[CERT-daily] Tageszusammenfassung - Mittwoch 8-02-2017
Daily end-of-shift report
team at cert.at
Wed Feb 8 18:27:08 CET 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 07-02-2017 18:00 − Mittwoch 08-02-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** As Valve eradicates serious bug in Steam, here's what you need to know ***
---------------------------------------------
Steam, an online game platform with more than 125 million active accounts, is in the process of fixing a serious security hole that opens users to hacks that could redirect them to attack sites, spend their market funds, or possibly make malicious changes to their user profiles.
---------------------------------------------
https://arstechnica.com/security/2017/02/as-valve-eradicates-serious-bug-in-steam-heres-what-you-need-to-know/
*** Fileless attacks against enterprise networks ***
---------------------------------------------
This threat was originally discovered by a bank's security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim's host to the attacker's C2.
---------------------------------------------
http://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/
*** Strategies to Mitigate Cyber Security Incidents ***
---------------------------------------------
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, business email compromise and industrial control systems.
---------------------------------------------
http://www.asd.gov.au/infosec/mitigationstrategies.htm
*** ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability ***
---------------------------------------------
An attacker can exploit the vulnerability to bypass authentication and thereby gain administrator privileges.
---------------------------------------------
http://www.securityfocus.com/archive/1/540100
*** When A Pony Walks Out Of A Pub ***
---------------------------------------------
Talos has observed a small email campaign leveraging the use of Microsoft Publisher files.
...
Unlike other applications within the Microsoft Office suite, Microsoft Publisher does not support a Protected View mode.
...
The file used in this campaign was aimed at infecting the victim with the, well known, Pony malware
---------------------------------------------
http://blog.talosintel.com/2017/02/pony-pub-files.html
*** Multiple Vulnerabilities in Trend Micro Control Manager (TMCM) 6.0 ***
---------------------------------------------
CVSS 2.0 Score(s): 4.0 - 6.8
Severity Rating(s): Medium
Trend Micro has released a new build for Trend Micro Conrol Manager 6.0. This build resolves multiple vulnerabilities related to potential remote code execution, directory traversal, SQL injections, and unauthorized access to XML files.
---------------------------------------------
https://success.trendmicro.com/solution/1116624
*** SAP Security for Beginners Part 5: SAP Risks - Sabotage ***
---------------------------------------------
Sabotage attacks on SAP systems were promised as a today's topic, so, let's look at potential sabotage vectors.
---------------------------------------------
http://resources.infosecinstitute.com/sap-security-beginners-part-5-sap-risks-sabotage/
*** Sielco Sistemi Winlog SCADA Software ***
---------------------------------------------
This advisory contains mitigation details for an uncontrolled search path vulnerability in Sielco Sistemis Winlog SCADA Software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
*** BD Alaris 8000 Insufficiently Protected Credentials Vulnerability ***
---------------------------------------------
This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an insufficiently protected credentials vulnerability in BD's Alaris 8000 Point of Care unit, which provides a common user interface for programming intravenous infusions.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01
*** BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for protected credentials vulnerabilities in BD's Alaris 8015 Point of Care unit, which provides a common user interface for programming intravenous infusions.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02
*** BINOM3 Electric Power Quality Meter (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-17-031-01 BINOM3 Electric Power Quality Meter that was published January 31, 2017, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
*** Citrix NetScaler Nonce Generation Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037795
*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in Emergdata Driver of Huawei Smart Phones ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-01-smartphone-en
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in Goldeneye Driver of Huawei Smart Phones ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-02-smartphone-en
---------------------------------------------
*** Security Advisory - MITM Vulnerability in Huawei Vmall APP ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-01-vmall-en
---------------------------------------------
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect
---------------------------------------------
*** Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995427
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2016-6055) ***
http://www.ibm.com/support/docview.wss?uid=swg21995515
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Rational Rhapsody Design Manager with potential for Denial of Service attack ***
http://www.ibm.com/support/docview.wss?uid=swg21997798
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect IBM Mobile Connect as a product bundler ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989670
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009543
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2016-8858, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012) ***
http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc
---------------------------------------------
More information about the Daily
mailing list