[CERT-daily] Tageszusammenfassung - Dienstag 4-04-2017
Daily end-of-shift report
team at cert.at
Tue Apr 4 18:24:48 CEST 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-04-2017 18:00 − Dienstag 04-04-2017 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Lazarus Under The Hood ***
---------------------------------------------
Today wed like to share some of our findings, and add something new to whats currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank.
---------------------------------------------
http://securelist.com/blog/sas/77908/lazarus-under-the-hood/
*** APT10 - Operation Cloud Hopper ***
---------------------------------------------
Written by Adrian Nish and Tom RowlesBACKGROUNDFor many businesses the network now extends to suppliers who provide management of applications, cloud storage, helpdesk, and other functions. With the right integration and service levels Managed Service Providers (MSPs) can become a key enabler for businesses by allowing them to focus on their core mission while suppliers take care of background tasks. However, the network connectivity which exists between MSPs and their customers also provides a...
---------------------------------------------
http://baesystemsai.blogspot.com/2017/04/apt10-operation-cloud-hopper_3.html
*** WLAN-Lücke: Apple reicht Bugfix-Update für iOS 10.3 nach ***
---------------------------------------------
iOS 10.3.1 behebt einen schwerwiegenden Fehler, über den ein Angreifer Code auf dem WLAN-Chip ausführen könnte. Außerdem lassen sich 32-Bit-Versionen nun wieder direkt auf dem Gerät installieren.
---------------------------------------------
https://heise.de/-3674340
*** NSO Group: Pegasus-Staatstrojaner für Android entdeckt ***
---------------------------------------------
Nach der iOS-Version des Staatstrojaners Pegasus haben Sicherheitsforscher auch eine Version für Android gefunden. Diese nutzt keine Zero-Day-Exploits und kann auch ohne vollständige Infektion Daten übertragen.
---------------------------------------------
https://www.golem.de/news/nso-group-pegasus-staatstrojaner-fuer-android-entdeckt-1704-127116-rss.html
*** Cloudmark kündigt überraschend DANE/TLSA für Mail-Sicherheit an ***
---------------------------------------------
Der überraschende Schritt des Internet-Schwergewichts erscheint bedeutsam, weil er die Mail-Sicherheitstechnik stärkt und zugleich als eine deutliche Absage an das Konzept der Certification Authorities gelesen werden kann.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Cloudmark-kuendigt-ueberraschend-DANE-TLSA-fuer-Mail-Sicherheit-an-3673923.html
*** Betriebssystem Tizen für Samsung-Geräte von Sicherheitslücken durchsiebt ***
---------------------------------------------
Ein Sicherheitsforscher hat den Code von Samsungs Tizen analysiert und zieht ein desaströses Resümee. Das Betriebssystem dient als Basis für mobile Geräte und Fernseher des Herstellers.
---------------------------------------------
https://heise.de/-3674713
*** Kaspersky: Geldautomaten mit 15-US-Dollar-Bastelcomputer leergeräumt ***
---------------------------------------------
Am Ende bleibt nur ein golfballgroßes Loch und das Geld ist weg: Kaspersky hat einen neuen Angriff auf Geldautomaten vorgestellt. Bei dem Angriff werden physische Beschädigung und Hacking kombiniert. Betroffen sind weit verbreitete Modelle aus den 90er Jahren.
---------------------------------------------
https://www.golem.de/news/kaspersky-geldautomaten-mit-15-us-dollar-bastelcomputer-leergeraeumt-1704-127130-rss.html
*** How Hackers Hijacked a Bank's Entire Online Operation ***
---------------------------------------------
Researchers at Kaspersky say a Brazilian banks entire online footprint was commandeered in a five-hour heist.
---------------------------------------------
https://www.wired.com/2017/04/hackers-hijacked-banks-entire-online-operation/
*** Workshop on Software Security in industrial area ***
---------------------------------------------
May 09, 2017 - 4:00 pm - 6:30 pm Bachmann electronic GmbH Kreuzäckerweg 33 Feldkirch
---------------------------------------------
https://www.sba-research.org/events/workshop-on-software-security-in-industrial-area/
*** CVE-2017-7228 - x86: broken check in memory_exchange() permits PV guest breakout ***
---------------------------------------------
A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-212.html
*** Bugtraq: The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540365
*** Bugtraq: OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540364
*** VU#307983: AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references ***
---------------------------------------------
Vulnerability Note VU#307983 AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references Original Release date: 04 Apr 2017 | Last revised: 04 Apr 2017 Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of Untrusted DataSome Java...
---------------------------------------------
http://www.kb.cert.org/vuls/id/307983
*** DFN-CERT-2017-0569: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0569/
*** DFN-CERT-2017-0571: Red Hat JBoss A-MQ, JBoss Fuse: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0571/
*** Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection ***
---------------------------------------------
Topic: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Risk: High Text:# Exploit Title: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (t...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017040006
*** D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery ***
---------------------------------------------
Topic: D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery Risk: Medium Text:*Title:* = D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability *Credit...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017040008
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999999
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2016-6810) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001326
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view incorrect item sets that they should not have access to view (CVE-2016-8987) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996255
---------------------------------------------
*** IBM Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360) ***
http://www.ibm.com/support/docview.wss?uid=swg22000834
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM) ***
http://wwwbeta-sso.toronto.ca.ibm.com:81/support/entry2/portal/docdisplay?lndocid=migr-5099555
---------------------------------------------
More information about the Daily
mailing list