=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 06-07-2017 18:00 − Freitag 07-07-2017 18:00
Handler: Stephan Richter
Co-Handler:
=====================
= News =
=====================
∗∗∗ CIA Malware Can Steal SSH Credentials, Session Traffic ∗∗∗
---------------------------------------------
WikiLeaks dumped today the documentation of two CIA hacking tools
codenamed BothanSpy and Gyrfalcon, both designed to steal SSH
credentials from Windows and Linux systems, respectively. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security
/cia-malware-can-steal-ssh-credentials-session-traffic/
∗∗∗ ZIP Bombs Can Protect Websites From Getting Hacked ∗∗∗
---------------------------------------------
Webmasters can use so-called ZIP bombs to crash a hackers vulnerability
and port scanner and prevent him from gaining access to their website.
[...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security
/zip-bombs-can-protect-websites-from-getting-hacked/
∗∗∗ IT und Energiewende: Stromnetzbetreiber fordern das ganz große
Lastmanagement ∗∗∗
---------------------------------------------
Silizium statt Kupfer und Stahl: Die Energiewende und die
Elektromobilität erfordern einen Ausbau des Stromnetzes. Doch die
Netzbetreiber setzen lieber auf Digitalisierung und "Flexibilisierung".
Stromlieferanten wollen sich gegen die Bevormundung wehren. (Smart
Grid, GreenIT)
---------------------------------------------
https://www.golem.de/news
/it-und-energiewende-stromnetzbetreiber-fordern-das-ganz-grosse-last
management-1707-128779-rss.html
∗∗∗ Decryption Key to Original Petya Ransomware Released ∗∗∗
---------------------------------------------
The key to decrypt the original Petya ransomware has been reportedly
released by the ransomware’s author.
---------------------------------------------
http://threatpost.com
/decryption-key-to-original-petya-ransomware-released/126705/
∗∗∗ Someones phishing US nuke power stations. So far, no kaboom ∗∗∗
---------------------------------------------
Stuxnet, this aint Dont panic, but attackers are trying to phish their
way into machines in various US power facilities, including nuclear
power station operators.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/071/07
/someones_phishing_us_nuke_power_stations_so_far_no_kaboom/
∗∗∗ Lets not help attackers by spreading fear, uncertainty and doubt
∗∗∗
---------------------------------------------
Spreading FUD in the wake of cyber-attacks is never a good idea. But
its even worse when this might be one of the attackers implicit goals.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/07
/lets-not-help-attackers-spreading-fear-uncertainty-and-doubt/
∗∗∗ Hacker-Sammlung gefunden: 500 Mio. E-Mail-Adressen und
Passwörter betroffen ∗∗∗
---------------------------------------------
Das Bundeskriminalamt hat in einer Underground-Economy-Plattform im
Internet eine Sammlung von ca. 500.000.000 ausgespähten Zugangsdaten
gefunden. Die Daten bestehen aus Email-Adressen mit dazugehörigen
Passwörtern. Vermutlich stammen die Daten von verschiedenen
Hacking-Angriffen und wurden über einen längeren Zeitraum
zusammengetragen. Die aktuellsten ausgespähten Zugangsdaten sind
wahrscheinlich aus Dezember 2016.
---------------------------------------------
https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Kurzmeldungen
/170705_HackerSammlung.html
∗∗∗ Abgesicherte PHP-Versionen erschienen ∗∗∗
---------------------------------------------
Trotz der Möglichkeit von Angreifern Schadcode ausführen zu können,
gilt der Bedrohungsgrad nicht als kritisch.
---------------------------------------------
https://heise.de/-3766935
∗∗∗ Android-Mega-Patch: Google schließt haufenweise kritische Lücken
∗∗∗
---------------------------------------------
Unter anderem werden Lücken in WLAN-Chipsets von Broadcom geschlossen,
die Angreifern das Ausführen von Code mittels manipulierter Wifi-Pakete
erlauben. Auch für Android 4.4 (KitKat) sind Patches dabei.
---------------------------------------------
https://heise.de/-3767103
∗∗∗ New Ransomware Variant "Nyetya" Compromises Systems Worldwide ∗∗∗
---------------------------------------------
Note: This blog post discusses active research by Talos into a new
threat. This information should be considered preliminary and will be
updated as research continues.Update 2017-07-06 12:30 EDT: Updated to
explain the modified DoublePulsar backdoor.Since the SamSam attacks
that targeted US healthcare entities in March 2016, Talos has been
concerned about the proliferation of malware via unpatched network
vulnerabilities. In May 2017, WannaCry ransomware took advantage of a
vulnerability in [...]
---------------------------------------------
http://blog.talosintelligence.com/2017/06
/worldwide-ransomware-variant.html
=====================
= Advisories =
=====================
∗∗∗ Schneider Electric Wonderware ArchestrA Logger ∗∗∗
---------------------------------------------
This advisory contains mitigation details for stack-based buffer
overflow, uncontrolled resource consumption, and null pointer deference
vulnerabilities in Schneider Electric’s Wonderware ArchestrA Logger.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
∗∗∗ Schneider Electric Ampla MES ∗∗∗
---------------------------------------------
This advisory contains mitigation details for cleartext transmission of
sensitive information and inadequate encryption strength
vulnerabilities in Schneider Electric’s Ampla MES.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017070056
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017070060
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017070059
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017070058
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017070057
∗∗∗ Bugtraq: KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/540812
∗∗∗ Bugtraq: [SYSS-2017-011] Office 365: Insufficient Session
Expiration (CWE-613) ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/540814
∗∗∗ iManager 2.7 Support Pack 7 - Patch 10 Hotfix 2 ∗∗∗
---------------------------------------------
https://download.novell.com/Download?buildid=WeEb4PchpTU~
∗∗∗ eDirectory 8.8 SP8 Patch 10 ∗∗∗
---------------------------------------------
https://download.novell.com/Download?buildid=VYtYu65T21Y~
∗∗∗ IBM Security Bulletin: IBM MQ Java/JMS application can incorrectly
flow password in plain text. (CVE-2017-1337) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22003853
∗∗∗ IBM Security Bulletin: IBM MQ Passwords specified by MQ java or JMS
applications can appear in WebSphere Application Server trace.
(CVE-2017-1284) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22003851
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK
affect WebSphere Application Server and Tivoli Netcool Performance
Manager October 2016 and January 2017 CPU (multiple CVEs) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005615
∗∗∗ IBM Security Bulletin: Vulnerabilities in tcpdump affect AIX ∗∗∗
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory2.asc
∗∗∗ PHP Multiple Flaws Let Remote Users Obtain Potentially Sensitive
Information, Deny Service, and Execute Arbitrary Code ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038837
∗∗∗ systemd vulnerability CVE-2017-9445 ∗∗∗
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 05-07-2017 18:00 − Donnerstag 06-07-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Decryptor Released for the Mole02 CryptoMix Ransomware Variant ***
---------------------------------------------
It is always great to be able to announce a free decryptor for victims who have had their files encrypted by a ransomware. This is the case today, where a decryptor for the Mole02 cryptomix variant was released. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-m…
*** Evolution of Conditional Spam Targeting Drupal Sites ***
---------------------------------------------
Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including a malicious file in each visitor's session. It's quite common for attackers to evolve their techniques and add new variations of hidden backdoors to make it harder to get rid of the infection. These evasion and reinfection techniques can also make it difficult to modify the malicious code, which is what has exactly happened in this case, [...]
---------------------------------------------
https://blog.sucuri.net/2017/07/drupal-conditional-spam-evolved.html
*** New BTCWare Ransomware Decrypter Released for the Master Variant ***
---------------------------------------------
Security researcher Michael Gillespie has released a new version of the BTCWare ransomware decrypter after the author of the eponymous ransomware has leaked the private key for his latest version. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-btcware-ransomware-decry…
*** Sicherheitsupdates: Cisco kämpft gegen statische und unverschlüsselte Zugangsdaten ***
---------------------------------------------
Der Netzwerkausrüster stopft zum Teil kritische Sicherheitslücken in seinem Elastic Services Controller und seinem Ultra Services Framework.
---------------------------------------------
https://heise.de/-3765238
*** M.E.Doc Software Was Backdoored 3 Times, Servers Left Without Updates Since 2013 ***
---------------------------------------------
Servers and infrastructure belonging to Intellect Service, the company behind the M.E.Doc accounting software, were grossly mismanaged, being left without updates since 2013, and getting backdoored on three separate occasions during the past three months. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/m-e-doc-software-was-backdoo…
*** The MeDoc Connection ***
---------------------------------------------
The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the attack. The investigation found a supply chain-focused attack at M.E.Doc software that delivered a destructive payload disguised as ransomware. By utilizing stolen credentials, the actor was [...]
---------------------------------------------
http://blog.talosintelligence.com/2017/07/the-medoc-connection.html
*** Fritzbox-Lücke erlaubt delikate Einblicke ins lokale Netz ***
---------------------------------------------
Durch ein Informationsleck können Webseiten offenbar viele Details über das Heimnetz eines Fritzbox-Nutzers erfahren. Zu den abfischbaren Daten zählen die Netzwerknamen aller Clients, IP- und Mac-Adresssen und die eindeutige ID der Fritzbox.
---------------------------------------------
https://heise.de/-3764885
*** FIRST announces release of Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure ***
---------------------------------------------
The Forum of Incident Response and Security Teams announces the release of a set of guidelines and norms for vulnerability disclosure that affects multiple parties.
---------------------------------------------
https://www.first.org/newsroom/releases/20170706
*** APWG Global Phishing Survey 2016: Trends and Domain Name Use ***
---------------------------------------------
This report comprehensively examines a large data set of more than 250,000 phishing attacks detected in 2015 and 2016. By quantifying this cybercrime activity and understanding the patterns that lurk therein, we have learned more about what phishers have been doing, and how they have accomplished their schemes.
---------------------------------------------
https://apwg.org/resources/apwg-reports/domain-use-and-trendshttps://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf
*** Gefälschte Anwaltsschreiben verbreiten Schadsoftware ***
---------------------------------------------
In gefälschten Anwaltsschreiben behaupten Kriminelle, dass Adressat/innen Schulden bei einem Unternehmen haben. Weiterführende Informationen zu der offenen Geldforderung sollen sich im Dateianhang der Nachricht finden. In Wahrheit verbirgt er Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-anwalt…
*** BadGPO - Using Group Policy Objects for Persistence and Lateral Movement ***
---------------------------------------------
[...] Such policies are widely used in enterprise environments to control settings of clients and servers: registry settings, security options, scripts, folders, software installation and maintenance, just to name a few. Settings are contained in so-called Group Policy Objects (GPOs) and can be misused in a sneaky way to distribute malware and gain persistence in an automated manner in a post exploitation scenario of an already compromised domain.
---------------------------------------------
http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_052_Willi_…
*** ZDI-17-452: (0Day) Advantech WebOP Designer Project File Heap Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebOP Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-17-452/
*** Android Security Bulletin July 2017 ***
---------------------------------------------
https://source.android.com/security/bulletin/2017-07-01.html
*** BlackBerry powered by Android Security Bulletin July 2017 ***
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber…
*** Petya Malware Variant (Update B) ***
---------------------------------------------
This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-181-01A Petya Ransomware Variant that was published July 3, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk [...]
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01B
*** rsyslog: remote syslog PRI vulnerability CVE-2014-3634 ***
---------------------------------------------
rsyslog: remote syslog PRI vulnerability CVE-2014-3634. Security Advisory. Security Advisory Description. rsyslog before ...
---------------------------------------------
https://support.f5.com/csp/article/K42903299
*** DFN-CERT-2017-1171: LibTIFF: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1171/
*** Security Advisories for Drupal Third-Party Modules ***
---------------------------------------------
*** SMTP - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-055 ***
https://www.drupal.org/node/2890357
---------------------------------------------
*** DrupalChat - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-057 ***
https://www.drupal.org/node/2892404
---------------------------------------------
*** OAuth - Critical - Access Bypass - SA-CONTRIB-2017-056 ***
https://www.drupal.org/node/2892400
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A Security vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms (CVE-2017-1289). ***
http://www.ibm.com/support/docview.wss?uid=swg22005058
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002336
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg22002335
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000488
---------------------------------------------
*** Siemens Security Advisories ***
---------------------------------------------
*** SSA-804859 (Last Update 2017-07-06): Denial of Service Vulnerability in SIMATIC Logon ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-804859…
---------------------------------------------
*** SSA-874235 (Last Update 2017-07-06): Intel Vulnerability in Siemens Industrial Products ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235…
---------------------------------------------
*** SSA-275839 (Last Update 2017-07-06): Denial-of-Service Vulnerability in Industrial Products ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839…
---------------------------------------------
*** SSA-931064 (Last Update 2017-07-06): Authentication Bypass in SIMATIC Logon ***
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064…
---------------------------------------------
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Nexus Series Switches CLI Command Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Wide Area Application Services Core Dump Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Ultra Services Framework AutoVNF Log File User Credential Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Ultra Services Framework UAS Unauthenticated Access Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco StarOS Border Gateway Protocol Process Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Prime Network Privilege Escalation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Identity Services Engine Guest Portal Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco IOS XR Software Multicast Source Discovery Protocol Session Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco IOS XR Software Incorrect Permissions Privilege Escalation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Elastic Services Controller Unauthorized Access Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Prime Network Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco StarOS CLI Command Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-07-2017 18:00 − Mittwoch 05-07-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** #NoPetya-Attacke hinterließ Sicherheitslücke ***
---------------------------------------------
Der weltweite Cyberangriff in der vergangenen Woche hat schwerwiegendere Folgen als bislang bekannt.
---------------------------------------------
https://futurezone.at/digital-life/nopetya-attacke-hinterliess-sicherheitsl…
*** Cyber-Attacke NotPetya: Angebliche Angreifer wollen 250.000 Euro für Datenrettung ***
---------------------------------------------
Die mutmaßlichen Entwickler der Schadsoftware NotPetya wollen gegen 100 Bitcoin (fast 250.000 Euro) einen Schlüssel herausgeben, mit dem die Daten zu retten sein sollen. Ob sie Wort halten, ist unklar. Beobachter vermuten andere Motive hinter der Wendung.
---------------------------------------------
https://heise.de/-3764208
*** Ukrainian Police Seize Servers From Where NotPetya Outbreak First Spread ***
---------------------------------------------
Ukrainian Police announced today it seized the servers from where the NotPetya ransomware outbreak first started to spread. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ukrainian-police-seize-serve…
*** The day a mysterious cyber-attack crippled Ukraine ***
---------------------------------------------
On the morning of Tuesday, 27 June, Oleh Derevianko, the head of Kiev-based cybersecurity firm Information Security Systems Partners (ISSP), was at Bessarabska market, a popular food market in the heart of downtown. Derevianko was picking up a few things before heading out for the 300km drive to his parents' village. Wednesday was constitution day in Ukraine, a national holiday, and he'd be using the mid-week break to spend a couple days with his kids.
---------------------------------------------
http://www.bbc.com/future/story/20170704-the-day-a-mysterious-cyber-attack-…
*** NotPetya Group Moves All Their Bitcoin, Posts Proposition on the Dark Web ***
---------------------------------------------
The person or group behind the NotPetya ransomware has made its first move since the outbreak that took place eight days ago. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/notpetya-group-moves-all-the…
*** Doctor Web: M.E.Doc backdoor lets cybercriminals access computers ***
---------------------------------------------
July 4, 2017 Doctor Web security researchers examined the update module M.E.Doc and discovered that it is involved in the distribution of at least one other malicious program. You may recall that independent researchers named specifically this M.E.Doc update module as the source of the recent outbreak of the encryption worm Trojan.Encoder.12544, also known as NePetya, Petya.A, ExPetya and WannaCry-2. M.E.Doc is tax accounting software that is popular in Ukraine.
---------------------------------------------
http://news.drweb.com/show/?i=11363&lng=en&c=9
*** Qubes OS im Test: Linux sicher und nutzerfreundlich? ***
---------------------------------------------
Anwendungen und Einsatzbereiche voneinander per Virtualisierung trennen, gleichzeitig eine für den regulären Nutzer einfach zu bedienende Desktop-Oberfläche bieten: Das Qubes-OS-Projekt hat sich einiges vorgenommen.
---------------------------------------------
https://heise.de/-3764500
*** Österreich im Bereich Cybersicherheit auf Platz 30 ***
---------------------------------------------
Große Industriestaaten schneiden bei der Cybersicherheit einer UN-Studie zufolge teils schlechter ab als einige deutlich ärmere Staaten.
---------------------------------------------
https://futurezone.at/digital-life/oesterreich-im-bereich-cybersicherheit-a…
*** Introducing Linux Support for FakeNet-NG: FLARE's Next GenerationDynamic Network Analysis Tool ***
---------------------------------------------
Introduction In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in Python. FakeNet-NG allows security analysts to observe and interact with network applications using standard or custom protocols on a single Windows host, which is especially useful for malware analysis and reverse engineering. Since FakeNet-NG's release, FLARE has added support for additional protocols. FakeNet-NG now has out-of-the-box support for DNS, HTTP (including BITS), FTP, TFTP, [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-faken…
*** The Hardware Forensic Database ***
---------------------------------------------
The Hardware Forensic Database (or HFDB) is a project of CERT-UBIK aiming at providing a collaborative knowledge base related to IoT Forensic methodologies and tools.
---------------------------------------------
http://hfdb.io/
*** Kundendaten: Datenleck bei der Deutschen Post ***
---------------------------------------------
Eine Datenbank mit 200.000 Umzugsmitteilungen der Post lag ungeschützt im Netz. Tausende andere Firmen aus aller Welt haben exakt den gleichen Fehler gemacht.
---------------------------------------------
https://www.golem.de/news/kundendaten-datenleck-bei-der-deutschen-post-1707…
*** Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities ***
---------------------------------------------
Talos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems. Vulnerabilities present in these applications could allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user.
---------------------------------------------
http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-prec…
*** Security Advisory - DoS Vulnerability in TLS of Some Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170705-…
*** rt-sa-2017-011 ***
---------------------------------------------
Remote Command Execution in PDNS Manager
---------------------------------------------
https://www.redteam-pentesting.de/advisories/rt-sa-2017-011.txt
*** DFN-CERT-2017-1159: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1159/
*** IBM Security Bulletin: Incorrect saved channel status enquiry could cause denial of service for IBM MQ (CVE-2017-1236) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22003510
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005108
*** IBM Security Bulletin: RabbitMQ vulnerability affect IBM Cloud Manager with OpenStack (CVE-2015-8786) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025403
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-07-2017 18:00 − Dienstag 04-07-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Yet more reasons to disagree with experts on nPetya ***
---------------------------------------------
In WW II, they looked at planes returning from bombing missions that were shot full of holes. Their natural conclusion was to add more armor to the sections that were damaged, to protect them in the future. But wait, said the statisticians. The original damage is likely spread evenly across the plane. Damage on returning planes indicates where they could damage and still return. The undamaged areas are where they were hit and couldnt return. Thus, its the undamaged areas you need to [...]
---------------------------------------------
http://blog.erratasec.com/2017/07/yet-more-reasons-to-disagree-with.html
*** Analysis of TeleBots cunning backdoor ***
---------------------------------------------
On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was spearheaded by the malware ESET products detect as Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya). This malware masquerades as typical ransomware: it encrypts the data on the computer and demands $300 bitcoins for recovery. In fact, the malware authors' intention was to cause damage, so they did all that they could to make data decryption very unlikely.
---------------------------------------------
https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-back…
*** GnuPG crypto library cracked, look for patches ***
---------------------------------------------
Boffins bust libgcrypt via side-channel Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/07/04/gnupg_crypt…
*** Cryptology ePrint Archive: Report 2017/627 ***
---------------------------------------------
Sliding right into disaster: Left-to-right sliding windows leak
Abstract: It is well known that constant-time implementations of modular exponentiation cannot use sliding windows. However, software libraries such as Libgcrypt, used by GnuPG, continue to use sliding windows. It is widely believed that, even if the complete pattern of squarings and multiplications is observed through a side-channel attack, the number of exponent bits leaked is not sufficient to carry out a full key-recovery [...]
---------------------------------------------
https://eprint.iacr.org/2017/627
*** ERCIM News 110 published - Special theme "Blockchain Engineering" ***
---------------------------------------------
The ERCIM News No. 110 has just been published at with a special theme on "Blockchain Engineering". SBA Research contributes two articles in this issue. The first article is by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter and Edgar Weippl on [...]
---------------------------------------------
https://www.sba-research.org/2017/07/03/ercim-news-110-published-special-th…
*** Joomla! 3.7.3 Release ***
---------------------------------------------
Security Issues Fixed
Core - Information Disclosure (affecting Joomla 1.7.3-3.7.2)
Core - XSS Vulnerability (affecting Joomla 1.7.3-3.7.2)
Core - XSS Vulnerability (affecting Joomla 1.5.0-3.6.5)
---------------------------------------------
https://www.joomla.org/announcements/release-news/5709-joomla-3-7-3-release…
*** Petya Malware Variant (Update A) ***
---------------------------------------------
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-181-01 Petya Ransomware Variant that was published June 30, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01A
*** RSA Archer eGRC Multiple Flaws Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, and Open Redirect Attacks and Let Remote Authenticated Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1038815
*** DFN-CERT-2017-1145: Apache Subversion: Eine Schwachstelle ermöglicht die Manipulation von Daten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1145/
*** SSA-563539 (Last Update: 2017-07-04): Vulnerabilities in OZW672 and OZW772 ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539…
*** SSA-323211 (Last Update: 2017-07-04): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211…
*** SSA-452237 (Last Update: 2017-07-04): Vulnerabilities in Reyrolle ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-452237…
*** IBM Security Bulletin: Weak Cipher available in IBM API Connect (CVE-2015-2808) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22003868
*** IBM Security Bulletin: Multiple vulnerabilities in Open Source zlib affects IBM Netezza Platform Software clients (CVE-2016-9840, CVE-2016-9841 and CVE-2016-9843). ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22001026
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 30-06-2017 18:00 − Montag 03-07-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** From Pass-the-Hash to Pass-the-Ticket with No Pain ***
---------------------------------------------
We are all grateful to the Microsoft which gave us the possibility to use the "Pass the Hash" technique! In short: if we have the NTLM hashes of the user password, we can authenticate against the remote system without knowing the real password, just using the hashes. Things were (finally) changing, starting from Windows 7, [...]
---------------------------------------------
http://resources.infosecinstitute.com/pass-hash-pass-ticket-no-pain/
*** SQL Injection Vulnerability in WP Statistics ***
---------------------------------------------
As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues. While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This plugin is currently installed on 300,000+ websites. Are You at Risk? This vulnerability is caused by the lack of sanitization in user provided data. An attacker with at least a subscriber account could leak sensitive data and under the right [...]
---------------------------------------------
https://blog.sucuri.net/2017/06/sql-injection-vulnerability-wp-statistics.h…
*** OutlawCountry Is CIAs Malware for Hacking Linux Systems ***
---------------------------------------------
WikiLeaks dumped today a manual describing a new CIA malware strain. Called OutlawCountry, this is malware designed for Linux operating systems. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/outlawcountry-is-cias-malwar…
*** So You Think You Can Spot a Skimmer? ***
---------------------------------------------
This week marks the 50th anniversary of the automated teller machine -- better known to most people as the ATM or cash machine. Thanks to the myriad methods thieves have devised to fleece unsuspecting cash machine users over the years, there are now more ways than ever to get ripped off at the ATM. Think youre good at spotting the various scams? A newly released ATM fraud inspection guide may help you test your knowledge.
---------------------------------------------
https://krebsonsecurity.com/2017/06/so-you-think-you-can-spot-a-skimmer/
*** PE Section Name Descriptions, (Sun, Jul 2nd) ***
---------------------------------------------
PE files (.exe, .dll, ...) have sections: a section with code, one with data, ... Each section has a name, and different compilers use different section names. Section names can help us identify the compiler and the type of PE file we are analyzing.
---------------------------------------------
https://isc.sans.edu/diary/rss/22576
*** TLS security: Past, present and future ***
---------------------------------------------
The Transport Layer Security (TLS) protocol as it stands today has evolved from the Secure Sockets Layer (SSL) protocol from Netscape Communications and the Private Communication Technology (PCT) protocol from Microsoft that were developed in the 1990s, mainly to secure credit card transactions over the Internet. It soon became clear that a unified standard was required, and an IETF TLS WG was tasked. As a result, TLS 1.0 was specified in 1999, TLS 1.1 in [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/07/03/tls-security/
*** Achtung, Fake: Nein, Billa verlost keinen 250-Euro-Gutschein auf Whatsapp ***
---------------------------------------------
Der Kettenbrief verbreitet sich momentan rasant - Verlinkung auf mysteriöse Seite
---------------------------------------------
http://derstandard.at/2000060650645
*** WSUSpendu? What for? ***
---------------------------------------------
At BlackHat USA 2015, the WSUSpect attack scenario has been released. Approximately at the same time, some french engineers have been wondering if it would be possible to use a compromised WSUS server to extend the compromise to its clients, similarly to this WSUSpect attack. After letting this topic rest for almost two years, weve been able, at Alsid and ANSSI, to demonstrate this attack.
---------------------------------------------
https://github.com/AlsidOfficial/WSUSpendu
*** SB17-184: Vulnerability Summary for the Week of June 26, 2017 ***
---------------------------------------------
Original release date: July 03, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit [...]
---------------------------------------------
https://www.us-cert.gov/ncas/bulletins/SB17-184
*** DSA-3901 libgcrypt20 - security update ***
---------------------------------------------
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon GrootBruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal andYuval Yarom discovered that Libgcrypt is prone to a local side-channelattack allowing full key recovery for RSA-1024.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3901
*** Bugtraq: [CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540794
*** Microsoft Dynamics CRM Input Validation Flaw in SyncFilterPage.aspx Lets Remote Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1038813
*** FortiWLM upgrade user account hard-coded credentials ***
---------------------------------------------
FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller. Having the upgrade account credentials would allow an attacker to transfer files to any attached or previously attached controllers as an admin user, thus raising potential further security issues.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-115
*** F5 Security Advisories ***
---------------------------------------------
*** BIND vulnerability CVE-2017-3142 ***
https://support.f5.com/csp/article/K59448931
---------------------------------------------
*** BIND vulnerability CVE-2017-3143 ***
https://support.f5.com/csp/article/K02230327
---------------------------------------------
*** GnuTLS vulnerability CVE-2017-7507 ***
https://support.f5.com/csp/article/K37830055
---------------------------------------------
*** Novell Patches ***
---------------------------------------------
*** Sentinel 8.1 (Sentinel 8.1.0.0) Build 3732 ***
https://download.novell.com/Download?buildid=SISjocZzgJM~
---------------------------------------------
*** eDirectory 9.0.3 Patch 1 (9.0.3.1) ***
https://download.novell.com/Download?buildid=_f8Eq87R-gs~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 10 HotFix 1 ***
https://download.novell.com/Download?buildid=z1R5CZBTHBM~
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Improper Authentication vulnerability affects IBM Security Guardium (CVE-2017-1264) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004425
---------------------------------------------
*** IBM Security Bulletin: IBM Security Guardium is affected by XML External Entity vulnerability (CVE-2017-1254) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004463
---------------------------------------------
*** IBM Security Bulletin: OS Command Injection vulnerability affects IBM Security Guardium (CVE-2017-1253 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004426
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management could allow a local user to obtain sensitive information due to inappropriate data retention of attachments(CVE-2017-1176) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22005210
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection(CVE-2017-1175) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22005212
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting(CVE-2017-1208) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22005243
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities affect the Report Builder that is shipped with Jazz Reporting Service ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001007
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology ***
http://www.ibm.com/support/docview.wss?uid=swg21999760
---------------------------------------------
*** IBM Security Bulletin: Cross-site scripting vulnerabilities affect IBM Rational Team Concert ***
http://www.ibm.com/support/docview.wss?uid=swg22004611
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in NTP and OpenSSL affect IBM Netezza Firmware Diagnostics ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997020
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect SmartCloud Entry ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025357
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus ***
http://www.ibm.com/support/docview.wss?uid=swg22005345
---------------------------------------------
*** IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Information Disclosure vulnerability ***
http://www.ibm.com/support/docview.wss?uid=swg22005382
---------------------------------------------
*** IBM Security Bulletin: IBM Integration Bus and WebSphere Message Broker are affected by Unquoted Search Path or Element (CWE-428) Vulnerability on Windows ***
http://www.ibm.com/support/docview.wss?uid=swg22005383
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus ***
http://www.ibm.com/support/docview.wss?uid=swg22005335
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients (CVE-2016-2849). ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001108
---------------------------------------------
*** IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability ***
http://www.ibm.com/support/docview.wss?uid=swg22005331
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 29-06-2017 18:00 − Freitag 30-06-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Eternal Champion Exploit Analysis ***
---------------------------------------------
Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the latest mitigations in Windows 10 break the exploit as-written....
---------------------------------------------
https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit…
*** Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone ***
---------------------------------------------
A fourth ransomware campaign focused on Ukraine has surfaced today, following some of the patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-…
*** Sicherheitsupdates angekündigt: Ciscos IOS-System ist für Schadcode anfällig ***
---------------------------------------------
Bisher können Betroffene die Bedrohung durch neu entdeckte Schwachstellen in Ciscos IOS und IOS EX nur über Workarounds eindämmen. Sicherheitspatches sollen folgen.
---------------------------------------------
https://heise.de/-3759927
*** e-Government in Deutschland: Kritische Schwachstellen in zentraler Transportkomponente ***
---------------------------------------------
You can find the English version of this post here containing further technical details.Die "OSCI-Transport" Java-Bibliothek ist eine Kernkomponente im deutschen e-Government. Schwachstellen in dieser Komponente erlauben es einem Angreifer, bestimmte zwischen Behörden ausgetauschte Informationen zu entschlüsseln oder zu manipulieren bzw. sogar Daten von Behördenrechnern auszulesen.OSCI-Transport ist ein Protokoll, das dazu dient Daten zwischen Behörden sicher [...]
---------------------------------------------
http://blog.sec-consult.com/2017/06/e-government-in-deutschland-schwachstel…
*** Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation ***
---------------------------------------------
On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as a worm on older platforms, particularly Windows 7 and Windows Server 2008 systems that haven't...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/30/exploring-the-crypt-ana…
*** Eternal Blues: A free EternalBlue vulnerability scanner ***
---------------------------------------------
It is to be hoped that after the WannaCry and NotPetya outbreaks, companies will finally make sure to install - on all their systems - the Windows update that patches SMB vulnerabilities leveraged by the EternalBlue and EternalRomance exploits. These exploits are currently available to practically any hacker who might want to use them, and protecting systems against them should be a must for every organization. But while bigger ones might have an IT department [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/06/30/eternal-blues-eternalblue-vulner…
*** Cyber Europe 2016: Key lessons from a simulated cyber crisis ***
---------------------------------------------
Today marks the end of the latest cyber crisis exercise organised by ENISA, with the release of the after action report and closure video of Cyber Europe 2016.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2016-key-lessons-f…
*** TeleBots are back: supply-chain attacks against Ukraine ***
---------------------------------------------
The latest Petya-like outbreak has gathered a lot of attention from the media. However, it should be noted that this was not an isolated incident: this is the latest in a series of similar attacks in Ukraine. This blogpost reveals many details about the Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya) outbreak and related information about previously unpublished attacks.
---------------------------------------------
https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attack…
*** How Malicious Websites Infect You in Unexpected Ways ***
---------------------------------------------
You probably spend most of your time on a PC browsing, whether that is Facebook, news or just blogs or pages that appeal to your particular interest. If a malicious hacker wants to break into your computer and scramble the kilobytes that make up your digital life, his starting point will be to create a [...]
---------------------------------------------
https://heimdalsecurity.com/blog/malicious-websites/
*** SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software ***
---------------------------------------------
The Simple Network Management Protocol(SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
*** Schneider Electric U.motion Builder ***
---------------------------------------------
This advisory contains mitigation details for SQL injection, path traversal, improper authentication, use of hard-coded password, improper access control, denial of service, and information disclosure vulnerabilities in Schneider Electric's U.motion Builder.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-180-02
*** BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt ***
---------------------------------------------
http://www.securitytracker.com/id/1038809
*** SSA-545214 (Last Update 2017-06-29): Vulnerability in ViewPort for Web Office Portal ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214…
*** SSA-874235 (Last Update 2017-06-29): Intel Vulnerability in Siemens Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235…
*** 2017-06-16 (updated 2017-06-30): Cyber Security Notification - CrashOverride/Industroyer Malware ***
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1003&Lang…
*** [2017-06-30] Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government ***
---------------------------------------------
The OSCI-transport library 1.2, a core component of Germanys e-government infrastructure, is affected by XXE, padding oracle and signature wrapping. These vulnerabilities could be used to read local files from OSCI-systems, decrypt certain parts of a message or, under specific circumstances, even to forge messages.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin:OpenSource ICU4C Vulnernabilties in IBM eDiscovery Analyzer ***
https://www-01.ibm.com/support/docview.wss?uid=swg21996949
---------------------------------------------
*** IBM Security Bulletin:Cross-site scripting vulnerability in WebSphere Application Server admin console in IBM Content Collector for Email ***
https://www-01.ibm.com/support/docview.wss?uid=swg21998348
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer ***
https://www-01.ibm.com/support/docview.wss?uid=swg21996957
---------------------------------------------
*** IBM Security Bulletin: WebSphere Application Server vulnerability with malformed SOAP requests in IBM Content Collector for Email ***
https://www-01.ibm.com/support/docview.wss?uid=swg21998347
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Struts vulnerability in Content Collector for IBM Connections ***
https://www-01.ibm.com/support/docview.wss?uid=swg21999097
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint ***
https://www-01.ibm.com/support/docview.wss?uid=swg21999099
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for File Systems ***
https://www-01.ibm.com/support/docview.wss?uid=swg21999105
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Email ***
https://www-01.ibm.com/support/docview.wss?uid=swg21999106
---------------------------------------------
*** IBM Security Bulletin: Open Source Apache PDFBox Vulnerability in IBM eDiscovery Analyzer ***
https://www-01.ibm.com/support/docview.wss?uid=swg21991027
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Struts vulnerability in Content Collector for IBM Connections ***
https://www-01.ibm.com/support/docview.wss?uid=swg21999098
---------------------------------------------
*** IBM Security Bulletin: zlib vulnerability may affect IBM SDK, Java Technology Edition ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004465
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Intel Ethernet Controller XL710 affects IBM MQ Appliance ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002763
---------------------------------------------
*** IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Security Guardium (CVE-2017-1256) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004461
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance ***
http://www.ibm.com/support/docview.wss?uid=isg3T1025342
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect Content Collector for IBM Connections ***
https://www-01.ibm.com/support/docview.wss?uid=swg22001465
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM eDiscovery Analyzer ***
https://www-01.ibm.com/support/docview.wss?uid=swg22001458
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM Content Collector for Microsoft SharePoint ***
https://www-01.ibm.com/support/docview.wss?uid=swg22001455
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM Content Collector for File Systems ***
https://www-01.ibm.com/support/docview.wss?uid=swg22001463
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2017 - Includes Oracle Jan 2017 CPU affect IBM Content Collector for Email ***
https://www-01.ibm.com/support/docview.wss?uid=swg22001460
---------------------------------------------
*** IBM Security Bulletin: WebSphere Application Server vulnerability in IBM Content Collector for Email ***
https://www-01.ibm.com/support/docview.wss?uid=swg21998346
---------------------------------------------
*** IBM Security Bulletin: SQL Injection vulnerability affects IBM Security Guardium (CVE-2017-1269) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004462
---------------------------------------------
*** IBM Security Bulletin: Missing Authentication for Critical Function affects IBM Security Guardium (CVE-2017-1258) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004309
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Guardium is affected by Cleartext Transmission of Sensitive Information vulnerability (CVE-2016-0238 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989124
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal (CVE-2015-8743) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003173
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 28-06-2017 18:00 − Donnerstag 29-06-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Petya/NotPetya: Kein Erpressungstrojaner sondern ein "Wiper" ***
---------------------------------------------
Nach eingehenden Analysen des Schädlings NotPetya sind sich die meisten Experten einig: Der Schädling hatte es nicht auf Geld abgesehen sondern auf Randale, sprich: auf möglichst großen Datenverlust bei den Opfern.
---------------------------------------------
https://heise.de/-3759293
*** Update on Petya malware attacks ***
---------------------------------------------
As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/06/28/update-on-petya-malware…
*** Websites Grabbing User-Form Data Before Its Submitted ***
---------------------------------------------
Websites are sending information prematurely:...we discovered NaviStones code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it even if those people immediately changed their minds and closed the page.This is important because it goes [...]
---------------------------------------------
https://www.schneier.com/blog/archives/2017/06/websites_grabbi.html
*** Microsoft Announces "Controlled Folder Access" to Fend Off Crypto-Ransomware ***
---------------------------------------------
This fall, Microsoft plans to release a new Windows Defender feature called Controlled Folder Access, which blocks and blacklists unauthorized apps from making changes to files located inside specially-designated folders. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-control…
*** DFN-CERT-2017-1124: Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1124/
*** Symantec Management Console XSS/XXE Issues ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se…
*** Kaspersky Anti-Virus for Linux File Server Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks, Remote Authenticated Users View Files on the Target System, and Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1038798
*** Bugtraq: ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540783
*** 2017-06-16 (updated 2017-06-27): Cyber Security Notification - CrashOverride/Industroyer Malware ***
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1003&Lang…
*** SMTP - Moderatley Critical - Information Disclosure - SA-CONTRIB-2017-055 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-055Project: SMTP Authentication Support (third-party module)Version: 7.x, 8.xDate: 2017-June-28Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureDescriptionThis SMTP module enables you to send mail using a third party (non-system) mail service instead of the local system mailer included with Drupal. When this module is in debugging mode, it will log privileged [...]
---------------------------------------------
https://www.drupal.org/node/2890357
*** Services - Critical - SQL Injection - SA-CONTRIB-2017-054 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-054Project: Services (third-party module)Version: 7.xDate: 2017-June-28Security risk: 19/25 ( Critical) AC:None/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module doesnt sufficiently sanitize column names provided by the client when they are querying for data and trying to sort it.This vulnerability is [...]
---------------------------------------------
https://www.drupal.org/node/2890353
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2 and v5.0.2. (CVE-2017-3539, CVE-2016-9840, CVE-2016-9841,CVE-2016-9842, CVE-2016-9843) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005365
*** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1217) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004348
*** IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, ***
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/java_apr2017_advisory.asc
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 27-06-2017 18:00 − Mittwoch 28-06-2017 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** Newport XPS-Cx, XPS-Qx ***
---------------------------------------------
This advisory contains mitigation details for an improper authentication vulnerability in the Newport XPS-Cx and XPS-Qx controllers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-178-01
*** Schroedinger’s Pet(ya) ***
---------------------------------------------
Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time. Despite rampant public speculation, the following is what we can confirm from our independent analysis.
---------------------------------------------
http://securelist.com/schroedingers-petya/78870/
*** Microsoft bringing EMET back as a built-in part of Windows 10 ***
---------------------------------------------
The built-in exploit mitigations are getting stronger and easier to configure.
---------------------------------------------
https://arstechnica.com/?p=1124813
*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues ..
---------------------------------------------
https://support.citrix.com/article/CTX224740
*** New ransomware, old techniques: Petya adds worm capabilities ***
---------------------------------------------
On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-tech…
*** DFN-CERT-2017-1114/">systemd: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff und die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1114/
*** DFN-CERT-2017-1112/">Microsoft Azure Active Directory (AD) Connect: Eine Schwachstelle ermöglicht eine Privilegieneskalation ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1112/
*** DSA-3900 openvpn - security update ***
---------------------------------------------
Several issues were discovered in openvpn, a virtual private network application.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3900
*** Security Advisory - DoS Vulnerability of isub Service in Some Huawei Smartphones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170628-…
*** HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution ***
---------------------------------------------
Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution.
---------------------------------------------
http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbgn03763en_us
*** Linux-Kernel-Security: Torvalds bezeichnet Grsecurity als "Müll" ***
---------------------------------------------
Mit seinem wie üblich wenig diplomatischen Feingefühl machte Kernel-Chefhacker Linus Torvalds auf der Kernel-Mailingliste deutlich, was er von dem auf Sicherheit fokussierten ..
---------------------------------------------
https://www.golem.de/news/linux-kernel-security-torvalds-bezeichnet-grsecur…
*** Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS ***
---------------------------------------------
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we recorded was:30 Mpps (millions of packets per second)80 ..
---------------------------------------------
https://blog.cloudflare.com/ssdp-100gbps/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 26-06-2017 18:00 − Dienstag 27-06-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Petya Ransomware Outbreak ***
---------------------------------------------
Heute hat es in mehreren Firmen in Europa IT-Ausfälle durch Ransomware gegeben. Dabei dürfte die Ransomware auch ein "lateral movement" innerhalb einer Organisation durchführen, und so eine breitflächige Infektion und damit Verschlüsselung erreichen. Die Faktenlage zu den genauen Vektoren, sowohl für die initiale Infektion, als auch für die Weiterverbreitung innerhalb des lokalen Netzes, ist noch sehr dünn und [...]
---------------------------------------------
http://www.cert.at/services/blog/20170627170903-2046.html
*** Second Global Ransomware Outbreak Under Way ***
---------------------------------------------
A massive ransomware outbreak is spreading globally and being compared to WannaCry.
---------------------------------------------
http://threatpost.com/second-global-ransomware-outbreak-under-way/126549/
*** E-Mails über angebliche Verkehrsstrafen ***
---------------------------------------------
E-Mails über angebliche Verkehrsstrafen – ACHTUNG: dahinter verbirgt sich Schadsoftware
---------------------------------------------
http://www.bmi.gv.at/cms/BK/betrug/files/2762017_E_Mails_ber_angebliche_Ver…
*** How Spora ransomware tries to fool antivirus ***
---------------------------------------------
Spora ransomware is back and its trying to confuse antivirus products and email filters.
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/fpIDs0aHpNY/
*** $1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks ***
---------------------------------------------
The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-paymen…
*** How Not to Encrypt a File - Courtesy of Microsoft ***
---------------------------------------------
A client recently sent me a crypto spec which involved some, how do I say, suboptimal use of crypto primitives. They're .Net users so I decided to search for a nice msdn crypto reference to set them straight. Instead I found the likely culprit behind their confusion.
---------------------------------------------
https://medium.com/@bob_parks1/how-not-to-encrypt-a-file-courtesy-of-micros…
*** New Shifr RaaS Lets Any Dummy Enter the Ransomware Business ***
---------------------------------------------
Several security researchers have spotted a new Ransomware-as-a-Service (RaaS) portal over the weekend that lets anyone generate their own ransomware executable just by filling in three form fields and pressing a button. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-shifr-raas-lets-any-dumm…
*** What's new in Windows Defender ATP Fall Creators Update ***
---------------------------------------------
When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-de…
*** Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 Hot Patch 2 ***
---------------------------------------------
Abstract: Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 HP2 has been released. Please see the details section below for installation instructions and the change log section for bug fixes since the last release. NOTE: Please do not continue using older versions of GMS SSLCheck. It has been superceded by GroupWise Mobility Service SSLCheck 1.1 found here: http://download.novell.com/Download?buildid=9naDJkniVtg~Document ID: 5311890Security Alert: YesDistribution Type: [...]
---------------------------------------------
https://download.novell.com/Download?buildid=SIbPzOKmofQ~
*** SSA-874235 (Last Update 2017-06-26): Intel Vulnerability in Siemens Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System ***
http://www-01.ibm.com/support/docview.wss?uid=swg22005209
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK Java Technology Edition Version 6, 7, 8 and IBM Runtime Environment Java Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation ***
http://www.ibm.com/support/docview.wss?uid=swg22003154
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM PureApplication System (CVE-2017-3731) ***
http://www.ibm.com/support/docview.wss?uid=swg22005135
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003285
---------------------------------------------
*** IBM Security Bulletin: Security vulnerability in SWF files shipped with IBM Cúram Social Program Management (CVE-2017-1106) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22004580
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 23-06-2017 18:00 − Montag 26-06-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Erneut kritische Lücke in Windows Defender & Co ***
---------------------------------------------
Alle AV-Produkte aus dem Hause Microsoft wiesen einen kritischen Fehler auf, der es erlaubte, Windows-Systeme zu kapern. Dazu genügte es, wenn die AV-Software etwa eine Datei in einer E-Mail oder auf der Festplatte auf Schadcode untersucht.
---------------------------------------------
https://heise.de/-3756013
*** Brutal Kangaroo: CIA-Werkzeug infiziert Rechner per USB-Stick ***
---------------------------------------------
WikiLeaks hat geheime CIA-Dokumente veröffentlicht, in denen eine Werkzeug-Suite beschrieben ist, mit der sich via USB-Stick Informationen von Rechnern abgreifen lassen, die nicht mit dem Internet verbunden sind.
---------------------------------------------
https://heise.de/-3754923
*** Aktuelle Intel-Prozessoren von "Albtraum"-Bug geplagt ***
---------------------------------------------
Debian-Projekt spürt Fehler auf, der zu Datenverlust unter allen Betriebssystemen führen kann
---------------------------------------------
http://derstandard.at/2000059819966
*** Cyber-Angriffe auf private E-Mail-Postfächer von Funktionsträgern ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet derzeit professionelle Cyber-Angriffe auf private E-Mail-Postfächer von Funktionsträgern aus Wirtschaft und Verwaltung. Bei dieser Angriffskampagne werden täuschend echt erscheinende Spearphishing-Mails an ausgewähltes Spitzenpersonal gesandt. Die Angreifer geben beispielsweise vor, Auffälligkeiten bei der Nutzung des Postfachs [...]
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Spearphishi…
*** Traveling with a Laptop / Surviving a Laptop Ban: How to Let Go of "Precious", (Mon, May 29th) ***
---------------------------------------------
For a few months now, passengers on flights from certain countries are no longer allowed to carry laptops and other larger electronic devices into the cabin. Many news media reported over the last weeks that this policy may be expanded to flight from Europe, or to all flights entering the US. But even if you get to keep your laptop with you during your flight, it is difficult to keep it at your site when you travel. So regardless if this ban materializes or not (right now it looks like it will [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/22462
*** Malware: Der unvollständige Ransomware-Schutz von Windows 10 S ***
---------------------------------------------
Windows 10 S soll vor Ransomware schützen - sagt Microsoft. Einem Sicherheitsforscher gelang es trotzdem, innerhalb weniger Stunden Zugriff auf Systemprozesse zu bekommen.
---------------------------------------------
https://www.golem.de/news/malware-der-unvollstaendige-ransomware-schutz-von…
*** Look, But Dont Touch: One Key to Better ICS Security ***
---------------------------------------------
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
---------------------------------------------
https://www.darkreading.com/vulnerabilities---threats/look-but-dont-touch-o…
*** Blocks and Chains now available ***
---------------------------------------------
Our book has just been published: Blocks and Chains: Introduction to Bitcoin, Cryptocurrencies, and Their Consensus Mechanisms. Aljosha Judmayer, Nicholas Stifter, Katharina Krombholz, and Egar Weippl
---------------------------------------------
https://www.sba-research.org/2017/06/24/blocks-and-chains-now-available/
*** DFN-CERT-2017-1100: Microsoft Malware Protection Engine: Eine Schwachstelle ermöglicht die komplette Systemübernahme ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1100/
*** Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Multiple Vulnerabilities ***
---------------------------------------------
Symantec has released an update to address three issues that were discovered in the Symantec Messaging Gateway (SMG).
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s…
*** Vuln: Multiple Pivotal Products CVE-2017-4974 SQL Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/99254
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: API security restrictions can be bypassed in IBM API Connect (CVE-2017-1328) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003867
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting. (CVE-2017-1234) ***
http://www.ibm.com/support/docview.wss?uid=swg22004948
---------------------------------------------
*** IBM Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs. ***
http://www.ibm.com/support/docview.wss?uid=swg22004947
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22005149
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM has weak password requirements. (CVE-2016-9738) ***
http://www.ibm.com/support/docview.wss?uid=swg22004926
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972) ***
http://www.ibm.com/support/docview.wss?uid=swg22004925
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003998
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ***
http://www.ibm.com/support/docview.wss?uid=swg22004713
---------------------------------------------
*** IBM Security Bulletin: Vulnerability affects WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000300
---------------------------------------------
*** IBM Security Bulletin: October 2015 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009992
---------------------------------------------
*** IBM Security Bulletin: July 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009972
---------------------------------------------