Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - 10.08.2017
by Daily end-of-shift report 10 Aug '17

10 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 09-08-2017 18:00 − Donnerstag 10-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ IT-Branche: "Sicherheitspaket" gefährdet Cybersicherheit ∗∗∗ --------------------------------------------- In einem offenen Brief warnen Vertreter der österreichischen IT-Branche vor Gefahren für die Cybersicherheit durch das von der ÖVP geplante „Sicherheitspaket“. --------------------------------------------- https://futurezone.at/netzpolitik/it-branche-sicherheitspaket-gefaehrdet-cy… ∗∗∗ Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities ∗∗∗ --------------------------------------------- An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform. --------------------------------------------- http://threatpost.com/mystery-company-offers-250000-bounty-for-vm-escape-vu… ∗∗∗ SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity ∗∗∗ --------------------------------------------- SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software. --------------------------------------------- http://threatpost.com/sap-patch-tuesday-update-resolves-19-flaws-three-high… ∗∗∗ Salesforce sacks two top security engineers for their DEF CON talk ∗∗∗ --------------------------------------------- Revealing penetration-testing tool sealed staffers fate Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.… --------------------------------------------- www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engin… ∗∗∗ Bundeskriminalamt (BK) warnt österreichische Unternehmen vor CEO-Betrug ∗∗∗ --------------------------------------------- http://www.bmi.gv.at/cms/bk/_news/start.aspx?id=534C4362372B557557664D3D&pa… ∗∗∗ The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says ∗∗∗ --------------------------------------------- An anonymous researcher has been able to identify the email address of people who have subscribed to the monthly dump service by the mysterious hacking group. --------------------------------------------- https://motherboard.vice.com/en_us/article/neejqw/the-shadow-brokers-have-m… ∗∗∗ Alleged vDOS Operators Arrested, Charged ∗∗∗ --------------------------------------------- Two young Israeli men alleged by this author to have co-founded vDOS -- until recently the largest and most profitable cyber attack-for-hire service online -- were arrested and formally indicted this week in Israel on conspiracy and hacking charges. --------------------------------------------- https://krebsonsecurity.com/2017/08/alleged-vdos-operators-arrested-charged/ ===================== = Advisories = ===================== ∗∗∗ Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2900951 ∗∗∗ Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2900966 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.08.2017
by Daily end-of-shift report 09 Aug '17

09 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 08-08-2017 18:00 − Mittwoch 09-08-2017 18:00 Handler: Alexander Riepl Co-Handler: Olaf Schwarz ===================== = News = ===================== ∗∗∗ Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read ∗∗∗ --------------------------------------------- For the past couple of months I’ve been presenting my “Introduction to Windows Logical Privilege Escalation Workshop” at a few conferences. The restriction of a 2 hour slot fails to do the topic justice and some interesting tips and tricks I would like to present have to be cut out. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-a… ∗∗∗ Engineering Firm Leaks Sensitive Data on Dell, SBC and Oracle ∗∗∗ --------------------------------------------- Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet tied to Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin. --------------------------------------------- http://threatpost.com/engineering-firm-leaks-sensitive-data-on-dell-sbc-and… ∗∗∗ WTF is Mughthesec!? poking on a piece of undetected adware ∗∗∗ --------------------------------------------- Some undetected adware named "Mughthesec" is infecting Macs...lets check it out! --------------------------------------------- https://objective-see.com/blog/blog_0x20.html ∗∗∗ How are people fooled by this? Email to sign a contract provides malware instead. ∗∗∗ --------------------------------------------- https://isc.sans.edu/diary/rss/22696 ∗∗∗ Security Afterworks – Best of Summer of Security Conferences ∗∗∗ --------------------------------------------- September 14, 2017 - 4:30 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-best-of-summer-of-s… ∗∗∗ Chip Off the Old EMV ∗∗∗ --------------------------------------------- Recently, Jason Knowles of ABC 7s I-Team asked us, "What is the security risk if your EMV chip falls off your credit card? What could someone do with that?" --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Chip-Off-the-Old-EMV/ ∗∗∗ Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev ∗∗∗ --------------------------------------------- WannaCry ransomware killer due in court August 14 British security researcher Marcus Hutchins was released on Monday from a Nevada jail after posting bail. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/08/08/marcus_hutc… ∗∗∗ FBIs spyware-laden video claims another scalp: Alleged sextortionist charged ∗∗∗ --------------------------------------------- Feds NIT punches through Tor anonymity shield The FBI’s preferred tool for unmasking Tor users has brought about another arrest: a suspected sextortionist who allegedly tricked young girls into sharing nude pics of themselves and then blackmailed his victims. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/08/09/fbis_spywar… ∗∗∗ Critical Security Fixes from Adobe, Microsoft ∗∗∗ --------------------------------------------- Adobe has released updates to fix at least 67 vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, its time once again to get your patches on. More than two dozen of the vulnerabilities fixed in todays Windows patch bundle address "critical" .. --------------------------------------------- https://krebsonsecurity.com/2017/08/critical-security-fixes-from-adobe-micr… ∗∗∗ Sonderzeichen, Ziffern und Co: Erfinder bereut Passwort-Regeln ∗∗∗ --------------------------------------------- 2003 entwarf Bill Burr für US-Behörden Passwortregeln, die sich bald global durchsetzten – und heute als unsicher gelten --------------------------------------------- http://derstandard.at/2000062463061 ===================== = Advisories = ===================== ∗∗∗ OSIsoft PI Integrator ∗∗∗ --------------------------------------------- This advisory contains mitigation details for cross-site scripting and improper authorization vulnerabilities in OSIsoft’s PI Integrator for SAP HANA 2016, PI Integrator for Business Analytics 2016 - Data Warehouse, PI Integrator for Business Analytics 2016 - Business Intelligence, PI Integrator for Business Analytics and SAP HANA SQL Utility 2016, and PI Integrator for Microsoft Azure 2016. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01 ∗∗∗ Moxa SoftNVR-IA Live Viewer ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in Moxa’s SoftNVR-IA Live Viewer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02 ∗∗∗ FortiOS IKE VendorID version information disclosure ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-073 ∗∗∗ FortiWeb SNMPv3 user password viewable in HTML source code ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-162 ∗∗∗ Sicherheitslücken in mehreren Jenkins-Plugins ∗∗∗ --------------------------------------------- https://heise.de/-3796342 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.08.2017
by Daily end-of-shift report 08 Aug '17

08 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 07-08-2017 18:00 − Dienstag 08-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ Hotspot Shield: VPN-Provider soll Nutzer per Javascript ausspionieren ∗∗∗ --------------------------------------------- Der VPN-Provider Hotspot soll seine Nutzer durch Javascript-Elemente und Werbung ausspionieren - obwohl er genau das Gegenteil behauptet. Das wirft eine US-Bürgerrechtsorganisation dem Unternehmen vor und hat Beschwerde bei der FTC eingereicht. --------------------------------------------- https://www.golem.de/news/hotspot-shield-vpn-provider-soll-javascript-in-ve… ∗∗∗ Google Patches 10 Critical Bugs in August Android Security Bulletin ∗∗∗ --------------------------------------------- Googles August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Googles Pixel and Nexus handsets. --------------------------------------------- http://threatpost.com/google-patches-10-critical-bugs-in-august-android-sec… ∗∗∗ Microsoft to remove WoSign and StartCom certificates in Windows 10 ∗∗∗ --------------------------------------------- Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wos… ∗∗∗ How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players ∗∗∗ --------------------------------------------- Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/chat-app-discord… ∗∗∗ Practical Analysis of the Cybersecurity of European Smart Grids ∗∗∗ --------------------------------------------- This paper summarizes the experience gained during a series of practical cybersecurity assessments of various components of Europe’s smart electrical grids. --------------------------------------------- http://digitalsubstation.com/en/2017/08/07/practical-analysis-of-nbsp-the-c… ∗∗∗ Google warnt Entwickler von Chrome-Erweiterungen vor Phishing-Mails ∗∗∗ --------------------------------------------- Betrüger sind auf der Jagd nach Log-in-Daten von Entwickler-Accounts, um Chrome-Erweiterungen mit Schadcode zu verseuchen und anschließend zu verteilen, warnt Google. --------------------------------------------- https://heise.de/-3795160 ∗∗∗ Hacker erpressen HBO mit weiteren "Game of Thrones"-Folgen ∗∗∗ --------------------------------------------- Erpresser haben Skript zu Folge 5 von Staffel 7 veröffentlicht und fordern Geld, um weitere Publizierungen zu unterlassen --------------------------------------------- http://derstandard.at/2000062391623 ∗∗∗ IWF warnt: Cyber-Angriffe gefährden weltweite Finanzstabilität ∗∗∗ --------------------------------------------- Attacken von Hackern und Kriminellen immer raffinierter --------------------------------------------- http://derstandard.at/2000062403498 ===================== = Advisories = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-23), Adobe Acrobat and Reader (APSB17-24), Adobe Experience Manager (APSB17-26) and Adobe Digital Editions (APSB17-27). Adobe recommends users update their product installations to the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1480 ∗∗∗ Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux ∗∗∗ --------------------------------------------- August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.08.2017
by Daily end-of-shift report 07 Aug '17

07 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 04-08-2017 18:00 − Montag 07-08-2017 18:00 Handler: Alexander Riepl Co-Handler: ===================== = News = ===================== ∗∗∗ You Can Trick Self-Driving Cars by Defacing Street Signs ∗∗∗ --------------------------------------------- A team of eight researchers has discovered that by altering street signs, an adversary could confuse self-driving cars and cause their machine-learning systems to misclassify signs and take .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/you-can-trick-self-driving-c… ∗∗∗ Passwortmanager: Lastpass ab sofort doppelt so teuer ∗∗∗ --------------------------------------------- Wer den Passwortmanager Lastpass nutzt, muss künftig mehr bezahlen. Nutzern der kostenfreien Version werden einige Funktionen gestrichten. Außerdem kündigt .. --------------------------------------------- https://www.golem.de/news/passwortmanager-lastpass-ab-sofort-doppelt-so-teu… ∗∗∗ Links in phishing-like emails lead to tech support scam ∗∗∗ --------------------------------------------- Tech support scams continue to evolve, with scammers exploring more ways to reach potential victims. Recently, we have observed spam campaigns distributing links that lead to tech support scam websites. Anti-spam filters in Microsoft Exchange .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/07/links-in-phishing-like-… ∗∗∗ Increase of phpMyAdmin scans ∗∗∗ --------------------------------------------- PMA (or phpMyAdmin) is a well-known MySQL front-end written in PHP that brings MySQL to the web as stated on the web site[1]. The tool is very popularamongst web developers because it helps to maintain databases just by using a web browser. This also means that the front-end might be publicly exposed! It is a common findingin many penetration tests to find an old PMA interface left byan admin. --------------------------------------------- https://isc.sans.edu/diary/rss/22688 ∗∗∗ ESET Spreading FUD About Torrent Files, Clients ∗∗∗ --------------------------------------------- An anonymous reader writes: ESET has taken fear mongering, something that some security firms continue to do, to a new level by issuing a blanket warning to users to view torrent files and clients as a threat. The warning came from the companys so-called security evangelist Ondrej Kubovic, (who used extremely patchy data to try and .. --------------------------------------------- https://it.slashdot.org/story/17/08/04/1938242/eset-spreading-fud-about-tor… ∗∗∗ Tale of the Two Payloads – TrickBot and Nitol ∗∗∗ --------------------------------------------- A couple of weeks ago, we observed the Necurs botnet distributing a new malware spam campaign with a payload combo that includes Trickbot and Nitol. Trickbot is a banking trojan .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Tale-of-the-Two-Payloads-%e2… ∗∗∗ Erpressungstrojaner Cerber soll Bitcoins klauen ∗∗∗ --------------------------------------------- Offenbar ist den Malware-Entwicklern von Cerber das Lösegeld nicht genug: Der Verschlüsselungstrojaner soll sich nun auch Bitcoin-Wallets und Passwörter unter den Nagel reißen. --------------------------------------------- https://heise.de/-3793763 ∗∗∗ FireEye dementiert Hacker-Angriff auf US-Sicherheitsfirma Mandiant ∗∗∗ --------------------------------------------- Ein unbekannter Hacker brüstete sich damit, dass er das Netzwerk von Mandiant und Computer von Mitarbeitern kompromittiert hat. FireEye erklärt nun, dass das nicht stimmt. --------------------------------------------- https://heise.de/-3794454 ∗∗∗ Hackercamp SHA2017: All Computers are broken ∗∗∗ --------------------------------------------- ACAB mag in anderen Kreisen etwas anderes bedeuten, doch für Hacker ist die Sache klar: All Computers are broken. Das wurde auf dem niederländischen Hackercamp SHA2017 deutlich. --------------------------------------------- https://heise.de/-3794575 ∗∗∗ Hintergrund: Die Geschichte von Junipers enteigneter Hintertür ∗∗∗ --------------------------------------------- In einem mehrfach ausgezeichneten Paper liefern Forscher eine Art Krypto-Krimi. Sie dokumentieren minutiös, wie der Netzwerkausrüster Juniper eine versteckte Hintertür in seine Produkte einbaute – und wie ein externer Angreifer sie später umfunktionierte. --------------------------------------------- https://heise.de/-3794610 ∗∗∗ Gefälschte GMX-Nachricht: Konto gesperrt ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte GMX-Nachricht mit dem Betreff „GMX Konto Gesperrt“. Darin behaupten sie, dass das E-Mailkonto der Empfänger/innen gelöscht werde. Kund/innen, die das verhindern wollen, sollen ihre Zugangsdaten auf einer gefälschten GMX-Website .. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-gmx-nachricht-konto-… ===================== = Advisories = ===================== ∗∗∗ DSA-3926 chromium-browser - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3926 ∗∗∗ DSA-3925 qemu - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3925 ∗∗∗ Eaton ELCSoft Vulnerabilities ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-216-01-0 ∗∗∗ WP Live Chat Support <= 7.1.04 - Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8880 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.08.2017
by Daily end-of-shift report 04 Aug '17

04 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 03-08-2017 18:00 − Freitag 04-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Week In Review – 4th August 2017 ∗∗∗ --------------------------------------------- Creating Fake Identities Everything today seems to be linked to your identity; or perhaps more specifically, to your digital identity. While safeguarding ones identity is important, it is also equally important to find ways to stop people from creating fake identities. Kevin Mitnick belonged to an earlier generation that many of this generations up and comers may not have heard of. While today he is a respectable information security professional, he wasn’t always quite a white hat, and [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/week-in-review-4th-aug… ∗∗∗ JavaScript Packages Caught Stealing Environment Variables ∗∗∗ --------------------------------------------- On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/javascript-packages-caught-s… ∗∗∗ Verseuchte Chrome-Erweiterung infiziert eine Million User ∗∗∗ --------------------------------------------- Die Erweiterung Web Developer wurde gekapert und durch eine Version mit Schadsoftware ausgetauscht und an User verteilt. --------------------------------------------- https://futurezone.at/digital-life/verseuchte-chrome-erweiterung-infiziert-… ∗∗∗ Verhaftung nach Black Hat: Wanna-Cry-Hacker soll Bankingtrojaner entwickelt haben ∗∗∗ --------------------------------------------- Ein britischer Sicherheitsforscher und Hacker ist in den USA verhaftet worden. Der 23-Jährige hatte unabsichtlich dazu beigetragen, die Ausbreitung von Wanna Cry zu verlangsamen. Er soll an der Entwicklung des Kronos-Bankentrojaners beteiligt gewesen sein. --------------------------------------------- https://www.golem.de/news/wanna-cry-sicherheitsforscher-malwaretech-in-den-… ∗∗∗ Weekly Security Roundup ∗∗∗ --------------------------------------------- This week, we’ve published an article about session hijacking, a dangerous hacking method that takes control of a user’s account as they are live and using it. Security articles of the week (July 31st – August 4th, 2017) The biggest story from the beginning of this week was the HBO hack that ended up with leaked [...] --------------------------------------------- https://heimdalsecurity.com/blog/weekly-security-roundup/ ∗∗∗ Cisco schließt Super-Admin-Lücke ∗∗∗ --------------------------------------------- Der Netzwerkausrüster stellt elf Sicherheitsupdates für diverse Produkte bereit. Von den Lücken soll ein mittleres bis hohes Risiko ausgehen. --------------------------------------------- https://heise.de/-3793025 ===================== = Advisories = ===================== ∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-24) ∗∗∗ --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 8, 2017. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1478 ∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path element vulnerability in Schneider Electric’s Pro-face GP-Pro EX. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-215-01 ∗∗∗ IBM Security Bulletin: A vulnerability in libtirpc affects PowerKVM ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025258 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004331 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005297 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006551 ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006550 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 03.08.2017
by Daily end-of-shift report 03 Aug '17

03 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 02-08-2017 18:00 − Donnerstag 03-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Windows Defender ATP machine learning: Detecting new and unusual breach activity ∗∗∗ --------------------------------------------- Microsoft has been investing heavily in next-generation security technologies. These technologies use our ability to consolidate large sets of data and build intelligent systems that learn from that data. These machine learning (ML) systems flag and surface threats that would otherwise remain unnoticed amidst the continuous hum of billions of normal events and the inability... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-ma… ∗∗∗ Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain ∗∗∗ --------------------------------------------- Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that monetizes its traffic via adverts he may be exposed to malicious advertising. Tailored ads shown in the browser are initiated on-the-fly via a process known as Real-time Bidding (RTB). --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/08/enemy-at-the-gates-reviewi… ∗∗∗ The Retefe Saga ∗∗∗ --------------------------------------------- Surprisingly, there is a lot of media attention going on at the moment on a macOS malware called OSX/Dok. In the recent weeks, various anti-virus vendors and security researchers published blog posts on this threat, presenting their analysis and findings. While some findings where very interesting, others were misleading or simply wrong. --------------------------------------------- https://www.govcert.admin.ch/blog/33/the-retefe-saga ∗∗∗ Warnung vor Fake-Mail "Ihr Konto wurde limitiert" ∗∗∗ --------------------------------------------- [...] Diese E-Mail gibt sich als PayPal (service@ ppal.com) aus, PayPal hat mit der Betrugsmasche jedoch nichts zu tun. PayPal selbst wurde hier Opfer, indem sein Name missbräuchlich verwendet wird, um Nutzer in die Falle zu locken! --------------------------------------------- http://www.mimikama.at/allgemein/ihr-konto/ ∗∗∗ Sicherheitspatches: Varnish anfällig für DoS-Attacke ∗∗∗ --------------------------------------------- In verschiedenen Versionen von Varnish klafft eine Schwachstelle, über die Angreifer Server attackieren könnten. --------------------------------------------- https://heise.de/-3791311 ∗∗∗ Pwned Passwords: Neuer Dienst macht geknackte Passwörter auffindbar ∗∗∗ --------------------------------------------- Wurde mein Lieblings-Passwort schon einmal in einem Datenleck veröffentlicht und kann deswegen einfach für Bruteforce-Angriffe verwendet werden? Diese Frage beantwortet ein neuer Webdienst des Sicherheitsforschers Troy Hunt. --------------------------------------------- https://heise.de/-3792707 ∗∗∗ Malicious content delivered over SSL/TLS has more than doubled in six months ∗∗∗ --------------------------------------------- Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year. “Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/03/malicious-content-ssl-tls/ ∗∗∗ Gefälschte Bank Austria-Nachricht: Änderungen im OnlineBanking ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht schreiben Kriminelle, dass es zu einer Änderung im OnlineBanking-System gekommen sei. Das führt zu Fehlern, weshalb Kund/innen ihre Zugangsdaten auf einer Website nennen sollen. Empfänger/innen der Nachricht, die dem nachkommen, übermitteln ihre Passwörter an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-bank-austria-nachric… ===================== = Advisories = ===================== ∗∗∗ Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance.The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Identity Services Engine Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy ... --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22003928 ∗∗∗ IBM Security Bulletin: Apache Commons Collection Java Deserialization Vulnerability in Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009711 ∗∗∗ IBM Security Bulletin: CVE-2015-4000 Diffie-Hellman Export Cipher Suite Vulnerabilities in Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009681 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.08.2017
by Daily end-of-shift report 02 Aug '17

02 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 01-08-2017 18:00 − Mittwoch 02-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Ein paar Thesen zu aktuellen Gesetzesentwürfen ∗∗∗ --------------------------------------------- Ein paar Thesen zu aktuellen Gesetzesentwürfen31. Juli 2017Das Thema "LE going dark in the age of encrytion" kocht mal wieder hoch, und noch schnell vor den Neuwahlen wurden entsprechende Gesetzesentwürfe eingebracht. Ich will hier aus technischer Sicht ein paar Argumente in die Diskussion einwerfen, .. --------------------------------------------- http://www.cert.at/services/blog/20170731130131-2076.html ∗∗∗ Auch bei Amazon: Android-Smartphones mit vorinstallierter Malware im Umlauf ∗∗∗ --------------------------------------------- Vorinstallierte Malware auf dem Smartphone dürfte für viele Nutzer ein Albtraum sein. In einem aktuellen Fall sollen günstige Smartphones des Herstellers Nomu betroffen sein. Diese sind auch in Deutschland bestellbar. --------------------------------------------- https://www.golem.de/news/auch-bei-amazon-android-smartphones-mit-vorinstal… ∗∗∗ WannaCry Inspires Banking Trojan to Add Self-Spreading Ability ∗∗∗ --------------------------------------------- Although the wave of WannaCry and Petya ransomware has now been slowed down, money-motivated hackers and cyber criminals have taken lessons from the global outbreaks to make their malware more powerful. Security researchers have now discovered at least one group of cyber criminals that are attempting to .. --------------------------------------------- https://thehackernews.com/2017/08/trickbot-banking-trojan.html ∗∗∗ Invisible Man malware runs keylogger on your Android banking apps ∗∗∗ --------------------------------------------- Top tip: Dont fetch and install dodgy Flash updates from random websites A new breed of Android malware is picking off mobile banking customers, particularly those in the UK and Germany, were told. --------------------------------------------- http://www.theregister.co.uk/2017/08/02/banking_android_malware_in_uk/ ∗∗∗ Sorry, psycho bosses, its not OK to keylog your employees ∗∗∗ --------------------------------------------- In Germany, at least, youre gonna have to get your jollies some other way Installing keylogging software on your employees computers and using what you find to fire them is not OK, a German court has decided. --------------------------------------------- http://www.theregister.co.uk/2017/08/02/keylogging_software_for_employees/ ∗∗∗ Exposed IoT servers let hackers unlock prison cells, modify pacemakers ∗∗∗ --------------------------------------------- A researcher has found an often misconfigured protocol (MQTT) puts heart monitors, oil pipelines or particle accelerators at risk of attack. --------------------------------------------- http://www.zdnet.com/article/exposed-servers-hack-prison-cells-alter-pacema… ∗∗∗ Sicherheitsupdates: VMware vCenter Server und Tools angreifbar ∗∗∗ --------------------------------------------- Die Entwickler schließen mehrere Schwachstellen in ihrer Software. Keine Lücke gilt als kritisch. --------------------------------------------- https://heise.de/-3790197 ∗∗∗ Most damaging threat vector for companies? Malicious insiders ∗∗∗ --------------------------------------------- According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. Furthermore, nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions .. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/02/malicious-insiders-threat-vector/ ===================== = Advisories = ===================== ∗∗∗ Mitsubishi Electric Europe B.V. E-Designer ∗∗∗ --------------------------------------------- This advisory contains mitigation details for heap-based buffer overflow, stack-based buffer overflow, and out-of-bounds write vulnerabilities in the Mitsubishi Electric Europe B.V. E-Designer. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-213-01 ∗∗∗ Schneider Electric Trio TView ∗∗∗ --------------------------------------------- This advisory contains mitigation details for multiple vulnerabilities for Java Runtime Environment in Schneider Electric’s Trio TView software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-213-02 ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Driver of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170801-… ∗∗∗ Security Advisory - DoS Vulnerability of Audio Driver in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Bastet of Huawei Smart Phone ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-… ∗∗∗ IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2017-1504) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006803 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-Site Scripting Vulnerability (CVE-2017-1327) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22003664 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting (XSS) Attack (CVE-2017-1199) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006618 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to multiple OpenSSL vulnerabilities (CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006602 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.08.2017
by Daily end-of-shift report 01 Aug '17

01 Aug '17

===================== = End-of-Day report = ===================== Timeframe: Montag 31-07-2017 18:00 − Dienstag 01-08-2017 18:00 Handler: Petr Sikuta Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hacker bremsen Tesla Model X aus der Ferne ∗∗∗ --------------------------------------------- Chinesische Sicherheitsforscher konnten die Firmware manipulieren und zahlreiche Funktionen des Fahrzeugs kontrollieren. --------------------------------------------- https://futurezone.at/produkte/hacker-bremsen-tesla-model-x-aus-der-ferne/2… ∗∗∗ Rooting Out Hosts that Support Older Samba Versions, (Tue, Aug 1st) ∗∗∗ --------------------------------------------- Ive had a number of people ask how they can find services on their network that still support SMBv1. In an AD Domain you can generally have good control of patching and the required registry keys to disable SMBv1. However, for non-domain members thats tougher. --------------------------------------------- https://isc.sans.edu/diary/rss/22672 ∗∗∗ Windows Hacking Kurs – Durchführungsgarantie ∗∗∗ --------------------------------------------- November 30, 2017 - December 01, 2017 - All Day SBA Research Favoritenstraße 16 Vienna --------------------------------------------- https://www.sba-research.org/events/windows-hacking-kurs-durchfuhrungsgaran… ∗∗∗ CISSP Training – Durchführungsgarantie ∗∗∗ --------------------------------------------- September 11, 2017 - September 15, 2017 - All Day SBA Research Favoritenstraße 16 Vienna --------------------------------------------- https://www.sba-research.org/events/cissp-training-durchfuhrungsgarantie-6/ ∗∗∗ Incident Response Kurs – Durchführungsgarantie ∗∗∗ --------------------------------------------- September 27, 2017 - September 29, 2017 - All Day SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/incident-response-kurs-durchfuhrungsgar… ∗∗∗ Cobalt strikes back: an evolving multinational threat to finance ∗∗∗ --------------------------------------------- Cobalt has attacked banks, financial exchanges, insurance companies, investment funds, and other financial organizations. The group is not afraid to use the names of regulatory authorities or security topics to trick recipients into opening phishing messages from illegitimate domains. Now they actively use Supply Chain Attacks to leverage the infrastructure and accounts of actual employees at one company, in order to forge convincing emails targeting a different partner organization --------------------------------------------- http://blog.ptsecurity.com/2017/08/cobalt-group-2017-cobalt-strikes-back.ht… ∗∗∗ Reddoxx: Angreifer können TÜV-geprüfte Mail-Archivierungssoftware kapern ∗∗∗ --------------------------------------------- Ein einfacher Ping-Befehl, der über ein Admin-Interface ausgelöst wird lässt sich von jedermann aus der Ferne missbrauchen, um beliebigen Code auszuführen. So können Angreifer die E-Mail-Software für rechtssichere Archivierung übernehmen. --------------------------------------------- https://heise.de/-3785041 ∗∗∗ Phisher bringen Chrome-Erweiterung Copyfish unter ihre Kontrolle ∗∗∗ --------------------------------------------- Wer die aktuelle Version von Copyfish installiert hat, wird von Werbeeinblendungen genervt. Nun hat Google die von Betrügern manipulierte Chrome-Erweiterung offline genommen. --------------------------------------------- https://heise.de/-3787978 ∗∗∗ NeoCoolCam: Chinesische IP-Kameras mit massiven Sicherheitslücken ∗∗∗ --------------------------------------------- Sicherheitsforscher haben wieder einmal gravierende Sicherheitslücken in IP-Kameras aufgedeckt. Mindestens 175.000 Geräte des Herstellers Shenzhen Neo Electronics lassen sich mit einfachen Mitteln aus dem Netz kapern. --------------------------------------------- https://heise.de/-3788061 ∗∗∗ Hackers can turn Amazon Echo into a covert listening device ∗∗∗ --------------------------------------------- New research released by MWR InfoSecurity reveals how attackers can compromise the Amazon Echo and turn it into a covert listening device, without affecting its overall functionality. Found to be susceptible to a physical attack, which allows an attacker to gain a root shell on the Linux Operating Systems and install malware, the Amazon Echo would enable hackers to covertly monitor and listen in on users and steal private data without their permission or knowledge. --------------------------------------------- https://www.helpnetsecurity.com/2017/08/01/amazon-echo-covert-listening/ ∗∗∗ Hinweis auf betrügerische Bestellung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine E-Mail, in der sie von einer Online-Bestellung sprechen. Sie sei von „Schwindlern begangen" worden. Empfänger/innen können Angaben zu der betrügerischen Bestellung auf einer Website herunterladen. Wenn sie das tun, installieren Nutzer/innen Schadsoftware auf ihrem Computer. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/hinweis-auf-betrue… ∗∗∗ KRITIS: Erster branchenspezifischer Sicherheitsstandard anerkannt ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Erster_bran… ===================== = Advisories = ===================== ∗∗∗ DFN-CERT-2017-1328: Red Hat JBoss Enterprise Application Platform: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1328/ ∗∗∗ DFN-CERT-2017-1330: McAfee Security Scan Plus: Eine Schwachstelle ermöglicht die Ausführung beliebiger Programme mit Benutzerrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1330/ ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to retrieval of access credentials by highly privileged users ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006068 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to a privilege escalation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006067 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005803 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server has a network layer security vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006063 ∗∗∗ IBM Security Bulletin: Session fixation defect in IBM Security AppScan Enterprise (CVE-2016-9981) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006430 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 31.07.2017
by Daily end-of-shift report 31 Jul '17

31 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 28-07-2017 18:00 − Montag 31-07-2017 18:00 Handler: Robert Waldner Co-Handler: ===================== = News = ===================== ∗∗∗ Ein paar Thesen zu aktuellen Gesetzentwürfen ∗∗∗ --------------------------------------------- Ein paar Thesen zu aktuellen Gesetzentwürfen31. Juli 2017Das Thema "LE going dark in the age of encrytion" kocht mal wieder hoch, und noch schnell vor den Neuwahlen wurden entsprechende Gesetzesentwürfe eingebracht. Ich will hier aus technischer Sicht ein paar Argumente in die Diskussion einwerfen, beschränke mich hier aber rein auf den Aspekt Überwachung trotz Verschlüsselung. --------------------------------------------- http://www.cert.at/services/blog/20170731130131-2076.html ∗∗∗ Reverse Engineering a JavaScript Obfuscated Dropper ∗∗∗ --------------------------------------------- 1. Introduction Nowadays one of the techniques most used to spread malware on windows systems is using a JavaScript (js) dropper. A js dropper represents, in most attack scenarios, the first stage of a malware infection. It happens because Windows systems allow the execution of various scripting language using the Windows Script Host (WScript). This […]The post Reverse Engineering a JavaScript Obfuscated Dropper appeared first on InfoSec Resources. --------------------------------------------- http://resources.infosecinstitute.com/reverse-engineering-javascript-obfusc… ∗∗∗ A new era in mobile banking Trojans ∗∗∗ --------------------------------------------- In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. --------------------------------------------- http://securelist.com/a-new-era-in-mobile-banking-trojans/79198/ ∗∗∗ LeakerLocker Mobile Ransomware Threatens to Expose User Information ∗∗∗ --------------------------------------------- While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tDsXJe6LJ0g/ ∗∗∗ Das Millionengeschäft mit Softwarefehlern ∗∗∗ --------------------------------------------- Softwarefehler können enormen Schaden anrichten, wie zuletzt die großangelegte Cyberattacke mit der Schadsoftware „NotPetya“ gezeigt hat. Das Aufspüren solcher Schwachstellen ist die Aufgabe von Bug-Kopfgeldjägern, die damit oft gut verdienen. Interesse an den Diensten der Hacker gibt es dabei nicht nur vonseiten der Hersteller. --------------------------------------------- http://orf.at/stories/2397792/2397793/ ∗∗∗ Container security: The seven biggest mistakes companies are making ∗∗∗ --------------------------------------------- As enterprises increase adoption of containers, they also risk increasing the number of mistakes they make with the technology. Given that many companies are still wrapping their heads around the potential of container technology and how to best leverage it, that stands to reason. With that said, however, companies must ensure that they are establishing a solid foundation for security as they continue to identify strategies and workloads that make sense on a container platform. … More --------------------------------------------- https://www.helpnetsecurity.com/2017/07/31/container-security-seven-biggest… ===================== = Advisories = ===================== ∗∗∗ CAN Bus Standard Vulnerability ∗∗∗ --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01 ∗∗∗ Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking ∗∗∗ --------------------------------------------- Security researchers have revealed a recently discovered vulnerability in modern, high-speed cell networks, which they say can allow low-cost phone surveillance and location tracking. --------------------------------------------- http://www.zdnet.com/article/stingray-security-flaw-cell-networks-phone-tra… ∗∗∗ Cloud-Antivirensoftware hilft beim Datenklau aus luftdichten Netzwerken ∗∗∗ --------------------------------------------- Mindestens vier Virenscanner, die verdächtige Daten zur Analyse in die Cloud hochladen, helfen beim Datenklau von ansonsten in ihrer Kommunikationsfähigkeit beschränkten PCs. Auch Virustotal ist betroffen. --------------------------------------------- https://heise.de/-3786507 ∗∗∗ Attacking industrial pumps by adjusting valves to create bubbles in the pipes. ∗∗∗ --------------------------------------------- https://twitter.com/KraftCERT/status/891929915200856064 ∗∗∗ DFN-CERT-2017-1309/">FreeRDP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1309/ ∗∗∗ [webapps] GitHub Enterprise < 2.8.7 - Remote Code Execution ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42392/?rss ∗∗∗ IBM Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1022204 ∗∗∗ IBM Security Bulletin: 10x vulnerability in IBM Control Center could allow an outside user to obtain the ID (CVE-2017-1152) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006361 ∗∗∗ IBM Security Bulletin: Non-configured connections could cause denial of service in IBM WebSphere MQ Internet Pass-Thru (CVE-2017-1118 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006580 ∗∗∗ IBM Security Bulletin: A vulnerability in Java runtime from IBM affects IBM WebSphere MQ ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005123 ∗∗∗ Fortinet FortiOS Input Validation Flaws Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039020 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.07.2017
by Daily end-of-shift report 28 Jul '17

28 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 27-07-2017 18:00 − Freitag 28-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Google Study Quantifies Ransomware Profits ∗∗∗ --------------------------------------------- A ransomware study released Google revealed the malware earned criminals $25 million over the past two years. --------------------------------------------- http://threatpost.com/google-study-quantifies-ransomware-revenue/127057/ ∗∗∗ Attack Uses Docker Containers To Hide, Persist, Plant Malware ∗∗∗ --------------------------------------------- Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers. --------------------------------------------- http://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-m… ∗∗∗ The Cloak & Dagger Attack That Bedeviled Android For Months ∗∗∗ --------------------------------------------- Not all Android attacks come from firmware mistakes. --------------------------------------------- https://www.wired.com/story/cloak-and-dagger-android-malware ∗∗∗ Hacker Says He Broke Through Samsungs Secure Smartphone Platform ∗∗∗ --------------------------------------------- When his rooting exploit worked on plenty of Android devices but failed on the Samsung Galaxy S7 Edge, researcher Di Shen decided to dig into KNOX. --------------------------------------------- https://motherboard.vice.com/en_us/article/pad5jn/hacker-says-he-broke-thro… ∗∗∗ OPC Data Access IDAPython script ∗∗∗ --------------------------------------------- An IDAPython script for IDA Pro that helps reverse engineer binaries that are using the OPC Data Access protocol. --------------------------------------------- https://github.com/eset/malware-research/blob/master/industroyer/README.adoc ∗∗∗ Internet der Dinge: Wenn die Waschstraße angreift ∗∗∗ --------------------------------------------- Sicherheitsforscher haben diverse Schwachstellen in automatisierten Autowaschstraßen gefunden, die sich sogar übers Internet missbrauchen lassen. Durch ferngesteuerte Tore, Roboterarme und Hochdruck-Wasserstrahle könnte es sogar zu Personenschäden kommen. --------------------------------------------- https://heise.de/-3785654 ∗∗∗ Microsoft opens fuzz testing service to the wider public ∗∗∗ --------------------------------------------- Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry. --------------------------------------------- https://www.helpnetsecurity.com/2017/07/28/microsoft-fuzz-testing-service/ ===================== = Advisories = ===================== ∗∗∗ Continental AG Infineon S-Gold 2 (PMB 8876) ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow and an improper restriction of operations within the bounds of a memory buffer vulnerability in Continental AGs Infineon S-Gold 2 (PMB 8876). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 ∗∗∗ Mirion Technologies Telemetry Enabled Devices ∗∗∗ --------------------------------------------- This advisory contains mitigation details for use of hard-coded cryptographic key and inadequate encryption strength vulnerabilities in Mirion Technologies Telemetry Enabled Devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02 ∗∗∗ PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authentication and missing encryption of sensitive data affecting PDQ Manufacturing, Inc.s LaserWash, LaserJet, and ProTouch car washes. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03 ∗∗∗ Multiple Cisco Products OSPF LSA Manipulation Vulnerability ∗∗∗ --------------------------------------------- Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic.The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router [...] --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ VMSA-2017-0012 ∗∗∗ --------------------------------------------- VMware VIX API VM Direct Access Function security issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0012.html ∗∗∗ VMSA-2017-0013 ∗∗∗ --------------------------------------------- VMware vCenter Server and Tools updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0013.html ∗∗∗ Vuln: Cloud Foundry Cloud Controller API CVE-2017-8036 Incomplete Fix Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/100002 ∗∗∗ DFN-CERT-2017-1305: PHPMailer: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1305/ ∗∗∗ DFN-CERT-2017-1310: Microsoft Outlook: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1310/ ∗∗∗ FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-104 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005830 ∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1332) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005233 ∗∗∗ IBM Security Bulletin: Multiple security vunerabilities in Oracle Java SE and Java SE Embedded affects IBM InfoSphere Master Data Management ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006603 ∗∗∗ IBM Security Bulletin: IBM System Networking Switch Center is affected by a Jsch vulnerability (CVE-2016-5725) ∗∗∗ --------------------------------------------- http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM User Interface (CVE-2016-9714) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006608 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method – TRACE discovered in MDM User Interface (CVE-2016-9718) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006606 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery discovered in MDM User Interface (CVE-2016-9716) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006610 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting Attack (CVE-2016-9715) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006611 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities might affect IBM® SDK for Node.js™ ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22006298 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025538 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in qemu-kvm and libguestfs affect SmartCloud Entry (CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 CVE-2015-8869) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025529 ∗∗∗ IBM Security Bulletin: IBM i is affected by an OSPF vulnerability (CVE-2017-1460) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022191 ∗∗∗ IBM Security Bulletin: The BigFix Platform has a vulnerability that can cause denial of service ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22003222 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a X-Frame-Options Header ClickJacking attack (CVE-2016-9719 ) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006607 ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006605 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1025397 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily