[CERT-daily] Tageszusammenfassung - 14.08.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 11-08-2017 18:00 − Montag 14-08-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Forscher hacken Computer mit manipulierter DNA ∗∗∗
---------------------------------------------
Auch DNA ist nicht vor Schadsoftware sicher: Forscher der University of Washington konnten einen Computer mithilfe von manipulierter DNA übernehmen.
---------------------------------------------
https://futurezone.at/digital-life/forscher-hacken-computer-mit-manipulierter-dna/280.067.091


∗∗∗ Remotelock LS-6i: Firmware-Update zerstört smarte Türschlösser dauerhaft ∗∗∗
---------------------------------------------
Ein Hersteller smarter Türschlösser hat mindestens 500 Geräte von Kunden durch ein falsches Firmwareupdate dauerhaft zerstört. Betroffen sind vor allem viele Airbnb-Vermieter, ein Austauschprogramm ist gestartet.
---------------------------------------------
https://www.golem.de/news/remotelock-ls-6i-firmware-update-zerstoert-smarte-tuerschloesser-dauerhaft-1708-129458-rss.html


∗∗∗ Sonic Spy: Forscher finden über 4.000 spionierende Android-Apps ∗∗∗
---------------------------------------------
Ein einziger Anbieter soll seit Jahresanfang rund 4.000 Apps mit bösartigem Inhalt in Umlauf gebracht haben - einige davon auch über Google Play. Die Apps können das Mikrofon aktivieren und Telefonate mitschneiden.
---------------------------------------------
https://www.golem.de/news/sonic-spy-forscher-finden-ueber-4000-spionierende-android-apps-1708-129459-rss.html


∗∗∗ Many Factors Conspire in ICS/SCADA Attacks ∗∗∗
---------------------------------------------
A report on the state of SCADA and ICS security points out that critical infrastructure operators are caught between hackers and a lack of vendor and executive support.
---------------------------------------------
http://threatpost.com/many-factors-conspire-in-icsscada-attacks/127407/


∗∗∗ Outlook Web Access based attacks, (Sat, Aug 12th) ∗∗∗
---------------------------------------------
Recently weve started seeing some attacks that utlise OWA. A person in the victim organisation sends an email to one or more of their customers informing them of change in account details. The attacker provides instructions to customers on paying their account utilising the new account details. The email is cced to other internal staff adding a level of legitimacy (also compromised accounts).
---------------------------------------------
https://isc.sans.edu/diary/rss/22710


∗∗∗ A new issue of our SWITCH Security Report is available! ∗∗∗
---------------------------------------------
Dear Reader! A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Family business: Petya and its derivatives sweep over half the world as a new wave of ransomware Pay a ransom [...]
---------------------------------------------
https://securityblog.switch.ch/2017/08/14/a-new-issue-of-our-switch-security-report-is-available-2/


∗∗∗ Sicherheitsupdate: Symantecs Messaging Gateway ist für Schadcode empfänglich ∗∗∗
---------------------------------------------
Mit der aktuellen Version haben die Entwickler zwei Sicherheitslücken in der Schutzlösung geschlossen.
---------------------------------------------
https://heise.de/-3799171


∗∗∗ Datenbank-Server PostgreSQL: Lücke lässt Anmeldung ohne Passwort zu ∗∗∗
---------------------------------------------
Administratoren, die PostgreSQL-Datenbanken betreiben, sollten ihre Software updaten. Unter bestimmten Umständen können sich Angreifer an den Servern ohne Eingabe eines Passwortes anmelden, warnen die Entwickler.
---------------------------------------------
https://heise.de/-3799721



=====================
=    Advisories     =
=====================

∗∗∗ DSA-3937 zabbix - security update ∗∗∗
---------------------------------------------
Lilith Wyatt discovered two vulnerabilities in the Zabbix networkmonitoring system which may result in execution of arbitrary code ordatabase writes by malicious proxies.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3937


∗∗∗ HPESBHF03768 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗
---------------------------------------------
Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) Plat. These vulnerabilities could be exploited remotely to allow remote code execution.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us


∗∗∗ VMSA-2017-0014 ∗∗∗
---------------------------------------------
VMware NSX-V Edge updates address OSPF Protocol LSA DoS
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0014.html


∗∗∗ DSA-3936 postgresql-9.6 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3936


∗∗∗ DSA-3935 postgresql-9.4 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3935


∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010501


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005160


∗∗∗ IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-9461) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010376


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006960


Next End-of-Day Report: 2017-08-16

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily