[CERT-daily] Tageszusammenfassung - Montag 23-01-2017

Daily end-of-shift report team at cert.at
Mon Jan 23 18:17:49 CET 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 20-01-2017 18:00 − Montag 23-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** PowerShell 5.1 for Windows 7 and later , (Fri, Jan 20th) ***
---------------------------------------------
Microsoft has released Windows Management Framework 5.1 for windows 7 and later. WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition.">">"> (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21957&rss




*** Hotel zum vierten Mal von Hackern lahmgelegt ***
---------------------------------------------
Das Seehotel Jägerwirt auf der Turracher Höhe ist bereits zum vierten Mal von Hackern heimgesucht und erpresst worden. Die elektronischen Zimmerschlüssel wurden lahmgelegt. Daher will man jetzt zu normalen Schlüsseln zurückkehren.
---------------------------------------------
http://kaernten.orf.at/news/stories/2821290/




*** Stopping Malware With a Fake Virtual Machine ***
---------------------------------------------
As we explained in a previous post, some advanced malware can detect a virtual environment such as a sandbox to avoid detection and analysis. Some threats can also detect monitoring tools used for malware analysis. Often such malware will not execute or change their behavior to appear harmless. Because some malware uses these tactics, planting fake virtual machine artefacts or fake analysis tools on a system...
---------------------------------------------
https://securingtomorrow.mcafee.com/mcafee-labs/stopping-malware-fake-virtual-machine/




*** Wartungsarbeiten Dienstag, 24. 1. 2017 ***
---------------------------------------------
Am Dienstag, 24. Jänner 2017, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen. Es gehen dabei keine Daten (zb Emails) verloren, die Bearbeitung kann sich allerdings verzögern.
---------------------------------------------
http://www.cert.at/services/blog/20170120104523-1882.html




*** The Week in Ransomware - January 20th 2017 - Satan RaaS, Spora, Locky, and More ***
---------------------------------------------
This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-20th-2017-satan-raas-spora-locky-and-more/




*** Sage 2.0 Ransomware, (Sat, Jan 21st) ***
---------------------------------------------
Introduction On Friday 2017-01-20, I checked on a malicious spam (malspam) campaign that normally distributes Cerber ransomware. That Friday it delivered ransomware Id never seen before called Sage. More specifically, it was Sage 2.0." /> Shown above: Its always fun to find ransomawre thats not Cerber or Locky. Sage is yet another family of ransomware in an already crowded field. It was noted on BleepingComputer forums back in December 2016 [1, 2], and Sage is apparently a variant of...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21959&rss




*** Symantec schlampt erneut mit TLS-Zertifikaten ***
---------------------------------------------
Offenbar haben mehrere von Symantec betriebene Certificate Authorities (CAs) unberechtigterweise über 100 TLS-Zertifikate ausgestellt. Das kann ein Auslesen des Datenverkehrs von HTTPS-geschützten Websites durch Dritte ermöglichen.
---------------------------------------------
https://heise.de/-3604190




*** Android permissions and hypocrisy ***
---------------------------------------------
I wrote a piece a few days ago about how the Meitu app asked for a bunch of permissions in ways that might concern people, but which were not actually any worse than many other apps. The fact that Android makes it so easy for apps to obtain data thats personally identifiable is of concern, but in the absence of another stable device identifier this is the sort of thing that capitalism is inherently going to end up making use of. Fundamentally, this is Googles problem to fix.
---------------------------------------------
http://mjg59.dreamwidth.org/46403.html




*** Researchers predict upsurge of Android banking malware ***
---------------------------------------------
Android users, beware: source code and instructions for creating a potent Android banking Trojan have been leaked on a hacker forum, and researchers are expecting an onslaught of malware based on it. In fact, one has already been spotted. Masquerading as a variety of benign apps (e.g. Google Play) on third-party Android app markets, the Trojan - dubbed Android.BankBot.149.origin by Dr. Web researchers - is eminently capable. It can: Send and intercept text messages (including...
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/23/upsurge-android-banking-malware/




*** Massive Twitter Botnet Dormant Since 2013 ***
---------------------------------------------
Researchers from the University College London have found a Twitter botnet of 350,000 bots that has been dormant since shortly after the accounts were registered.
---------------------------------------------
http://threatpost.com/massive-twitter-botnet-dormant-since-2013/123246/




*** Heartbleed: OpenSSL hört nicht auf zu bluten ***
---------------------------------------------
Eine Analyse der öffentlich im Internet erreichbaren Systeme zeigt, dass immer noch Hunderttausende für die OpenSSL-Lücke Heartbleed anfällig sind. Die bald drei Jahre alte Lücke findet sich demnach hauptsächlich in Mietservern der Cloud.
---------------------------------------------
https://heise.de/-3605222




*** QNAP Storage Devices Firmware Update Flaw Lets Remote Users Access the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037663




*** DSA-3769 libphp-swiftmailer - security update ***
---------------------------------------------
Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, amailing solution for PHP, did not correctly validate user input. Thisallowed a remote attacker to execute arbitrary code by passingspecially formatted email addresses in specific email headers.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3769




*** DSA-3770 mariadb-10.0 - security update ***
---------------------------------------------
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.29. Please see the MariaDB 10.0 Release Notes for furtherdetails:...
---------------------------------------------
https://www.debian.org/security/2017/dsa-3770




*** DFN-CERT-2017-0123: OpenJPEG: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0123/




*** Security Notice - Statement on Flanker Revealing Privilege Elevation Vulnerability in Huawei EMUI Keyguard Application ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170123-01-emui-en




*** Vuln: Red Hat JBoss Enterprise Application Platform CVE-2016-8627 Remote Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95698




*** Security Advisories Relating to Symantec Products - Norton Download Manager DLL Loading ***
---------------------------------------------
Symantec has released an update to address a DLL loading vulnerability detected in the Norton Download Manager for affected products
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00




*** Vuln: Brocade Network Advisor CVE-2016-8204 Directory Traversal Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95695


*** Vuln: Brocade Network Advisor CVE-2016-8205 Directory Traversal Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95694


*** Vuln: Brocade Network Advisor CVE-2016-8206 Directory Traversal Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95692




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction (CVE-2016-5597, CVE-2016-5542) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997219
---------------------------------------------
*** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991280
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099501
---------------------------------------------
*** IBM Security Bulletin: HTTP Response Splitting in WebSphere Application Server affects IBM Virtualization Engine TS7700 (CVE-2016-0359) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009661
---------------------------------------------


More information about the Daily mailing list