=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 23-08-2017 18:00 − Donnerstag 24-08-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ 90% of Companies Get Attacked with Three-Year-Old Vulnerabilities ∗∗∗
---------------------------------------------
A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-…
∗∗∗ Whatsapp und Signal: Zerodium bietet 500.000 US-Dollar für Messenger-Exploits ∗∗∗
---------------------------------------------
Die staatliche Nachfrage nach Sicherheitslücken für die Quellen-TKÜ zeigt offenbar Wirkung. Schwachstellen in Whatsapp, Signal und anderen Messengern werden besser honoriert als Codeausführung in Windows.
---------------------------------------------
https://www.golem.de/news/whatsapp-und-signal-zerodium-bietet-500-000-us-do…
∗∗∗ Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root ∗∗∗
---------------------------------------------
An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.
---------------------------------------------
http://threatpost.com/deprecated-insecure-apple-authorization-api-can-be-ab…
∗∗∗ Decrypting NotPetya/Petya: Tools for Recovering Your MFT After an Attack ∗∗∗
---------------------------------------------
In this blog post, we are making our findings, and tools, for decrypting NotPetya/Petya available to the general public. With the aid of the supplied tools, almost all of the Master File Table (MFT) can be successfully recovered within minutes.
---------------------------------------------
https://www.crowdstrike.com/blog/decrypting-notpetya-tools-for-recovering-y…
∗∗∗ Im giving up on HPKP ∗∗∗
---------------------------------------------
HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. Whilst HPKP can offer a lot of protection, it can also cause a lot of harm too.
---------------------------------------------
https://scotthelme.co.uk/im-giving-up-on-hpkp/
∗∗∗ Crystal Finance Millennium used to spread malware ∗∗∗
---------------------------------------------
[...] it was revealed the Crystal Finance Millennium website was indeed hacked, and serving three different flavors of malware. In this short blog post, well take a look at the malware variants that were distributed, and provide minimal background.
---------------------------------------------
https://bartblaze.blogspot.de/2017/08/crystal-finance-millennium-used-to.ht…
∗∗∗ Malware über Facebook-Messenger im Umlauf, greift Windows und macOS an ∗∗∗
---------------------------------------------
Sicherheitsforscher warnen aktuell vor einer Masche, mit der Facebook-Nutzer dazu verleitet werden sollen, trojanisierte Fake-Software zu installieren.
---------------------------------------------
https://heise.de/-3811842
∗∗∗ Kritische Sicherheitslücke in HPE iLo: "So schnell wie möglich handeln" ∗∗∗
---------------------------------------------
Die Management-Software Integrated Lights-out 4 (iLO 4) von HP-Proliant-Servern enthält eine Sicherheitslücke, über die Angreifer aus der Ferne Schadcode ausführen können, ohne sich anmelden zu müssen.
---------------------------------------------
https://heise.de/-3811873
=====================
= Advisories =
=====================
∗∗∗ Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ DFN-CERT-2017-1497/">Cacti: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1497/
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects Sametime Community (CVE-2016-2183) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006212
∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007428
∗∗∗ IBM Security Bulletin: Various Security vulnerabilities in IBM Sametime Media Server (CVE-2016-2970, CVE-2016-0729, CVE-2016-4449) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006233
∗∗∗ HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=e…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 22-08-2017 18:00 − Mittwoch 23-08-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ ROPEMAKER Lets Attackers Change Your Emails After Delivery ∗∗∗
---------------------------------------------
A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ropemaker-lets-attackers-cha…
∗∗∗ Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware ∗∗∗
---------------------------------------------
Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/google-play-store-security-s…
∗∗∗ Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd) ∗∗∗
---------------------------------------------
Yesterday, I found an interesting sample that I started to analyze... It reached my spam trap attached to an email in Portuguese with the subject: "Venho por meio desta solicitar orçamento dos produtos” ("I hereby request the products budget”).
---------------------------------------------
https://isc.sans.edu/diary/rss/22748
∗∗∗ Apple iCloud Keychain easily slurped, ElcomSoft says ∗∗∗
---------------------------------------------
Credentials stored in the cloud succumb to forensic software ElcomSoft, the Russia-based maker of forensic software, has managed to find a way to access the data stored in Apples iCloud Keychain, if Apple ID account credentials are available.
---------------------------------------------
http://www.theregister.co.uk/2017/08/22/apple_icloud_keychain_easily_slurpe…
∗∗∗ Is the Power Grid Getting More Vulnerable to Cyber Attacks? ∗∗∗
---------------------------------------------
Rising computerization opens doors for increasingly aggressive adversaries, but defenses are better than many might think.
