Daily

daily@lists.cert.at

1 participants
3210 discussions

Tageszusammenfassung - 27.07.2017
by Daily end-of-shift report 27 Jul '17

27 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 26-07-2017 18:00 − Donnerstag 27-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ IoT-Geräte in Österreich: 31.000 von 280.000 unsicher ∗∗∗ --------------------------------------------- In Österreich gibt es eine beträchtlich hohe Zahl ungeschützter Router und Webcams im Internet, so eine neue Studie von Avast. Warum das ein Problem ist und was man tun kann. --------------------------------------------- https://futurezone.at/produkte/iot-geraete-in-oesterreich-31-000-von-280-00… ∗∗∗ Lipizzan: Google findet neue Staatstrojaner-Familie für Android ∗∗∗ --------------------------------------------- Erneut hat Google eine Android-Spyware einer isrealischen Firma gefunden. Die Software tarnte sich als harmlose App im Playstore, die Rooting-Funktion wird dann nachgeladen. --------------------------------------------- https://www.golem.de/news/lipizzan-google-findet-neue-staatstrojaner-famili… ∗∗∗ Announcing the Windows Bounty Program ∗∗∗ --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-… ∗∗∗ Extending Microsoft Edge Bounty Program ∗∗∗ --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edg… ∗∗∗ Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets ∗∗∗ --------------------------------------------- Fully remote exploits that allow for compromise of a target without any user interaction have become something of a myth in recent years. While some are occasionally still found against insecure and unpatched targets such as routers, various IoT devices or old versions of Windows, practically no remotely exploitable bugs that reliably bypass DEP and ASLR have been found on Android and iOS. In order to compromise these devices, attackers [...] --------------------------------------------- https://blog.exodusintel.com/2017/07/26/broadpwn/ ∗∗∗ DeepINTEL Schedule updated – Psychology and Power Grids ∗∗∗ --------------------------------------------- We have updated the schedule for DeepINTEL 2017. The human mind and power grids are both critical infrastructure. Both can be manipulated and switched off, arguably. And most of us use both every day. So this is why we added two more presentations to the schedule. --------------------------------------------- http://blog.deepsec.net/deepintel-schedule-updated-psychology-power-grids/ ∗∗∗ Black Hat: Strahlungsmessgeräte per Funk manipulierbar ∗∗∗ --------------------------------------------- Ein Hacker hat Sicherheitslücken in stationären und mobilen Messgeräten für radioaktive Strahlung gefunden. Kriminelle könnten so radioaktives Material durch Kontrollen schleusen oder Fehlalarme in Kernreaktoren auslösen. Updates wird es nicht geben. --------------------------------------------- https://heise.de/-3784966 ∗∗∗ Slowloris all the things ∗∗∗ --------------------------------------------- At DEFCON, some researchers are going to announce a Slowloris-type exploit for SMB -- SMBloris. I thought Id write up some comments.The original Slowloris from several years creates a ton of connections to a web server, but only sends partial headers. The server allocates a large amount of memory to handle the requests, expecting to free that memory soon when the requests are completed. But the requests are never completed, so the memory remains tied up indefinitely. --------------------------------------------- http://blog.erratasec.com/2017/07/slowloris-all-things.html ===================== = Advisories = ===================== ∗∗∗ McAfee Releases Security Bulletin for Web Gateway ∗∗∗ --------------------------------------------- Original release date: July 27, 2017 McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/07/27/McAfee-Releases-Se… ∗∗∗ VU#547255: Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/547255 ∗∗∗ Cisco Access Control System Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1295: FortiNet FortiOS, FortiAnalyzer: Mehrere Schwachstellen ermöglichen u.a die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1295/ ∗∗∗ DFN-CERT-2017-1303: Foxit PDF Compressor: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1303/ ∗∗∗ HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocal of Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-… ∗∗∗ Security Advisory - BroadPwn Remote Code Execute Vulnerability ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170727-… ∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005722 ∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect (CVE-2017-1386) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004981 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates April 2017 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005840 ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1303) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004979 ∗∗∗ [2017-07-27] Kathrein UFSconnect 916 multiple vulnerabilities ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… ∗∗∗ [2017-07-27] Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.07.2017
by Daily end-of-shift report 26 Jul '17

26 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 25-07-2017 18:00 − Mittwoch 26-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Smart Drawing Pads Used for DDoS Attacks, IoT Fish Tank Used in Casino Hack ∗∗∗ --------------------------------------------- Some clever hackers found new ways to use the smart devices surrounding us, according to a report published last week by UK-based cyber-defense company Darktrace. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/smart-drawing-pads-used-for-… ∗∗∗ IOS Forensics ∗∗∗ --------------------------------------------- 1. INTRODUCTION Day by day, Smart phones and tablets are becoming popular, and hence technology used in development to add new features or improve the security of such devices is advancing too fast. iPhone and iPod are the game changer products launched by Apple. Apple operating system (IOS) devices started growing popular in the mobile [...] --------------------------------------------- http://resources.infosecinstitute.com/ios-forensics/ ∗∗∗ Windows SMB Zero Day to Be Disclosed During DEF CON ∗∗∗ --------------------------------------------- Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON. --------------------------------------------- http://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/1… ∗∗∗ WikiLeaks drops another cache of ‘Vault7’ stolen tools ∗∗∗ --------------------------------------------- Latest dump is a trove of malware from Raytheon used for surveillance and data collection --------------------------------------------- https://nakedsecurity.sophos.com/2017/07/26/wikileaks-drops-another-cache-o… ∗∗∗ Where are the holes in machine learning – and can we fix them? ∗∗∗ --------------------------------------------- Machine learning algorithms are increasingly a target for the bad guys - but the industry is working to stop them, explains Sophos chief data scientist Joshua Saxe --------------------------------------------- https://nakedsecurity.sophos.com/2017/07/26/where-are-the-holes-in-machine-… ∗∗∗ How a Citadel Trojan Developer Got Busted ∗∗∗ --------------------------------------------- A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught. --------------------------------------------- https://krebsonsecurity.com/2017/07/how-a-citadel-trojan-developer-got-bust… ===================== = Advisories = ===================== ∗∗∗ CRASHOVERRIDE Malware ∗∗∗ --------------------------------------------- CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers. Additional modules include a data-wiping component and a module capable of causing a denial of service (DoS) to Siemens SIPROTEC devices. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-206-01 ∗∗∗ NXP i.MX Product Family ∗∗∗ --------------------------------------------- This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for stack-based buffer overflow and improper certificate validation vulnerabilities in the NXP i.MX Product Family. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 ∗∗∗ Bugtraq: [SECURITY] [DSA 3919-1] openjdk-8 security update ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/540926 ∗∗∗ DFN-CERT-2017-1288: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1288/ ∗∗∗ Security Advisory - Two DoS Vulnerabilities in Call Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-… ∗∗∗ Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in Java shipped as a component of IBM Security Privileged Identity Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006547 ∗∗∗ SSA-323211 (Last Update 2017-07-25): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211… ∗∗∗ SSA-822184 (Last Update 2017-07-26): Microsoft Web Server and HP Client Automation Vulnerabilities in Molecular Imaging Products from Siemens Healthineers ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.07.2017
by Daily end-of-shift report 25 Jul '17

25 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Montag 24-07-2017 18:00 − Dienstag 25-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Fruit Fly 2: Mysteriöse Mac-Malware seit Jahren aktiv ∗∗∗ --------------------------------------------- Auch Mac-Nutzer sind nicht vor Schadsoftware sicher: Eine Malware soll seit mehr als fünf Jahren aktiv sein, aber nur einige hundert Nutzer befallen haben. Die Software ermöglicht einen weitgehenden Zugriff auf den Rechner und private Informationen. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/fruit-fly-2-mysterioese-mac-malware-seit-jahren-a… ∗∗∗ CowerSnail, from the creators of SambaCry ∗∗∗ --------------------------------------------- We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. --------------------------------------------- http://securelist.com/cowersnail-from-the-creators-of-sambacry/79087/ ∗∗∗ Novel Attack Tricks Servers to Cache, Expose Personal Data ∗∗∗ --------------------------------------------- Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers. --------------------------------------------- http://threatpost.com/novel-attack-tricks-servers-to-cache-expose-personal-… ∗∗∗ SBA Research co-organizes ROOTS 2017 ∗∗∗ --------------------------------------------- November 16, 2017 - November 17, 2017 - All Day The Imperial Riding School Vienna Ungargasse 60 Vienna --------------------------------------------- https://www.sba-research.org/events/sba-research-co-organizes-roots-2017/ ∗∗∗ Alternatives to Government-Mandated Encryption Backdoors ∗∗∗ --------------------------------------------- Policy essay: "Encryption Substitutes," by Andrew Keane Woods --------------------------------------------- https://www.schneier.com/blog/archives/2017/07/alternatives_to_1.html ∗∗∗ ShieldFS Is a Clever New Tool That Shuts Down Ransomware Before Its Too Late ∗∗∗ --------------------------------------------- By sniffing out ransomware in real-time, ShieldFS might be the cure to the internets latest security scourge. --------------------------------------------- https://www.wired.com/story/shieldfs-ransomware-protection-tool ∗∗∗ ENISA invites European utilities to join EE-ISAC Expert meeting in September ∗∗∗ --------------------------------------------- Together with the DG Energy of the European Commission, ENISA is organising a full-day expert seminar, which will be held on 7th September, 2017 in Athens. Registration is now open. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-invites-european-utilitie… ===================== = Advisories = ===================== ∗∗∗ VU#350135: Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin ∗∗∗ --------------------------------------------- Vulnerability Note VU#350135 Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin Original Release date: 07 Jun 2017 | Last revised: 24 Jul 2017 Overview WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device. --------------------------------------------- http://www.kb.cert.org/vuls/id/350135 ∗∗∗ VU#838200: Telerik Web UI contains cryptographic weakness ∗∗∗ --------------------------------------------- Vulnerability Note VU#838200 Telerik Web UI contains cryptographic weakness Original Release date: 25 Jul 2017 | Last revised: 25 Jul 2017 Overview The Telerik Web UI, versions R2 2017 (2017.2.503) and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys. --------------------------------------------- http://www.kb.cert.org/vuls/id/838200 ∗∗∗ [20170704] - Core - Installer: Lack of Ownership Verification ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Installer Severity: High Versions: 1.0.0 through 3.7.3 Exploit type: Lack of Ownership Verification Reported Date: 2017-Apr-06 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11364 Description The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control. Please note: Already installed sites are not affected, as this issue is limited to the installer application! --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/dsijOki-S50/700-20170704-c… ∗∗∗ [20170705] - Core - XSS Vulnerability ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Severity: Low Versions: 1.5.0 through 3.7.3 Exploit type: XSS Reported Date: 2017-April-26 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11612 Description Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uutSEqYQKbU/701-20170605-c… ∗∗∗ DFN-CERT-2017-1285: Cacti: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1285/ ∗∗∗ Vulnerability in Citrix NetScaler SD-WAN Enterprise & Standard Edition and Citrix CloudBridge Virtual WAN Edition Could Result in Unauthenticated Remote Code Execution ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX225990 ∗∗∗ IBM Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2017-1496) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006175 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSource GNU Glibc affect IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005677 ∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2017-1370) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005868 ∗∗∗ IBM Security Bulletin: Vulnerabilities in open source zlib library affect IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22002754 ∗∗∗ IBM Security Bulletin: Open Source OpenSSL Vulnerabilities affect IBM Network Advisor ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010466 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities affect IBM WebSphere Portal Rich Media Edition ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005279 ∗∗∗ [2017-07-24] Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… ∗∗∗ [2017-07-24] Open Redirect issue in multiple Ubiquiti Networks products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.07.2017
by Daily end-of-shift report 24 Jul '17

24 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 21-07-2017 18:00 − Montag 24-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ New Version of DarkHotel Malware Spotted Going After Political Figures ∗∗∗ --------------------------------------------- The DarkHotel hacking group, a threat actor known to engage in advanced cyber-espionage tactics, has shifted operations from targeting CEOs and businessmen to political figures. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-version-of-darkhotel-mal… ∗∗∗ How was the #TurrisHack17 ? ∗∗∗ --------------------------------------------- Since the beginning of the Turris project, we have been very happy for the opportunity to cooperate closely with our community. Without it, the project would not have been where it is now. It was largely the interest of potential […] --------------------------------------------- http://en.blog.nic.cz/2017/07/22/how-was-the-turrishack17/ ∗∗∗ FIRST releases inaugural annual report ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams releases inaugural annual report, covering the scope of its activities from the 2016 conference in Seoul, through its 2017 annual event in Puerto Rico. --------------------------------------------- https://www.first.org/newsroom/releases/20170724 ∗∗∗ Hacking: Microsoft beschlagnahmt Fancy-Bear-Infrastruktur ∗∗∗ --------------------------------------------- Um gegen die Hackergruppe Fancy Bear vorzugehen, nutzt Microsoft das Markenrecht und beschlagnahmt Domains. Die kriminellen Aktivitäten der Gruppe würden "die Marke und den Ruf" des Unternehmens schädigen. Komplett stoppen lassen sich die Aktivitäten aber auch auf diesem Wege nicht. (Microsoft, Server) --------------------------------------------- https://www.golem.de/news/hacking-microsoft-beschlagnahmt-fancy-bear-infras… ∗∗∗ Uber drivers new threat: the "passenger", (Mon, Jul 24th) ∗∗∗ --------------------------------------------- This week I was told about a scam attack that surprised me due to the criminals creativity. A NYC Uber driver had his Uber account and days incomings stolen by someone who was supposed to be his next passenger. --------------------------------------------- https://isc.sans.edu/diary/rss/22626 ∗∗∗ DMARC: an imperfect solution that can make a big difference ∗∗∗ --------------------------------------------- US Senator Ron Wyden has asked the Department of Homeland Security to implement DMARC. Martijn Grooten looks at what difference this could make for phishing attacks impersonating the US federal governent. Read more --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/07/dmarc-imperfect-solution-can… ===================== = Advisories = ===================== ∗∗∗ HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗ --------------------------------------------- Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf037… ∗∗∗ rt-sa-2017-009 ∗∗∗ --------------------------------------------- Remote Command Execution as root in REDDOXX Appliance --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-009.txt ∗∗∗ rt-sa-2017-007 ∗∗∗ --------------------------------------------- Undocumented Administrative Service Account in REDDOXX Appliance --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-007.txt ∗∗∗ VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/586501 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22003790 ∗∗∗ IBM Security Bulletin: Vulnerability in Samba affects IBM Netezza Host Management ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005381 ∗∗∗ Palo Alto PAN-OS Unspecified Bug in DNS Proxy Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038976 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect External Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038975 ∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Management Web Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038974 ∗∗∗ Python and Jython vulnerability CVE-2013-1752 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K53192206 ∗∗∗ Python and Jython vulnerability CVE-2014-7185 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K78825687 ∗∗∗ SNMP vulnerability CVE-2007-5846 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33151296 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.07.2017
by Daily end-of-shift report 21 Jul '17

21 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 20-07-2017 18:00 − Freitag 21-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ 14 Warning Signs that Your Computer is Malware-Infected ∗∗∗ --------------------------------------------- Malware attacks affect us all. The increasing number of Internet users worldwide creates an equal (or larger) number of opportunities for cyber criminals to take advantage of our systems. As we become more dependent on the online environment, we can clearly see a massive growth in malware and cyber criminal activities all across the globe. --------------------------------------------- https://heimdalsecurity.com/blog/warning-signs-operating-system-infected-ma… ∗∗∗ Practical Android Phone Forensics ∗∗∗ --------------------------------------------- Introduction Today’s world is Android World. Almost 90% of devices are running on Android, and each one of us is using Android in some or the other way. There are various devices which run on Android, but Android is widely used on Smart Phones. Also, if you check the Global Smart Phone Market Share Android [...] --------------------------------------------- http://resources.infosecinstitute.com/practical-android-phone-forensics/ ∗∗∗ BKA will mächtigeren Staatstrojaner angeblich noch 2017 einsatzbereit haben ∗∗∗ --------------------------------------------- Laut einem geleakten Dokument ist man beim Bundeskriminalamt optimistisch, noch 2017 einen Staatstrojaner einsatzbereit zu haben, der deutlich mächtiger ist als sein Vorgänger. Damit sollen auch Smartphones gehackt werden, nachdem das nun erlaubt wurde. --------------------------------------------- https://heise.de/-3779770 ∗∗∗ Companies unprepared to measure incident response ∗∗∗ --------------------------------------------- Companies struggle to keep up with and respond to cyberattacks due to lack of resources, according to Demisto. For example, more than 40 percent of respondents said their organizations are not prepared to measure incident response, and only 14.5 percent of respondents are measuring MTTR (Mean Time to Respond). While organizations are hit with an average of nearly 350 incidents per week, 30 percent of respondents reported they have no playbooks, runbooks or other documentation [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/07/21/measure-incident-response/ ∗∗∗ Smartphone mit Sicherheitslücken verkauft: Klage gegen Media Markt ∗∗∗ --------------------------------------------- Deutsche Verbraucherschützer gehen gegen Händler vor, es handelt sich um einen Präzedenzfall --------------------------------------------- http://derstandard.at/2000061599440 ∗∗∗ Cyber-Angriffe auf die Wirtschaft – jedes zweite Unternehmen betroffen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Cyber-Angri… ===================== = Advisories = ===================== ∗∗∗ DFN-CERT-2017-1269: Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1269/ ∗∗∗ DFN-CERT-2017-1263: GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen und die Manipulation von Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1263/ ∗∗∗ DFN-CERT-2017-1270: Red Hat 3scale API Management Platform: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1270/ ∗∗∗ IBM Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004785 ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004786 ∗∗∗ IBM Security Bulletin: API Connect is affected by SSH vulnerability (CVE-1999-1085) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005718 ∗∗∗ IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010137 ∗∗∗ IBM Security Bulletin: Cross-site Scripting vulnerabilities affect IBM Rational products based on IBM Jazz technology ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22006052 ∗∗∗ IBM Security Bulletin:IBM Emptoris Supplier Lifecycle Management is affected by a Cross Site Scripting vulnerability (CVE-2016-6118) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005824 ∗∗∗ IBM Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000316 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005076 ∗∗∗ SSA-275839 (Last Update 2017-07-21): Denial-of-Service Vulnerability in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839… ∗∗∗ SSA-293562 (Last Update 2017-07-21): Vulnerabilities in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562… ∗∗∗ SSA-731239 (Last Update 2017-07-21): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239… ∗∗∗ libxml2 vulnerability CVE-2015-8710 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K45439210 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.07.2017
by Daily end-of-shift report 20 Jul '17

20 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 19-07-2017 18:00 − Donnerstag 20-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Vault 7 Data Leak: Analyzing the CIA files ∗∗∗ --------------------------------------------- Digging the Vault 7 dumps In a first post on the Vault7 dump, we analyzed the information contained in files leaked by Wikileaks and allegedly originating from a network of the U.S. Central Intelligence Agency (CIA). At the time, we analyzed the following CIA projects: The Year Zero that revealed CIA hacking exploits for hardware and software. The Dark Matter dump […]The post Vault 7 Data Leak: Analyzing the CIA files appeared first on InfoSec Resources. --------------------------------------------- http://resources.infosecinstitute.com/vault-7-data-leak-analyzing-cia-files… ∗∗∗ DDoS Tools availability Online, a worrisome trend ∗∗∗ --------------------------------------------- Experts warn of an increased availability of DDoS tools online, many wannabe hackers download and use them without awareness on consequences. As cyber crime reaches new levels with new malware & viruses being realized online on a daily basis it also becomes apparent that the increase in DDoS tools that require no apparent skills to […]The post DDoS Tools availability Online, a worrisome trend appeared first on Security Affairs. --------------------------------------------- http://securityaffairs.co/wordpress/61188/hacking/ddos-tools-online.html ∗∗∗ EU Court to Rule On Right to Be Forgotten Outside Europe ∗∗∗ --------------------------------------------- The European Unions top court is set to decide whether the blocs "right to be forgotten" policy stretches beyond Europes borders, a test of how far national laws can -- or should -- stretch when regulating cyberspace. From a report: The case stems from France, where the highest administrative court on Wednesday asked the EUs Court of Justice to weigh in on a dispute between Alphabets Google and Frances privacy regulator over how broadly to apply the right (Editors note: the link could --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RSt2wRvb9ho/eu-court-to-rul… ∗∗∗ No one still thinks iOS is invulnerable to malware, right? Well, knock it off ∗∗∗ --------------------------------------------- As platforms popularity continues to rise, so does its allure to miscreants The comforting notion that iOS devices are immune to malicious code attacks has taken a knock following the release of a new study by mobile security firm Skycure.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/07/20/ios_securit… ∗∗∗ IETF: Streit über TLS-Überwachung führt zum Eklat ∗∗∗ --------------------------------------------- Für die einen ist es passives Monitoring im Rechenzentrum. Für die anderen ist der Nachschlüssel für Netzadministratoren ein Einstieg in die Massenüberwachung und der GAU für das neue TLS-Protokoll. --------------------------------------------- https://heise.de/-3777578 ∗∗∗ Google Play Protect schützt vor Malware-Apps ∗∗∗ --------------------------------------------- Google rollt einen neuen Sicherheitsmechanismus für Android-Smartphones aus, der installierte Apps laufend überprüft. Google Play Protect funktioniert auch mit Anwendungen, die nicht aus dem Play Store stammen. --------------------------------------------- https://heise.de/-3778162 ∗∗∗ Bugfix- und Sicherheitsupdates für watchOS und tvOS ∗∗∗ --------------------------------------------- Das Apple-Watch-Betriebssystem erreicht Version 3.2.3 und das Apple-TV-4-OS Version 10.2.2. Es gibt Fehlerbehebungen und sicherheitsrelevante Fixes. --------------------------------------------- https://heise.de/-3777843 ∗∗∗ Assessing the habits and tactics of organized credit card fraud gangs ∗∗∗ --------------------------------------------- By analyzing hundreds of criminal forums, Digital Shadows discovered a new trend in the form of remote learning ‘schools’. Available to Russian speakers only, these six-week courses comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material. An advertisement for the WWH online course In exchange for $745 (plus $200 for course fees), aspiring cyber criminals have the potential to make $12k a month, based on a standard 40-hour --------------------------------------------- https://www.helpnetsecurity.com/2017/07/20/organized-credit-card-fraud-gang… ===================== = Advisories = ===================== ∗∗∗ Apple Sicherheitsupdates für Mac OS X und macOS Sierra ∗∗∗ --------------------------------------------- Das Betriebssystem Mac OS X ist der Standard auf Apple Laptops und Desktop-Geräten.Das von Apple entwickelte Betriebssystem macOS Sierra ist der namentliche Nachfolger von Mac OS X ab Version 10.12 für Macintosh-Systeme (Desktop und Server).Apple veröffentlicht macOS Sierra 10.12.6 und schließt damit Sicherheitslücken, durch die ein nicht angemeldeter Angreifer aus dem Internet intendierte Sicherheitsmaßnahmen umgehen, Daten auf Ihrem Rechner ausspähen oder --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Sicherheitsupdate auf Apple iOS 10.3.3 ∗∗∗ --------------------------------------------- iOS ist das Standardbetriebssystem auf Apple-Geräten wie iPhone, iPod touch und iPad. Es wurde auf Basis des Betriebssystems MAC OS X entwickelt.In verschiedenen von Apple iOS bis einschließlich Version 10.3.2 intern verwendeten Komponenten existieren mehrere, zum Teil schwerwiegende Sicherheitslücken. Ein Angreifer aus dem Internet kann diese insgesamt 47 Sicherheitslücken für das Ausführen beliebigen Programmcodes, auch mit erweiterten Privilegien, das --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Apple veröffentlicht Sicherheitsupdates für den Safari Webbrowser ∗∗∗ --------------------------------------------- Der Webbrowser Safari wurde von Apple für MAC OS X entwickelt.Apple schließt mit der neuen Safari Version für OS X Yosemite, OS X El Capitan und macOS Sierra mehrere Sicherheitslücken, durch die ein Angreifer aus dem Internet unter anderem beliebigen Programmcode auf Ihrem System ausführen, Informationen ausspähen sowie falsche Informationen darstellen kann. Insbesondere durch die Ausführung beliebigen Programmcodes kann ihr System nachhaltig geschädigt --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… ∗∗∗ Vuln: Genivia gSOAP CVE-2017-9765 Stack Based Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/99868 ∗∗∗ Cisco ASR 5000 Series Aggregation Services Routers GGSN Gateway Redirect Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Static Credentials Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1253: Apple iCloud: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1253/ ∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU – Apr 2017 – Includes Oracle Apr 2017 CPU affect IBM Content Collector for SAP Applications ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005616 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.07.2017
by Daily end-of-shift report 19 Jul '17

19 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 18-07-2017 18:00 − Mittwoch 19-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk ∗∗∗ --------------------------------------------- Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development --------------------------------------------- https://thehackernews.com/2017/07/gsoap-iot-device-hacking.html ∗∗∗ Sicherheitslücke in allen Node.js-Versionen ∗∗∗ --------------------------------------------- Eine Sicherheitslücke macht viele Node.js-Anwendungen anfällig für Denial-of-Service-Attacken. Die Entwickler haben korrigierte Versionen von Node.js 4, 6, 7 und 8 bereitgestellt und raten dringend zum Update. --------------------------------------------- https://heise.de/-3775843 ∗∗∗ Adware the series, the final: Tools section ∗∗∗ --------------------------------------------- The final episode of our adware series talks specifically about the tools that we use in identifying adware and the places where it lurks on a system.Categories: PUPTags: adwareFileASSASSINfrstPieter Arntzprocess explorerResource Monitorrootkitthe more you knowtoolstrojan(Read more...)The post Adware the series, the final: Tools section appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/puppum/2017/07/adware-the-series-the-final-to… ===================== = Advisories = ===================== ∗∗∗ DSA-3914 imagemagick - security update ∗∗∗ --------------------------------------------- This updates fixes several vulnerabilities in imagemagick: Variousmemory handling problems and cases of missing or incomplete inputsanitising may result in denial of service, memory disclosure or theexecution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNGfiles are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3914 ∗∗∗ WP Statistics 12.0.9 - Authenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8866 ∗∗∗ DFN-CERT-2016-1068: Apache Commons FileUpload, Apache Tomcat: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1068/ ∗∗∗ DFN-CERT-2017-1240: Apache Software Foundation HTTP-Server: Eine Schwachstelle ermöglicht das Ausspähen von Informationen und einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1240/ ∗∗∗ DFN-CERT-2017-1245: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1245/ ∗∗∗ DFN-CERT-2017-1249: Symfony: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1249/ ∗∗∗ IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640). ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010329 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform Reports Privilege Escalation (CVE-2017-1373) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22004677 ∗∗∗ Oracle Critical Patch Update Advisory - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html ∗∗∗ Solaris Third Party Bulletin - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.h… ∗∗∗ Oracle Linux Bulletin - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832… ∗∗∗ Oracle VM Server for x86 Bulletin - July 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-383236… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.07.2017
by Daily end-of-shift report 18 Jul '17

18 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Montag 17-07-2017 18:00 − Dienstag 18-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: ===================== = News = ===================== ∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗ --------------------------------------------- Für unser "Daily Business" suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich hier: https://www.cert.at/about/jobs/jobs.html --------------------------------------------- https://www.cert.at/services/blog/20170718152748-2072.html ∗∗∗ Exploit Derived From ETERNALSYNERGY Upgraded to Target Newer Windows Versions ∗∗∗ --------------------------------------------- Thai security researcher Worawit Wang has put together an exploit based on ETERNALENERGY that can also target newer versions of the Windows operating system. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/exploit-derived-from-eternal… ∗∗∗ Economic losses from cyber attack ‘akin to natural disaster’ ∗∗∗ --------------------------------------------- Not just a disaster for your data, a major attack could cost the global economy up to $120bn, according to new study. --------------------------------------------- https://www.htbridge.com/blog/economic-losses-from-cyber-attack-akin-to-nat… ∗∗∗ Linux Users Urged to Update as a New Threat Exploits SambaCry ∗∗∗ --------------------------------------------- A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker could open a command shell in a vulnerable device and take control of --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/lri-dU9kM1o/ ===================== = Advisories = ===================== ∗∗∗ Cisco WebEx Browser Extension Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows.The --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Bitdefender Remote Stack Buffer Overflow via 7z PPMD ∗∗∗ --------------------------------------------- submitted by /u/landave [link] [comments] --------------------------------------------- https://www.reddit.com/r/netsec/comments/6o0gji/bitdefender_remote_stack_bu… ∗∗∗ Bitdefender Remote Stack Buffer Overflow via 7z PPMD ∗∗∗ --------------------------------------------- https://www.reddit.com/r/netsec/comments/6o0gji/bitdefender_remote_stack_bu… ∗∗∗ DFN-CERT-2017-1230/">XML::LibXML: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1230/ ∗∗∗ [webapps] Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42333/?rss ∗∗∗ [webapps] Sophos Web Appliance 4.3.0.2 - trafficType Remote Command Injection (Metasploit) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42332/?rss ∗∗∗ [remote] Belkin NetCam F7D7601 - Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/42331/?rss ∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is affected by a user password being stored in plain text vulnerability (CVE-2017-1309) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005437 ∗∗∗ IBM Security Bulletin: BigFix Family WebUI Component Has Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22005246 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Direct for UNIX (CVE-2017-3731) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005893 ∗∗∗ IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct for UNIX (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005891 ∗∗∗ IBM Security Bulletin: The BigFix Platform versions 9.1 and 9.2 have security vulnerabilities that have been addressed via patch releases ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006014 ∗∗∗ IBM Security Bulletin: Detailed error messages in IBM Emptoris Contract Management are vulnerable to attacks (CVE-2016-6018) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005664 ∗∗∗ IBM Tivoli Enterprise Portal Server Bugs Let Remote Users Execute Arbitrary Commands and Modify SQL Queries and Let Local Users Gain Elevated Privileges ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038913 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.07.2017
by Daily end-of-shift report 17 Jul '17

17 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 14-07-2017 18:00 − Montag 17-07-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ The Week in Ransomware - July 14th 2017 - NemucodAES, LeakerLocker, and More ∗∗∗ --------------------------------------------- It has been a slow week in terms of new releases, which is always a good thing. Still lots of small crapware being released that will never have much wide distribution. We also have some good news, which is the release of a NemucodAES decryptor by Emsisoft. This allows victims of this ransomware to get their files back for free. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-… ∗∗∗ We Tested More than 50 Free Security Tools so You can Use Them for Your Online Protection ∗∗∗ --------------------------------------------- The idea that we should create a gargantuan list of cyber security tools started to spring in our minds around the beginning of this year. We started from a simple idea: It should be useful. We need it. You need it. It will come in handy in the future, to have all those tools in […] --------------------------------------------- https://heimdalsecurity.com/blog/free-cyber-security-tools-list/ ∗∗∗ Popular Chrome Extension Sold To New Dev Who Immediately Turns It Into Adware ∗∗∗ --------------------------------------------- An anonymous reader writes: A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware. The latest case is the Particle for YouTube Chrome extension, a simple tool that allows users to change the UI and behavior of some of YouTubes standard features. Because Google was planning major changes to YouTubes UI, the extensions original author decided to retire it and create a new one. This is when the a mysterious company --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/StqZHG6JsVY/popular-chrome-… ∗∗∗ Petya From The Wire: Detection using IDPS ∗∗∗ --------------------------------------------- Most malware that traverses a network do so with specific indicators, some of which look like legitimate network traffic and others that are completely unique to the malware. A single IDPS signature can have high confidence of detecting an infection... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Petya-From-The-Wire--Detecti… ∗∗∗ Gandi.net: Angreifer klaut interne Login-Daten und leitet Domains auf Malware um ∗∗∗ --------------------------------------------- Ein Angreifer hat die Login-Daten des französischen Registrars Gandi.net für einen seiner technischen Provider erlangt und 751 DNS-Einträge manipuliert, damit sie auf eine schädliche Website umleiten. --------------------------------------------- https://heise.de/-3772259 ∗∗∗ DDoS-Angriffe: Hacker flooden liebsten am Wochenende und abends ∗∗∗ --------------------------------------------- In seinem aktuellen DDoS-Report katalogisiert die deutsche Sicherheitsfirma Link11 die Distributed-Denial-of-Service-Angriffe auf Unternehmen der DACH-Region. Der Bericht legt nahe, dass solche Angriffe nach wie vor viel Schaden in Unternehmen anrichten. --------------------------------------------- https://heise.de/-3773640 ∗∗∗ Jetzt patchen: FreeRADIUS stopft Sicherheitslücken ∗∗∗ --------------------------------------------- Wer den beliebten Open-Source-RADIUS-Server FreeRADIUS verwendet, sollte Updates einspielen. Über Sicherheitslücken können Angreifer aus der Ferne Schadcode zur Ausführung bringen. --------------------------------------------- https://heise.de/-3773875 ∗∗∗ Keeping up with the Petyas: Demystifying the malware family ∗∗∗ --------------------------------------------- Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family.Categories: CybercrimeMalwareTags: Anti-RansomwareEternalPetyaGoldeneye ransomwaregreen petyajanusMischa ransomwareNotPetyaPetrwrappetya originsPetya ransomwareransomwarered petya(Read more...)The post Keeping up with the --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/07/keeping-up-with-the-petyas… ===================== = Advisories = ===================== ∗∗∗ DSA-3911 evince - security update ∗∗∗ --------------------------------------------- Felix Wilhelm discovered that the Evince document viewer made insecureuse of tar when opening tar comic book archives (CBT). Opening amalicious CBT archive could result in the execution of arbitrary code.This update disables the CBT format entirely. --------------------------------------------- https://www.debian.org/security/2017/dsa-3911 ∗∗∗ DSA-3910 knot - security update ∗∗∗ --------------------------------------------- Clément Berthaux from Synaktiv discovered a signature forgery vulnerability inknot, an authoritative-only DNS server. This vulnerability allows an attackerto bypass TSIG authentication by sending crafted DNS packets to a server. --------------------------------------------- https://www.debian.org/security/2017/dsa-3910 ∗∗∗ DSA-3909 samba - security update ∗∗∗ --------------------------------------------- Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutualauthentication bypass vulnerability in samba, the SMB/CIFS file, print, andlogin server. Also known as Orpheus Lyre, this vulnerability is located inSamba Kerberos Key Distribution Center (KDC-REP) component and could be used byan attacker on the network path to impersonate a server. --------------------------------------------- https://www.debian.org/security/2017/dsa-3909 ∗∗∗ WordPress Download Manager <= 2.9.49 - Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8856 ∗∗∗ WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8858 ∗∗∗ WordPress Download Manager <= 2.9.50 - Open Redirect ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8857 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.07.2017
by Daily end-of-shift report 14 Jul '17

14 Jul '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 13-07-2017 18:00 − Freitag 14-07-2017 18:00 Handler: Stephan Richter Co-Handler: ===================== = News = ===================== ∗∗∗ Hackers Are Using Automated Scans to Target Unfinished WordPress Installs ∗∗∗ --------------------------------------------- Experts from security firm Wordfence say they have observed a wave of web attacks that took aim at unfinished WordPress installations. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-are-using-automated-… ∗∗∗ Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data ∗∗∗ --------------------------------------------- An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data. --------------------------------------------- http://threatpost.com/experts-warn-too-often-aws-s3-buckets-are-misconfigur… ∗∗∗ Reverse Engineering Hardware of Embedded Devices: From China to the World ∗∗∗ --------------------------------------------- This article covers some basic hardware reverse engineering techniques on PCB-level, which are applicable to any electronic embedded device to showcase how to analyze a previously unknown (to the researcher or public white-hat community) hardware device. --------------------------------------------- http://blog.sec-consult.com/2017/07/reverse-engineering-hardware.html ∗∗∗ Code Injection in Signed PHP Archives (Phar) ∗∗∗ --------------------------------------------- PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts some additional security benefits by signing archives with a digital signature, disallowing the modification of the archives on production machines. --------------------------------------------- https://blog.sucuri.net/2017/07/code-injection-in-phar-signed-php-archives.… ∗∗∗ Peng!!! Comic HACKT Linux ∗∗∗ --------------------------------------------- Der unter Linux weit verbreitete Dokumenten-Betrachter Evince weist eine kritische Lücke auf, die sich ausnutzen lässt, um das System mit Schad-Software zu infizieren. Der Fehler lässt sich durch Comic-Books auslösen; Updates werden bereits ausgeliefert. --------------------------------------------- https://heise.de/-3771980 ∗∗∗ Thieves Used Infrared to Pull Data from ATM ‘Insert Skimmers’ ∗∗∗ --------------------------------------------- A greater number of ATM skimming incidents now involve so-called "insert skimmers," wafer-thin fraud devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. New evidence suggests that at least some of these insert skimmers -- which record card data and store it on a tiny embedded flash drive are -- equipped with technology allowing it to transmit stolen card data wirelessly via infrared, the same technology built into a television remote control. --------------------------------------------- https://krebsonsecurity.com/2017/07/thieves-used-infrared-to-pull-data-from… ∗∗∗ Gefälschte Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Mit einer gefälschten Rechnung fordern Kriminelle Empfänger/innen dazu auf, einen Dateianhang zu öffnen. Er beinhalt angeblich eine "vollständige Kostenaufstellung". Diese ist in Wahrheit Schadsoftware. Rechnungsempfänger/innen dürfen sie nicht öffnen, andernfalls drohen ihnen erhebliche Nachteile. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnu… ===================== = Advisories = ===================== ∗∗∗ Siemens SiPass integrated ∗∗∗ --------------------------------------------- This advisory contains mitigation details for improper authentication, improper privilege management, channel accessible by non-endpoint, and storing passwords in a recoverable format vulnerabilities in the Siemens SiPass integrated access control system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-194-01 ∗∗∗ GE Communicator ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a heap-based buffer overflow vulnerability in the GE Communicator. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-194-02 ∗∗∗ Vulnerabilities in Dasan Networks GPON ONT WiFi Router H64X Series ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017070101 https://cxsecurity.com/issue/WLB-2017070102 https://cxsecurity.com/issue/WLB-2017070103 https://cxsecurity.com/issue/WLB-2017070104 ∗∗∗ DrupalChat - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-057 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2892404 ∗∗∗ Search 404 - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-053 ∗∗∗ --------------------------------------------- https://www.drupal.org/node/2888094 ∗∗∗ DFN-CERT-2017-1218: Evince: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1218/ ∗∗∗ DFN-CERT-2017-1221: GLPi: Mehrere Schwachstellen ermöglichen SQL-Injektionen und das Löschen beliebiger Dateien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1221/ ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System FC5022 16Gb SAN Scalable Switch and IBM Flex System EN4023 10Gb Scalable Switch (CVE-2016-2108) ∗∗∗ --------------------------------------------- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099625 ∗∗∗ Critical Patch Update - July 2017- Pre-Release Announcement ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html ∗∗∗ Apache mod_auth_digest Uninitialized Memory Error Lets Remote Users Obtain Potentially Sensitive Information and Deny Service ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038906 ∗∗∗ EMC ViPR SRM Default Accounts Let Remote Users Access the Target System ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038905 ∗∗∗ Pulse Connect Secure Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1038880 ∗∗∗ SSA-589378 (Last Update 2017-07-13): Vulnerabilities in Android App SIMATIC Sm@rtClient ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378… ∗∗∗ SSA-874235 (Last Update 2017-07-13): Intel Vulnerability in Siemens Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily