=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 07-09-2017 18:00 − Freitag 08-09-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Daten von 143 Millionen US-Amerikanern entwendet ∗∗∗
---------------------------------------------
Bei einem Cyberangriff auf den US-Finanzdienstleister Equifax wurden äußerst sensible Daten von Millionen Amerikanern erbeutet, die nun Betrug im großen Stil ermöglichen.
---------------------------------------------
https://futurezone.at/digital-life/daten-von-143-millionen-us-amerikanern-e…
∗∗∗ Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions ∗∗∗
---------------------------------------------
Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the “Toast type” overlay.The post Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions appeared first on Palo Alto Networks Blog.
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-ov…
∗∗∗ YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday ∗∗∗
---------------------------------------------
Yesterday saw CVE-2017-9805, today we have a new remote code execution vulnerability in Apache Struts 2 which is CVE-2017-12611. Yesterdays was in the REST API and related to Java XML unsafe deserializarion. Todays relates to using Freemarker in your application. Both should encourage you to patch.
---------------------------------------------
https://isc.sans.edu/diary/rss/22796
∗∗∗ Secure microkernel in a KVM switch offers spy-grade app virtualization ∗∗∗
---------------------------------------------
Need a few air-gapped apps on one screen? Heres how Researchers at Australian think tank Data61 and the nations Defence Science and Technology Group have cooked up application publishing for the paranoid, by baking an ARM CPU and secure microkernel into a KVM switch.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/09/07/cross_domai…
∗∗∗ TLS-Zertifikate: CAAs sollen Zertifizierungsstellen an die Leine legen ∗∗∗
---------------------------------------------
Admins können mit einer Certification Authority Authorization im DNS festlegen, wer Zertifikate für ihre Domain unterschreiben darf. Ab dem 8. September sind diese Vorgaben für Zertifizierungsstellen verbindlich.
---------------------------------------------
https://heise.de/-3822010
∗∗∗ Sechs Lücken in Android-Bootloadern bekannter Hersteller entdeckt ∗∗∗
---------------------------------------------
Die automatisierte Analyse des Codes zweier Android-Bootloader förderte insgesamt sechs Schwachstellen zutage. Denial-of-Service und Zugriff auf sensible Daten sind mögliche Folgen – allerdings nur dann, wenn der Angreifer bereits Root-Rechte hat.
---------------------------------------------
https://heise.de/-3824289
∗∗∗ Schwachstelle in Typo3-Repository als mögliches Schlupfloch für trojanisierte Erweiterungen ∗∗∗
---------------------------------------------
Aufgrund eines Fehlers hätten Dritte unter Umständen mit beliebigem Passwort auf das Typo3 Extension Repository zugreifen können. Nun warnen die Entwickler vor möglichen Erweiterungen mit Schadcode.
---------------------------------------------
https://heise.de/-3825378
∗∗∗ Keine Kartenaktivierung bei card complete erforderlich ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte card complete-Nachricht. Darin heißt es, dass die Kreditkarte von Kund/innen gesperrt worden sei. Für eine Reaktivierung sollen diese persönliche Daten bekannt geben. Wer der Aufforderung nachkommt, sendet Betrüger/innen seine Kreditkarteninformationen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/keine-kartenaktivierung-bei-card…
=====================
= Advisories =
=====================
∗∗∗ Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017 ∗∗∗
---------------------------------------------
On September 5, 2017, the Apache Software Foundation released security bulletins that disclose three vulnerabilities in the Apache Struts 2 package. Of these vulnerabilities, the Apache Software Foundation classifies one as Critical Severity, one as Medium Severity, and one as Low Severity. For more information about the vulnerabilities, refer to the Details section of this advisory.Multiple Cisco products incorporate a version of the Apache Struts 2 package that is affected ...
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02
∗∗∗ SpiderControl SCADA Web Server ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01
∗∗∗ PHOENIX CONTACT, Innominate Security Technologies mGuard Firmware ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-250-02
∗∗∗ i-SENS Inc. SmartLog Diabetes Management Software ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-01
∗∗∗ DFN-CERT-2017-1587/">GDK-PixBuf: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1587/
∗∗∗ Security Advisory - MITM Vulnerability in Huawei Themes App in Some Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170908-…
∗∗∗ IBM Security Bulletin: Vulnerability in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007909
∗∗∗ IBM Security Bulletin: Open Source XStream as used in IBM QRadar SIEM is vulnerable to Denial of Service. (CVE-2017-7957) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008217
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22005380
∗∗∗ IBM Security Bulletin: IBM Java SDK as used in IBM QRadar SIEM is vulnerable to multiple CVE’s. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008210
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure. (CVE-2017-1162) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008194
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 06-09-2017 18:00 − Donnerstag 07-09-2017 18:00
Handler: Stefan Lenzhofer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ BlackBerry powered by Android Security Bulletin – September 2017 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber…
∗∗∗ Ransomware: What you need to know now | Salted Hash Ep 1, Pt 4 ∗∗∗
---------------------------------------------
Reporters Fahmida Rashid and Steve Ragan talk about the latest ransomware threats, the holes in IT security and the burdens on enterprises.
---------------------------------------------
https://www.csoonline.com/video/81516/ransomware-what-you-need-to-know-now-…
∗∗∗ Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim ∗∗∗
---------------------------------------------
Researchers say a 18-year-old programming error by Microsoft is creating a kernel bug that can be abused by an attacker.
---------------------------------------------
http://threatpost.com/microsoft-programming-error-is-behind-dangerous-kerne…
∗∗∗ Interesting List of Windows Processes Killed by Malicious Software ∗∗∗
---------------------------------------------
Just a quick blog post about an interesting sample that I found today. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity[The post Interesting List of Windows Processes Killed by Malicious Software has been first published on /dev/random]
---------------------------------------------
https://blog.rootshell.be/2017/09/06/interesting-list-windows-processes-kil…
∗∗∗ Apache Struts “serialisation” vulnerability – what you need to know ∗∗∗
---------------------------------------------
A bug in Apache Struts, a popular software toolkit for building web services, could let crooks take control of your server.
---------------------------------------------
https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisation-vul…
∗∗∗ Hackers Are Distributing Backdoored Cobian RAT Hacking tool For Free ∗∗∗
---------------------------------------------
Nothing is free in this world. If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax. Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack.
---------------------------------------------
https://thehackernews.com/2017/09/backdoored-hacking-tools.html
∗∗∗ Expired domain names and malvertising - Malwarebytes Labs ∗∗∗
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-…
∗∗∗ Gefälschte Microsoft-Warnung führt zu Datendiebstahl ∗∗∗
---------------------------------------------
Kriminelle fälschen einen Microsoft-Warnhinweis. Darin behaupten sie, dass fremde Computer mit Schadsoftware befallen seien. Vermeintliche Opfer sollen sich deshalb an eine Kundenhotline wenden. In Wahrheit gelangen sie an Verbrecher/innen, die Zugang zum Computer fordern, Dateien kopieren und Zahlungsdaten stehlen.
---------------------------------------------
https://www.watchlist-internet.at/sonstiges/gefaelschte-microsoft-warnung-f…
=====================
= Advisories =
=====================
∗∗∗ DFN-CERT-2017-1567/">IBM Notes: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1567/
∗∗∗ DFN-CERT-2017-1571/">Cisco ASR 5500 Series Routers: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1571/
∗∗∗ DFN-CERT-2017-1574/">Cisco Prime Collaboration Provisioning Tool: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Manipulation beliebiger Systemdateien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1574/
∗∗∗ DFN-CERT-2017-1578/">Cisco ASR 920 Series Router: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und die Manipulation von Dateien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1578/
∗∗∗ DFN-CERT-2017-1579/">Cisco IOS, Cisco IOS XE: Zwei Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1579/
∗∗∗ DFN-CERT-2017-1580/">Cisco IR800 Integrated Services Router: Eine Schwachstelle ermöglicht die komplette Kompromittierung des Systems ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1580/
∗∗∗ Cisco Prime LAN Management Solution Token ID Reuse Lets Remote Authenticated Users Hijack the Target Users Session ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039285
∗∗∗ Cisco Catalyst 4000 Series Switch Dynamic ACL Bug Lets Remote Users Bypass Port Access Controls on the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039284
∗∗∗ TYPO3 API Bug Lets Remote Users Obtain Potentially Sensitive Version Information on the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039294
∗∗∗ TYPO3 File Storage Access Control Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039293
∗∗∗ TYPO3 Input Validation Flaw in Backend Forms Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039292
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 05-09-2017 18:00 − Mittwoch 06-09-2017 18:00
Handler: Stefan Lenzhofer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Hackers Gain ‘Switch-Flipping’ Access to US Power Systems ∗∗∗
---------------------------------------------
Hackers who hit American utilities this summer had the power to cause blackouts, Symantec says.
---------------------------------------------
https://www.wired.com/story/hackers-gain-switch-flipping-access-to-us-power…
see also: http://derstandard.at/2000063697965
see also: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targ…
see also: https://www.bleepingcomputer.com/news/security/sabotage-warning-issued-on-h…
∗∗∗ SynAck Ransomware Sees Huge Spike in Activity ∗∗∗
---------------------------------------------
Over the past two days, there was an increase in activity from a relatively unknown ransomware strain named SynAck, according to submissions to the ID-Ransomware service and users who complained on the Bleeping Computer ransomware support forums. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-…
∗∗∗ Stop blaming users for security misses ∗∗∗
---------------------------------------------
Does the message to users about security need to change? Or does IT need to rebuild infrastructure so users can worry less about security? Wendy Nather, principal security strategist at Duo Security, talks with CSO senior writer Fahmida Rashid about how organizations can learn to do security right.
---------------------------------------------
https://www.csoonline.com/video/80055/stop-blaming-users-for-security-misse…
∗∗∗ Security and education in the wake of WannaCry, Petya ∗∗∗
---------------------------------------------
Attacks occur for a variety of reasons, and in the wake of the most widespread ransomware attacks, WannaCry and Petya, many organizations are re-evaluating their security practices to figure out what went wrong.While those who were hit are still trying to understand where their security gaps are, others enterprises that rely on legacy systems and cant be patched are looking for ways to prevent being the next victim. No, the vulnerabilities attackers leverage are not new. They prey on systems
---------------------------------------------
https://www.csoonline.com/article/3208384/backup-recovery/security-and-educ…
∗∗∗ The 15 biggest data breaches of the 21st centuryy ∗∗∗
---------------------------------------------
Data breaches happen daily, in too many places at once to keep count, take todays news of another Verizon breach that exposed the personal data of 6 million customers and a somewhat less dire breach at 14 Trump hotels. But what constitutes a huge breach versus a small one? CSO compiled a list of 15 of the biggest or most significant breaches of the 21st century.This list is based not necessarily on the number of records compromised, but on how much risk or damage the breach caused for
---------------------------------------------
https://www.csoonline.com/article/2130877/data-protection/the-15-biggest-da…
∗∗∗ ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month ∗∗∗
---------------------------------------------
The dreaded hacking group ShadowBrokers posted a new message, promising to deliver two data dumps a month as part its monthly dumps. The notorious group ShadowBrokers is back with announcing new interesting changes to their Dump Service. The hackers published a new message on the Steemit platform announcing new changed to their service. “Missing theshadowbrokers? If someone […]The post ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month appeared first on
---------------------------------------------
http://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html
∗∗∗ A Critical Apache Struts Security Flaw Makes It Easy To Hack Fortune 100 Firms ∗∗∗
---------------------------------------------
An anonymous reader quotes a report from ZDNet: A critical security vulnerability in open-source server software enables hackers to easily take control of an affected server -- putting sensitive corporate data at risk. The vulnerability allows an attacker to remotely run code on servers that run applications using the REST plugin, built with Apache Struts, according to security researchers who discovered the vulnerability. All versions of Struts since 2008 are affected, said the researchers.
---------------------------------------------
https://apache.slashdot.org/story/17/09/05/2053200/a-critical-apache-struts…
∗∗∗ Hacker-Angriffe auf MongoDB treffen fast 27.000 Datenbanken ∗∗∗
---------------------------------------------
Erpresserische Angriffe auf sicherheitsanfällige MongoDB-Datenbanken liegen bei Online-Kriminellen bereits seit Ende letzten Jahres im Trend. Nun geht die Abzocke weiter: Drei neue Hackergruppen fordern Bitcoins im Tausch gegen Datenbankinhalte.
---------------------------------------------
https://heise.de/-3822955
∗∗∗ Security flaw affects 750,000 Estonian ID cards ∗∗∗
---------------------------------------------
An international group of cryptographers has flagged a serious security vulnerability in the chip embedded in Estonian ID cards, the country’s Information System Authority has announced. “Estonian experts assess there to be a possible security vulnerability and we will continue to verify the claims of the researchers,” said Taimar Peterkop, Director-General of the agency. “We have developed the primary solutions to mitigate the risk, and will do our utmost to ensure that
---------------------------------------------
https://www.helpnetsecurity.com/2017/09/06/estonian-id-cards-security-flaw/
=====================
= Advisories =
=====================
∗∗∗ Apache Struts: Jetzt updaten und kritische Lücke schließen ∗∗∗
---------------------------------------------
Eine soeben veröffentlichte Version von Apache Struts schließt eine kritische Lücke. Die Entwickler und der Entdecker der Sicherheitslücke rechnen damit, dass diese bald für Angriffe auf Firmen missbraucht wird. Also ist jetzt zügiges Handeln angesagt.
---------------------------------------------
https://heise.de/-3822948
∗∗∗ Bugtraq: [security bulletin] HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541129
∗∗∗ DFN-CERT-2017-1558/">Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1558/
∗∗∗ DFN-CERT-2017-1556/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1556/
∗∗∗ DFN-CERT-2017-1563/">Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1563/
∗∗∗ DFN-CERT-2017-1561/">IBM AIX, IBM VIOS, IBM Java SDK: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung des Systems ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1561/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22008080
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-09-2017 18:00 − Dienstag 05-09-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Six-Year-Old "Loop Bug" Re-Discovered to Affect Almost All Major PDF Viewers ∗∗∗
---------------------------------------------
A bug discovered in an obscure PDF parsing library back in 2011 is also present in most of todays top PDF viewers, according to German software developer Hanno Böck.
---------------------------------------------
https://www.bleepingcomputer.com/news/software/six-year-old-loop-bug-re-dis…
∗∗∗ TrustZone Downgrade Attack Opens Android Devices to Old Vulnerabilities ∗∗∗
---------------------------------------------
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trustzone-downgrade-attack-o…
∗∗∗ The Mirai Botnet: A Look Back and Ahead At Whats Next, (Tue, Sep 5th) ∗∗∗
---------------------------------------------
It is a bit hard to nail down when the Mirai botnet really started. I usually use scans for port:2323 and the use of the password "xc3511" as an indicator. But of course, that isn't perfect. The very first scan using the password "xc3511" was detected by our sensor on February 26th, 2016, well ahead of Mirai.
---------------------------------------------
https://isc.sans.edu/diary/rss/22786
∗∗∗ Hunting Pastebin with PasteHunter ∗∗∗
---------------------------------------------
>From a security analytics and Threat Intelligence perspective Pastebin is a treasure trove of information. All content that is uploaded to pastebin and not explicitly set to private (which requires an account) is listed and can be viewed by anyone.
---------------------------------------------
https://techanarchy.net/2017/09/hunting-pastebin-with-pastehunter/
∗∗∗ Finger weg von SHA-1: 320 Millionen Passwörter geknackt ∗∗∗
---------------------------------------------
Wenn Webseitenbetreiber Passwörter von Kunden nicht sicher verwahren, ist der Super-GAU vorprogrammiert. Daran erinnern abermals Sicherheitsforscher, die in überschaubarer Zeit Millionen Passwörter entschlüsselt haben.
---------------------------------------------
https://heise.de/-3822005
=====================
= Advisories =
=====================
∗∗∗ DFN-CERT-2017-1547/">Liblouis: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1547/
∗∗∗ DFN-CERT-2017-1554/">Apache Software Foundation Struts: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1554/
∗∗∗ Security Notice - Statement About the Bootloader Vulnerabilities in Huawei Mobile Phones Disclosed at the USENIX Conference ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170905-01-…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22001461
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg21996956
∗∗∗ Arbitrary Code Execution in TYPO3 CMS ∗∗∗
---------------------------------------------
https://typo3.org/news/article/arbitrary-code-execution-in-typo3-cms/
∗∗∗ Information Disclosure in TYPO3 CMS ∗∗∗
---------------------------------------------
https://typo3.org/news/article/information-disclosure-in-typo3-cms-1/
∗∗∗ Information Disclosure in TYPO3 CMS ∗∗∗
---------------------------------------------
https://typo3.org/news/article/information-disclosure-in-typo3-cms/
∗∗∗ Cross-Site Scripting in TYPO3 CMS Backend ∗∗∗
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-in-typo3-cms-backend/
∗∗∗ USN-3409-1: FontForge vulnerabilities ∗∗∗
---------------------------------------------
http://www.ubuntu.com/usn/usn-3409-1/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 01-09-2017 18:00 − Montag 04-09-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ RTP Bleed: Mit Asterisk-Bug Telefonate belauschen ∗∗∗
---------------------------------------------
Ein Bug in der IP-Telefonielösung Asterisk ermöglicht Angreifern, Telefonate mitzuhören. Das Problem liegt in der zugrundeliegenden RTP-Implementierung. Ein erster Patch ist da, aber noch fehlerhaft.
---------------------------------------------
https://www.golem.de/news/rtp-bleed-mit-asterisk-bug-telefonate-belauschen-…
∗∗∗ Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox ∗∗∗
---------------------------------------------
2017-09-01 update: A different campaign using HoeflerText popups has been active during the same timeframe. I wrote about it here, but the only thing these two campaigns have in common is that they both used HoeflerText popups.
---------------------------------------------
https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+Ho…
∗∗∗ Fehler in API: Möglicherweise Millionen Kontaktdaten von Instagram-Usern öffentlich ∗∗∗
---------------------------------------------
Wegen eines Bug in der Kommunikationsschnittstelle zu anderen Apps müssen Millionen Instagram-Nutzer um ihre Privatsphäre fürchten. Betroffen sind laut der Facebook-Tochter nicht nur Prominente.
---------------------------------------------
https://heise.de/-3820497
∗∗∗ Mehrere Sicherheitslücken in RubyGems ∗∗∗
---------------------------------------------
Rubys Paketsystem RubyGems enthält Schwachstellen, die unter anderem DoS-Angriffe und DNS-Hijacking ermöglichen. Ein Update auf die aktuelle Version 2.6.13 bannt die Gefahr.
---------------------------------------------
https://heise.de/-3820891
∗∗∗ Mehrere große Torrent-Seiten offenbar nach Attacken offline ∗∗∗
---------------------------------------------
Eine Reihe prominenter Plattformen wie Torrentproject sind nicht mehr erreichbar – Domains suspendiert, Überlastungsangriffe
---------------------------------------------
http://derstandard.at/2000063553913
=====================
= Advisories =
=====================
∗∗∗ DSA-3960 gnupg - security update ∗∗∗
---------------------------------------------
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon GrootBruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3960
∗∗∗ DSA-3961 libgd2 - security update ∗∗∗
---------------------------------------------
A double-free vulnerability was discovered in the gdImagePngPtr()function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3961
∗∗∗ DSA-3962 strongswan - security update ∗∗∗
---------------------------------------------
A denial of service vulnerability was identified in strongSwan, an IKE/IPsecsuite, using Googles OSS-Fuzz fuzzing project.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3962
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 31-08-2017 18:00 − Freitag 01-09-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Boobytrapped Word File Installs Locky Ransomware When You Close the Document ∗∗∗
---------------------------------------------
Summer vacation is over! During the past week, security researchers have discovered several distribution campaigns pushing the Locky ransomware via different methods, including a new variant that features one hell of a clever trick.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/boobytrapped-word-file-insta…
∗∗∗ US Government Site Was Hosting Ransomware ∗∗∗
---------------------------------------------
As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. The malware link has since been taken down.
---------------------------------------------
http://threatpost.com/us-government-site-removes-link-to-cerber-ransomware-…
∗∗∗ Malware writer offers free trojan to hackers ... with one small drawback ∗∗∗
---------------------------------------------
Beware of geeks bearing Cobian RAT gifts Those looking on the dark web for malware capable of hijacking computers might have thought they were getting a bargain when a free trojan appeared on various online souks over the past few months.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/08/31/free_trojan…
∗∗∗ Lücke in HPE Operations Orchestration ermöglicht Remote Code Execution ∗∗∗
---------------------------------------------
Die Software Operations Orchestration erlaubt in allen Versionen vor 10.80 die Codeausführung aus der Ferne. Hewlett Packard Enterprise rät zum Update. Auch für zwei Performancetest-Tools des Herstellers stehen Aktualisierungen bereit.
---------------------------------------------
https://heise.de/-3819782
=====================
= Advisories =
=====================
∗∗∗ OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04
∗∗∗ Moxa SoftCMS Live Viewer ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05
∗∗∗ Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01
∗∗∗ DFN-CERT-2017-1542/">Digium Asterisk, Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1542/
∗∗∗ SSA-866217: SMBv1 Vulnerabilities in ACUSON S1000/2000/3000 ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-866217…
∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Honor 5S Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170901-…
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei APKs ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170901-…
∗∗∗ IBM Security Bulletin: IBM Expeditor is affected by a denial of service vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002103
∗∗∗ IBM Security Bulletin: IBM Notes is affected by a denial of service vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21999385
∗∗∗ IBM Security Bulletin: IBM Notes is affected by a denial of service vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21999384
∗∗∗ IBM Security Bulletin: IBM Notes is affected by Open Source zlib vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21997877
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in Curl (CVE-2016-7167) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007553
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in bash (CVE-2016-9401, CVE-2016-7543, CVE-2016-0634) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007554
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007416
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Network Protection ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007918
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007552
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by potential issues of XML External Entity Injection (CVE-2017-1458) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007551
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by potential issues of Cross-Site Scripting (CVE-2017-1457) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007550
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security has updated commons-fileupload for known vulnerabilities (CVE-2016-3092) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007539
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a less-secure algorithm during negotiations vulnerability (CVE-2017-1491) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007535
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 30-08-2017 18:00 − Donnerstag 31-08-2017 18:00
Handler: Robert Waldner
Co-Handler: Olaf Schwarz
=====================
= News =
=====================
∗∗∗ Dissecting the Chrome Extension Facebook malware ∗∗∗
---------------------------------------------
The Facebook malware that spread last week was dissected in a collaboration with Kaspersky Lab and Detectify. We were able to get help from the involved companies and cloud services to quickly shut down parts of the attack to mitigate it as fast as possible.
---------------------------------------------
http://securelist.com/dissecting-the-chrome-extension-facebook-malware/8171…
∗∗∗ Cyber Security Assessment Netherlands 2017: Digital resilience is lagging behind the increasing threat ∗∗∗
---------------------------------------------
The digital resilience of individuals and organisations is lagging behind the increasing threat. Government, business and citizens take many steps to increase digital resilience, but this is not happening fast enough. This is apparent from the Cyber Security Assessment Netherlands 2017 (CSAN 2017), which demissionary State Secretary Dijkhoff sent to parliament in June and which is being published in English today.
---------------------------------------------
https://www.ncsc.nl/english/current-topics/news/cyber-security-assessment-n…
∗∗∗ A Framework for Cyber Security Insurance ∗∗∗
---------------------------------------------
New paper: "Policy measures and cyber insurance: a framework," by Daniel Woods and Andrew Simpson, Journal of Cyber Policy, 2017.Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments and the insurance industry should pursue in support of this public-private partnership.
---------------------------------------------
https://www.schneier.com/blog/archives/2017/08/a_framework_for.html
∗∗∗ Mining Adminers – Hackers Scan the Internet For DB Scripts ∗∗∗
---------------------------------------------
Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance. Despite these limitations, scanning just 1% of the internet allows attackers to discover thousands of vulnerable sites.
---------------------------------------------
https://blog.sucuri.net/2017/08/mining-adminers-hackers-scan-the-internet-f…
∗∗∗ Herzschrittmacher von St. Jude Medical: Firmware-Patches gegen Sicherheitslücken ∗∗∗
---------------------------------------------
Versierte Hacker können Herzschrittmacher der Marke Abbott angreifen, um Befehle auszuführen und Patientendaten zu stehlen. Implantatträgern wird ein baldiger Arztbesuch empfohlen, um wichtige Firmware-Updates zu installieren.
---------------------------------------------
https://heise.de/-3817954
∗∗∗ Embedded IoT: Krypto-Bibliothek mbed TLS für Lauschattacken anfällig ∗∗∗
---------------------------------------------
Unter gewissen Umständen könnten Angreifer als Man in the Middle den Informationsaustausch von Geräten, die auf mbed TLS setzen, mitschneiden. Abgesicherte Versionen stehen bereit.
---------------------------------------------
https://heise.de/-3819197
∗∗∗ Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities ∗∗∗
---------------------------------------------
Today, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allows an attacker to gain full control over the victims machine.
---------------------------------------------
http://blog.talosintelligence.com/2017/08/vuln-spotlight-multiple-gdk.html
=====================
= Advisories =
=====================
∗∗∗ IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Compute denial of service vulnerability (CVE-2016-7498) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022227
∗∗∗ IBM Security Bulletin: Vulnerability in libtirpc affects Power Hardware Management Console (CVE-2017-8779) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022176
∗∗∗ IBM Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022177
∗∗∗ IBM Security Bulletin: IBM PowerVC is impacted by python oslo.middleware package information disclosure (CVE-2017-2592) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022229
∗∗∗ IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022228
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2017 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007046
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2017 CPU ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007002
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 29-08-2017 18:00 − Mittwoch 30-08-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ WireX: Google entfernt 300 DDoS-Apps aus dem Playstore ∗∗∗
---------------------------------------------
Google hat ein DDoS-Botnetz aus Android-Geräten lahmgelegt - und dazu
300 Apps aus dem Playstore entfernt. Rund 70.000 Smartphones wurden
infiziert. (DoS, Virus)
---------------------------------------------
https://www.golem.de/news/wirex-google-entfernt-300-ddos-apps-aus-dem-plays…
∗∗∗ Introducing WhiteBear ∗∗∗
---------------------------------------------
As a part of our Kaspersky APT Intelligence Reporting subscription,
customers received an update in mid-February 2017 on some interesting
APT activity that we called WhiteBear. It is a parallel project or
second stage of the Skipper Turla cluster of activity documented in
another private report. Like previous Turla activity, WhiteBear
leverages compromised websites and hijacked satellite connections for
command and control (C2) infrastructure.
---------------------------------------------
http://securelist.com/introducing-whitebear/81638/
∗∗∗ Security baseline for Windows 10 “Creators Update” (v1703) – FINAL
∗∗∗
---------------------------------------------
Microsoft is pleased to announce the final release of the recommended
security configuration baseline settings for Windows 10 “Creators
Update,” also known as version 1703, “Redstone 2,” or RS2. The
downloadable attachment to this blog post includes importable GPOs,
tools for applying the GPOs, custom ADMX files for Group Policy
settings, and all the settings in spreadsheet...
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-f…
∗∗∗ Proof that HMAC-DRBG has No Back Doors ∗∗∗
---------------------------------------------
New research: "Verified Correctness and Security of mbedTLS HMAC-DRBG,"
by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer,
Adam Petcher, and Andrew W. Appel.Abstract: We have formalized the
functional specification of HMAC-DRBG (NIST 800-90A), and we have
proved its cryptographic security -- that its output is pseudorandom --
using a hybrid game-based proof.
---------------------------------------------
https://www.schneier.com/blog/archives/2017/08/proof_that_hmac.html
=====================
= Advisories =
=====================
∗∗∗ Update to Security Bulletin (APSB17-24) ∗∗∗
---------------------------------------------
The Security Bulletin (APSB17-24) published on August 8 regarding
updates for Adobe Acrobat and Reader has been updated to reflect the
availability of new updates as of August 29. The August 29 updates
resolve a functional regression with XFA forms functionality …
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1484
∗∗∗ DFN-CERT-2017-1525: Wireshark: Mehrere Schwachstellen ermöglichen
Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht
authentisierten Angreifer für verschiedene Denial-of-Service
(DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen
erfordert die Verarbeitung speziell präparierter Datenpakete oder
Packet-Trace-Dateien mit den Dissektoren für IrCOMM, Modbus, Profinet
I/O oder MSDP.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1525/
∗∗∗ DFN-CERT-2017-1523: Libgcrypt: Eine Schwachstelle ermöglicht das
Ausspähen von Informationen ∗∗∗
---------------------------------------------
Eine Schwachstelle in Libgcrypt ermöglicht einem lokalen, einfach
authentisierten Angreifer das Ausspähen privaten Schlüsselmaterials.
Das GnuPG-Projekt hat die Schwachstelle in den Versionen 1.7.9 und
1.8.1 behoben. Der Quellcode dieser Versionen steht zum Herunterladen
zur Verfügung.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1523/
∗∗∗ Multiple vulnerabilities in RubyGems ∗∗∗
---------------------------------------------
The following vulnerabilities have been reported. * a DNS request
hijacking vulnerability * an ANSI escape sequence vulnerability * a DoS
vulernerability in the query command * a vulnerability in the gem
installer that allowed a malicious gem to overwrite arbitrary files
---------------------------------------------
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-ru…
∗∗∗ Cisco unveils LabVIEW code execution flaw that won’t be patched ∗∗∗
---------------------------------------------
LabVIEW, the widely used system design and development platform
developed by National Instruments, sports a memory corruption
vulnerability that could lead to code execution. LabVIEW is commonly
used for building data acquisition, instrument control, and industrial
automation systems on a variety of operating systems: Windows, macOS,
Linux and Unix. The vulnerability (CVE-2017-2779) The vulnerability was
discovered by Cory Duplantis of Cisco Talos earlier this year, and
reported to the company.
---------------------------------------------
https://www.helpnetsecurity.com/2017/08/30/labview-code-execution-flaw/
∗∗∗ Abbott Laboratories’ Accent/Anthem, Accent MRI, Assurity/Allure,
and Assurity MRI Pacemaker Vulnerabilities ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01
∗∗∗ AzeoTech DAQFactory ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01
∗∗∗ Advantech WebAccess ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02
∗∗∗ Security Advisory - Improper Authentication Vulnerability in The
FusionSphere OpenStack ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170830-…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK
affect IBM Algo Credit Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007392
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM®
SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=swg22006695
∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power
Hardware Management Console ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022175
∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application
Server affects Power Hardware Management Console (CVE-2017-1194) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022178
∗∗∗ IBM Security Bulletin: IBM Transformation Extender Advanced and IBM
Standards Processing Engine are susceptible to a vulnerability in 10x
(CVE-2017-1152) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004796
∗∗∗ ImageMagick Heap Overflow in TracePoint() in Processing Files Lets
Remote Users Execute Arbitrary Code ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039246
∗∗∗ SSA-535640 (Last Update 2017-08-30): Vulnerability in Industrial
Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640…
∗∗∗ SSA-771218 (Last Update 2017-08-30): Vulnerability in 7KM PAC
Switched Ethernet PROFINET expansion module from the SENTRON portfolio
∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218…
∗∗∗ SSA-087240 (Last Update 2017-08-30): Vulnerabilities in SIEMENS
LOGO! ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240…
∗∗∗ HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center,
Remote Disclosure of Information ∗∗∗
---------------------------------------------
https://h20565.www2.hpe.com/portal/site/hpsc/template.PAGE/action.process/p…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 28-08-2017 18:00 − Dienstag 29-08-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Metadata From IoT Traffic Exposes In-Home User Activity ∗∗∗
---------------------------------------------
Metadata from web traffic generated by smart devices installed in a home can reveal quite a lot of information about the owners habits and lifestyle. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/technology/metadata-from-iot-traffic-…
∗∗∗ "Die ganzen Kosten und Risiken trägt im Moment der Kunde" ∗∗∗
---------------------------------------------
Das absolut Mindeste muss sein, dass der Hersteller für alle Sicherheitslücken für den gesamten Nutzungszeitraum der Software Patches für Sicherheitslücken zur Verfügung stellen muss. Wenn es nach mir ginge, bekäme der Kunde eine Pauschale pro Arbeitsplatz und Tag ohne Patch ausgezahlt, und zwar nicht seit das Sicherheitsloch öffentlich bekannt wurde, sondern – wenn das vorher war – seit der Hersteller davon wusste.
---------------------------------------------
https://www.eco.de/2017/news/die-ganzen-kosten-und-risiken-traegt-im-moment…
∗∗∗ Android und Windows: MTP-Bug lässt Dateien verschwinden ∗∗∗
---------------------------------------------
Vorsicht mit Android-Geräten, die per USB an einen PC mit Windows 10 angeschlossen sind: Bei harmlosen Aufräumarbeiten können Fotos und andere Dateien unwiderruflich verloren gehen. Betroffen sind fast alle Android-Geräte außer den neueren von Samsung.
---------------------------------------------
https://heise.de/-3815535
∗∗∗ Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet ∗∗∗
---------------------------------------------
A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle WireX, an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more
---------------------------------------------
https://krebsonsecurity.com/2017/08/tech-firms-team-up-to-take-down-wirex-a…
∗∗∗ BSI-Studie zur Analyse des Linux-Zufallszahlengenerators wird fortgesetzt ∗∗∗
---------------------------------------------
Im Rahmen einer Langzeitstudie untersucht das Bundesamt für Sicherheit in der Informationstechnik (BSI) seit 2012 die kryptografische Eignung des Linux-Zufallszahlengenerators "/dev/random". Der aktuelle Untersuchungsbericht umfasst sowohl den aktuellen als auch alle vorigen Linux-Kernel und steht in englischer Sprache auf der BSI-Webseite zum Download zur Verfügung.
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Studie_Linu…
=====================
= Advisories =
=====================
∗∗∗ DSA-3958 fontforge - security update ∗∗∗
---------------------------------------------
It was discovered that FontForge, a font editor, did not correctlyvalidate its input. An attacker could use this flaw by tricking a userinto opening a maliciously crafted OpenType font file, thus causing adenial-of-service via application crash, or execution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3958
∗∗∗ DSA-3957 ffmpeg - security update ∗∗∗
---------------------------------------------
Several vulnerabilities have been discovered in FFmpeg, a multimediaplayer, server and encoder. These issues could lead to Denial-of-Serviceand, in some situation, the execution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3957
∗∗∗ VU#403768: Akeo Consulting Rufus fails to update itself securely ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/403768
∗∗∗ DFN-CERT-2017-1514: MISP: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1514/
∗∗∗ DFN-CERT-2017-1512: OpenSSL: Eine Schwachstelle ermöglicht das Darstellen falscher Informationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1512/
∗∗∗ DFN-CERT-2017-1515: Ghostscript: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1515/
∗∗∗ DFN-CERT-2017-1517: SQLite: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1517/
∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170807-…
∗∗∗ Security Advisory - App Lock Bypass Vulnerability in Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170829-…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025659
∗∗∗ Pulse Connect Secure Access Control Flaw in diag.cgi Lets Remote Users Conduct Cross-Site Request Forgery Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039242
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 25-08-2017 18:00 − Montag 28-08-2017 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
=====================
= News =
=====================
=====================
= Advisories =
=====================
∗∗∗ Disabling Intel ME 11 via undocumented mode ∗∗∗
---------------------------------------------
.. researchers has delved deep into the internal architecture of Intel
Management Engine (ME) 11, revealing a mechanism that can disable Intel
ME after hardware is initialized and the main processor starts. In this
article, we describe how we discovered this undocumented mode and how
it is connected with the U.S. governments High Assurance Platform (HAP)
program.
---------------------------------------------
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017
/huawei-sa-20170807-01-smartphone-en
∗∗∗ IBM Security Bulletin: OpenSSL Security Advisory [22 Sep 2016 ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010571
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM
Sametime Community Server ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006228
∗∗∗ IBM Security Bulletin: IBM Cognos Analytics is affected by multiple
vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007242
∗∗∗ IBM Security Bulletin: A vulnerability in IBM Sametime Web Player
(CVE-2016-2980) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006447
∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Sametime
Connect client (CVE-2016-0243, CVE-2016-2974) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006444
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco
SAN switches and directors (CVE-2016-2108, CVE-2016-2107,
CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010566
∗∗∗ IBM Security Bulletin: Various Security Vulnerabilities in IBM
Sametime Proxy Server ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006441
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily