[CERT-daily] Tageszusammenfassung - 14.07.2017

Fri Jul 14 18:08:20 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 13-07-2017 18:00 − Freitag 14-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ Hackers Are Using Automated Scans to Target Unfinished WordPress Installs ∗∗∗
---------------------------------------------
Experts from security firm Wordfence say they have observed a wave of web attacks that took aim at unfinished WordPress installations. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-are-using-automated-scans-to-target-unfinished-wordpress-installs/


∗∗∗ Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data ∗∗∗
---------------------------------------------
An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data.
---------------------------------------------
http://threatpost.com/experts-warn-too-often-aws-s3-buckets-are-misconfigured-leak-data/126826/


∗∗∗ Reverse Engineering Hardware of Embedded Devices: From China to the World ∗∗∗
---------------------------------------------
This article covers some basic hardware reverse engineering techniques on PCB-level, which are applicable to any electronic embedded device to showcase how to analyze a previously unknown (to the researcher or public white-hat community) hardware device. 
---------------------------------------------
http://blog.sec-consult.com/2017/07/reverse-engineering-hardware.html


∗∗∗ Code Injection in Signed PHP Archives (Phar) ∗∗∗
---------------------------------------------
PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts some additional security benefits by signing archives with a digital signature, disallowing the modification of the archives on production machines.
---------------------------------------------
https://blog.sucuri.net/2017/07/code-injection-in-phar-signed-php-archives.html


∗∗∗ Peng!!! Comic HACKT Linux ∗∗∗
---------------------------------------------
Der unter Linux weit verbreitete Dokumenten-Betrachter Evince weist eine kritische Lücke auf, die sich ausnutzen lässt, um das System mit Schad-Software zu infizieren. Der Fehler lässt sich durch Comic-Books auslösen; Updates werden bereits ausgeliefert.
---------------------------------------------
https://heise.de/-3771980


∗∗∗ Thieves Used Infrared to Pull Data from ATM ‘Insert Skimmers’ ∗∗∗
---------------------------------------------
A greater number of ATM skimming incidents now involve so-called "insert skimmers," wafer-thin fraud devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. New evidence suggests that at least some of these insert skimmers -- which record card data and store it on a tiny embedded flash drive are -- equipped with technology allowing it to transmit stolen card data wirelessly via infrared, the same technology built into a television remote control.
---------------------------------------------
https://krebsonsecurity.com/2017/07/thieves-used-infrared-to-pull-data-from-atm-insert-skimmers/


∗∗∗ Gefälschte Rechnung verbreitet Schadsoftware ∗∗∗
---------------------------------------------
Mit einer gefälschten Rechnung fordern Kriminelle Empfänger/innen dazu auf, einen Dateianhang zu öffnen. Er beinhalt angeblich eine "vollständige Kostenaufstellung". Diese ist in Wahrheit Schadsoftware. Rechnungsempfänger/innen dürfen sie nicht öffnen, andernfalls drohen ihnen erhebliche Nachteile.
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnung-verbreitet-schadsoftware/


=====================
=    Advisories     =
=====================

∗∗∗ Siemens SiPass integrated ∗∗∗
---------------------------------------------
This advisory contains mitigation details for improper authentication, improper privilege management, channel accessible by non-endpoint, and storing passwords in a recoverable format vulnerabilities in the Siemens SiPass integrated access control system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-194-01


∗∗∗ GE Communicator ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a heap-based buffer overflow vulnerability in the GE Communicator.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-194-02


∗∗∗ Vulnerabilities in Dasan Networks GPON ONT WiFi Router H64X Series ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017070101
https://cxsecurity.com/issue/WLB-2017070102
https://cxsecurity.com/issue/WLB-2017070103
https://cxsecurity.com/issue/WLB-2017070104


∗∗∗ DrupalChat - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-057 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2892404


∗∗∗ Search 404 - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-053 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2888094


∗∗∗ DFN-CERT-2017-1218: Evince: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1218/


∗∗∗ DFN-CERT-2017-1221: GLPi: Mehrere Schwachstellen ermöglichen SQL-Injektionen und das Löschen beliebiger Dateien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1221/


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System FC5022 16Gb SAN Scalable Switch and IBM Flex System EN4023 10Gb Scalable Switch (CVE-2016-2108) ∗∗∗
---------------------------------------------
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099625


∗∗∗ Critical Patch Update - July 2017- Pre-Release Announcement ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html


∗∗∗ Apache mod_auth_digest Uninitialized Memory Error Lets Remote Users Obtain Potentially Sensitive Information and Deny Service ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038906


∗∗∗ EMC ViPR SRM Default Accounts Let Remote Users Access the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038905


∗∗∗ Pulse Connect Secure Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038880


∗∗∗ SSA-589378 (Last Update 2017-07-13): Vulnerabilities in Android App SIMATIC Sm at rtClient ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf


∗∗∗ SSA-874235 (Last Update 2017-07-13): Intel Vulnerability in Siemens Industrial Products ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily