[CERT-daily] Tageszusammenfassung - 16.08.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 14-08-2017 18:00 − Mittwoch 16-08-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Millions of RDP Endpoints Exposed Online and Ready for Bad Things ∗∗∗
---------------------------------------------
An Internet-wide scan carried out by security researchers from Rapid7 has discovered over 11 million devices with 3389/TCP ports left open online, of which over 4.1 million are specifically speaking the RDP protocol. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/millions-of-rdp-endpoints-exposed-online-and-ready-for-bad-things/


∗∗∗ Pulse Wave - New DDoS Assault Pattern Discovered ∗∗∗
---------------------------------------------
A new method of carrying out DDoS attacks named Pulse Wave is causing problems to certain DDoS mitigation solutions, allowing attackers to down servers previously thought to be secured. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/pulse-wave-new-ddos-assault-pattern-discovered/


∗∗∗ Attackers Backdoor Another Software Update Mechanism ∗∗∗
---------------------------------------------
Researchers at Kaspersky Lab said today that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad.
---------------------------------------------
http://threatpost.com/attackers-backdoor-another-software-update-mechanism/127452/


∗∗∗ Analysis of a Paypal phishing kit, (Wed, Aug 16th) ∗∗∗
---------------------------------------------
They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal arenice targets and we can find new fake pages almost daily. Sometimes, the web server isnt properly configured and the source code is publicly available. A few days ago, I was lucky to find a ZIP archivecontaining a very nice phishing kit targeting Paypal. I took some time to have a look at it.
---------------------------------------------
https://isc.sans.edu/diary/rss/22726


∗∗∗ Security Afterworks Spezial – DSGVO – Impulsvorträge und Diskussion ∗∗∗
---------------------------------------------
October 03, 2017 - 4:30 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-dsgvo/


∗∗∗ Decoding Complex Malware – Step-by-Step ∗∗∗
---------------------------------------------
When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase the chances of reinfecting the site and maintaining access for as long as possible. Our research finds that in 67% of the websites we clean, there is at least one backdoor variant.
---------------------------------------------
https://blog.sucuri.net/2017/08/malware-decoding-step-step-guide.html


∗∗∗ The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard ∗∗∗
---------------------------------------------
In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SJgibQgcZtQ/


∗∗∗ ShadowPad: Spionage-Hintertür in Admintools für Unix- und Linux-Server aufgedeckt ∗∗∗
---------------------------------------------
Eine raffinierte Hintertür wurde von Angreifern per korrekt signiertem Update an die Netzwerk-Admin-Tools der koreanischen Firma NetSarang ausgeliefert. Es dauerte mehr als zwei Wochen, bis der Spionage-Trojaner im Netz eines Bankinstitutes aufflog.
---------------------------------------------
https://heise.de/-3803225


∗∗∗ EV ransomware is targeting WordPress sites ∗∗∗
---------------------------------------------
WordPress security outfit Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files. They dubbed the malware "EV ransomware", due to the .ev extension that is added to the encrypted files.
---------------------------------------------
https://www.helpnetsecurity.com/2017/08/16/wordpress-ransomware/



=====================
=    Advisories     =
=====================

∗∗∗ BMC Medical and 3B Medical Luna CPAP Machine ∗∗∗
---------------------------------------------
This medical device advisory contains mitigation details for an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure therapy machine.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01


∗∗∗ Identity Reporting 5.5.1 ∗∗∗
---------------------------------------------
Abstract: This service pack provides enhancements and software fixes for Identity Reporting. For more information about these updates, see the service pack details.
---------------------------------------------
https://download.novell.com/Download?buildid=iGYyq6xwjhE~


∗∗∗ Citrix XenServer Multiple Security Updates ∗∗∗
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.
---------------------------------------------
https://support.citrix.com/article/CTX225941


∗∗∗ DFN-CERT-2017-1441: Xen: Mehrere Schwachstellen ermöglichen u.a. das Eskalieren von Privilegien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1441/


∗∗∗ DFN-CERT-2017-1442: Red Hat JBoss Data Virtualization: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1442/


∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-01-smartphone-en


∗∗∗ Security Advisory - Two Vulnerabilities in Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170807-01-smartphone-en


∗∗∗ Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-02-smartphone-en


∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Huawei Honor 5S Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-03-smartphone-en


∗∗∗ Security Advisory - Integer Overflow Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-01-nas-en


∗∗∗ Security Advisory - Lack of Signature Verification Vulnerability in Some Huawei APP ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170816-01-app-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006722


∗∗∗ IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting (CVE-2017-1338) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22004138


∗∗∗ IBM Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU – April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007149


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2016-8688, CVE-2016-8689, CVE-2017-5601, CVE-2016-10209, CVE-2016-10350, CVE-2016-10349) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006995


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21998551


∗∗∗ IBM Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006810


∗∗∗ IBM Security Bulletin: IBM Security Access Manager is affected by an OpenSSL vulnerability (CVE-2016-8610) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007023


∗∗∗ IBM Security Bulletin: IBM Security Access Manager appliances are affected by multiple Network Time Protocol (NTP) vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007067


∗∗∗ SSA-275839 (Last Update 2017-08-16): Denial-of-Service Vulnerability in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf


∗∗∗ SSA-293562 (Last Update 2017-08-16): Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily