Daily

daily@lists.cert.at

1 participants
3086 discussions

Tageszusammenfassung - Donnerstag 8-06-2017
by Daily end-of-shift report 08 Jun '17

08 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-06-2017 18:00 − Donnerstag 08-06-2017 18:00 Handler: Alexander Riepl Co-Handler: Olaf Schwarz *** Deceptive Advertisements: What they do and where they come from *** --------------------------------------------- About a week ago, a reader asked for help with a nasty typo squatting incident: The site, yotube.com, at the time redirected to fake tech support sites. These sites typically pop up a message alerting the user of a made-up problem and offer a phone number for tech support. Investigating the site, I found ads, all of which can be characterized as deceptive. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22494 *** SSTIC 2017 Wrap-Up Day #1 *** --------------------------------------------- I’m in Rennes, France to attend my very first edition of the SSTIC conference. SSTIC is an event organised in France, by and for French people. The acronym means “Symposium sur la sécurité des technologies de l’information et des communications“. The event has a good reputation about its content but is also known to have a very strong policy to sell tickets. --------------------------------------------- https://blog.rootshell.be/2017/06/08/sstic-2017-wrap-day-1/ *** Summer STEM for Kids *** --------------------------------------------- Its summertime and your little hackers need something to keep them busy! Let look at some of the options for kids to try out. Ive tried out each of these programs and have had good luck with them. Please post in comments any site you have been successful with your kids in teaching them STEM or IT Security. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22496 *** Sicherheitsupdates: VMware vSphere Data Protection angreifbar *** --------------------------------------------- In einer Komponente von vSphere klaffen zwei als kritisch eingestufte Lücken, über die Angreifer beliebige Befehle ausführen und Log-in-Daten abziehen können. --------------------------------------------- https://heise.de/-3737673 *** Foscam: IoT-Hersteller ignoriert Sicherheitslücken monatelang *** --------------------------------------------- Die IoT-Apokalypse hört nicht auf: Erneut wurden zahlreiche Schwachstellen in einer IP-Kamera dokumentiert. Der Hersteller reagiert mehrere Monate lang nicht auf die Warnungen. --------------------------------------------- https://www.golem.de/news/foscam-iot-hersteller-ignoriert-sicherheitsluecke… *** A new Linux Malware targets Raspberry Pi devices to mine Cryptocurrency *** --------------------------------------------- Security researchers at Dr. Web discovered two new Linux Malware, one of them mines for cryptocurrency using Raspberry Pi Devices. Malware researchers at the Russian antivirus maker Dr.Web have discovered a new Linux trojan, tracked as Kinux.MulDrop.14, that is infecting Raspberry Pi devices with the purpose of mining cryptocurrency. --------------------------------------------- http://securityaffairs.co/wordpress/59842/malware/linux-malware-raspberry-p… *** The Reigning King of IP Camera Botnets and its Challengers *** --------------------------------------------- Early this month we discussed a new Internet of Things (IoT) botnet called Persirai (detected by Trend Micro as ELF_PERSIRAI.A), which targets over 1000 Internet Protocol (IP) camera models. Currently, through Shodan and our own research, we see that 64% of tracked IP cameras with custom http servers are infected with Persirai. But, because these cameras are such common targets, there is some competition between malware. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XMVX_tvNlNw/ *** Versehentlich aktiviertes Debugging-Tool gefährdet Cisco Data Center Network Manager *** --------------------------------------------- Sicherheitsupdates schließen zum Teil als kritisch eingestufte Lücken in Cisco AnyConnect, DCNM und TelePresence. --------------------------------------------- https://heise.de/-3737633 *** Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Cisco Context Service SDK Arbitrary Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server.The vulnerability is due to insufficient validation of the update JAR files signature. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…

1 0

Tageszusammenfassung - Mittwoch 7-06-2017
by Daily end-of-shift report 07 Jun '17

07 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-06-2017 18:00 − Mittwoch 07-06-2017 18:00 Handler: Alexander Riepl Co-Handler: Olaf Schwarz *** Rockwell Automation PanelView Plus 6 700-1500 *** --------------------------------------------- This advisory contains mitigation details for a missing authorization vulnerability in Rockwell Automation's PanelView Plus 6 700-1500. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01 *** Digital Canal Structural Wind Analysis *** --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Digital Canal Structural's Wind Analysis. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-157-02 *** Curiosity Kills Security When it Comes to Phishing *** --------------------------------------------- The results of an academic experiment reveal that recipients of Facebook messages are much more likely to click on suspicious links. --------------------------------------------- http://threatpost.com/curiosity-kills-security-when-it-comes-to-phishing/12… *** Privileges and Credentials: Phished at the Request of Counsel *** --------------------------------------------- Summary In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-… *** Russische Hacker erteilen Befehle über Britney Spears Instagram *** --------------------------------------------- Adresse von Kontrollserver wurde in Nutzerkommentar zu Foto des Popstars versteckt. --------------------------------------------- http://derstandard.at/2000058853606 *** VMware-Admins aufgepasst: Es gibt wichtige Updates für ESXi *** --------------------------------------------- Wer Version 6.0 des ESXi-Hypervisors von VMware einsetzt, sollte Zeit zum Patchen einplanen. Einige Bugs und Sicherheitslücken wollen ausgebügelt werden. --------------------------------------------- https://heise.de/-3736872 *** [2017-06-07] Various WiMAX CPEs Authentication Bypass *** --------------------------------------------- Various WiMAX routers by GreenPacket, Huawei, MADA, MitraStar, ZTE and ZyXEL are affected by an authentication bypass vulnerability that allows an attacker to take over the web interface. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Ghosts from the past: Authentication bypass and OEM backdoors in WiMAX routers *** --------------------------------------------- SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user. --------------------------------------------- http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.… *** PLATINUM continues to evolve, find ways to maintain invisibility *** --------------------------------------------- Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-e… *** VMSA-2017-0010 *** --------------------------------------------- vSphere Data Protection (VDP) updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0010.html

1 0

Tageszusammenfassung - Dienstag 6-06-2017
by Daily end-of-shift report 06 Jun '17

06 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-06-2017 18:00 − Dienstag 06-06-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Hack Brief: Dangerous ‘Fireball’ Adware Infects a Quarter Billion PCs *** --------------------------------------------- A widespread adware infection hides the ability to inflict far worse than spammy browser tweaks. --------------------------------------------- https://www.wired.com/2017/06/hack-brief-dangerous-fireball-adware-infects-… *** FakeGlobe and Cerber Ransomware: Sneaking under the radar while WeCry *** --------------------------------------------- Recently, we observed a constant influx of spam that distributes two ransomware families, perhaps trying to sneak in while everyone is focused with the recent WannaCry malware. Based on data .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/FakeGlobe-and-Cerber-Ransomw… *** Wie Hacker mit ihren Smartphones beim Glücksspiel betrügen *** --------------------------------------------- Russische Mafia konnte Automaten durch Reverse Engineering durchschauen und per Vibrationsalarm richtigen Moment zum Drücken festlegen --------------------------------------------- http://derstandard.at/2000052237768 *** DSA-3873 perl - security update *** --------------------------------------------- The cPanel Security Team reported a time of check to time of use(TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3873 *** 53 Percent of Enterprise Flash Installs are Outdated *** --------------------------------------------- More than half of enterprises are exposing themselves to unnecessary risk by running out-of-date versions of Flash. --------------------------------------------- http://threatpost.com/53-percent-of-enterprise-flash-installs-are-outdated/… *** 40,000 Subdomains Tied to RIG Exploit Kit Shut Down *** --------------------------------------------- GoDaddy, along with researchers from RSA Security and other companies, shut down tens of thousands of illegal established subdomains tied to the RIG Exploit Kit. --------------------------------------------- http://threatpost.com/40000-subdomains-tied-to-rig-exploit-kit-shut-down/12… *** Passwortmanager: Kundendaten von Onelogin gehackt *** --------------------------------------------- Ein Passwortmanager soll Nutzern helfen, sichere Passwörter zu generieren und sicher zu speichern. Bei dem Betreiber Onelogin wurden jedoch zahlreiche Informationen von Nutzern durch .. --------------------------------------------- https://www.golem.de/news/passwortmanger-kundendaten-von-onelogin-gehackt-1… *** Security Advisory 2017-03: Security Update for all OTRS Versions *** --------------------------------------------- https://www.otrs.com/security-advisory-2017-03-security-update-otrs-version… *** Security Advisory 2017-02: Security Update for all OTRS Versions *** --------------------------------------------- https://www.otrs.com/security-advisory-2017-02-security-update-otrs-version… *** Erpressungstrojaner WannaCry: Mängel im Code steigern Chancen für Opfer *** --------------------------------------------- Sicherheitsforscher haben sich den Code der Ransomware angeschaut und diverse Schnitzer gefunden. Mit etwas Glück können Opfer wieder Zugriff auf ihre Dateien bekommen. --------------------------------------------- https://heise.de/-3734698 *** Patchday: Fehlerbereinigte Android-Versionen für Nexus, Pixel & Co. veröffentlicht *** --------------------------------------------- Google hat mehrere Sicherheitslücken in Android gestopft – darunter auch kritische. Wer ein Google-Gerät besitzt, sollte es zügig aktualisieren. Auch Besitzer von Geräten anderer Hersteller sollten prüfen, ob es eine Aktualisierung gibt. --------------------------------------------- https://heise.de/-3735188

1 0

Tageszusammenfassung - Freitag 2-06-2017
by Daily end-of-shift report 02 Jun '17

02 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 01-06-2017 18:00 − Freitag 02-06-2017 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller *** --------------------------------------------- This advisory contains mitigation details for a use of hard-coded password vulnerability in the Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-152-01 *** Passwords at the Border *** --------------------------------------------- The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesnt make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode .. --------------------------------------------- https://www.schneier.com/blog/archives/2017/06/passwords_at_th.html *** Financial malware more than twice as prevalent as ransomware *** --------------------------------------------- Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate .. --------------------------------------------- https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevale… *** CIA Malware Can Switch Clean Files With Malware When You Download Them via SMB *** --------------------------------------------- After taking last week off, WikiLeaks came back today and released documentation on another .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cia-malware-can-switch-clean… *** DSA-3872 nss - security update *** --------------------------------------------- Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure. --------------------------------------------- https://www.debian.org/security/2017/dsa-3872 *** DSA-3871 zookeeper - security update *** --------------------------------------------- It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. --------------------------------------------- https://www.debian.org/security/2017/dsa-3871 *** Riverbed SteelHead VCX 9.6.0a Arbitrary File Read *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2017060017 *** Weak DevOps cryptographic policies increase financial services cyber risk *** --------------------------------------------- Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications. This is a particular issue for financial services organizations, which have .. --------------------------------------------- https://www.helpnetsecurity.com/2017/06/02/weak-devops-cryptographic-polici… *** Phishing Campaigns Follow Trends *** --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22482 *** WannaCry and Vulnerabilities *** --------------------------------------------- There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which .. --------------------------------------------- https://www.schneier.com/blog/archives/2017/06/wannacry_and_vu.html *** Hadoop Servers Expose Over 5 Petabytes of Data *** --------------------------------------------- Improperly configured HDFS-based servers, mostly Hadoop installs, are exposing over five petabytes of information, according to John Matherly, founder of Shodan, a .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hadoop-servers-expose-over-5… *** IBM Security Bulletin: Vulnerability in Samba affects IBM Netezza Host Management *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22003112 *** Check-Point-Bericht: Gefährliche Backdoor in jedem zehnten deutschen Unternehmensnetz *** --------------------------------------------- Die Fireball getaufte Adware ist mit über 250 Millionen Installationen nicht nur sehr verbreitet, sondern auch sehr gefährlich: Laut Check Point kann sie beliebigen Code auf dem System ausführen und so auch Malware nachladen. --------------------------------------------- https://heise.de/-3732893

1 0

Tageszusammenfassung - Donnerstag 1-06-2017
by Daily end-of-shift report 01 Jun '17

01 Jun '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 31-05-2017 18:00 − Donnerstag 01-06-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Aufgepasst: Googles AMP wird zur Tarnung von Phishing-Angriffen missbraucht *** --------------------------------------------- Russische Hacker benutzen Googles AMP-Dienst, um böse URLs als Google-Dienste zu tarnen. Es ist nur eine Frage der Zeit, bis das Schule macht. --------------------------------------------- https://heise.de/-3731578 *** Cisco, Netgear Readying Patches for Samba Vulnerability *** --------------------------------------------- Cisco is prepping fixes for two of its products affected by last weeks Samba vulnerability. Netgear has also pushed out a fix for NAS devices that were affected. --------------------------------------------- http://threatpost.com/cisco-netgear-readying-patches-for-samba-vulnerabilit… *** Sharing Private Data with Webcast Invitations, (Thu, Jun 1st) *** --------------------------------------------- Last week, at a customer, we received a forwarded emailin a shared mailbox. It was somebody from another department that shared an invitation for a webcast that could be interesting for you, guys!. This time, no phishing attempt, no malware, just a regular email sent from a well-known security vendor. A colleague was interested in the webcast and clicked on the registration link. He was redirected to a page and was surprised to see all the fields already prefilled with the personal details of [...] --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22478&rss *** Motorcycle Gang Busted For Hacking and Stealing Over 150 Jeep Wranglers *** --------------------------------------------- An anonymous reader writes: "The FBI has arrested members of a motorcycle gang accused to have hacked and stolen over 150 Jeep Wranglers from Southern California, which they later crossed the border into Mexico to have stripped down for parts," reports Bleeping Computer. What stands apart is how the gang operated. This involved gang members getting the Jeep Wrangler VIN (Vehicle Identification Number), accessing a proprietary Jeep database, and getting two codes needed to create a [...] --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xYKBhycly0Q/motorcycle-gang… *** An Elegant Way to Ruin Your Company's Day - Introduction to Public AWS EBS Snapshots *** --------------------------------------------- TL;DR Creating public (unencrypted) EBS Snapshots might not be a great idea. Even if you are going to share them "just for a second". A lot can be fished out of these snapshots: ssh keys, tls/ssl certificates, aws credentials, private source code and internal (extremely) valuable HR/Accounting/IT documents. --------------------------------------------- https://www.nvteh.com/news/problems-with-public-ebs-snapshots *** Credit Card Breach at Kmart Stores. Again. *** --------------------------------------------- For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems. Last week I began hearing from smaller banks and credit unions who said they strongly suspected another card breach at Kmart. Some of those institutions received alerts from the credit card companies about batches of stolen cards that all had one thing in comment: They were all used at Kmart locations. Ask to respond to rumors about a card breach, [...] --------------------------------------------- https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-agai… *** NCSC releases factsheet Indicators of Compromise *** --------------------------------------------- In order to observe malicious digital activities within an organisation, Indicators of Compromise (IoCs) are a valuable asset. With IoCs, organisations can gain quick insights at central points in the network into malicious digital activities. When your organisation observes these activities, it is important to know what you can do to trace back which system is infected. Obtain as much contextual information with an IoC as possible, so that you get a clear picture of what is happening and how --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-releases-factsheet-ind… *** WannaCry Development Errors Enable File Recovery *** --------------------------------------------- Researchers at Kaspersky Lab have found a number of programming errors in the WannaCry ransomware code that put file recovery within reach of sysadmins. --------------------------------------------- http://threatpost.com/wannacry-development-errors-enable-file-recovery/1260… *** OneLogin suffers data breach, again *** --------------------------------------------- OneLogin, a popular single sign-on service that allows users to access thousands of popular cloud-based apps with just one password, has suffered what seems to be a serious data breach. According to a short blog post by the company's Chief Information Security Officer Alvaro Hoyos, they discovered the breach when, on Wednesday, they detected unauthorized access to OneLogin data in their US data region. --------------------------------------------- https://www.helpnetsecurity.com/2017/06/01/onelogin-data-breach/ *** [webapps] OV3 Online Administration 3.0 - Remote Code Execution *** --------------------------------------------- OV3 Online Administration 3.0 - Remote Code Execution --------------------------------------------- https://www.exploit-db.com/exploits/42096/?rss *** Indicators Associated With WannaCry Ransomware (Update H) *** --------------------------------------------- This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-135-01G Indicators Associated With WannaCry Ransomware that was published May 30, 2017, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01H *** Security Advisory - Multiple Security Vulnerabilities in HedEx product *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… *** DFN-CERT-2017-0945: Red Hat CloudForms Management Engine: Zwei Schwachstellen ermöglichen u.a. das Ausspähen von Informationen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0945/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier (CVE-2016-9977) *** http://www.ibm.com/support/docview.wss?uid=swg22003981 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in expat, nss, bind , policycoreutils, sudo shipped with SmartCloud Entry Appliance *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1025119 --------------------------------------------- *** IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-6816, CVE-2016-6817, CVE-2016-8735 ) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009962 --------------------------------------------- *** IBM Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Windows Client password exposure (CVE-2016-8939) *** http://www.ibm.com/support/docview.wss?uid=swg22003738 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware *** http://www.ibm.com/support/docview.wss?uid=swg22003673 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager *** http://www-01.ibm.com/support/docview.wss?uid=swg22004078 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager VMware (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306) *** http://www.ibm.com/support/docview.wss?uid=swg22000589 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the GSKit library affects IBM Cognos Metrics Manager *** http://www-01.ibm.com/support/docview.wss?uid=swg22004075 --------------------------------------------- *** IBM Security Bulletin: Multiple Security vulnerabilities in WebSphere Application Server Community Edition *** http://www-01.ibm.com/support/docview.wss?uid=swg22002267 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010243 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cognos Metrics Manager *** http://www-01.ibm.com/support/docview.wss?uid=swg22004074 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager *** http://www-01.ibm.com/support/docview.wss?uid=swg22004077 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows *** http://www-01.ibm.com/support/docview.wss?uid=swg22002135 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libxml2 and zlib affect IBM RackSwitch Products *** http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Asset Analyzer *** http://www-01.ibm.com/support/docview.wss?uid=swg22003418 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2017-3731, CVE-2016-7055) *** http://www.ibm.com/support/docview.wss?uid=swg22003793 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libX11 affect IBM BladeCenter Advanced Management Module (AMM) *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM) *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL/libcurl affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects MegaRAID Storage Manager (CVE-2016-8610) *** http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in dosfstools affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: IBM Development Package for Apache Spark update of IBM SDK Java Technology Edition *** http://www-01.ibm.com/support/docview.wss?uid=swg22003200 --------------------------------------------- *** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. *** http://www.ibm.com/support/docview.wss?uid=swg22004036 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 31-05-2017
by Daily end-of-shift report 31 May '17

31 May '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-05-2017 18:00 − Mittwoch 31-05-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Personal Security Guide - WiFi Network *** --------------------------------------------- This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach to security, you are protecting your website against attack vectors due to poor security practices in various aspects of your digital life. This post shares some insight on how to secure your network. When we talk about a network, we mean the way you connect to the internet. --------------------------------------------- https://blog.sucuri.net/2017/05/personal-security-guide-network-connection.… *** Kritische Infrastruktur: Meldepflicht für IT-Vorfälle deutlich erweitert *** --------------------------------------------- Die Meldepflicht für IT-Sicherheitsvorfälle ist auf weitere Branchen ausgedehnt worden. Damit steigt die Gesamtzahl auf mehr als 1.600 Einrichtungen in ganz Deutschland. --------------------------------------------- https://www.golem.de/news/kritische-infrastruktur-meldepflicht-fuer-it-vorf… *** HospitalGown: Appthority Discovers Backend Exposure of 43TB of Enterprise Data *** --------------------------------------------- [...] It's understandable that in mobile security we focus on the device, the apps it runs, and the networks it connects to. But what happens to the data from there? Cloud computing and storage are ubiquitous, advertising networks are the default revenue model for many apps, and analytics frameworks are driving design and implementation decisions. We can't ignore where the data goes. Like any other component of the larger system, these backend servers can introduce additional risk, [...] --------------------------------------------- https://www.appthority.com/mobile-threat-center/blog/hospitalgown-appthorit… http://info.appthority.com/hubfs/website-LEARN-content/Appthority%20Q2-17%2… *** XData Ransomware Master Decryption Keys Released. Kaspersky Releases Decryptor. *** --------------------------------------------- In what has become a welcome trend, today another ransomware master decryption key was released on BleepingComputer.com. This time the key that was released is for the XData Ransomware that was targeting the Ukraine around May 19th 2017. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/xdata-ransomware-master-decr… *** Indicators Associated With WannaCry Ransomware (Update G) *** --------------------------------------------- This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-135-01F Indicators Associated With WannaCry Ransomware that was published May 25, 2017, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01G *** WannaCry: Two Weeks and 16 Million Averted Ransoms Later *** --------------------------------------------- [...] What WannaCry does has been extensively documented by others, as seen in reports by BAE Systems, MalwareBytes, Endgame, and Talos. Rather than focusing on the technical functionality of the malware, this article will open a window into our recent experience with managing, mitigating, and tracking the propagation and evolution of the WannaCry outbreak, and the true extent of its reach. --------------------------------------------- https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html *** Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2), (Wed, May 31st) *** --------------------------------------------- Introduction In my previous diary, I did a very brief introduction on what the ACH method is [1], so that now all readers, also those who had never seen it before, can have a common basic understanding of it. One more thing I have not mentioned yet is how the scores are calculated. There are three different algorithms: an Inconsistency Counting algorithm, a Weighted Inconsistency Counting algorithm, and a Normalized algorithm [2]. The Weighted Inconsistency Counting algorithm, the one used in [...] --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22470&rss *** [webapps] Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution *** --------------------------------------------- https://www.exploit-db.com/exploits/42089/?rss *** Vulnerability in Samba Affecting Cisco Products: May 2017 *** --------------------------------------------- On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system.This vulnerability has been assigned CVE ID CVE-2017-7494This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/… On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Command Injection Vulnerability in the GaussDB *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… --------------------------------------------- *** Security Advisory - Command Injection Vulnerability in the NetEco *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in The GaussDB *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… --------------------------------------------- *** Security Advisory - Four Command Injection Vulnerabilities in The FusionSphere OpenStack *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… --------------------------------------------- *** Security Advisory - Authentication Bypass Vulnerability in the Backup Function of GaussDB *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… --------------------------------------------- *** Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… --------------------------------------------- *** Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in tcpdump affect AIX *** http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory2.asc --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager appliances *** http://www.ibm.com/support/docview.wss?uid=swg22003237 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+ *** http://www-01.ibm.com/support/docview.wss?uid=swg22003752 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments. *** http://www.ibm.com/support/docview.wss?uid=swg22004048 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. *** http://www-01.ibm.com/support/docview.wss?uid=swg22002991 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web *** http://www.ibm.com/support/docview.wss?uid=swg22003236 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect Tivoli Storage Manager (IBM Spectrum Protect) for Virtual Environments: Data Protection for VMware and FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware *** http://www.ibm.com/support/docview.wss?uid=swg22000212 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances may be affected by a kernel vulnerability known as the Dirty COW bug (CVE-2016-5195) *** http://www.ibm.com/support/docview.wss?uid=swg21997991 --------------------------------------------- *** IBM Security Bulletin: MQ Explorer directory created with owner '555' on Linux x86-64 vulnerability affects IBM MQ (CVE-2016-6089) *** http://www-01.ibm.com/support/docview.wss?uid=swg22003509 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware *** http://www.ibm.com/support/docview.wss?uid=swg22003620 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware *** http://www.ibm.com/support/docview.wss?uid=swg22003480 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 30-05-2017
by Daily end-of-shift report 30 May '17

30 May '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-05-2017 18:00 − Dienstag 30-05-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Chrome Bug Allows Sites to Record Audio and Video Without a Visual Indicator *** --------------------------------------------- Ran Bar-Zik, a web developer at AOL, has discovered and reported a bug in Google Chrome that allows websites to record audio and video without showing a visual indicator. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/chrome-bug-allows-sites-to-r… *** 5 incident response practices that keep enterprises from adapting to new threats *** --------------------------------------------- Security analysts within enterprises are living a nightmare that never ends. 24 hours a day, their organizations are being attacked by outside (and sometimes inside) perpetrators - hackers, hacktivists, competitors, disgruntled employees, etc. Attacks range in scope and sophistication, but are always there, haunting the security teams tasked with guarding against them. To cope with this never-ending, ever-changing slew of threats, most organizations rely on established best practices to [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/05/30/incident-response-practices/ *** Darauf sollen Unternehmer bei der IT-Sicherheit achten *** --------------------------------------------- Nahezu jeden Tag werden Cyberangriffe auf Unternehmen publik. Der Schaden ist oft erheblich. Wer ein paar einfache Tipps beachtet, kann das Risiko deutlich reduzieren. --------------------------------------------- https://futurezone.at/b2b/darauf-sollen-unternehmer-bei-der-it-sicherheit-a… *** Erpressungstrojaner Jaff: Vorsicht vor Mails mit PDF-Anhang *** --------------------------------------------- Derzeit landen vermehrt E-Mails mit einem manipulierten PDF-Dokument in Posteingängen. Wer das Dokument unter Windows öffnet, kann sich die Ransomware Jaff einfangen. Diese verschlüsselt Daten und versieht sie mit der Dateiendung .wlc. --------------------------------------------- https://heise.de/-3728073 *** FreeRADIUS: Anmelde-Server dank Sicherheitslücke viel zu gutgläubig *** --------------------------------------------- Bei der Wiederaufnahme von TLS-Verbindungen überprüft der Anmelde-Server FreeRADIUS unter Umständen nicht, ob der Nutzer sich jemals richtig angemeldet hat. Für eine Software, die Anmeldungen prüfen soll, ist das fatal. --------------------------------------------- https://heise.de/-3728535 *** SANS Securing the Human Security Awareness Report 2017 *** --------------------------------------------- [...] The report highlights what successful programs do right to change behavior and what lagging programs can do to improve and move beyond compliance. --------------------------------------------- https://securingthehuman.sans.org/resources/security-awareness-report-2017 https://securingthehuman.sans.org/media/resources/STH-SecurityAwarenessRepo… *** The Most Common Social Engineering Attacks *** --------------------------------------------- Many years ago, one of the world's most popular hacker Kevin Mitnick explained in his book "The Art of Deception" the power of social engineering techniques, today we are aware that social engineering can be combined with hacking to power insidious attacks. Let's consider for example social media and mobile platforms; they are considered powerful attack [...] --------------------------------------------- http://resources.infosecinstitute.com/common-social-engineering-attacks/ *** Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution *** --------------------------------------------- The version of Serviio installed on the remote Windows/Linux host is affected by an unauthenticated password modification vulnerability due to improper access control enforcement of the Configuration REST API. A remote attacker can exploit this, via a specially crafted request, to change the login password for the mediabrowser protected page. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5408.php *** IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22001029 *** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2016-5597) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22003602

1 0

Tageszusammenfassung - Montag 29-05-2017
by Daily end-of-shift report 29 May '17

29 May '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-05-2017 18:00 − Montag 29-05-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw *** --------------------------------------------- Microsoft quietly patched a critical vulnerability found by Googles Project Zero team in the Malware Protection Engine. --------------------------------------------- http://threatpost.com/microsoft-quietly-patches-another-critical-malware-pr… *** Crysis ransomware master keys posted to Pastebin *** --------------------------------------------- Why would someone release the keys to victims? Who knows, but as the poster who uploaded them says, Enjoy! --------------------------------------------- https://nakedsecurity.sophos.com/2017/05/26/crysis-ransomware-master-keys-p… *** File2pcap - A new tool for your toolkit!, (Fri, May 26th) *** --------------------------------------------- One of our readers, Gebhard, submitted a pointer to a tool today, released byTalos, that I wasnt familiar with. However, when I realized it could generate packets, I had to try it out. Its called File2pcap. The concept of the tool is that instead of having to download a file and capture the traffic in order to write detection content, the tool would simulate the download and generate the traffic that you would see. You get a nice pcap in the end. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22456&rss *** CyberChef a Must Have Tool in your Tool bag!, (Sun, May 28th) *** --------------------------------------------- This multipurpose and feature rich tool has been available for a while now and is updated regularly. What I find the most interesting is the number of features that are available this tool. CyberChef is fully portable and can be downloaded locally as an simple HTML self-contained page that can run in any browsers or if you prefer, you can download the package from Github and compile it yourself[2] but why bother. Since the code is updated regularly, I find the first option more practical. It [...] --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22458&rss *** Analysis of Competing Hypotheses (ACH part 1), (Sun, May 28th) *** --------------------------------------------- In threat intelligence, by definition, an analyst will most of the times have to perform assessments in an environment of incomplete information, and/or with information that is being produced with the purpose of misleading the analyst. One of the well-known methodologies is the Analysis of Competing Hypotheses (ACH) [1], developed by Richards J. Heuer, Jr., a former CIA veteran. ACH is an analytic process that identifies a set of alternative hypotheses, and assesses whether data available are [...] --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22460&rss *** Guidance on Disabling System Services on Windows Server 2016 with Desktop Experience *** --------------------------------------------- [Primary authors: Dan Simon and Nir Ben Zvi] The Windows operating system includes many system services that provide important functionality. Different services have different default startup policies: some are started by default (automatic), some when needed (manual) and some are disabled by default and must be explicitly enabled before they can run. These defaults were... --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2017/05/29/guidance-on-disabli… *** Network Time Protocol updated to spook-harden user comms *** --------------------------------------------- Network time lords decide we dont need IP address swaps The Internet Engineering Task Force has taken another small step in protecting everybodys privacy - this time, in making the Network Time Protocol a bit less spaffy. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/05/29/network_tim… *** CFP Time *** --------------------------------------------- We decided to create a website for a clearer view of what conferences are happening all around the world. The project is still in beta and after seeing how the community takes it, we might take it one step further. --------------------------------------------- https://cfptime.org/cfps/about *** Dirty COW and why lying is bad even if you are the Linux kernel *** --------------------------------------------- [...] There have been plenty of articles and blog posts about the exploit, but none of them give a satisfactory explanation on exactly how Dirty COW works under the hood from the kernel's perspective. The following analysis is based on this attack POC, although the idea applies to all other similar attacks. --------------------------------------------- https://chao-tic.github.io/blog/2017/05/24/dirty-cow *** DFN-CERT-2017-0928: Microsoft Malware Protection Engine: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0928/ *** DFN-CERT-2017-0913: WebKitGTK+: Mehrere Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und einen Cross-Site-Scripting-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0913/ https://webkitgtk.org/security/WSA-2017-0004.html *** DFN-CERT-2017-0925: FortiOS: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0925/ *** Security Advisory - Multiple Vulnerabilities in MTK Platform *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170527-… *** Bugtraq: Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token *** --------------------------------------------- http://www.securityfocus.com/archive/1/540636 *** Bugtraq: [security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/540635 *** Bugtraq: [security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass *** --------------------------------------------- http://www.securityfocus.com/archive/1/540634 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM PowerVC is affected by vulnerability in OpenStack Nova (CVE-2017-7214) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1022011 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in Red Hat Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM) (CVE-2017-6462 CVE-2017-6463 CVE-2017-6464) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1025209 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - January 2017 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010245 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libxml2 and zlib affect IBM Virtual Fabric 10Gb Switch Module *** http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 26-05-2017
by Daily end-of-shift report 26 May '17

26 May '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-05-2017 18:00 − Freitag 26-05-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Reflections on reflection (attacks) *** --------------------------------------------- Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Conectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack .. --------------------------------------------- https://blog.cloudflare.com/reflections-on-reflections/ *** Cloak & Dagger *** --------------------------------------------- Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device — without giving the user a chance to notice the malicious activity. These attacks .. --------------------------------------------- http://cloak-and-dagger.org/ *** Trump’s Dumps: ‘Making Dumps Great Again’ *** --------------------------------------------- Its not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for these shops that run continuously on various .. --------------------------------------------- https://krebsonsecurity.com/2017/05/trumps-dumps-making-dumps-great-again/ *** Österreichs Unternehmen sind bei IT-Sicherheit Nachzügler *** --------------------------------------------- Investitionen in die Sicherheit als Chance verstehen --------------------------------------------- http://derstandard.at/2000058280565 *** 83% of Security Pros Waste Time Fixing Co-Workers Non-Security Problems *** --------------------------------------------- Security personnel in many organizations waste time every week helping co-workers with general IT problems, rather than doing their own work, which in the long run, .. --------------------------------------------- https://www.bleepingcomputer.com/news/technology/83-percent-of-security-pro… *** Schwere Sicherheitslücke in Samba gefunden *** --------------------------------------------- Exploits bereits im Netz – Updates sollten rasch eingespielt werden --------------------------------------------- http://derstandard.at/2000058287863 *** DSA-3863 imagemagick - security update *** --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3863 *** DSA-3862 puppet - security update *** --------------------------------------------- It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3862 *** Manipulierte Webseiten legen Windows lahm *** --------------------------------------------- Problem mit Dateinamen verlangsamt System bis zum Stillstand – Windows 7, 8 und Vista betroffen --------------------------------------------- http://derstandard.at/2000058292526 *** Tanze (aktualisierten) Samba mit mir *** --------------------------------------------- Die Erinnerung an CVE-2017-0144, und die Auswirkungen von WannaCry, ist bei uns allen noch frisch im Gedächtnis verankert, und damit keine Langeweile aufkommt, hat Samba nun ein Advisory bezüglich einer kritischen Schwachstelle veröffentlicht: All versions of Samba .. --------------------------------------------- http://www.cert.at/services/blog/20170526134531-2020.html *** FileZilla FTP Client Adds Support for Master Password That Encrypts Your Logins *** --------------------------------------------- Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password .. --------------------------------------------- https://www.bleepingcomputer.com/news/software/filezilla-ftp-client-adds-su…

1 0

Tageszusammenfassung - Mittwoch 24-05-2017
by Daily end-of-shift report 24 May '17

24 May '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-05-2017 18:00 − Mittwoch 24-05-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** FIRST releases version 1.1 of the CSIRT Services Framework *** --------------------------------------------- The leading association of incident response and security teams released a new version of its CSIRT Services Framework. This is a formal list of services a Computer Security Incident Response Team (CSIRT) may consider implementing to address the needs of their constituency. --------------------------------------------- https://www.first.org/newsroom/releases/20170524 *** B. Braun Medical SpaceCom Open Redirect Vulnerability *** --------------------------------------------- This advisory was originally posted to the NCCIC Portal on March 23, 2017, and is being released to the ICS-CERT web site. This advisory contains mitigation details for an open redirect vulnerability in B. Braun Medical's SpaceCom module, which is integrated into the SpaceStation docking station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02 *** Trend Micro ServerProtect for Linux Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1038548 *** OpenVPN Access Server Input Validation Flaw Lets Remote Users Conduct Session Fixation Attacks to Hijack a Target Users Session *** --------------------------------------------- A remote user can create a specially crafted URL containing the '%0A' character that, when loaded by the target user prior to authentication, will inject headers and set the session cookie to a specified value. After the target user authenticates to the target OpenVPN Access Server, the remote user can hijack the target user's session. --------------------------------------------- http://www.securitytracker.com/id/1038547 *** DFN-CERT-2017-0901/">Puppet, Puppet Enterprise: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- Betroffene Software Puppet < 4.10.1 Puppet Enterprise < 2016.4.5 Puppet Enterprise < 2017.2.1 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0901/ *** [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download *** --------------------------------------------- CVE-2017-7494: All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. --------------------------------------------- https://lists.samba.org/archive/samba-announce/2017/000406.html *** Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones *** --------------------------------------------- There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2017-02036). This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2710. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170524-… *** Jaff ransomware gets a makeover *** --------------------------------------------- With all the recent news about WannaCry ransomware, people might forget Jaff is an ongoing threat. Worse yet, some people might not know about it at all since its debut about 2 weeks ago. Jaff has already gotten a makeover, so an infected host looks noticeably different now. --------------------------------------------- https://isc.sans.edu/diary/Jaff+ransomware+gets+a+makeover/22446 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Security Guardium Data Redaction. . *** http://www-01.ibm.com/support/docview.wss?uid=swg22003466 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management generates error messages that could reveal sensitive information that could be used in further attacks against the system (CVE-2017-1292) *** http://www-01.ibm.com/support/docview.wss?uid=swg22003414 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to HTTP response splitting attacks (CVE-2017-1291) *** http://www.ibm.com/support/docview.wss?uid=swg22003413 --------------------------------------------- *** IBM Security Bulletin: Fix Available for IBM iNotes Cross-Site Scripting Vulnerability (CVE-2017-1325) *** http://www-01.ibm.com/support/docview.wss?uid=swg22003497 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Notes *** http://www-01.ibm.com/support/docview.wss?uid=swg22000602 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino *** http://www-01.ibm.com/support/docview.wss?uid=swg22000516 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily