Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - 27.10.2017
by Daily end-of-shift report 27 Oct '17

27 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-10-2017 18:00 − Freitag 27-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Reaper IoT botnet aint so scary, contains fewer than 20,000 drones ∗∗∗ --------------------------------------------- But numbers arent everything, are they, Dyn? The Reaper IoT botnet is nowhere near as threatening as previously suggested, according to new research.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/27/reaper_iot_… ∗∗∗ A Bug in a Popular Maritime Platform Left Ships Exposed ∗∗∗ --------------------------------------------- The AmosConnect 8 web platform has vulnerabilities that could allow data to be exposed—underscoring deeper problems with maritime security. --------------------------------------------- https://www.wired.com/story/bug-in-popular-maritime-platform-isnt-getting-f… ∗∗∗ SANS Reading Room ∗∗∗ --------------------------------------------- The SANS Reading Room features over 2,730 original computer security white papers in 105 different categories. --------------------------------------------- https://www.sans.org/reading-room/ ∗∗∗ Sicherheitslücken in FortiOS mit hohem Angriffsrisiko ∗∗∗ --------------------------------------------- Im Betriebssystem FortiOS klaffen zwei Schwachstellen. Sicherheitsupdates reparieren das System. --------------------------------------------- https://heise.de/-3873331 ∗∗∗ The race to quantum supremacy and its cybersecurity impact ∗∗∗ --------------------------------------------- Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is possible. Most experts now agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application will happen. Optimistic estimates for commercialization by the private sector vary between 5 and 15 years, while more conservative estimates by academics put it at [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/10/26/quantum-supremacy/ ∗∗∗ Please don’t buy this: smart locks ∗∗∗ --------------------------------------------- The announcement of Amazon Key, a smart lock paired with a security camera that lets couriers into your home, spawned our new series called "Please dont buy this." --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/10/please-dont-buy-this-s… ∗∗∗ How to secure your router to prevent IoT threats? ∗∗∗ --------------------------------------------- The router is the first device that you must consider, since it not only controls the perimeter of your network, but all your traffic and information pass through it. --------------------------------------------- https://www.welivesecurity.com/2017/10/26/secure-your-router-prevent-iot-th… ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗ --------------------------------------------- On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ BlackBerry powered by Android Security Bulletin – October 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Korenix JetNet ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 ∗∗∗ Rockwell Automation Stratix 5100 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02 ∗∗∗ Bugtraq: October 2017 - Bamboo - Critical Security Advisory ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541424 ∗∗∗ DFN-CERT-2017-1898/">F-Secure KEY: Mehrere Schwachstellen ermöglichen das Ausspähen von Anmeldeinformationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1898/ ∗∗∗ DFN-CERT-2017-1904/">GNU Wget: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1904/ ∗∗∗ DFN-CERT-2017-1905/">Node.js: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1905/ ∗∗∗ DFN-CERT-2017-1890/">PHP: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1890/ ∗∗∗ F5 Security Advisories ∗∗∗ --------------------------------------------- https://support.f5.com/csp/new-updated-articles ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-… ∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171027-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.10.2017
by Daily end-of-shift report 25 Oct '17

25 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-10-2017 18:00 − Mittwoch 25-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Whois Maintainer Accidentally Makes Password Hashes Available For Download ∗∗∗ --------------------------------------------- Whois maintainer for Asia Pacific notifies customers of an error where hashed authentication details for were inadvertently available for download. --------------------------------------------- http://threatpost.com/whois-maintainer-accidentally-makes-password-hashes-a… ∗∗∗ Malvertising Campaign Redirects Browsers To Terror Exploit Kit ∗∗∗ --------------------------------------------- Hackers behind the Terror exploit kit ramp up distribution via a two-month long malvertising campaign. --------------------------------------------- http://threatpost.com/malvertising-campaign-redirects-browsers-to-terror-ex… ∗∗∗ #BadRabbit: Wohl immer mehr Ziele von neuem Kryptotrojaner getroffen ∗∗∗ --------------------------------------------- Die russische Nachrichtenagentur Interfax ist am Dienstag durch einen Hackerangriff lahmgelegt worden. Fast alle Server seien betroffen, sagte der stellvertretende Generaldirektor Alexej Gorschkow. Es sei unklar, wann das Problem behoben werden könne. --------------------------------------------- https://heise.de/-3870349 ∗∗∗ DUHK: Zufallszahlengenerator ermöglicht Abhör-Attacke auf zehntausende Geräte ∗∗∗ --------------------------------------------- Mehr als 25.000 übers Internet erreichbare Fortinet-Geräte sind anfällig für passive Lauschangriffe gegen verschlüsselte Verbindungen. Verantwortlich ist fehlender Zufall. --------------------------------------------- https://heise.de/-3872013 ∗∗∗ Secure remote browsing: A different approach to thwart ever-changing threats ∗∗∗ --------------------------------------------- A defense-in-depth strategy is essential to modern enterprises, and organizations must deepen their defenses as quickly as possible to fully protect themselves. One promising technology proposes to achieve this by removing web browsing activity from endpoints altogether, while still enabling users to seamlessly and securely interact with the web-based content they need in order to do their jobs. The key to this approach? Secure remote browsing. --------------------------------------------- https://www.helpnetsecurity.com/2017/10/25/secure-remote-browsing/ ∗∗∗ Dell Lost Control of Key Customer Support Domain for a Month in 2017 ∗∗∗ --------------------------------------------- A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called "Dell Backup and Recovery Application." Its designed to help customers restore their data and computers to their pristine, factory default state should a problem occur [...] --------------------------------------------- https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-suppo… ∗∗∗ Digital forensics: How to recover deleted files ∗∗∗ --------------------------------------------- What happens exactly when you delete a file, and how easy or hard is it to recover deleted files? Learn the differences between delete, erase, and overwrite according to digital forensics. --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/10/digital-forensics-reco… ===================== = Vulnerabilities = ===================== ∗∗∗ FortiOS DoS on webUI through params JSON parameter ∗∗∗ --------------------------------------------- An authenticated user may pass a specially crafted payload to the params parameter of the JSON web API (URLs with /json) , which can cause the web user interface to be temporarily unresponsive. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-206 ∗∗∗ FortiOS web GUI logindisclaimer redir parameter XSS vulnerability ∗∗∗ --------------------------------------------- A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable by a remote unauthenticated attacker, via sending a maliciously crafted URL to a victim who has an open session on the web GUI. Visiting that malicious URL may cause the execution of arbitrary javascript code in the security context of the victims browser. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-113 ∗∗∗ osTicket 1.10.1 Shell Upload ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017100187 ∗∗∗ DSA-4006 mupdf - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-4006 ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025973 ∗∗∗ IBM Security Bulletin: The BigFix Platform has vulnerabilities that have been addressed in patch releases ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009673 ∗∗∗ IBM Security Bulletin: Network Time Protocol (NTP) vulnerability in AIX which is used by IBM OS Images in IBM PureApplication Systems (CVE-2016-9310) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009301 ∗∗∗ IBM Security Bulletin: A vulnerability in the agent core framework affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004193 ∗∗∗ XSA-236 ∗∗∗ --------------------------------------------- http://xenbits.xen.org/xsa/advisory-236.html Next End-of-Day report: 2017-10-27 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.10.2017
by Daily end-of-shift report 24 Oct '17

24 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 23-10-2017 18:00 − Dienstag 24-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Achieving Online Anonymity Using Tails OS ∗∗∗ --------------------------------------------- Achieving anonymity while browsing the internet is the main concern for many people; everybody wants to make their communications secure and private. However, few in the world have really achieved this objective and many are still facing difficulties and trying different techniques to achieve online privacy. The InfoSec community has produced various tools and techniques that utilize the TOR network to send the data securely and privately. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/achieving-online-anony… ∗∗∗ DUHK Crypto Attack Recovers Encryption Keys, Exposes VPN Connections, More ∗∗∗ --------------------------------------------- After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Dont Use Hard-coded Keys) [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/duhk-crypto-attack-recovers-… ∗∗∗ Stop relying on file extensions, (Tue, Oct 24th) ∗∗∗ --------------------------------------------- Yesterday, I found an interesting file in my spam trap. It was called '16509878451.XLAM'. To be honest, I was not aware of this extension and I found this on the web: "A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that [...] --------------------------------------------- https://isc.sans.edu/diary/rss/22962 ∗∗∗ Study: 18% of fed agencies embrace DMARC yet 25% of email fraudulent, unauthenticated ∗∗∗ --------------------------------------------- Of the 18 percent of agencies that do have DMARC in play, only half are maximizing the benefits of the standard by quarantining or rejecting unauthenticated email to prevent domain name spoofing. --------------------------------------------- https://www.scmagazine.com/study-18-of-fed-agencies-embrace-dmarc-yet-25-of… ∗∗∗ News Feature: Google Security interview "human solutions - the way to go." ∗∗∗ --------------------------------------------- Google has launched of a range of personal and corporate security enhancements (below) this month. Google security expert Allison Miller, spoke to SC about the organisations approach to security and privacy concerns. --------------------------------------------- https://www.scmagazine.com/news-feature-google-security-interview-human-sol… ∗∗∗ Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta ∗∗∗ --------------------------------------------- Plus: Azure gets all Cray-cray A below-the-radar security feature in the Windows 10 Fall Creators Update, aka version 1709 released last week, can stop ransomware and other file-scrambling nasties dead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/23/fyi_windows… ∗∗∗ Let’s Enhance ! How we found @rogerkver’s $1000 wallet obfuscated private key. ∗∗∗ --------------------------------------------- We could have simply named this post “How great QR code are and how we recovered one from almost nothing” but it’s much more interesting when the QR code is the key to a $1000 Bitcoin wallet. --------------------------------------------- https://medium.com/@SassanoM/lets-enhance-how-we-found-rogerkver-s-1000-wal… ∗∗∗ Android-Schädling Lokibot ist eine Transformer-Malware ∗∗∗ --------------------------------------------- In erster Linie ist Lokibot auf Bankdaten aus. Wer gegen den Trojaner vorgeht, bekommt ein anderes Gesicht des Schädlings zu sehen und sieht sich mit Erpressung konfrontiert. --------------------------------------------- https://heise.de/-3868947 ∗∗∗ Hackerangriff: Russische Nachrichtenagentur Interfax wohl von Kryptotrojaner getroffen ∗∗∗ --------------------------------------------- Die russische Nachrichtenagentur Interfax ist am Dienstag durch einen Hackerangriff lahmgelegt worden. Fast alle Server seien betroffen, sagte der stellvertretende Generaldirektor Alexej Gorschkow. Es sei unklar, wann das Problem behoben werden könne. --------------------------------------------- https://heise.de/-3870349 ∗∗∗ Reaper: Calm Before the IoT Security Storm? ∗∗∗ --------------------------------------------- Its been just over a year since the world witnessed some of the worlds top online Web sites being taken down for much of the day by "Mirai," a zombie malware strain that enslaved "Internet of Things" (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware [...] --------------------------------------------- https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-sto… ∗∗∗ Keine Aktualisierung bei Netflix notwendig ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Netflix-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie ihre Zahlungsinformationen auf einer Website aktualisieren. Wer das macht, übermittelt sensible Daten an die Betrüger/innen. Sie können auf Kosten ihres Opfers einkaufen gehen und Verbrechen unter seinem Namen begehen. --------------------------------------------- https://www.watchlist-internet.at/phishing/keine-aktualisierung-bei-netflix… ∗∗∗ Reducing Vulnerability to Cyberattacks ∗∗∗ --------------------------------------------- The need for secure systems is a growing priority for Industry Control System (ICS) operators. Recent high profile cyber-attacks against critical infrastructure, coupled with the growing list of published equipment [...] --------------------------------------------- http://blog.schneider-electric.com/cyber-security/2017/10/23/reducing-vulne… ∗∗∗ Kiev metro hit with a new variant of the infamous Diskcoder ransomware ∗∗∗ --------------------------------------------- Public sources have confirmed that computer systems in the Kiev Metro, Odessa naval port, Odessa airport, Ukrainian ministries of infrastructure and finance, and also a number of organizations in Russia are among the affected organizations.The post Kiev metro hit with a new variant of the infamous Diskcoder ransomware appeared first on WeLiveSecurity --------------------------------------------- https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamo… ===================== = Vulnerabilities = ===================== ∗∗∗ Citrix XenServer Security Update for CVE-2017-15597 ∗∗∗ --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host. --------------------------------------------- https://support.citrix.com/article/CTX229057 ∗∗∗ Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Java Server Faces (JSF) used by WebSphere Application Server (CVE-2017-1583, CVE-2011-4343) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008707 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Functional Tester (CVE-2017-10115, CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008877 ∗∗∗ IBM Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009670 ∗∗∗ IBM Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009715 ∗∗∗ cURL Buffer Overread in Processing IMAP FETCH Response Data Lets Remote Users Deny Service or Obtain Potentially Sensitive Information ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039644 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.10.2017
by Daily end-of-shift report 23 Oct '17

23 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-10-2017 18:00 − Montag 23-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ National Cybersecurity Awareness Month – Words to Avoid ∗∗∗ --------------------------------------------- TGIF (Thank Goodness, It’s Friday)! Yes, I altered the ‘G’ to be politically correct, but being politically correct has little...The post National Cybersecurity Awareness Month – Words to Avoid appeared first on BeyondTrust. --------------------------------------------- https://www.beyondtrust.com/blog/national-cybersecurity-awareness-month-wor… ∗∗∗ Performing & Preventing SSL Stripping: A Plain-English Primer ∗∗∗ --------------------------------------------- Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks. The KRACK Attack effectively allows interception of traffic on wireless networks secured by the WPA2 protocol. Whilst it is possible to backward patch [...] --------------------------------------------- https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-eng… ∗∗∗ Krack-Angriff: AVM liefert erste Updates für Repeater und Powerline ∗∗∗ --------------------------------------------- Nach dem Bekanntwerden der WPA2-Schwäche Krack hat AVM nun erste Geräte gepatcht. Weitere Patches sollen folgen, jedoch nicht für Fritzboxen. --------------------------------------------- https://www.golem.de/news/krack-angriff-avm-liefert-erste-updates-fuer-repe… ∗∗∗ Mirai-Nachfolger: Experten warnen vor "Cyber-Hurrican" durch neues Botnetz ∗∗∗ --------------------------------------------- Kriminelle nutzen Sicherheitslücken in IoT-Geräten zum Aufbau eines großen Botnetzes aus. Dabei verwendet der Bot Code von Mirai, unterscheidet sich jedoch von seinem prominenten Vorgänger. --------------------------------------------- https://www.golem.de/news/mirai-nachfolger-experten-warnen-vor-cyber-hurric… ∗∗∗ Security+ Domain #6: Cryptography ∗∗∗ --------------------------------------------- Cryptography falls into the sixth and last domain of CompTIA’s Security+ exam (SYO-401) and contributes 12% to the exam score. The Security+ exam tests the candidate’s knowledge of cryptography and how it relates to the security of networked and stand-alone systems in organizations. To pass the Security+ exam, the candidates must understand both symmetric and [...] --------------------------------------------- http://resources.infosecinstitute.com/security-domain-6-cryptography/ ∗∗∗ Introducing Windows Defender Application Control ∗∗∗ --------------------------------------------- Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control flips the model from one where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. Many organizations, like [...] --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/10/23/introducing-windows-def… ∗∗∗ Google to add "DNS over TLS" security feature to Android OS ∗∗∗ --------------------------------------------- No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications. But do you know — ISPs can still see all of your DNS requests, allowing them to know what websites you visit. Google is working on a new security feature for Android that could prevent your Internet traffic from network spoofing attacks. Almost every Internet activity starts with a [...] --------------------------------------------- https://thehackernews.com/2017/10/android-dns-over-tls.html ∗∗∗ TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors ∗∗∗ --------------------------------------------- Original release date: October 20, 2017 | Last revised: October 21, 2017 Systems Affected Domain ControllersFile ServersEmail Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing [...] --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-293A ∗∗∗ New FakeNet-NG Feature: Content-Based Protocol Detection ∗∗∗ --------------------------------------------- I (Matthew Haigh) recently contributed to FLARE’s FakeNet-NG network simulator by adding content-based protocol detection and configuration. This feature is useful for analyzing malware that uses a protocol over a non-standard port; for example, HTTP over port 81. The new feature also detects and adapts to SSL so that any protocol can be used with SSL and handled appropriately by FakeNet-NG. We were motivated to add this feature since it was a feature of the original FakeNet and it was [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/10/fakenet-content-based-p… ∗∗∗ Krypto-Mining im Browser: Software-Hersteller wollen Nutzer besser schützen ∗∗∗ --------------------------------------------- Mining-Skripte zwacken beim Surfen heimlich Rechenleistung zum Schürfen von Krypto-Währungen ab. Adblocker- und Browser-Hersteller erarbeiten Gegenstrategien. Einige Skript-Entwickler reagieren ihrerseits, indem sie Nutzer künftig um Erlaubnis fragen. --------------------------------------------- https://heise.de/-3865577 ∗∗∗ Kanadischer Geheimdienst veröffentlicht erstmals Sicherheitssoftware ∗∗∗ --------------------------------------------- CSE gilt als besonders schweigsam. Nun überraschen die Spione mit der Herausgabe eines Dateiformats sowie eines Frameworks. Es soll helfen, in vielen Dateien gleichzeitig Malware aufzuspüren. --------------------------------------------- https://heise.de/-3867343 ∗∗∗ Mac-Shareware-Downloads mit signiertem Trojaner ∗∗∗ --------------------------------------------- Die Apps Folx und Elmedia Player wurden nach einem Hack über deren Websites inklusive der "Proton"-Malware vertrieben. Der Hersteller empfiehlt eine Neuinstallation betroffener Maschinen. --------------------------------------------- https://heise.de/-3867420 ∗∗∗ "Cyber Conflict" Decoy Document Used In Real Cyber Conflict ∗∗∗ --------------------------------------------- This post was authored by Warren Mercer, Paul Rascagneres and Vitor VenturaUpdate 10/23: CCDCOE released a statement today on their websiteIntroductionCisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference. --------------------------------------------- http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco AMP for Endpoints Static Key Vulnerability ∗∗∗ --------------------------------------------- On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP For Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software.The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1859: OpenJFX: Zwei Schwachstellen ermöglichen eine komplette Kompromittierung der Software ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1859/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009296 ∗∗∗ IBM Security Bulletin: IBM b-type Network/Storage switches is affected by Open Source OpenSSL Vulnerabilities (OpenSSL and Node.JS consumers). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010726 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in cURL affect IBM Workload Scheduler ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009692 ∗∗∗ BMC Remedy IT Service Management Suite Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information and Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039637 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.10.2017
by Daily end-of-shift report 20 Oct '17

20 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-10-2017 18:00 − Freitag 20-10-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ KRACK-Entdecker: "Sicherheitsupdates einfordern" ∗∗∗ --------------------------------------------- Der belgische Sicherheitsforscher Mathy Vanhoef, der die Sicherheitslücke KRACK in WLAN-Netzwerken entdeckt hat, geht davon aus, dass viele Geräte kein Update erhalten werden. --------------------------------------------- https://futurezone.at/digital-life/krack-entdecker-sicherheitsupdates-einfo… ∗∗∗ Canadian spooks release their own malware detection tool ∗∗∗ --------------------------------------------- Canuck NSA/GCHQ equivalent open-sources Assemblyline, to make us all as safe as Canada Canadas Communications Security Establishment has open-sourced its own malware detection tool.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/20/canadian_co… ===================== = Vulnerabilities = ===================== ∗∗∗ Boston Scientific ZOOM LATITUDE PRM Vulnerabilities ∗∗∗ --------------------------------------------- This advisory contains compensating controls for use of hard-coded cryptographic key and missing encryption of sensitive data vulnerabilities in Boston Scientific’s ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01 ∗∗∗ SpiderControl MicroBrowser ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in SpiderControls MicroBrowser. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01 ∗∗∗ Cisco Nexus Series Switches CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack.The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco-Updates schließen mehrere Lücken ∗∗∗ --------------------------------------------- Mit aktuellen Updates schließt Cisco insgesamt 17 Sicherheitslücken. Eine davon ist kritisch und erlaubt den Remote-Zugriff auf die Cloud Services Platform (CSP) 2100. --------------------------------------------- https://heise.de/-3865704 ∗∗∗ Oracle Critical Patch Update Advisory - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ Security Notice - Statement on App Lock Bypass Vulnerability in Huawei EMUI ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170922-01-… ∗∗∗ IBM Security Bulletin: A vulnerability in libsoup affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025834 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache HTTPD affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025773 ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2017-1583, CVE-2011-4343) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009704 ∗∗∗ IBM Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025771 ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025779 ∗∗∗ IBM Security Bulletin: Vulnerabilities in TigerVNC affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025772 ∗∗∗ IBM Security Bulletin: Vulnerabilities in glibc affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025781 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PostgreSQL affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025764 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenLDAP affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025766 ∗∗∗ IBM Security Bulletin: Vulnerabilities in git affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025756 ∗∗∗ IBM Security Bulletin: A vulnerability in Spice affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025754 ∗∗∗ IBM Security Bulletin: Vulnerabilities in tcpdump affect PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025768 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Planning Analytics Express and IBM Cognos Express. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009518 ∗∗∗ SafeNet External Network HSM script vulnerability CVE-2017-6165 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K74759095 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.10.2017
by Daily end-of-shift report 19 Oct '17

19 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-10-2017 18:00 − Donnerstag 19-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BoundHook Attack Exploits Intel Skylake MPX Feature ∗∗∗ --------------------------------------------- A new attack method takes advantage a feature in Intel’s Skylake microprocessor allowing for post-intrusion application hooking and stealth manipulation of applications. --------------------------------------------- http://threatpost.com/boundhook-attack-exploits-intel-skylake-mpx-feature/1… ∗∗∗ US-CERT study predicts machine learning, transport systems to become security risks ∗∗∗ --------------------------------------------- Youve been warned The Carnegie-Mellon Universitys Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/19/cert_cc_thr… ∗∗∗ A Look at Locky Ransomware’s Recent Spam Activities ∗∗∗ --------------------------------------------- Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sDep2mrz5v0/ ∗∗∗ New Attacker Scanning for SSH Private Keys on Websites ∗∗∗ --------------------------------------------- Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem. --------------------------------------------- https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ ∗∗∗ Baselining Servers to Detect Outliers ∗∗∗ --------------------------------------------- This week I came across an interesting incident response scenario that was more likely a blind hunt. The starting point was the suspicion that a breach may have occurred in one or more of ~500 web servers of a big company on a given date range, even though there was no evidence of leaked data or any other IOC to guide the investigation. To overcome [...] --------------------------------------------- https://isc.sans.edu/diary/rss/22940 ===================== = Vulnerabilities = ===================== ∗∗∗ KRACK Key Reinstall in FT Handshake - PoC ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017100142 ∗∗∗ Bugtraq: WebKitGTK+ Security Advisory WSA-2017-0008 ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541370 ∗∗∗ DFN-CERT-2017-1836: Lucene/Solr: Eine Schwachstelle ermöglicht die Ausführung beliebigen Prorgammcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1836/ ∗∗∗ DFN-CERT-2017-1837: Suricata: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1837/ ∗∗∗ DFN-CERT-2017-1846: GitLab: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1846/ ∗∗∗ Cisco Security Advisories and Alerts ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory – Multiple “BlueBorne” vulnerabilities on Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-… ∗∗∗ Security Advisory - App Lock Bypass Vulnerability in Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171019-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.10.2017
by Daily end-of-shift report 18 Oct '17

18 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-10-2017 18:00 − Mittwoch 18-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RSA-Sicherheitslücke: Infineon erzeugt Millionen unsicherer Krypto-Schlüssel ∗∗∗ --------------------------------------------- RSA-Schlüssel von Hardware-Kryptomodulen der Firma Infineon lassen sich knacken. Das betrifft unter anderem Debian-Entwickler, Anbieter qualifizierter Signatursysteme, TPM-Chips in Laptops und estnische Personalausweise. --------------------------------------------- https://www.golem.de/news/rsa-sicherheitsluecke-infineon-erzeugt-millionen-… ∗∗∗ Browser security beyond sandboxing ∗∗∗ --------------------------------------------- Security is now a strong differentiator in picking the right browser. We all use browsers for day-to-day activities like staying in touch with loved ones, but also for editing sensitive private and corporate documents, and even managing our financial assets. A single compromise through a web browser can have catastrophic results. It doesn’t help that... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond… ∗∗∗ uBlock Origin ad-blocker knocked for blocking hack attack squawking ∗∗∗ --------------------------------------------- Block all the things! No, wait, not the XSS security alerts Top ad-blocking plugin uBlock Origin has come under fire for being a little too eager in its quest to murder nasty stuff on the internet: it prevents browsers from sounding the alarm on hacking attacks. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/17/ublock_orig… ∗∗∗ Hancitor malspam uses DDE attack ∗∗∗ --------------------------------------------- Malicious spam (malspam) pushing Hancitor malware (also known as Chanitor or Tordal) changed tactics on Monday 2017-10-16. Instead of pushing Microsoft Word documents with malicious macros, this malspam began pushing Word documents taking advantage of Microsofts Dynamic Data Exchange (DDE) technique. --------------------------------------------- https://isc.sans.edu/diary/22936 ∗∗∗ Klage wegen Urheberrechtsverletzung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- In erfundenen Schreiben behaupten unbekannte Absender/innen, dass Empfänger/innen eine Urheberrechtsverletzung begangen haben und deshalb verklagt werden. Für weiterführende Informationen dazu sollen Adressat/innen eine ZIP-Datei herunterladen. Sie verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/klage-wegen-urheberrechtsve… ===================== = Vulnerabilities = ===================== ∗∗∗ HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data. --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en… ∗∗∗ Progea Movicon SCADA/HMI ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01 ∗∗∗ IC3 Issues Alert on IoT Devices ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/10/17/IC3-Issues-Alert-I… ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM Connections Portlets For WebSphere Portal (CVE-2015-0254) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006285 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025909 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+ ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009532 ∗∗∗ JSA10826 - 2017-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 17.1R1 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10826&actp=RSS ∗∗∗ Critical Patch Update - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ Solaris Third Party Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinoct2017-3958668.h… ∗∗∗ Oracle Linux Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2017-4005… ∗∗∗ Oracle VM Server for x86 Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2017-400589… ∗∗∗ Multiple vulnerabilities in Linksys E-series products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Multiple vulnerabilities in Afian AB FileRun ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ SSA-523365 (Last Update 2017-10-18): Vulnerability in SIMATIC PCS 7 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-523365… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.10.2017
by Daily end-of-shift report 17 Oct '17

17 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 16-10-2017 18:00 − Dienstag 17-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Heres a Video of the Latest ATM Malware Sold on the Dark Web ∗∗∗ --------------------------------------------- A hacker or hacker group is selling a strain of ATM malware that can make ATMs spit out cash just by connecting to its USB port and running the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/heres-a-video-of-the-latest-… ∗∗∗ Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones ∗∗∗ --------------------------------------------- Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices. --------------------------------------------- http://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-andr… ∗∗∗ Estonia releases update on Digital ID card vulnerability ∗∗∗ --------------------------------------------- The Estonia government issued an update on a vulnerability potentially affecting digital use of ID cards issued since October 2014. --------------------------------------------- https://www.scmagazineuk.com/estonia-releases-update-on-digital-id-card-vul… ∗∗∗ Microsoft responded quietly after detecting secret database hack in 2013 ∗∗∗ --------------------------------------------- (Reuters) - Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database. --------------------------------------------- https://www.reuters.com/article/us-microsoft-cyber-insight/microsoft-respon… ∗∗∗ KRACK: Hersteller-Updates und Stellungnahmen ∗∗∗ --------------------------------------------- Mittlerweile haben einige von der WPA2-Lücke KRACK betroffene Hersteller Patches veröffentlicht, die die Gefahr abwehren. Andere meldeten sich in Stellungnahmen zu Wort. --------------------------------------------- https://heise.de/-3863455 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-05: Security Update for OTRS Business Solution™ ∗∗∗ --------------------------------------------- October 17, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://www.otrs.com/security-advisory-2017-05-security-update-otrs-busines… ∗∗∗ BSRT-2017-006 Vulnerabilities in Workspaces Server components impact BlackBerry Workspaces ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ VU#307015: Infineon RSA library does not properly generate RSA key pairs ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/307015 ∗∗∗ VU#228519: Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/228519 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Cross site scripting in Webtrekk Pixel ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-webt… ∗∗∗ EMC NetWorker Buffer Overflow in nsrd Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039583 ∗∗∗ Java vulnerability CVE-2017-10053 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28418435 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.10.2017
by Daily end-of-shift report 16 Oct '17

16 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-10-2017 18:00 − Montag 16-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected ∗∗∗ --------------------------------------------- Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/tpm-chipsets-generate-insecu… ∗∗∗ List of Firmware & Driver Updates for KRACK WPA2 Vulnerability ∗∗∗ --------------------------------------------- This article will contain an udpated list of firmware and driver updates that resolve the Krack WPA2 vulnerability. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-… ∗∗∗ Es steht KRACK auf dem Speiseplan! ∗∗∗ --------------------------------------------- [...] heute wurden Details zu den sogenannten "Key Reinstallation Attacks", kurz "KRACK", veröffentlicht (technisches Paper / Webseite). Kurz zusammengefasst stellen diese Schwachstellen die ersten [...] --------------------------------------------- http://www.cert.at/services/blog/20171016132413-2092.html ∗∗∗ Auto: Subaru-Funkschlüssel lässt sich einfach klonen ∗∗∗ --------------------------------------------- Autoschlüssel mit Funkverbindung sind ein beliebtes Ziel für Sicherheitsforscher - und oft eher Opfer als Gegner. Aktuell ist Subaru betroffen, zahlreiche Fahrzeuge des Herstellers sind für einen Angriff verwundbar. Das Unternehmen hat bislang nicht reagiert. --------------------------------------------- https://www.golem.de/news/auto-subaru-funkschluessel-laesst-sich-einfach-kl… ∗∗∗ Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack ∗∗∗ --------------------------------------------- Remember NotPetya? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of [...] --------------------------------------------- https://thehackernews.com/2017/10/ukraine-notpetya-cyberattack.html ∗∗∗ How Power Grid Hacks Work, and When You Should Panic ∗∗∗ --------------------------------------------- After months of reports of energy grid breaches, time to distinguish the elite intrusions from just another spearphishing attack. --------------------------------------------- https://www.wired.com/story/hacking-a-power-grid-in-three-not-so-easy-steps ∗∗∗ Erneut Malware-Angriff auf Kreditkartendaten bei Hyatt ∗∗∗ --------------------------------------------- Wieder ist es Angreifern gelungen, Software in die IT-Systeme der Hotelkette Hyatt einzuschleusen, die Kreditkartendaten der Kunden abgriff. Das sei nun aber behoben, versichert das Unternehmen, das 2015 ähnlich angegriffen wurde. --------------------------------------------- https://heise.de/-3862121 ∗∗∗ Bank Austria überprüft keine Identität mit Probe-SMS ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht behaupten Kriminelle, dass Kund/innen ihre Identität mit einer Probe-SMS überprüfen lassen müssen. Dafür ist es notwendig, dass sie auf einer Website ihre Verfügernummer, ihr Passwort und ihre Telefonnummer bekannt geben. Es folgt ein Anruf der Täter/innen, mit dem sie die Bekanntgabe eines TAN-Codes fordern. Der TAN-Code ermöglicht es ihnen, das Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/bank-austria-ueberprueft-keine-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar ∗∗∗ --------------------------------------------- Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2017-11292 Entsprechend fehlerbereinigte Versionen sind verfügbar. Auswirkungen Durch Ausnützen dieser Lücke kann ein Angreifer laut Adobe beliebigen Code auf betroffenen Systemen [...] --------------------------------------------- https://www.cert.at/warnings/all/20171016.html ∗∗∗ Bugtraq: [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541342 ∗∗∗ Vuln: Atlassian Bamboo CVE-2017-9514 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101269 ∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1814/: Jenkins: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1814/ ∗∗∗ Multiple vulnerabilities in OpenText Documentum Content Server ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541333 ∗∗∗ FortiWLC XSS injection via crafted HTTP POST request ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-106 ∗∗∗ FortiMail reflected XSS vulnerability under customized webmail login page ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-099 ∗∗∗ FortiWLC file management OS Command Injection vulnerability ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-119 ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-… ∗∗∗ IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q3 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009259 ∗∗∗ Multiple vulnerabilities in Micro Focus VisiBroker C++ ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ OpenSSL vulnerability CVE-2017-3735 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21462542 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.10.2017
by Daily end-of-shift report 13 Oct '17

13 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-10-2017 18:00 − Freitag 13-10-2017 18:00 Handler: Olaf Schwarz Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Android DoubleLocker Ransomware Activates Every Time You Hit Home Button ∗∗∗ --------------------------------------------- A new ransomware targeting Android devices has been spotted in the wild. Codenamed DoubleLocker, the ransomware abuses Androids Accessibility service and reactivates itself every time the user presses the phones Home button. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-doublelocker-ransomw… ∗∗∗ Fehler in WSUS-Update: Windows-Clients booten nicht mehr ∗∗∗ --------------------------------------------- Fehlerhafte Update-Pakete für Windows 10 und Windows Server 2016, die Microsoft am letzten Patchday veröffentlicht hat, legten in den vergangenen Tagen Rechner in Unternehmensnetzwerken lahm. Betroffen waren nur Umgebungen mit WSUS und SCCM. --------------------------------------------- https://www.heise.de/newsticker/meldung/Fehler-in-WSUS-Update-Windows-Clien… ∗∗∗ Bug auf T-Mobile-Website ermöglichte den Abruf vertraulicher Kundendaten ∗∗∗ --------------------------------------------- In der Website t-mobile.com klaffte ein Sicherheitsleck, das die Abfrage von Kundendatensätzen durch potenzielle Angreifer erlaubte. --------------------------------------------- https://heise.de/-3860676 ∗∗∗ Malvertising on Equifax, TransUnion tied to third party script ∗∗∗ --------------------------------------------- Equifaxs website is once again infected, this time with malvertising that redirects to a fake Flash player. Further investigation reveals TransUnion was also targeted. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-we… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Patch Update - October 2017 ∗∗∗ --------------------------------------------- Critical Patch Update - October 2017 - Pre-Release Announcement --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ ProMinent MultiFLEX M10a Controller ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01 ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02 ∗∗∗ Envitech Ltd. EnviDAS Ultimate ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03 ∗∗∗ NXP Semiconductors MQX RTOS ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-04 ∗∗∗ Siemens BACnet Field Panels ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-05 ∗∗∗ DFN-CERT-2017-1812/">Xen: Mehrere Schwachstelle ermöglichen u.a. das Eskalieren von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1812/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2, v5.0.2 and v5.0.2.1. (CVE-2017-10115 and CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009234 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009543 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008951 ∗∗∗ IBM Security Bulletin: IBM Notes is affected by Open Source XStream Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004066 ∗∗∗ Java SE vulnerability CVE-2017-10115 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91024405 ∗∗∗ Java SE vulnerability CVE-2017-10108 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52342540 ∗∗∗ Vulnerability in windows antivirus products (IK-SA-2017-0001) ∗∗∗ --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-w… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily