[CERT-daily] Tageszusammenfassung - 30.08.2017

Daily end-of-shift report team at cert.at
Wed Aug 30 18:07:40 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 29-08-2017 18:00 − Mittwoch 30-08-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ WireX: Google entfernt 300 DDoS-Apps aus dem Playstore ∗∗∗
---------------------------------------------
Google hat ein DDoS-Botnetz aus Android-Geräten lahmgelegt - und dazu
300 Apps aus dem Playstore entfernt. Rund 70.000 Smartphones wurden
infiziert. (DoS, Virus)
---------------------------------------------
https://www.golem.de/news/wirex-google-entfernt-300-ddos-apps-aus-dem-playstore-1708-129761-rss.html


∗∗∗ Introducing WhiteBear ∗∗∗
---------------------------------------------
As a part of our Kaspersky APT Intelligence Reporting subscription,
customers received an update in mid-February 2017 on some interesting
APT activity that we called WhiteBear. It is a parallel project or
second stage of the Skipper Turla cluster of activity documented in
another private report. Like previous Turla activity, WhiteBear
leverages compromised websites and hijacked satellite connections for
command and control (C2) infrastructure.
---------------------------------------------
http://securelist.com/introducing-whitebear/81638/


∗∗∗ Security baseline for Windows 10 “Creators Update” (v1703) – FINAL
∗∗∗
---------------------------------------------
Microsoft is pleased to announce the final release of the recommended
security configuration baseline settings for Windows 10 “Creators
Update,” also known as version 1703, “Redstone 2,” or RS2. The
downloadable attachment to this blog post includes importable GPOs,
tools for applying the GPOs, custom ADMX files for Group Policy
settings, and all the settings in spreadsheet...
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final/


∗∗∗ Proof that HMAC-DRBG has No Back Doors ∗∗∗
---------------------------------------------
New research: "Verified Correctness and Security of mbedTLS HMAC-DRBG,"
by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer,
Adam Petcher, and Andrew W. Appel.Abstract: We have formalized the
functional specification of HMAC-DRBG (NIST 800-90A), and we have
proved its cryptographic security -- that its output is pseudorandom --
using a hybrid game-based proof.
---------------------------------------------
https://www.schneier.com/blog/archives/2017/08/proof_that_hmac.html



=====================
=    Advisories     =
=====================

∗∗∗ Update to Security Bulletin (APSB17-24) ∗∗∗
---------------------------------------------
The Security Bulletin (APSB17-24) published on August 8 regarding
updates for Adobe Acrobat and Reader has been updated to reflect the
availability of new updates as of August 29. The August 29 updates
resolve a functional regression with XFA forms functionality …
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1484


∗∗∗ DFN-CERT-2017-1525: Wireshark: Mehrere Schwachstellen ermöglichen
Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Wireshark können von einem entfernten, nicht
authentisierten Angreifer für verschiedene Denial-of-Service
(DoS)-Angriffe ausgenutzt werden. Die Ausnutzung der Schwachstellen
erfordert die Verarbeitung speziell präparierter Datenpakete oder
Packet-Trace-Dateien mit den Dissektoren für IrCOMM, Modbus, Profinet
I/O oder MSDP.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1525/


∗∗∗ DFN-CERT-2017-1523: Libgcrypt: Eine Schwachstelle ermöglicht das
Ausspähen von Informationen ∗∗∗
---------------------------------------------
Eine Schwachstelle in Libgcrypt ermöglicht einem lokalen, einfach
authentisierten Angreifer das Ausspähen privaten Schlüsselmaterials.
Das GnuPG-Projekt hat die Schwachstelle in den Versionen 1.7.9 und
1.8.1 behoben. Der Quellcode dieser Versionen steht zum Herunterladen
zur Verfügung.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1523/


∗∗∗ Multiple vulnerabilities in RubyGems ∗∗∗
---------------------------------------------
The following vulnerabilities have been reported. * a DNS request
hijacking vulnerability * an ANSI escape sequence vulnerability * a DoS
vulernerability in the query command * a vulnerability in the gem
installer that allowed a malicious gem to overwrite arbitrary files
---------------------------------------------
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/


∗∗∗ Cisco unveils LabVIEW code execution flaw that won’t be patched ∗∗∗
---------------------------------------------
LabVIEW, the widely used system design and development platform
developed by National Instruments, sports a memory corruption
vulnerability that could lead to code execution. LabVIEW is commonly
used for building data acquisition, instrument control, and industrial
automation systems on a variety of operating systems: Windows, macOS,
Linux and Unix. The vulnerability (CVE-2017-2779) The vulnerability was
discovered by Cory Duplantis of Cisco Talos earlier this year, and
reported to the company.
---------------------------------------------
https://www.helpnetsecurity.com/2017/08/30/labview-code-execution-flaw/


∗∗∗ Abbott Laboratories’ Accent/Anthem, Accent MRI, Assurity/Allure,
and Assurity MRI Pacemaker Vulnerabilities ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01


∗∗∗ AzeoTech DAQFactory ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01


∗∗∗ Advantech WebAccess ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02


∗∗∗ Security Advisory - Improper Authentication Vulnerability in The
FusionSphere OpenStack ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170830-02-OpenStack-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK
affect IBM Algo Credit Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007392


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM®
SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/support/docview.wss?uid=swg22006695


∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power
Hardware Management Console ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022175


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application
Server affects Power Hardware Management Console (CVE-2017-1194) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022178


∗∗∗ IBM Security Bulletin: IBM Transformation Extender Advanced and IBM
Standards Processing Engine are susceptible to a vulnerability in 10x
(CVE-2017-1152) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004796


∗∗∗ ImageMagick Heap Overflow in TracePoint() in Processing Files Lets
Remote Users Execute Arbitrary Code ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039246


∗∗∗ SSA-535640 (Last Update 2017-08-30): Vulnerability in Industrial
Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf


∗∗∗ SSA-771218 (Last Update 2017-08-30): Vulnerability in 7KM PAC
Switched Ethernet PROFINET expansion module from the SENTRON portfolio
∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218.pdf


∗∗∗ SSA-087240 (Last Update 2017-08-30): Vulnerabilities in SIEMENS
LOGO! ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240.pdf


∗∗∗ HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center,
Remote Disclosure of Information ∗∗∗
---------------------------------------------
https://h20565.www2.hpe.com/portal/site/hpsc/template.PAGE/action.process/public/kb/docDisplay/?javax.portlet.action=true&spf_p.tpst=kbDocDisplay&javax.portlet.begCacheTok=com.vignette.cachetoken&spf_p.prp_kbDocDisplay=wsrp-interactionState%3DdocId%253Demr_na-hpesbgn03765en_us%257CdocLocale%253Den_US%257CcalledBy%253D&javax.portlet.endCacheTok=com.vignette.cachetoken

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list