[CERT-daily] Tageszusammenfassung - Dienstag 4-07-2017

Daily end-of-shift report team at cert.at
Tue Jul 4 18:08:44 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 03-07-2017 18:00 − Dienstag 04-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Yet more reasons to disagree with experts on nPetya ***
---------------------------------------------
In WW II, they looked at planes returning from bombing missions that were shot full of holes. Their natural conclusion was to add more armor to the sections that were damaged, to protect them in the future. But wait, said the statisticians. The original damage is likely spread evenly across the plane. Damage on returning planes indicates where they could damage and still return. The undamaged areas are where they were hit and couldnt return. Thus, its the undamaged areas you need to [...]
---------------------------------------------
http://blog.erratasec.com/2017/07/yet-more-reasons-to-disagree-with.html




*** Analysis of TeleBots cunning backdoor ***
---------------------------------------------
On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was spearheaded by the malware ESET products detect as Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya). This malware masquerades as typical ransomware: it encrypts the data on the computer and demands $300 bitcoins for recovery. In fact, the malware authors' intention was to cause damage, so they did all that they could to make data decryption very unlikely.
---------------------------------------------
https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/




*** GnuPG crypto library cracked, look for patches ***
---------------------------------------------
Boffins bust libgcrypt via side-channel Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/07/04/gnupg_crypto_library_cracked_look_for_patches/




*** Cryptology ePrint Archive: Report 2017/627 ***
---------------------------------------------
Sliding right into disaster: Left-to-right sliding windows leak 
Abstract: It is well known that constant-time implementations of modular exponentiation cannot use sliding windows. However, software libraries such as Libgcrypt, used by GnuPG, continue to use sliding windows. It is widely believed that, even if the complete pattern of squarings and multiplications is observed through a side-channel attack, the number of exponent bits leaked is not sufficient to carry out a full key-recovery [...]
---------------------------------------------
https://eprint.iacr.org/2017/627




*** ERCIM News 110 published - Special theme "Blockchain Engineering" ***
---------------------------------------------
The ERCIM News No. 110 has just been published at with a special theme on "Blockchain Engineering". SBA Research contributes two articles in this issue. The first article is by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter and Edgar Weippl on [...]
---------------------------------------------
https://www.sba-research.org/2017/07/03/ercim-news-110-published-special-theme-blockchain-engineering/




*** Joomla! 3.7.3 Release ***
---------------------------------------------
Security Issues Fixed 
Core - Information Disclosure (affecting Joomla 1.7.3-3.7.2) 
Core - XSS Vulnerability (affecting Joomla 1.7.3-3.7.2) 
Core - XSS Vulnerability (affecting Joomla 1.5.0-3.6.5)
---------------------------------------------
https://www.joomla.org/announcements/release-news/5709-joomla-3-7-3-release.html




*** Petya Malware Variant (Update A) ***
---------------------------------------------
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-181-01 Petya Ransomware Variant that was published June 30, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01A




*** RSA Archer eGRC Multiple Flaws Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, and Open Redirect Attacks and Let Remote Authenticated Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1038815




*** DFN-CERT-2017-1145: Apache Subversion: Eine Schwachstelle ermöglicht die Manipulation von Daten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1145/




*** SSA-563539 (Last Update: 2017-07-04): Vulnerabilities in OZW672 and OZW772 ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf




*** SSA-323211 (Last Update: 2017-07-04): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf




*** SSA-452237 (Last Update: 2017-07-04): Vulnerabilities in Reyrolle ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-452237.pdf




*** IBM Security Bulletin: Weak Cipher available in IBM API Connect (CVE-2015-2808) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22003868




*** IBM Security Bulletin: Multiple vulnerabilities in Open Source zlib affects IBM Netezza Platform Software clients (CVE-2016-9840, CVE-2016-9841 and CVE-2016-9843). ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22001026


More information about the Daily mailing list