[CERT-daily] Tageszusammenfassung - Mittwoch 19-04-2017

Wed Apr 19 18:29:35 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 18-04-2017 18:00 − Mittwoch 19-04-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Trojaner greift gezielt österreichische Banken-Apps an ***
---------------------------------------------
Eine kürzlich im Play Store entdeckte Malware versucht Bankdaten von 400 Apps abzugreifen, darunter Bawag, Erste Bank und Volksbank.
---------------------------------------------
https://futurezone.at/digital-life/trojaner-greift-gezielt-oesterreichische-banken-apps-an/259.243.371


*** Hajime IoT worm infects devices to head off Mirai ***
---------------------------------------------
Mirai is the name of the worm that has taken control of many IoT devices around the world and used them to mount DDoS attacks, the most high-profile of which was directed against US-based DNS provider Dyn and resulted in many websites and online services being inaccessible for hours on end. Its source code was leaked by the author, which lead to the creation of more botnets, and an increased fear that [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/19/hajime-iot-worm/


*** Firmware-Status von AVM-Routern checken: Kritisches Sicherheitsloch in Fritzbox-Firmware gestopft ***
---------------------------------------------
Durch eine kritische Sicherheitslücke in FritzOS könnten Angreifer beliebte Fritzbox-Modelle wie die 7490 aus der Ferne kapern. AVM hat die Lücke in den Routern bereits mit Firmware-Version 6.83 geschlossen - allerdings ohne es zu wissen.
---------------------------------------------
https://heise.de/-3687437


*** Hunting for Malicious Excel Sheets, (Wed, Apr 19th) ***
---------------------------------------------
Recently, I found a malicious Excel sheet which contained a VBA macro. One particularity of this file was that useful information was stored in cells. The VBA macro read and used them to download the malicious PE file. The Excel file looked classic, asking the user to enable macros:  But below, around the 1000th row, some cells were hidden:  Once expanded, they revealed interesting values:  The macro code used the contain of those cells: [...]
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22322&rss


*** Owncloud/Nextcloud: Passwörter im Bugtracker ***
---------------------------------------------
Wer bei Owncloud oder Nextcloud einen Bugreport melden möchte, wird nach dem Inhalt seiner Konfigurationsdatei gefragt. Viele Nutzer kamen dem nach - und gaben damit ihre Passwörter öffentlich preis.
---------------------------------------------
https://www.golem.de/news/owncloud-nextcloud-passwoerter-im-bugtracker-1704-127346-rss.html


*** A Remote Attack on the Bosch Drivelog Connector Dongle ***
---------------------------------------------
In this blog post, I discuss the vulnerabilities of the Bosch Drivelog Connector OBD-II dongle found by the Argus Research Team. The vulnerabilities allowed us to stop the engine of a moving vehicle using the Drivelog platform.
---------------------------------------------
https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/


*** Internet routing weakness could cost Bitcoin users ***
---------------------------------------------
A flaw in the underlying design of the Internet could be very expensive for Bitcoin users, researchers find.
---------------------------------------------
https://nakedsecurity.sophos.com/2017/04/18/internet-routing-weakness-could-cost-bitcoin-users/


*** Meet PINLogger, the drive-by exploit that steals smartphone PINs ***
---------------------------------------------
Sensors in phones running both iOS and Android reveal all kinds of sensitive info.
---------------------------------------------
https://arstechnica.com/security/2017/04/meet-pinlogger-the-drive-by-exploit-that-steals-smartphone-pins/


*** BrickerBot Permanent Denial-of-Service Attack (Update A) ***
---------------------------------------------
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-102-01A BrickerBot Permanent Denial-of-Service Attack that was published April 12, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of open-source reports of "BrickerBot" attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of service (PDoS). This family of botnets, which consists of BrickerBot.1 and BrickerBot.2, was described in a Radware Attack Report.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01A


*** Cryptographic security risks are amplified in DevOps settings ***
---------------------------------------------
Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications, according to a study conducted by Dimensional Research. According to the study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments. These problems are especially acute among organizations that are in the midst of adopting DevOps practices, but even organizations that say their [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/19/devops-settings/


*** What is File Integrity Monitoring and Why You Need It ***
---------------------------------------------
The news is rife with stories of successful attacks against servers, point-of-sale (POS) systems, IoT devices and more where an attacker has gained access to an organization's IT assets and changed or inserted new files and data to do something malicious. Just a search on malware highlights a seemingly-endless list of variants including the recent exposure of NSA-backed malware that exploits Windows systems, the re-emergence of Dridex (designed to capture banking credentials), new malware [...]
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/what-is-file-integrity-monitoring-and-why-you-need-it


*** HPESBGN03734 rev.1 - HPE Vertica Analytics Platform, Remote Gain Privileged Access ***
---------------------------------------------
A potential security vulnerability has been identified in HPE Vertica Analytics Platform. This vulnerability could be remotely exploited to gain privileged access.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03734en_us


*** VMSA-2017-0008 ***
---------------------------------------------
VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0008.html


*** Oracle Critical Patch Update - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html


*** Solaris Third Party Bulletin - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/bulletinapr2017-3680911.html


*** Oracle Linux Bulletin - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2017-3664625.html


*** Oracle VM Server for x86 Bulletin - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/ovmbulletinapr2017-3664626.html


*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-01-smartphone-en
---------------------------------------------
*** Security Advisory - OpenSSL Montgomery multiplication may produce incorrect results Vulnerability ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-01-openssl-en
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Some Huawei Products ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-02-smartphone-en
---------------------------------------------
*** Security Advisory - Input Validation Vulnerability in Multiple Huawei Products ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-01-pse-en
---------------------------------------------
*** Security Advisory - Plaintext Storage of Users' Safe Passwords in the Files APP in Huawei Mobile Phones ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-01-files-en
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in zlib affect IBM SDK for Node.js (CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843) ***
http://www.ibm.com/support/docview.wss?uid=swg22001567
---------------------------------------------
*** IBM Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997868
---------------------------------------------
*** IBM Security Bulletin: Fix available for Sensitive Data Exposure Vulnerability in IBM Cúram Social Program Management (CVE-2016-9978) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001782
---------------------------------------------
*** IBM Security Bulletin: Fix available for DOM based Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9979) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001780
---------------------------------------------
*** IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9980) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001779
---------------------------------------------
*** IBM Security Bulletin: Fix available for a Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2016-8923) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001774
---------------------------------------------
*** IBM Security Bulletin: Access Manager Client in IBM DataPower Gateways is vulnerable to a denial of service attack. ***
http://www.ibm.com/support/docview.wss?uid=swg22001789
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010111
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem model V840 ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010112
---------------------------------------------