---------------------------------------------
https://www.scientificamerican.com/article/is-the-power-grid-getting-more-v…
∗∗∗ Ukrainian Security Firm Warns of Another Massive Global Cyberattack ∗∗∗
---------------------------------------------
A new wave of cyberattacks could be launched as soon as this week, Ukrainian security firm ISSP warns, pointing out that the main objective would be taking down networks on August 24 when Ukraine celebrates the Independence Day.
---------------------------------------------
http://news.softpedia.com/news/ukrainian-security-firm-warns-massive-global…
∗∗∗ Google schmeißt 500 potenzielle Spionage-Apps aus App Store ∗∗∗
---------------------------------------------
Ein Software Development Kit für Werbeeinblendungen soll Schnüffelfunktionen mitbringen. Damit ausgestattete Android-Apps weisen über 100 Millionen Downloads auf, warnen Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3810366
∗∗∗ Hintergrund: Hardware-Fuzzing: Hintertüren und Fehler in CPUs aufspüren ∗∗∗
---------------------------------------------
Ein Prozessor-Fuzzer analysiert Hardware, der man normalerweise blind vertrauen muss. In ersten Testläufen wurde er bei nahezu allen Architekturen fündig und spürte etwa undokumentierte CPU-Befehle auf. Sandsifter ist kostenlos und frei verfügbar; der Autor hilft sogar bei der Analyse.
---------------------------------------------
https://heise.de/-3809408
=====================
= Advisories =
=====================
∗∗∗ DSA-3952 libxml2 - security update ∗∗∗
---------------------------------------------
Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause a denial-of-service againstthe application, information leaks, or potentially, the execution ofarbitrary code with the privileges of the user running the application.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3952
∗∗∗ Automated Logic Corporation WebCTRL, i-VU, SiteScan ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
∗∗∗ SpiderControl SCADA Web Server ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-03
∗∗∗ SpiderControl SCADA MicroBrowser ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02
∗∗∗ Security Advisory - Two Command Injection Vulnerabilities in The FusionSphere OpenStack ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170823-…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005055
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007464
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource NTP affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002233
∗∗∗ Multiple GNU Binutils vulnerabilities ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23729200
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 21-08-2017 18:00 − Dienstag 22-08-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Gestohlene Nacktfotos von Ski-Star Lindsey Vonn im Netz ∗∗∗
---------------------------------------------
Unbekannte haben das Handy von US-Skistar Lindsey Vonn (32) geknackt und Nacktfotos von ihr und ihrem Ex-Freund Tiger Woods (41) gestohlen.
---------------------------------------------
https://futurezone.at/digital-life/gestohlene-nacktfotos-von-ski-star-linds…
∗∗∗ Unsichere Passwörter: Angriffe auf Microsoft-Konten um 300 Prozent gestiegen ∗∗∗
---------------------------------------------
Noch immer haben viele Nutzer schlechte Passwörter und benutzen diese gleich für mehrere Accounts. Das geht aus Microsofts eigener Sicherheitsanalyse hervor, die Trends aus dem Enterprise- und Privatkundengeschäft präsentiert.
---------------------------------------------
https://www.golem.de/news/unsichere-passwoerter-angriffe-auf-microsoft-kont…
∗∗∗ Enigma ICO Heist Robs Nearly $500,000 in Ethereum From Investors ∗∗∗
---------------------------------------------
Cryptos fine and good, but make sure youre looking after the basics.
---------------------------------------------
https://www.wired.com/story/enigma-ico-ethereum-heist
∗∗∗ Who’s Blocked by Bad Guys? ∗∗∗
---------------------------------------------
Just a quick post about an interesting file found in a phishing kit. Bad guys use common techniques to prevent crawlers, scanners or security companies from accessing their pages. Usually, ..
---------------------------------------------
https://blog.rootshell.be/2017/08/21/whos-blocked-bad-guys/
∗∗∗ Erpressungstrojaner WannaCry hat erneut zugeschlagen ∗∗∗
---------------------------------------------
Offenbar hat LG bei einigen Service-Systemen wichtige Sicherheitspatches nicht installiert und WannaCry infizierte diverse Computer des Unternehmens in Südkorea. Dabei soll es aber zu keinen größeren Schäden gekommen sein.
---------------------------------------------
https://heise.de/-3809790
∗∗∗ Kriminelle stehlen Telefonnummern von Bitcoin-Investoren ∗∗∗
---------------------------------------------
Bitten Mobilfunker um Transfer der Nummer auf neues Gerät – oft Verluste in Millionenhöhe
---------------------------------------------
http://derstandard.at/2000062971633
∗∗∗ Hacker drohen, "Game of Thrones"-Finale vorab online zu stellen ∗∗∗
---------------------------------------------
HBO hat sich bislang geweigert, Lösegeld zu bezahlen – zwei von sechs Folgen waren früher ins Netz gelangt
---------------------------------------------
http://derstandard.at/2000062960237
∗∗∗ Betrug: Mobilfunkbetreiber warnen vor "Ping Calls" ∗∗∗
---------------------------------------------
Hinter unbekannter Nummer auf dem Handydisplay steckt manchmal ein Betrüger
---------------------------------------------
http://derstandard.at/2000062990431
=====================
= Advisories =
=====================
∗∗∗ Sicherheitsupdate: Thunderbird updaten und sicher konfigurieren ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Mozilla Thunderbird ermöglichen einem entfernten, nicht authentisierten Angreifer das Ausführen beliebigen Programmcodes, das Umgehen von Sicherheitsvorkehrungen, die Darstellung falscher Informationen und verschiedener Denial-of-Service (DoS)-Angriffe.
---------------------------------------------
https://www.kuketz-blog.de/sicherheitsupdate-thunderbird-updaten-und-sicher…
∗∗∗ DSA-3949 augeas - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3949
∗∗∗ Multiple vulnerabilities in Progress Sitefinity ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-…
∗∗∗ Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 18-08-2017 18:00 − Montag 21-08-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Researchers Win $100,000 for New Spear-Phishing Detection Method ∗∗∗
---------------------------------------------
Facebook has awarded this years Internet Defense Prize worth $100,000 to a team of researchers from the University of California, Berkeley, who came up with a new method of detecting spear-phishing attacks in closely monitored enterprise networks.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/researchers-win-100-000-for-…
∗∗∗ Wie Hacker große Frachtschiffe ins Visier nehmen ∗∗∗
---------------------------------------------
Mithilfe von Malware können Handelsschiffe lahmgelegt und manövrierunfähig gemacht werden. Kriminelle könnten sogar die Kollision zweier Schiffe herbeiführen.
---------------------------------------------
https://futurezone.at/digital-life/wie-hacker-grosse-frachtschiffe-ins-visi…
∗∗∗ Personal Security Guide – iOS/Android ∗∗∗
---------------------------------------------
We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with personal information.
---------------------------------------------
https://blog.sucuri.net/2017/08/personal-security-guide-iosandroid.html
∗∗∗ Warning: Enigma Hacked; Over $470,000 in Ethereum Stolen So Far ∗∗∗
---------------------------------------------
More Ethereum Stolen! An unknown hacker has so far stolen more than $471,000 worth of Ethereum—one of the most popular and increasingly valuable cryptocurrencies—in yet another Ethereum hack that hit the popular cryptocurrency investment platform, Enigma.
---------------------------------------------
http://thehackernews.com/2017/08/enigma-cryptocurrency-hack.html
∗∗∗ DNSSEC Key Signing Key Rollover ∗∗∗
---------------------------------------------
On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2017/08/21/DNSSEC-Key-Signing…
∗∗∗ Zero-Day-Lücken im PDF Reader: Foxit will doch patchen ∗∗∗
---------------------------------------------
Ursprünglich wollte Foxit die zwei Lücken, die Angreifern unter bestimmten Umständen die lokale Codeausführung ermöglichen, nicht schließen. Mittlerweile hat sich der Hersteller aber anders entschieden.
---------------------------------------------
https://heise.de/-3807762
∗∗∗ SyncCrypt: Neue Ransomware lauert in JPG-Dateien ∗∗∗
---------------------------------------------
Um AV-Software auszutricksen, verbirgt sich die Ransomware SyncCrypt in Bilddateien. Einmal auf dem System, wird sie per Skript extrahiert und ausgeführt. Kostenlose Entschlüsselungs-Tools gibt es bislang nicht.
---------------------------------------------
https://heise.de/-3808437
∗∗∗ Blowing the Whistle on Bad Attribution ∗∗∗
---------------------------------------------
The New York Times this week published a fascinating story about a young programmer in Ukraine whod turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. Its a good read, as long as you can ignore that the premise of the piece is completely wrong.
---------------------------------------------
https://krebsonsecurity.com/2017/08/blowing-the-whistle-on-bad-attribution/
∗∗∗ Hacker übernahmen Facebook- und Twitter-Account von Playstation ∗∗∗
---------------------------------------------
Die Hackergruppe OurMine setzte mit den Social-Media-Profilen diverse Tweets und Facebook-Posts ab
---------------------------------------------
http://derstandard.at/2000062906632
=====================
= Advisories =
=====================
∗∗∗ USN-3397-1: strongSwan vulnerability ∗∗∗
---------------------------------------------
A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTSSummarystrongSwan could be made to crash or hang if it received specially craftednetwork traffic.
---------------------------------------------
http://www.ubuntu.com/usn/usn-3397-1/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 affect IBM Flex System Manager(FSM) Storage Manager Install Anywhere (SMIA) configuration tool ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025471
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007209
∗∗∗ IBM Security Bulletin: No verification of user rights for certain applications on MaaS360 Windows installations. (CVE-2017-1422). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006985
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006808
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005299
∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-1000381 and CVE-2017-11499 in Node.js affects IBM i ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022230
∗∗∗ IBM Security Bulletin: January 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010526
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 17-08-2017 18:00 − Freitag 18-08-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Betrug: Verbraucherzentrale warnt vor gefälschten Youporn-Mahnungen ∗∗∗
---------------------------------------------
Eine Spam-Kampagne versendet derzeit angebliche Mahnungen für die Nutzung von Youporn im Namen einer Münchener Anwaltskanzlei. Diese warnt selbst vor den Fälschungen.
---------------------------------------------
https://www.golem.de/news/betrug-verbraucherzentrale-warnt-vor-gefaelschten…
∗∗∗ OWASP 2017 Top 10 vs. 2013 Top 10 ∗∗∗
---------------------------------------------
After a long interval of four years, OWASP in April 2017 released a draft of its latest list of "Top 10 Web Application Security Vulnerabilities." The OWASP Top 10 has served as a benchmark for the world of application security for the last 14 years. It was designed to allow developers to identify and avoid [...]
---------------------------------------------
http://resources.infosecinstitute.com/owasp-2017-top-10-vs-2013-top-10/
∗∗∗ Hacker Publishes iOS Secure Enclave Firmware Decryption Key ∗∗∗
---------------------------------------------
A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor.
---------------------------------------------
http://threatpost.com/hacker-publishes-ios-secure-enclave-firmware-decrypti…
∗∗∗ Cisco schließt einen Haufen Sicherheitslücken ∗∗∗
---------------------------------------------
Cisco hat 19 Sicherheitslücken in verschiedensten Produkten mit Sicherheitsupdates geschlossen. Drei der Updates sind mit hoher Priorität eingestuft.
---------------------------------------------
https://heise.de/-3807549
∗∗∗ Gefälschte A1-Rechnung installiert Schadsoftware ∗∗∗
---------------------------------------------
Eine gefälschte A1-Nachricht fordert Empfänger/innen dazu auf, dass sie eine Website aufrufen und sich auf dieser ihre Rechnung ansehen. Wer dem nachkommt, lädt die Datei „quittung.lnk“ herunter. Bei dieser handelt es sich um keine Kostenaufstellung, sondern um eine Verknüpfung zu einer Schadsoftware. Aus diesem Grund dürfen Sie die Verknüpfung nicht öffnen.
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-rec…
=====================
= Advisories =
=====================
∗∗∗ Philips DoseWise Portal Vulnerabilities ∗∗∗
---------------------------------------------
This medical device advisory contains mitigation details for hard-coded credentials and cleartext storage of sensitive information vulnerabilities in Philips’ DoseWise Portal web application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01
∗∗∗ ZDI-17-693: Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-17-693/
∗∗∗ DFN-CERT-2017-1469: ClamAV: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1469/
∗∗∗ DFN-CERT-2017-1476: Mozilla Thunderbird: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1476/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007056
∗∗∗ Splunk Input Validation Flaws in Web Interface Let Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039198
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 16-08-2017 18:00 − Donnerstag 17-08-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Banking Trojans Set Their Sights on Taxi and Ride-Hailing Apps ∗∗∗
---------------------------------------------
It was to be expected that Android banking trojan operators would eventually set their sights on ride-hailing applications, considering that these apps work with a users financial data on a daily basis. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/banking-trojans-set-their-si…
∗∗∗ Ransomware: Locky kehrt erneut zurück ∗∗∗
---------------------------------------------
Mit Locky kehrt eine bekannte Ransomware nach mehrmonatiger Abwesenheit zurück - mit den Dateiendungen Diablo6 und Lukitus. Immer wieder tauchen neue Versionen auf, die vermutlich von Kriminellen für erpresserische Zwecke gemietet werden. (Malware, Virus)
---------------------------------------------
https://www.golem.de/news/ransomware-locky-kehrt-erneut-zurueck-1708-129539…
∗∗∗ NotPetya: Maersk erwartet bis zu 300 Millionen Dollar Verlust ∗∗∗
---------------------------------------------
Containerterminals standen still, Schiffe konnten weder gelöscht noch beladen werden: Mehrere Wochen hielt der Trojaner den dänischen Mega-Konzern Maersk in Atem. Die Reederei Maersk Line und der Hafenbetreiber APM Terminals wurden schwer getroffen.
---------------------------------------------
https://heise.de/-3804688
∗∗∗ Handy-Ersatzteile können Malware einschleusen ∗∗∗
---------------------------------------------
Über Ersatzteile könnten Angreifer unbemerkt Malware in Smartphones schmuggeln. Erkennungsmethoden oder gar Abwehrmaßnahmen gibt es bislang keine, warnen israelische Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3804758
∗∗∗ Sicherheitsupdates: Angreifer könnten Drupal-Webseiten ein bisschen umbauen ∗∗∗
---------------------------------------------
Nutzer von Drupal sollten zügig die aktuellen Versionen installieren. In diesen haben die Entwickler mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://heise.de/-3805042
∗∗∗ iMessage: Neuer Betrugsversuch macht die Runde ∗∗∗
---------------------------------------------
Aktuell erreichen Nutzer Nachrichten mit Links, die sie zur Eingabe persönlicher Daten nötigen. Sie stammen angeblich von Apple.
---------------------------------------------
https://heise.de/-3804878
=====================
= Advisories =
=====================
∗∗∗ DSA-3944 mariadb-10.0 - security update ∗∗∗
---------------------------------------------
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.32. Please see the MariaDB 10.0 Release Notes for furtherdetails:
---------------------------------------------
https://www.debian.org/security/2017/dsa-3944
∗∗∗ Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004 ∗∗∗
---------------------------------------------
Drupal 8.3.7 is a maintenance releases which contain fixes for security vulnerabilities.Download Drupal 8.3.7Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release.
---------------------------------------------
https://www.drupal.org/SA-CORE-2017-004
∗∗∗ Filr 3.2.1 Update ∗∗∗
---------------------------------------------
Abstract: This update provides a number of general bug fixes for Micro Focus Filr, Search and MySQL appliances including an updated Filr 3.2.1 Desktop client.
---------------------------------------------
https://download.novell.com/Download?buildid=zZ3A-xIEvO0~
∗∗∗ VU#793496: Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/793496
∗∗∗ Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2902596
∗∗∗ Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2902606
∗∗∗ Views - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2902604
∗∗∗ Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco TelePresence Video Communication Server Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Elastic Services Controller Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Policy Suite Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Prime Infrastructure HTML Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ IBM Security Bulletin: Security Vulnerabilities in Apache FOP and Apache Batik affect IBM WebSphere Portal (CVE-2017-5661, CVE-2017-5662) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006871
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 14-08-2017 18:00 − Mittwoch 16-08-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Millions of RDP Endpoints Exposed Online and Ready for Bad Things ∗∗∗
---------------------------------------------
An Internet-wide scan carried out by security researchers from Rapid7 has discovered over 11 million devices with 3389/TCP ports left open online, of which over 4.1 million are specifically speaking the RDP protocol. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/millions-of-rdp-endpoints-ex…
∗∗∗ Pulse Wave - New DDoS Assault Pattern Discovered ∗∗∗
---------------------------------------------
A new method of carrying out DDoS attacks named Pulse Wave is causing problems to certain DDoS mitigation solutions, allowing attackers to down servers previously thought to be secured. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pulse-wave-new-ddos-assault-…
∗∗∗ Attackers Backdoor Another Software Update Mechanism ∗∗∗
---------------------------------------------
Researchers at Kaspersky Lab said today that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad.
---------------------------------------------
http://threatpost.com/attackers-backdoor-another-software-update-mechanism/…
∗∗∗ Analysis of a Paypal phishing kit, (Wed, Aug 16th) ∗∗∗
---------------------------------------------
They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal arenice targets and we can find new fake pages almost daily. Sometimes, the web server isnt properly configured and the source code is publicly available. A few days ago, I was lucky to find a ZIP archivecontaining a very nice phishing kit targeting Paypal. I took some time to have a look at it.
---------------------------------------------
https://isc.sans.edu/diary/rss/22726
∗∗∗ Security Afterworks Spezial – DSGVO – Impulsvorträge und Diskussion ∗∗∗
---------------------------------------------
October 03, 2017 - 4:30 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-dsgvo/
∗∗∗ Decoding Complex Malware – Step-by-Step ∗∗∗
---------------------------------------------
When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase the chances of reinfecting the site and maintaining access for as long as possible. Our research finds that in 67% of the websites we clean, there is at least one backdoor variant.
---------------------------------------------
https://blog.sucuri.net/2017/08/malware-decoding-step-step-guide.html
∗∗∗ The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard ∗∗∗
---------------------------------------------
In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SJgibQgcZtQ/
∗∗∗ ShadowPad: Spionage-Hintertür in Admintools für Unix- und Linux-Server aufgedeckt ∗∗∗
---------------------------------------------
Eine raffinierte Hintertür wurde von Angreifern per korrekt signiertem Update an die Netzwerk-Admin-Tools der koreanischen Firma NetSarang ausgeliefert. Es dauerte mehr als zwei Wochen, bis der Spionage-Trojaner im Netz eines Bankinstitutes aufflog.
---------------------------------------------
https://heise.de/-3803225
∗∗∗ EV ransomware is targeting WordPress sites ∗∗∗
---------------------------------------------
WordPress security outfit Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files. They dubbed the malware "EV ransomware", due to the .ev extension that is added to the encrypted files.
---------------------------------------------
https://www.helpnetsecurity.com/2017/08/16/wordpress-ransomware/
=====================
= Advisories =
=====================
∗∗∗ BMC Medical and 3B Medical Luna CPAP Machine ∗∗∗
---------------------------------------------
This medical device advisory contains mitigation details for an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure therapy machine.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01
∗∗∗ Identity Reporting 5.5.1 ∗∗∗
---------------------------------------------
Abstract: This service pack provides enhancements and software fixes for Identity Reporting. For more information about these updates, see the service pack details.
---------------------------------------------
https://download.novell.com/Download?buildid=iGYyq6xwjhE~
∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.
---------------------------------------------
https://support.citrix.com/article/CTX225941
∗∗∗ DFN-CERT-2017-1441: Xen: Mehrere Schwachstellen ermöglichen u.a. das Eskalieren von Privilegien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1441/
∗∗∗ DFN-CERT-2017-1442: Red Hat JBoss Data Virtualization: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1442/
∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-…
∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170807-…
∗∗∗ Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-…
∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei Honor 5S Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-…
∗∗∗ Security Advisory - Integer Overflow Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-…
∗∗∗ Security Advisory - Lack of Signature Verification Vulnerability in Some Huawei APP ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006722
∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting (CVE-2017-1338) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22004138
∗∗∗ IBM Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU – April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007149
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2016-8688, CVE-2016-8689, CVE-2017-5601, CVE-2016-10209, CVE-2016-10350, CVE-2016-10349) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006995
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21998551
∗∗∗ IBM Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006810
∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by an OpenSSL vulnerability (CVE-2016-8610) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007023
∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by multiple Network Time Protocol (NTP) vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007067
∗∗∗ SSA-275839 (Last Update 2017-08-16): Denial-of-Service Vulnerability in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839…
∗∗∗ SSA-293562 (Last Update 2017-08-16): Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 11-08-2017 18:00 − Montag 14-08-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Forscher hacken Computer mit manipulierter DNA ∗∗∗
---------------------------------------------
Auch DNA ist nicht vor Schadsoftware sicher: Forscher der University of Washington konnten einen Computer mithilfe von manipulierter DNA übernehmen.
---------------------------------------------
https://futurezone.at/digital-life/forscher-hacken-computer-mit-manipuliert…
∗∗∗ Remotelock LS-6i: Firmware-Update zerstört smarte Türschlösser dauerhaft ∗∗∗
---------------------------------------------
Ein Hersteller smarter Türschlösser hat mindestens 500 Geräte von Kunden durch ein falsches Firmwareupdate dauerhaft zerstört. Betroffen sind vor allem viele Airbnb-Vermieter, ein Austauschprogramm ist gestartet.
---------------------------------------------
https://www.golem.de/news/remotelock-ls-6i-firmware-update-zerstoert-smarte…
∗∗∗ Sonic Spy: Forscher finden über 4.000 spionierende Android-Apps ∗∗∗
---------------------------------------------
Ein einziger Anbieter soll seit Jahresanfang rund 4.000 Apps mit bösartigem Inhalt in Umlauf gebracht haben - einige davon auch über Google Play. Die Apps können das Mikrofon aktivieren und Telefonate mitschneiden.
---------------------------------------------
https://www.golem.de/news/sonic-spy-forscher-finden-ueber-4000-spionierende…
∗∗∗ Many Factors Conspire in ICS/SCADA Attacks ∗∗∗
---------------------------------------------
A report on the state of SCADA and ICS security points out that critical infrastructure operators are caught between hackers and a lack of vendor and executive support.
---------------------------------------------
http://threatpost.com/many-factors-conspire-in-icsscada-attacks/127407/
∗∗∗ Outlook Web Access based attacks, (Sat, Aug 12th) ∗∗∗
---------------------------------------------
Recently weve started seeing some attacks that utlise OWA. A person in the victim organisation sends an email to one or more of their customers informing them of change in account details. The attacker provides instructions to customers on paying their account utilising the new account details. The email is cced to other internal staff adding a level of legitimacy (also compromised accounts).
---------------------------------------------
https://isc.sans.edu/diary/rss/22710
∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Family business: Petya and its derivatives sweep over half the world as a new wave of ransomware Pay a ransom [...]
---------------------------------------------
https://securityblog.switch.ch/2017/08/14/a-new-issue-of-our-switch-securit…
∗∗∗ Sicherheitsupdate: Symantecs Messaging Gateway ist für Schadcode empfänglich ∗∗∗
---------------------------------------------
Mit der aktuellen Version haben die Entwickler zwei Sicherheitslücken in der Schutzlösung geschlossen.
---------------------------------------------
https://heise.de/-3799171
∗∗∗ Datenbank-Server PostgreSQL: Lücke lässt Anmeldung ohne Passwort zu ∗∗∗
---------------------------------------------
Administratoren, die PostgreSQL-Datenbanken betreiben, sollten ihre Software updaten. Unter bestimmten Umständen können sich Angreifer an den Servern ohne Eingabe eines Passwortes anmelden, warnen die Entwickler.
---------------------------------------------
https://heise.de/-3799721
=====================
= Advisories =
=====================
∗∗∗ DSA-3937 zabbix - security update ∗∗∗
---------------------------------------------
Lilith Wyatt discovered two vulnerabilities in the Zabbix networkmonitoring system which may result in execution of arbitrary code ordatabase writes by malicious proxies.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3937
∗∗∗ HPESBHF03768 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗
---------------------------------------------
Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) Plat. These vulnerabilities could be exploited remotely to allow remote code execution.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037…
∗∗∗ VMSA-2017-0014 ∗∗∗
---------------------------------------------
VMware NSX-V Edge updates address OSPF Protocol LSA DoS
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0014.html
∗∗∗ DSA-3936 postgresql-9.6 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3936
∗∗∗ DSA-3935 postgresql-9.4 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3935
∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010501
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005160
∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-9461) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010376
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006960
Next End-of-Day Report: 2017-08-16
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 10-08-2017 18:00 − Freitag 11-08-2017 18:00
Handler: Alexander Riepl
Co-Handler:
=====================
= News =
=====================
∗∗∗ Git und Co: Bösartige Code-Repositories können Client angreifen ∗∗∗
---------------------------------------------
Mittels spezieller SSH-URLs kann ein Angreifer Code in den Client-Tools
von Quellcode-Verwaltungssystemen ausführen. Der Fehler betrifft
praktisch alle verbreiteten Quellcode-Verwaltungssysteme wie Git,
Subversion, Mercurial und CVS.
---------------------------------------------
https://www.golem.de/news
/git-und-co-boesartige-code-repositories-koennen-client-angreifen-17
08-129441.html
∗∗∗ Ukrainian Video-Blogger Arrested For Spreading Petya (NotPetya)
Ransomware ∗∗∗
---------------------------------------------
Ukrainian authorities have arrested a 51-year-old man accused of
distributing the infamous Petya ransomware (Petya.A, also known as
NotPetya) — the same computer virus that massively hit numerous
businesses, organisations and banks in Ukraine ..
---------------------------------------------
https://thehackernews.com/2017/08/ukraine-petya-ransomware-hacker.html
∗∗∗ Russias Fancy Bear Hackers Used Leaked NSA Tool Eternal Blue" to
Target Hotel Guests ∗∗∗
---------------------------------------------
The same hackers who hit the DNC and the Clinton campaign are now
apparently spying on high-value travelers via Wi-Fi
---------------------------------------------
https://www.wired.com/story/fancy-bear-hotel-hack
∗∗∗ Sichere Passwörter: Viele der herkömmlichen Sicherheitsregeln
bringen nichts ∗∗∗
---------------------------------------------
Passwörter brauchen Sonderzeichen, Groß- und Kleinschreibung, Zahlen
und müssen oft geändert werden – viele dieser Regeln erhöhen die
Sicherheit nicht, sondern bewirken oft das Gegenteil. Der Urheber
dieser Regeln bereut sie mittlerweile.
---------------------------------------------
https://heise.de/-3797935
∗∗∗ "Game of Thrones": HBO wollte Hackern 250.000 Dollar Lösegeld
zahlen ∗∗∗
---------------------------------------------
Offenbar nur Hinhaltetaktik – Kriminelle: Versprechen wurden gebrochen
---------------------------------------------
http://derstandard.at/2000062546236
∗∗∗ Schüler deckt Google-Lücke auf, streicht 10.000 Dollar ein ∗∗∗
---------------------------------------------
Bug Bounty-Programm verschafft Schüler aus Uruguay unerwarteten
Geldsegen
---------------------------------------------
http://derstandard.at/2000062559352
=====================
= Advisories =
=====================
∗∗∗ DSA-3929 libsoup2.4 - security update ∗∗∗
---------------------------------------------
Aleksandar Nikolic of Cisco Talos discovered a stack-based
bufferoverflow vulnerability in libsoup2.4, a HTTP library
implementation inC. A remote attacker can take advantage of this flaw
by sending aspecially crafted HTTP request to cause an application
using ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3929
∗∗∗ DSA-3934 git - security update ∗∗∗
---------------------------------------------
Joern Schneeweisz discovered that git, a distributed revision
controlsystem, did not correctly handle maliciously constructed
ssh://URLs. This allowed an attacker to run ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3934
∗∗∗ SIMPlight SCADA Software ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-01
∗∗∗ Solar Controls Heating Control Downloader (HCDownloader) ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-02
∗∗∗ Solar Controls WATTConfig M Software ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-03
∗∗∗ Fuji Electric Monitouch V-SFT ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-222-04
∗∗∗ Symantec Messaging Gateway RCE and CSRF ∗∗∗
---------------------------------------------
http://www.symantec.com/security_response/securityupdates
/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&s
uid=20170810_00
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 09-08-2017 18:00 − Donnerstag 10-08-2017 18:00
Handler: Alexander Riepl
Co-Handler:
=====================
= News =
=====================
∗∗∗ IT-Branche: "Sicherheitspaket" gefährdet Cybersicherheit ∗∗∗
---------------------------------------------
In einem offenen Brief warnen Vertreter der österreichischen IT-Branche vor Gefahren für die Cybersicherheit durch das von der ÖVP geplante „Sicherheitspaket“.
---------------------------------------------
https://futurezone.at/netzpolitik/it-branche-sicherheitspaket-gefaehrdet-cy…
∗∗∗ Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities ∗∗∗
---------------------------------------------
An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform.
---------------------------------------------
http://threatpost.com/mystery-company-offers-250000-bounty-for-vm-escape-vu…
∗∗∗ SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity ∗∗∗
---------------------------------------------
SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software.
---------------------------------------------
http://threatpost.com/sap-patch-tuesday-update-resolves-19-flaws-three-high…
∗∗∗ Salesforce sacks two top security engineers for their DEF CON talk ∗∗∗
---------------------------------------------
Revealing penetration-testing tool sealed staffers fate Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.…
---------------------------------------------
www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engin…
∗∗∗ Bundeskriminalamt (BK) warnt österreichische Unternehmen vor CEO-Betrug ∗∗∗
---------------------------------------------
http://www.bmi.gv.at/cms/bk/_news/start.aspx?id=534C4362372B557557664D3D&pa…
∗∗∗ The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says ∗∗∗
---------------------------------------------
An anonymous researcher has been able to identify the email address of people who have subscribed to the monthly dump service by the mysterious hacking group.
---------------------------------------------
https://motherboard.vice.com/en_us/article/neejqw/the-shadow-brokers-have-m…
∗∗∗ Alleged vDOS Operators Arrested, Charged ∗∗∗
---------------------------------------------
Two young Israeli men alleged by this author to have co-founded vDOS -- until recently the largest and most profitable cyber attack-for-hire service online -- were arrested and formally indicted this week in Israel on conspiracy and hacking charges.
---------------------------------------------
https://krebsonsecurity.com/2017/08/alleged-vdos-operators-arrested-charged/
=====================
= Advisories =
=====================
∗∗∗ Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2900951
∗∗∗ Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2900966
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily