WatchGuard Technologies. "We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed... --------------------------------------------- http://www.cio.com/article/3187734/network-security/report-30-of-malware-is… *** Changes coming to TLS: Part Two *** --------------------------------------------- In the first part of this two-part blog we covered certain performance improving features of TLS 1.3, namely 1-RTT handshakes and 0-RTT session resumption. In this part we shall discuss some security and privacy improvements.Remove Obsolete and insecure cryptographic primitivesRemove RSA HandshakesWhen RSA is used for key establishment there is no forward secrecy, which basically means that an adversary can record the encrypted conversation between the client and the server and later if it is... --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2978671 *** Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE *** --------------------------------------------- [...] Then, if the IE is present, its contents are copied into a heap-allocated buffer of length 256. The copy is performed using the length field present in the IE, and at a fixed offset from the buffers start address. Since the length of the FTIE is not verified prior to the copy, this allows an attacker to include a large FTIE (e.g., with a length field of 255), causing the memcpy to overflow the heap-allocated buffer. --------------------------------------------- https://bugs.chromium.org/p/project-zero/issues/detail?id=1046 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security issues have been identified within Citrix XenServer. The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host. --------------------------------------------- https://support.citrix.com/article/CTX222565 *** Django Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038177 *** HPE Business Process Monitor Unspecified Flaw Lets Remote Users Access Data on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038176 *** Asterisk Buffer Overflow in Processing CDR User Data Lets Remote Authenticated Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1038175 *** Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… *** Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… *** Schneider Electric Interactive Graphical SCADA System Software *** --------------------------------------------- This advisory contains mitigation details for a DLL hijacking vulnerability in Schneider Electric's Interactive Graphical SCADA System Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01 *** Marel Food Processing Systems *** --------------------------------------------- This advisory contains mitigation details for hard-coded passwords and unrestricted upload vulnerabilities in Marel's Food Processing Systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 *** Rockwell Automation Allen-Bradley Stratix and Allen-Bradley ArmorStratix *** --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automation's Allen-Bradley Stratix and ArmorStratix Industrial Ethernet and Distribution switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-03 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Opportunity Detect (CVE-2017-5638) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001388 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerability (CVE-2017-3302) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999203 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (multiple CVEs) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999202 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Database Activity Monitor *** http://www-01.ibm.com/support/docview.wss?uid=swg21999580 --------------------------------------------- *** Fortinet PSIRT Advisories *** --------------------------------------------- *** FortiClient SSLVPN Linux - Root privilege escalation with subproc *** http://fortiguard.com/psirt/FG-IR-16-041 --------------------------------------------- *** FortiClient SSLVPN Linux - Arbitrary write to log file *** http://fortiguard.com/psirt/FG-IR-16-069 --------------------------------------------- *** Multiple vulnerabilities in Linux kernels through 4.6.3 *** http://fortiguard.com/psirt/FG-IR-16-052 --------------------------------------------- *** Unauthenticated XSS (Cross Site Scripting) in FortiMail *** http://fortiguard.com/psirt/FG-IR-17-011 --------------------------------------------- *** Linux kernel - challenge ack information leak *** http://fortiguard.com/psirt/FG-IR-16-047 --------------------------------------------- *** F5 Security Advisories *** --------------------------------------------- *** BIG-IP file validation vulnerability CVE-2015-8022 *** https://support.f5.com/csp/article/K12401251 --------------------------------------------- *** OpenSSL vulnerability CVE-2015-3195 *** https://support.f5.com/csp/article/K12824341 --------------------------------------------- *** OpenSSH vulnerability CVE-2016-6210 *** https://support.f5.com/csp/article/K14845276 --------------------------------------------- *** Expat XML library vulnerability CVE-2015-1283 *** https://support.f5.com/csp/article/K15104541 --------------------------------------------- *** glibc vulnerability CVE-2016-3075 *** https://support.f5.com/csp/article/K15439022 --------------------------------------------- *** libxml2 vulnerability CVE-2016-1834 *** https://support.f5.com/csp/article/K16712298 --------------------------------------------- *** glibc vulnerability CVE-2016-4429 *** https://support.f5.com/csp/article/K17075474 --------------------------------------------- *** TMM vulnerability CVE-2016-5023 *** https://support.f5.com/csp/article/K19784568 --------------------------------------------- *** Linux kernel vulnerability CVE-2013-7446 *** https://support.f5.com/csp/article/K20022580 --------------------------------------------- *** OpenSSH vulnerability CVE-2015-8325 *** https://support.f5.com/csp/article/K20911042 --------------------------------------------- *** NTP vulnerability CVE-2015-7976 *** https://support.f5.com/csp/article/K21230183 --------------------------------------------- *** Linux kernel vulnerability CVE-2011-5321 *** https://support.f5.com/csp/article/K21632201 --------------------------------------------- *** TMM vulnerability CVE-2016-9245 *** https://support.f5.com/csp/article/K22216037 --------------------------------------------- *** glibc vulnerability CVE-2015-8776 *** https://support.f5.com/csp/article/K23946311 --------------------------------------------- *** OpenSSL vulnerability CVE-2016-0800 *** https://support.f5.com/csp/article/K23196136 --------------------------------------------- *** libarchive vulnerability CVE-2016-5844 *** https://support.f5.com/csp/article/K24036027 --------------------------------------------- *** ISC DHCP vulnerability CVE-2016-2774 *** https://support.f5.com/csp/article/K30409575 --------------------------------------------- *** Java commons-collections library vulnerability CVE-2015-4852 *** https://support.f5.com/csp/article/K30518307 --------------------------------------------- *** PHP vulnerability CVE-2016-4070 *** https://support.f5.com/csp/article/K42065024 --------------------------------------------- *** NTP vulnerability CVE-2016-2519 *** https://support.f5.com/csp/article/K41613034 --------------------------------------------- *** GnuPG vulnerability CVE-2013-4402 *** https://support.f5.com/csp/article/K40131068 --------------------------------------------- *** libarchive vulnerability CVE-2016-8688 *** https://support.f5.com/csp/article/K35263486 --------------------------------------------- *** PHP vulnerability CVE-2016-3074 *** https://support.f5.com/csp/article/K34958244 --------------------------------------------- *** OpenSSL vulnerability CVE-2016-7056 *** https://support.f5.com/csp/article/K32743437 --------------------------------------------- *** OpenSSH vulnerability CVE-2016-10009 *** https://support.f5.com/csp/article/K31440025 --------------------------------------------- *** BIG-IP APM access logs vulnerability CVE-2016-1497 *** https://support.f5.com/csp/article/K31925518 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 4-04-2017
by Daily end-of-shift report 04 Apr '17

04 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-04-2017 18:00 − Dienstag 04-04-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Lazarus Under The Hood *** --------------------------------------------- Today wed like to share some of our findings, and add something new to whats currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank. --------------------------------------------- http://securelist.com/blog/sas/77908/lazarus-under-the-hood/ *** APT10 - Operation Cloud Hopper *** --------------------------------------------- Written by Adrian Nish and Tom RowlesBACKGROUNDFor many businesses the network now extends to suppliers who provide management of applications, cloud storage, helpdesk, and other functions. With the right integration and service levels Managed Service Providers (MSPs) can become a key enabler for businesses by allowing them to focus on their core mission while suppliers take care of background tasks. However, the network connectivity which exists between MSPs and their customers also provides a... --------------------------------------------- http://baesystemsai.blogspot.com/2017/04/apt10-operation-cloud-hopper_3.html *** WLAN-Lücke: Apple reicht Bugfix-Update für iOS 10.3 nach *** --------------------------------------------- iOS 10.3.1 behebt einen schwerwiegenden Fehler, über den ein Angreifer Code auf dem WLAN-Chip ausführen könnte. Außerdem lassen sich 32-Bit-Versionen nun wieder direkt auf dem Gerät installieren. --------------------------------------------- https://heise.de/-3674340 *** NSO Group: Pegasus-Staatstrojaner für Android entdeckt *** --------------------------------------------- Nach der iOS-Version des Staatstrojaners Pegasus haben Sicherheitsforscher auch eine Version für Android gefunden. Diese nutzt keine Zero-Day-Exploits und kann auch ohne vollständige Infektion Daten übertragen. --------------------------------------------- https://www.golem.de/news/nso-group-pegasus-staatstrojaner-fuer-android-ent… *** Cloudmark kündigt überraschend DANE/TLSA für Mail-Sicherheit an *** --------------------------------------------- Der überraschende Schritt des Internet-Schwergewichts erscheint bedeutsam, weil er die Mail-Sicherheitstechnik stärkt und zugleich als eine deutliche Absage an das Konzept der Certification Authorities gelesen