[CERT-daily] Tageszusammenfassung - 24.07.2017

Mon Jul 24 18:06:07 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 21-07-2017 18:00 − Montag 24-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ New Version of DarkHotel Malware Spotted Going After Political Figures ∗∗∗
---------------------------------------------
The DarkHotel hacking group, a threat actor known to engage in advanced cyber-espionage tactics, has shifted operations from targeting CEOs and businessmen to political figures. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-version-of-darkhotel-malware-spotted-going-after-political-figures/


∗∗∗ How was the #TurrisHack17 ? ∗∗∗
---------------------------------------------
Since the beginning of the Turris project, we have been very happy for the opportunity to cooperate closely with our community. Without it, the project would not have been where it is now. It was largely the interest of potential […]
---------------------------------------------
http://en.blog.nic.cz/2017/07/22/how-was-the-turrishack17/


∗∗∗ FIRST releases inaugural annual report ∗∗∗
---------------------------------------------
The Forum of Incident Response and Security Teams releases inaugural annual report, covering the scope of its activities from the 2016 conference in Seoul, through its 2017 annual event in Puerto Rico.
---------------------------------------------
https://www.first.org/newsroom/releases/20170724


∗∗∗ Hacking: Microsoft beschlagnahmt Fancy-Bear-Infrastruktur ∗∗∗
---------------------------------------------
Um gegen die Hackergruppe Fancy Bear vorzugehen, nutzt Microsoft das Markenrecht und beschlagnahmt Domains. Die kriminellen Aktivitäten der Gruppe würden "die Marke und den Ruf" des Unternehmens schädigen. Komplett stoppen lassen sich die Aktivitäten aber auch auf diesem Wege nicht. (Microsoft, Server)
---------------------------------------------
https://www.golem.de/news/hacking-microsoft-beschlagnahmt-fancy-bear-infrastruktur-1707-129077-rss.html


∗∗∗ Uber drivers new threat: the "passenger", (Mon, Jul 24th) ∗∗∗
---------------------------------------------
This week I was told about a scam attack that surprised me due to the criminals creativity. A NYC Uber driver had his Uber account and days incomings stolen by someone who was supposed to be his next passenger.
---------------------------------------------
https://isc.sans.edu/diary/rss/22626


∗∗∗ DMARC: an imperfect solution that can make a big difference ∗∗∗
---------------------------------------------
US Senator Ron Wyden has asked the Department of Homeland Security to implement DMARC. Martijn Grooten looks at what difference this could make for phishing attacks impersonating the US federal governent.  Read more
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/07/dmarc-imperfect-solution-can-make-big-difference/


=====================
=    Advisories     =
=====================

∗∗∗ HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗
---------------------------------------------
Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us


∗∗∗ rt-sa-2017-009 ∗∗∗
---------------------------------------------
Remote Command Execution as root in REDDOXX Appliance
---------------------------------------------
https://www.redteam-pentesting.de/advisories/rt-sa-2017-009.txt


∗∗∗ rt-sa-2017-007 ∗∗∗
---------------------------------------------
Undocumented Administrative Service Account in REDDOXX Appliance
---------------------------------------------
https://www.redteam-pentesting.de/advisories/rt-sa-2017-007.txt


∗∗∗ VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/586501


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22003790


∗∗∗ IBM Security Bulletin: Vulnerability in Samba affects IBM Netezza Host Management ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005381


∗∗∗ Palo Alto PAN-OS Unspecified Bug in DNS Proxy Lets Remote Users Execute Arbitrary Code on the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038976


∗∗∗ Palo Alto PAN-OS Input Validation Flaw in GlobalProtect External Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038975


∗∗∗ Palo Alto PAN-OS Input Validation Flaw in Management Web Interface Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038974


∗∗∗ Python and Jython vulnerability CVE-2013-1752 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K53192206


∗∗∗ Python and Jython vulnerability CVE-2014-7185 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K78825687


∗∗∗ SNMP vulnerability CVE-2007-5846 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K33151296

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily