[CERT-daily] Tageszusammenfassung - Mittwoch 5-07-2017

Daily end-of-shift report team at cert.at
Wed Jul 5 18:22:39 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 04-07-2017 18:00 − Mittwoch 05-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** #NoPetya-Attacke hinterließ Sicherheitslücke ***
---------------------------------------------
Der weltweite Cyberangriff in der vergangenen Woche hat schwerwiegendere Folgen als bislang bekannt.
---------------------------------------------
https://futurezone.at/digital-life/nopetya-attacke-hinterliess-sicherheitsluecke/273.471.438




*** Cyber-Attacke NotPetya: Angebliche Angreifer wollen 250.000 Euro für Datenrettung ***
---------------------------------------------
Die mutmaßlichen Entwickler der Schadsoftware NotPetya wollen gegen 100 Bitcoin (fast 250.000 Euro) einen Schlüssel herausgeben, mit dem die Daten zu retten sein sollen. Ob sie Wort halten, ist unklar. Beobachter vermuten andere Motive hinter der Wendung.
---------------------------------------------
https://heise.de/-3764208




*** Ukrainian Police Seize Servers From Where NotPetya Outbreak First Spread ***
---------------------------------------------
Ukrainian Police announced today it seized the servers from where the NotPetya ransomware outbreak first started to spread. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ukrainian-police-seize-servers-from-where-notpetya-outbreak-first-spread/




*** The day a mysterious cyber-attack crippled Ukraine ***
---------------------------------------------
On the morning of Tuesday, 27 June, Oleh Derevianko, the head of Kiev-based cybersecurity firm Information Security Systems Partners (ISSP), was at Bessarabska market, a popular food market in the heart of downtown. Derevianko was picking up a few things before heading out for the 300km drive to his parents' village. Wednesday was constitution day in Ukraine, a national holiday, and he'd be using the mid-week break to spend a couple days with his kids.
---------------------------------------------
http://www.bbc.com/future/story/20170704-the-day-a-mysterious-cyber-attack-crippled-ukraine




*** NotPetya Group Moves All Their Bitcoin, Posts Proposition on the Dark Web ***
---------------------------------------------
The person or group behind the NotPetya ransomware has made its first move since the outbreak that took place eight days ago. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/notpetya-group-moves-all-their-bitcoin-posts-proposition-on-the-dark-web/




*** Doctor Web: M.E.Doc backdoor lets cybercriminals access computers ***
---------------------------------------------
July 4, 2017 Doctor Web security researchers examined the update module M.E.Doc and discovered that it is involved in the distribution of at least one other malicious program. You may recall that independent researchers named specifically this M.E.Doc update module as the source of the recent outbreak of the encryption worm Trojan.Encoder.12544, also known as NePetya, Petya.A, ExPetya and WannaCry-2. M.E.Doc is tax accounting software that is popular in Ukraine.
---------------------------------------------
http://news.drweb.com/show/?i=11363&lng=en&c=9




*** Qubes OS im Test: Linux sicher und nutzerfreundlich? ***
---------------------------------------------
Anwendungen und Einsatzbereiche voneinander per Virtualisierung trennen, gleichzeitig eine für den regulären Nutzer einfach zu bedienende Desktop-Oberfläche bieten: Das Qubes-OS-Projekt hat sich einiges vorgenommen.
---------------------------------------------
https://heise.de/-3764500




*** Österreich im Bereich Cybersicherheit auf Platz 30 ***
---------------------------------------------
Große Industriestaaten schneiden bei der Cybersicherheit einer UN-Studie zufolge teils schlechter ab als einige deutlich ärmere Staaten.
---------------------------------------------
https://futurezone.at/digital-life/oesterreich-im-bereich-cybersicherheit-auf-platz-30/273.505.879




*** Introducing Linux Support for FakeNet-NG: FLARE's Next GenerationDynamic Network Analysis Tool ***
---------------------------------------------
Introduction In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in Python. FakeNet-NG allows security analysts to observe and interact with network applications using standard or custom protocols on a single Windows host, which is especially useful for malware analysis and reverse engineering. Since FakeNet-NG's release, FLARE has added support for additional protocols. FakeNet-NG now has out-of-the-box support for DNS, HTTP (including BITS), FTP, TFTP, [...]
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html




*** The Hardware Forensic Database ***
---------------------------------------------
The Hardware Forensic Database (or HFDB) is a project of CERT-UBIK aiming at providing a collaborative knowledge base related to IoT Forensic methodologies and tools.
---------------------------------------------
http://hfdb.io/




*** Kundendaten: Datenleck bei der Deutschen Post ***
---------------------------------------------
Eine Datenbank mit 200.000 Umzugsmitteilungen der Post lag ungeschützt im Netz. Tausende andere Firmen aus aller Welt haben exakt den gleichen Fehler gemacht.
---------------------------------------------
https://www.golem.de/news/kundendaten-datenleck-bei-der-deutschen-post-1707-128751-rss.html




*** Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities ***
---------------------------------------------
Talos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems. Vulnerabilities present in these applications could allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user.
---------------------------------------------
http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html




*** Security Advisory - DoS Vulnerability in TLS of Some Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170705-01-tls-en




*** rt-sa-2017-011 ***
---------------------------------------------
Remote Command Execution in PDNS Manager
---------------------------------------------
https://www.redteam-pentesting.de/advisories/rt-sa-2017-011.txt




*** DFN-CERT-2017-1159: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1159/




*** IBM Security Bulletin: Incorrect saved channel status enquiry could cause denial of service for IBM MQ (CVE-2017-1236) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22003510




*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005108




*** IBM Security Bulletin: RabbitMQ vulnerability affect IBM Cloud Manager with OpenStack (CVE-2015-8786) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025403


More information about the Daily mailing list