[CERT-daily] Tageszusammenfassung - 25.08.2017

Daily end-of-shift report team at cert.at
Fri Aug 25 18:13:14 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 24-08-2017 18:00 − Freitag 25-08-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Researcher Releases Fully Working Exploit Code for iOS Kernel Vulnerability ∗∗∗
---------------------------------------------
Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/researcher-releases-fully-working-exploit-code-for-ios-kernel-vulnerability/


∗∗∗ New EMPTY CryptoMix Ransomware Variant Released ∗∗∗
---------------------------------------------
Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses EMPTY, it is clear that the developers are running out of extensions to use.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/


∗∗∗ Mobile malware factories: Android apps for creating ransomware ∗∗∗
---------------------------------------------
Mobile ransomware can now be created automatically without the need to write code. Having little to no coding experience is no longer a problem for wannabe mobile malware authors, thanks to Trojan Development Kits (TDKs). Criminals can now install an app that will allow them to quickly and easily create Android ransomware with their own devices.
---------------------------------------------
https://www.symantec.com/connect/blogs/mobile-malware-factories-android-apps-creating-ransomware


∗∗∗ Analysis of Ronggolawe Ransomware and How to Block It ∗∗∗
---------------------------------------------
... Web server ransomware is not new. In fact we witnessed first evidence of it back at 2015 and most recently in the well-known attack aimed at the South Korean web hosting company NAYANA. Unfortunately, today ransomware targeted at web servers is even more popular especially given the availability of open source malware easily found in public repositories such as GitHub. Most recently we have seen reports of a new web server ransomware called Ronggolawe, the code name for AwesomeWare.
---------------------------------------------
https://www.imperva.com/blog/2017/08/ronggolawe-ransomware-how-to-block-it/


∗∗∗ The Adventure of the Final Intel AMT Problem ∗∗∗
---------------------------------------------
Its high time to learn how cunning cyber criminals can use Intel AMT powerful capabilities to achieve their malicious goals. See the captivating story of hacking Intel AMT with all its twists and turns and awe-inspiring details with your own eyes. The freshest and the hottest presentation “MythBusters: CVE-2017-5689 – How Intel AMT could be broken completely” from HITB 2017.
---------------------------------------------
https://embedi.com/news/adventure-final-intel-amt-problem


∗∗∗ Sophos UTM: Update kümmert sich um alte und neue Sicherheitslücken ∗∗∗
---------------------------------------------
In der UTM von Sophos klaffen mehrere Schwachstellen. Eine fehlerbereinigte Version steht zum Download bereit.
---------------------------------------------
https://heise.de/-3812308


∗∗∗ Android Oreo: Das sind die Sicherheits-Neuerungen bei Android 8.0 ∗∗∗
---------------------------------------------
Google härtet Android mit Google Play Protect, Schutzfunktionen für die System-UI, strikteren Regeln für nachgeladenen Code aus Drittquellen und erweiterter Isolierung von Browser-Prozessen.
---------------------------------------------
https://heise.de/-3812341



=====================
=    Advisories     =
=====================

∗∗∗ ZDI-17-697: (0Day) Delta Industrial Automation WPLSoft dvp File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-17-697/


∗∗∗ ESB-2017.2137 - [Appliance] WPLSoft, ISPSoft and PMSoft ∗∗∗
---------------------------------------------
This bulletin contains ten (10) Zero Day Initiative security advisories.
---------------------------------------------
https://www.auscert.org.au/bulletins/51578/print


∗∗∗ Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455 ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01


∗∗∗ Rockwell Automation Allen-Bradley Stratix and ArmoStratix ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-04


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007508

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list