[CERT-daily] Tageszusammenfassung - 26.07.2017

Daily end-of-shift report team at cert.at
Wed Jul 26 18:07:27 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 25-07-2017 18:00 − Mittwoch 26-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ Smart Drawing Pads Used for DDoS Attacks, IoT Fish Tank Used in Casino Hack ∗∗∗
---------------------------------------------
Some clever hackers found new ways to use the smart devices surrounding us, according to a report published last week by UK-based cyber-defense company Darktrace. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/smart-drawing-pads-used-for-ddos-attacks-iot-fish-tank-used-in-casino-hack/


∗∗∗ IOS Forensics ∗∗∗
---------------------------------------------
1. INTRODUCTION Day by day, Smart phones and tablets are becoming popular, and hence technology used in development to add new features or improve the security of such devices is advancing too fast. iPhone and iPod are the game changer products launched by Apple. Apple operating system (IOS) devices started growing popular in the mobile [...]
---------------------------------------------
http://resources.infosecinstitute.com/ios-forensics/


∗∗∗ Windows SMB Zero Day to Be Disclosed During DEF CON ∗∗∗
---------------------------------------------
Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON.
---------------------------------------------
http://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/


∗∗∗ WikiLeaks drops another cache of ‘Vault7’ stolen tools ∗∗∗
---------------------------------------------
Latest dump is a trove of malware from Raytheon used for surveillance and data collection
---------------------------------------------
https://nakedsecurity.sophos.com/2017/07/26/wikileaks-drops-another-cache-of-vault7-stolen-tools/


∗∗∗ Where are the holes in machine learning – and can we fix them? ∗∗∗
---------------------------------------------
Machine learning algorithms are increasingly a target for the bad guys - but the industry is working to stop them, explains Sophos chief data scientist Joshua Saxe
---------------------------------------------
https://nakedsecurity.sophos.com/2017/07/26/where-are-the-holes-in-machine-learning-and-can-we-fix-them/


∗∗∗ How a Citadel Trojan Developer Got Busted ∗∗∗
---------------------------------------------
A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught.
---------------------------------------------
https://krebsonsecurity.com/2017/07/how-a-citadel-trojan-developer-got-busted/



=====================
=    Advisories     =
=====================

∗∗∗ CRASHOVERRIDE Malware ∗∗∗
---------------------------------------------
CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers. Additional modules include a data-wiping component and a module capable of causing a denial of service (DoS) to Siemens SIPROTEC devices.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-206-01


∗∗∗ NXP i.MX Product Family ∗∗∗
---------------------------------------------
This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for stack-based buffer overflow and improper certificate validation vulnerabilities in the NXP i.MX Product Family.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02


∗∗∗ Bugtraq: [SECURITY] [DSA 3919-1] openjdk-8 security update ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/540926


∗∗∗ DFN-CERT-2017-1288: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1288/


∗∗∗ Security Advisory - Two DoS Vulnerabilities in Call Module of Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-02-smartphone-en


∗∗∗ Security Advisory - Resource Exhaustion Vulnerability in Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170725-01-smartphone-en


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in Java shipped as a component of IBM Security Privileged Identity Manager ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006547


∗∗∗ SSA-323211 (Last Update 2017-07-25): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf


∗∗∗ SSA-822184 (Last Update 2017-07-26): Microsoft Web Server and HP Client Automation Vulnerabilities in Molecular Imaging Products from Siemens Healthineers ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list