[CERT-daily] Tageszusammenfassung - Donnerstag 5-01-2017
Daily end-of-shift report
team at cert.at
Thu Jan 5 18:11:40 CET 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 04-01-2017 18:00 − Donnerstag 05-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** E-Banking-Trojaner: Über 100.000 Euro Schaden ***
---------------------------------------------
Eine E-Banking-Schadsoftware hat bei einer Netzwerktechnikfirma in der Stadt Salzburg über 100.000 Euro Schaden angerichtet. Mehrere Überweisungen wurden auf ein slowakisches Konto umgeleitet.
---------------------------------------------
http://salzburg.orf.at/news/stories/2818225/
*** Microsoft kills off security bulletins - for good ***
---------------------------------------------
Microsoft's last ever security bulletin is next week - so has the manual bulletin had its day?
---------------------------------------------
https://www.htbridge.com/blog/microsoft-kills-off-security-bulletins-for-good.html
*** VB2016 paper: Open Source Malware Lab ***
---------------------------------------------
At VB2016, ThreatConnect Director of Research Innovation Robert Simmons presented a paper on setting up an open source malware lab. Today, we share the accompanying paper and video.
---------------------------------------------
https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware-lab/
*** What Hack? Burlington Electric Speaks Out ***
---------------------------------------------
Burlington Electric Department general manager Neale Lunderville speaks out about last weeks incident and response to reports the electric grid had been hacked.
---------------------------------------------
http://threatpost.com/what-hack-burlington-electric-speaks-out/122860/
*** Hackers could turn your smart meter into a bomb and blow your family to smithereens - new claim ***
---------------------------------------------
And before that, pwn your IoT gadgets via power supply gear Smart meters are "dangerously insecure," according to researcher Netanel Rubin - who claimed the gear uses weak encryption, relies on easily pwned protocols, and can be programmed to explode.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/01/04/smart_metres_ccc/
*** FireCrypt Ransomware Comes With a DDoS Component ***
---------------------------------------------
A new ransomware family named FireCrypt will encrypt the users files, but also attempt to launch a very feeble DDoS attack on a URL hardcoded in its source code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
*** Emsisoft releases a decryptor for version 3 of the Globe Ransomware ***
---------------------------------------------
Fabian Wosar of Emisoft has released a decrypter for version 3 of the Globe Ransomware. This decryptor will decrypt the Globe Ransomware variants that commonly append the .decrypt2017 and .hnumkhotep extensions to encrypted files.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-version-3-of-the-globe-ransomware/
*** Mixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password Goes Wrong, (Wed, Jan 4th) ***
---------------------------------------------
A writer wrote in to send us an interesting phishing attempt they had received at their organization. An email from a school domain that purported to be VetMeds send an encrypted PDF that required a user-name and password to log in to. The subject of the email was Assessment document. The PDF itself was created with Microsoft Word and included a link that suggested it was a locked document and you needed to click a link to unlock it which pointed to chai[.]myjino[.]ru and gave a screen with a...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21881&rss
*** KillDisk Ransomware Now Targets Linux, Prevents Boot-Up, Has Faulty Encryption ***
---------------------------------------------
Researchers have discovered a Linux variant of the KillDisk ransomware, which itself is a new addition to the KillDisk disk wiper malware family, previously used only to sabotage companies by randomly deleting data and altering files. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/killdisk-ransomware-now-targets-linux-prevents-boot-up-has-faulty-encryption/
*** [R1] Nessus 6.9.3 Fixes One Vulnerability ***
---------------------------------------------
Tenable Nessus was found to be impacted by an authenticated stored cross-site scripting (XSS) issue.
---------------------------------------------
https://www.tenable.com/security/tns-2017-01
*** HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution ***
---------------------------------------------
A potential security vulnerability has been identified in HPE Operations Orchestration. The vulnerability could be remotely exploited to allow remote code execution.
---------------------------------------------
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05361944
*** Google Nexus Qualcomm GPU Driver CVE-2016-8434 Privilege Escalation Vulnerability ***
---------------------------------------------
Google Nexus is prone to a privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges within the context of the kernel.
---------------------------------------------
http://www.securityfocus.com/bid/95257
*** Atlassian Confluence 5.9.12 Cross Site Scripting ***
---------------------------------------------
Topic: Atlassian Confluence 5.9.12 Cross Site Scripting Risk: Low Text: ==[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ] == Persisted Cross-Site Scripting (XSS) in Confluence J...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017010029
*** ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle ***
---------------------------------------------
Topic: ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle Risk: Medium Text:ShoreTel Mobility Client iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6562) Overview "The Mobility Clie...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017010028
*** Doubleclick for Publishers (DFP) - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-002 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-002Project: Doubleclick for Publishers (DFP) (third-party module)Version: 7.xDate: 2017-January-04Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:None/E:Exploit/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to to place advertisements on your site that are served by Googles DFP (Doubleclick for Publisher) service.The module has multiple Cross Site Scripting (XSS) vulnerabilities due to not sufficiently...
---------------------------------------------
https://www.drupal.org/node/2841114
*** Permissions by Term -- Critical - Multiple vulnerabilities - SA-CONTRIB-2017-001 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-001Project: Permissions by Term (third-party module)Version: 8.xDate: 2017-January-04Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypass, Information DisclosureDescriptionThe Permissions by Term module extends Drupal functionality by restricting access to single nodes via taxonomy terms. Taxonomy terms are part of the Drupal core functionality. Taxonomy term permissions can be coupled to specific...
---------------------------------------------
https://www.drupal.org/node/2841094
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in HTTP request processing affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8977) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995014
---------------------------------------------
*** IBM Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU Oct 2016 Includes Oracle Oct 2016 CPU affect Content Collector for Email ***
https://www-01.ibm.com/support/docview.wss?uid=swg21995468
---------------------------------------------
*** IBM Security Bulletin: vCenter password disclosure via application tracing in IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments:Data Protection for VMware (CVE-2016-6110) ***
http://www.ibm.com/support/docview.wss?uid=swg21996198
---------------------------------------------
*** IBM Security Bulletin:Vulnerabilities in Apache Tomcat and OpenSSL affect Rational BuildForge ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995528
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099526
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099528
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Common Reporting (TCR) 2016Q4 Security Updater : TCR is affected by multiple vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996032
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in DHCP affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099529
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in GNU C Library affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099524
---------------------------------------------
*** IBM Security Bulletin: Apache Xerces-C vulnerabilities affects IBM Cloud Manager with OpenStack (CVE-2016-4463) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024585
---------------------------------------------
Next End-of-Shift report: 2017-01-09
More information about the Daily
mailing list