werden kann. --------------------------------------------- https://www.heise.de/newsticker/meldung/Cloudmark-kuendigt-ueberraschend-DA… *** Betriebssystem Tizen für Samsung-Geräte von Sicherheitslücken durchsiebt *** --------------------------------------------- Ein Sicherheitsforscher hat den Code von Samsungs Tizen analysiert und zieht ein desaströses Resümee. Das Betriebssystem dient als Basis für mobile Geräte und Fernseher des Herstellers. --------------------------------------------- https://heise.de/-3674713 *** Kaspersky: Geldautomaten mit 15-US-Dollar-Bastelcomputer leergeräumt *** --------------------------------------------- Am Ende bleibt nur ein golfballgroßes Loch und das Geld ist weg: Kaspersky hat einen neuen Angriff auf Geldautomaten vorgestellt. Bei dem Angriff werden physische Beschädigung und Hacking kombiniert. Betroffen sind weit verbreitete Modelle aus den 90er Jahren. --------------------------------------------- https://www.golem.de/news/kaspersky-geldautomaten-mit-15-us-dollar-bastelco… *** How Hackers Hijacked a Bank's Entire Online Operation *** --------------------------------------------- Researchers at Kaspersky say a Brazilian banks entire online footprint was commandeered in a five-hour heist. --------------------------------------------- https://www.wired.com/2017/04/hackers-hijacked-banks-entire-online-operatio… *** Workshop on Software Security in industrial area *** --------------------------------------------- May 09, 2017 - 4:00 pm - 6:30 pm Bachmann electronic GmbH Kreuzäckerweg 33 Feldkirch --------------------------------------------- https://www.sba-research.org/events/workshop-on-software-security-in-indust… *** CVE-2017-7228 - x86: broken check in memory_exchange() permits PV guest breakout *** --------------------------------------------- A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-212.html *** Bugtraq: The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. *** --------------------------------------------- http://www.securityfocus.com/archive/1/540365 *** Bugtraq: OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. *** --------------------------------------------- http://www.securityfocus.com/archive/1/540364 *** VU#307983: AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references *** --------------------------------------------- Vulnerability Note VU#307983 AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references Original Release date: 04 Apr 2017 | Last revised: 04 Apr 2017 Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of Untrusted DataSome Java... --------------------------------------------- http://www.kb.cert.org/vuls/id/307983 *** DFN-CERT-2017-0569: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0569/ *** DFN-CERT-2017-0571: Red Hat JBoss A-MQ, JBoss Fuse: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0571/ *** Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection *** --------------------------------------------- Topic: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Risk: High Text:# Exploit Title: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (t... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040006 *** D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery *** --------------------------------------------- Topic: D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery Risk: Medium Text:*Title:* = D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability *Credit... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040008 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 *** http://www-01.ibm.com/support/docview.wss?uid=swg21999999 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2016-6810) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001326 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view incorrect item sets that they should not have access to view (CVE-2016-8987) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996255 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360) *** http://www.ibm.com/support/docview.wss?uid=swg22000834 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM) *** http://wwwbeta-sso.toronto.ca.ibm.com:81/support/entry2/portal/docdisplay?l… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 3-04-2017
by Daily end-of-shift report 03 Apr '17

03 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-03-2017 18:00 − Montag 03-04-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** EvilEye: Malware kapert Webcam, um Werbung zu personalisieren *** --------------------------------------------- Eine auf "EvilEye" getaufte Spyware sucht per übernommener Webcam nach Produkten des Computernutzers, um ihm gezielt personalisierte Werbung anzuzeigen und daran .. --------------------------------------------- https://heise.de/-3664941 *** Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware *** --------------------------------------------- Yesterday, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allo… *** Weitere Lücke in LastPass geschlossen, neue Version verfügbar *** --------------------------------------------- Lastpass hat eine vor wenigen Tagen gefundene Sicherheitslücke in seinen Erweiterungen für diverse Browser geschlossen. Anwender sollten umgehend aktualisieren. --------------------------------------------- https://heise.de/-3672957 *** Vuln: Moodle CVE-2017-7298 Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97182 *** Angriffswerkzeug Metasploit hackt jetzt auch Zombie-IIS *** --------------------------------------------- Etwa ein Prozent der weltweiten Webserver laufen mit einer verwundbaren Version von Microsofts Internet .. --------------------------------------------- https://heise.de/-3673038 *** Miele Professional PG 8528 Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-089-01 *** Smart-TV-Hack: Schadcode über DVB-T ermöglicht Übernahme aus der Ferne *** --------------------------------------------- Einem Sicherheitsexperten ist es gelungen, volle Kontrolle über einen Fernseher zu übernehmen, in dem er in das DVB-T-Signal Code einschleuste, der eine Sicherheitslücke in der HbbTV-Applikation des Geräts ausnutzt. --------------------------------------------- https://www.heise.de/newsticker/meldung/Smart-TV-Hack-Schadcode-ueber-DVB-T… *** Tech support scams persist with increasingly crafty techniques *** --------------------------------------------- Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/04/03/tech-support-scams-pers… *** IBM Security Bulletin:Open Source Apache Poi Vulnerability in IBM eDiscovery Manager *** --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21992041 *** IBM Security Bulletin:Open Source Apache Tomcat,Commons FileUpload Vulnerabilities affects WebSphere App Server in IBM eDiscovery Manager *** --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21991962 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024915 *** IBM Security Bulletin: Persistent cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1140) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21999133 *** IBM Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1021837 *** IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024825 *** Skype: Bösartige Werbung verteilt Fake-Flash-Update *** --------------------------------------------- Anwender berichten davon, in Skype Werbebanner untergeschoben bekommen zu haben, die beim Klick ein gefälschtes Flash-Update herunterladen. Dabei handelt es sich um Schadcode. --------------------------------------------- https://heise.de/-3674229 *** Cryptowars: Ahnungslose EU-Kommissarin redet über Whatsapp-Daten *** --------------------------------------------- EU-Justizkommissarin Vera Jourová will der Polizei ermöglichen, leichter Zugang zu Daten von Internetdienstleistern .. --------------------------------------------- https://www.golem.de/news/cryptowars-ahnungslose-eu-kommissarin-redet-ueber…

1 0

Tageszusammenfassung - Freitag 31-03-2017
by Daily end-of-shift report 31 Mar '17

31 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 30-03-2017 18:00 − Freitag 31-03-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22000768 *** IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998887 *** Spotting a Hidden SEO Hack: “Play One” *** --------------------------------------------- SEO hacks continue to plague websites as attackers abuse SERP rankings for their own gain. The time and effort spent by the website owner creating content, optimizing pages and building .. --------------------------------------------- https://blog.sucuri.net/2017/03/spotting-a-hidden-seo-hack-play-one.html *** Schneider Electric Modicon PLCs *** --------------------------------------------- This advisory contains mitigation details predictable value range from previous values, use of insufficiently random values, and insufficiently protected credentials vulnerabilities in Schneider Electrics Modicon PLCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02 *** Researchers steal data from shared cache of two cloud VMs *** --------------------------------------------- All of a sudden dedicated instances are looking a lot better than multi-tenancy A group of researchers, one .. --------------------------------------------- www.theregister.co.uk/2017/03/31/researchers_steal_data_from_shared_cache_o… *** Novell: Sentinel 8.0 SP1 (Sentinel 8.0.1.0) Build 3512 *** --------------------------------------------- https://download.novell.com/Download?buildid=M7_yJE9WOXE~ *** Celebrate World Backup Day the Smarter Way *** --------------------------------------------- In an effort to help the community be more cyber aware, WorldBackupDay.com celebrates on March 31st .. --------------------------------------------- https://www.webroot.com/blog/2017/03/31/celebrate-world-backup-day-smarter-… *** Samsung Galaxy S8s Facial Unlocking Feature Can Be Fooled With A Photo *** --------------------------------------------- All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire .. --------------------------------------------- http://thehackernews.com/2017/03/samsung-galaxy-s8-facial-unlocking.html *** Studie: TK-Infrastruktur hoffnungslos unsicher – Verschlüsselung Fehlanzeige *** --------------------------------------------- Der amerikanische Pendant zur Bundesnetzagentur hat die Sicherheit des für die Telekommunikations-Infrastruktur unverzichtbaren SS7-Protokolls untersucht. Die Bilanz ist haarsträubend; die Arbeitsgruppe empfiehlt Ende-zu-Ende-Verschlüsselung. --------------------------------------------- https://heise.de/-3671794 *** l+f: Flash für eine Handvoll Dollar *** --------------------------------------------- FedEx Office macht seinen Kunden ein unmoralisches Angebot. --------------------------------------------- https://heise.de/-3672139 *** Pornhub und Youporn stellen auf https um *** --------------------------------------------- Die beiden Pornoseiten wollen ihren Nutzern mehr Datenschutz ermöglichen --------------------------------------------- http://derstandard.at/2000055192256

1 0

Tageszusammenfassung - Donnerstag 30-03-2017
by Daily end-of-shift report 30 Mar '17

30 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-03-2017 18:00 − Donnerstag 30-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Tech support scammers and their banking woes *** --------------------------------------------- We all know about tech support scams by this point. Unfortunately for the scammers, banks know this as well, making it quite difficult at times to maintain an account to store the criminal's ill-gotten gains. So how does the enterprising criminal cash out with your money? Let's take a look. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/03/tech-support-scammers-and-… *** Security Advisory - Exposed System Interface Vulnerability on Huawei Smart Phones *** --------------------------------------------- There is a exposed system interface vulnerability on smart phones. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties. CVE-2017-2735 --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170329-… *** Widespread Email Scam Targets Github Developers with Dimnie Trojan *** --------------------------------------------- Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit ... --------------------------------------------- http://thehackernews.com/2017/03/github-email-scam.html *** Vuln: EMC Isilon OneFS CVE-2017-4980 Directory Traversal Vulnerability *** --------------------------------------------- EMC Isilon OneFS is prone to a directory-traversal vulnerability. A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. --------------------------------------------- http://www.securityfocus.com/bid/97222 *** [SANS ISC] Diverting built-in features for the bad *** --------------------------------------------- I published the following diary on isc.sans.org: 'Diverting built-in features for the bad'. Sometimes you may find very small pieces of malicious code. Yesterday, I caught this very small Javascript sample with only 2 lines of code --------------------------------------------- https://blog.rootshell.be/2017/03/30/sans-isc-diverting-built-features-bad/ *** Trend Micro InterScan Web Security Virtual Appliance Unspecified Flaws Let Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038161 *** Mirai-Botnetz lernt neue Tricks *** --------------------------------------------- Das IoT-Botnetz Mirai beherrscht neuerdings auch DDoS-Angriffe auf dem Application Layer. Diese sind schwer zu entdecken und damit auch relativ schwer abzuwehren. --------------------------------------------- https://heise.de/-3670226 *** Hashfunktion: Der schwierige Abschied von SHA-1 *** --------------------------------------------- Die Hashfunktion SHA-1 ist seit kurzem endgültig gebrochen. Doch an vielen Stellen ist SHA-1 noch im Einsatz. Beispielsweise in Git, in Bittorrent und - was manche überraschen wird - auch in TLS. (SHA-1, Google) --------------------------------------------- https://www.golem.de/news/hashfunktion-der-schwierige-abschied-von-sha-1-17… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Algo One - Algo Risk Application (ARA) could allow retrieval of restricted files *** http://www.ibm.com/support/docview.wss?uid=swg21999892 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale packaged the Elastic Storage Server and the GPFS Storage Server *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010042 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in the GSKit component of Tivoli Netcool/OMNIbus (CVE-2016-2183) *** https://www-01.ibm.com/support/docview.wss?uid=swg22001105 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998701 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat affect Intel (R) Manycore Platform Software Stack (MPSS) for Linux and Windows *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5… --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Document Manager Privilege Escalation (CVE-2017-1180) *** http://www.ibm.com/support/docview.wss?uid=swg22001084 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities have been identified in data server connection and product integration shipped with InfoSphere Optim Query Workload Tuner [for LUW, z/OS *** http://www.ibm.com/support/docview.wss?uid=swg22000601 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition *** http://www.ibm.com/support/docview.wss?uid=swg22000398 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM WebSphere MQ and IBM MQ Appliance (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000904 --------------------------------------------- *** IBM Security Bulletin: IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management vulnerable to cross-site request forgery (CSRF) *** http://www.ibm.com/support/docview.wss?uid=swg22000771 ---------------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily