===================== = End-of-Day report = =====================

Timeframe: Mittwoch 02-05-2018 18:00 − Donnerstag 03-05-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

===================== = News = =====================

∗∗∗ Notfall-Hotline für von Cybercrime betroffene Unternehmen in Wien ∗∗∗ --------------------------------------------- Anzeigen wegen Cybercrime-Delikten sind im Vorjahr in Österreich um rund 28 Prozent gestiegen. ... Die WK Wien startete deshalb eine Notfall-Hotline für betroffene Unternehmen. --------------------------------------------- http://derstandard.at/2000079106868

∗∗∗ Threat Roundup for April 20-27 ∗∗∗ --------------------------------------------- Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 20 and 27. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics, indicators of compromise... --------------------------------------------- http://blog.talosintelligence.com/2018/04 /threat-round-up-0420-0427.html

∗∗∗ Betrug mit gefälschter Microsoft-Warnung ∗∗∗ --------------------------------------------- Mit einer gefälschten Microsoft-Warnung fordern Kriminelle von Konsument/innen, dass sie telefonisch Kontakt mit einem Support-Center aufnehmen. Es teilt ihnen mit, dass ihr Computer mit Schadsoftware befallen sei. Aus diesem Grund sollen sie ein Programm herunterladen und für die Hilfestellung bezahlen. Kommen die Konsument/innen den Aufforderungen nach, verlieren sie Geld und infizieren ihr Endgerät mit Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/news /betrug-mit-gefaelschter-microsoft-warnung/

===================== = Vulnerabilities = =====================

∗∗∗ Cisco Releases Security Updates ∗∗∗ --------------------------------------------- Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: * WebEx Advanced Recording Format Remote Code Execution Vulnerability cisco-sa-20180502-war * Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability cisco-sa-20180502-prime-upload * Secure Access Control System Remote Code Execution Vulnerability cisco-sa-20180502-acs1 * Wireless LAN Controller 802.11 Management Frame Denial-of-Service Vulnerability cisco-sa-20180502-wlc-mfdos * Wireless LAN Controller IP Fragment Reassembly Denial-of-Service Vulnerability cisco-sa-20180502-wlc-ip * Meeting Server Remote Code Execution Vulnerability cisco-sa-20180502-cms-cx * Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial-of-Service Vulnerability cisco-sa-20180502-ap-ptp * Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability cisco-sa-20180502-aironet-ssh --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/05/02 /Cisco-Releases-Security-Updates

∗∗∗ Weitere Spectre-Lücken im Anflug ∗∗∗ --------------------------------------------- Ganze acht neue Sicherheitslücken in Intel-CPUs haben mehrere Forscher-Teams dem Hersteller bereits gemeldet, die aktuell noch geheimgehalten werden. ... Die konkrete Gefahr für Privatleute und Firmen-PCs ist hingegen eher gering, weil es dort in aller Regel andere, einfacher auszunutzende Schwachstellen gibt. Trotzdem sollte man sie ernst nehmen und die anstehenden Spectre-NG-Updates nach deren Erscheinen zügig einspielen. --------------------------------------------- https://heise.de/-4039134

∗∗∗ Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Oracle Access Manager - Updates verfügbar 3. Mai 2018 Beschreibung Das IT-Security Consulting Unternehmen SEC-Consult hat eine kritische Sicherheitslücke in der verbreiteten Software Oracle Access Manager (OAM) entdeckt, die in vielen Umgebungen für Single-Sign-On und andere Login-Szenarios verwendet wird. CVE-Nummer: CVE-2018-2879 Auswirkungen Angreifer können sich durch Ausnutzen der Lücke mit beliebigen Accounts (auch --------------------------------------------- http://www.cert.at/warnings/all/20180503.html

∗∗∗ Docker für Windows: Microsoft patcht Go-Bibliothek hcsshim ∗∗∗ --------------------------------------------- Wer Docker zur Containervirtualisierung unter Windows nutzt oder selbst Go-Programme entwickelt, sollte dringend die Aktualität des "Windows Host Compute Service Shim" (hcsshim)-Packages auf seinem System überprüfen. --------------------------------------------- https://heise.de/-4040139

∗∗∗ SSA-546832 (Last Update: 2018-05-03): Vulnerabilities in Medium Voltage SINAMICS Products ∗∗∗ --------------------------------------------- The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf

∗∗∗ SSA-468514 (Last Update: 2018-05-03): Improper Certificate Validation Vulnerability in Siveillance VMS Video Mobile App for Android and iOS ∗∗∗ --------------------------------------------- The latest update for the Siveillance VMS Video mobile app for Android and iOS fixes a security vulnerability that could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. Precondition for this scenario is that an attacker is able to intercept the communication channel between the affected app and a server, and is also able to generate a certificate that results for the validation algorithm in --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf

∗∗∗ SSA-457058 (Last Update: 2018-05-03): .NET Security Vulnerability in Siveillance VMS ∗∗∗ --------------------------------------------- Siemens has released software updates for Siveillance VMS which fix a security vulnerability with the .NET Remoting deserialization that could allow elevation of privileges and/or causing a Denial-of-Service, if affected ports are exposed. --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf

∗∗∗ HPESBHF03841 rev.1 - Certain HPE Servers with AMD-based Processors, Multiple Vulnerabilities (Fallout/Masterkey) ∗∗∗ --------------------------------------------- Several HPE servers that use AMD processors are vulnerable to security defects (Fallout/Masterkey) which allow local unauthorized elevation of privilege, unauthorized modification of information, unauthorized disclosure of information, and Denial of Service. --------------------------------------------- https://support.hpe.com/hpsc/doc/public /display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us

∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, librelp, patch, and python-paramiko), Debian (kernel and quassel), Gentoo (chromium, hesiod, and python), openSUSE (corosync, dovecot22, libraw, patch, and squid), Oracle (java-1.7.0-openjdk), Red Hat (go-toolset-7 and go-toolset-7-golang, java-1.7.0-openjdk, and rh-php70-php), and SUSE (corosync and patch). --------------------------------------------- https://lwn.net/Articles/753457/

∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK IBM Rational Software Architect and Rational Software Architect for WebSphere Software. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22015990

∗∗∗ IBM Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013601

∗∗∗ IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012311

∗∗∗ IBM Security Bulletin: ISC DHCP vulnerability affects TS4500 Tape Library (CVE-2018-5732) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012247