[CERT-daily] Tageszusammenfassung - 27.07.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 26-07-2017 18:00 − Donnerstag 27-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ IoT-Geräte in Österreich: 31.000 von 280.000 unsicher ∗∗∗
---------------------------------------------
In Österreich gibt es eine beträchtlich hohe Zahl ungeschützter Router und Webcams im Internet, so eine neue Studie von Avast. Warum das ein Problem ist und was man tun kann.
---------------------------------------------
https://futurezone.at/produkte/iot-geraete-in-oesterreich-31-000-von-280-000-unsicher/277.370.255


∗∗∗ Lipizzan: Google findet neue Staatstrojaner-Familie für Android ∗∗∗
---------------------------------------------
Erneut hat Google eine Android-Spyware einer isrealischen Firma gefunden. Die Software tarnte sich als harmlose App im Playstore, die Rooting-Funktion wird dann nachgeladen.
---------------------------------------------
https://www.golem.de/news/lipizzan-google-findet-neue-staatstrojaner-familie-fuer-android-1707-129160-rss.html


∗∗∗ Announcing the Windows Bounty Program ∗∗∗
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/


∗∗∗ Extending Microsoft Edge Bounty Program ∗∗∗
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edge-bounty-program/


∗∗∗ Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets ∗∗∗
---------------------------------------------
Fully remote exploits that allow for compromise of a target without any user interaction have become something of a myth in recent years. While some are occasionally still found against insecure and unpatched targets such as routers, various IoT devices or old versions of Windows, practically no remotely exploitable bugs that reliably bypass DEP and ASLR have been found on Android and iOS. In order to compromise these devices, attackers [...]
---------------------------------------------
https://blog.exodusintel.com/2017/07/26/broadpwn/


∗∗∗ DeepINTEL Schedule updated – Psychology and Power Grids ∗∗∗
---------------------------------------------
We have updated the schedule for DeepINTEL 2017. The human mind and power grids are both critical infrastructure. Both can be manipulated and switched off, arguably. And most of us use both every day. So this is why we added two more presentations to the schedule.
---------------------------------------------
http://blog.deepsec.net/deepintel-schedule-updated-psychology-power-grids/


∗∗∗ Black Hat: Strahlungsmessgeräte per Funk manipulierbar ∗∗∗
---------------------------------------------
Ein Hacker hat Sicherheitslücken in stationären und mobilen Messgeräten für radioaktive Strahlung gefunden. Kriminelle könnten so radioaktives Material durch Kontrollen schleusen oder Fehlalarme in Kernreaktoren auslösen. Updates wird es nicht geben.
---------------------------------------------
https://heise.de/-3784966


∗∗∗ Slowloris all the things ∗∗∗
---------------------------------------------
At DEFCON, some researchers are going to announce a Slowloris-type exploit for SMB -- SMBloris. I thought Id write up some comments.The original Slowloris from several years creates a ton of connections to a web server, but only sends partial headers. The server allocates a large amount of memory to handle the requests, expecting to free that memory soon when the requests are completed. But the requests are never completed, so the memory remains tied up indefinitely.
---------------------------------------------
http://blog.erratasec.com/2017/07/slowloris-all-things.html



=====================
=    Advisories     =
=====================

∗∗∗ McAfee Releases Security Bulletin for Web Gateway ∗∗∗
---------------------------------------------
Original release date: July 27, 2017 McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2017/07/27/McAfee-Releases-Security-Bulletin-Web-Gateway


∗∗∗ VU#547255: Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/547255


∗∗∗ Cisco Access Control System Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-acs


∗∗∗ Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-anidos


∗∗∗ Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-anicrl


∗∗∗ Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-aniacp


∗∗∗ DFN-CERT-2017-1295: FortiNet FortiOS, FortiAnalyzer: Mehrere Schwachstellen ermöglichen u.a die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1295/


∗∗∗ DFN-CERT-2017-1303: Foxit PDF Compressor: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1303/


∗∗∗ HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information ∗∗∗
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03765en_us


∗∗∗ Security Advisory - MaxAge LSA Vulnerability in OSPF Protocal of Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170720-01-ospf-en


∗∗∗ Security Advisory - BroadPwn Remote Code Execute Vulnerability ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170727-01-broadpwn-en


∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005722


∗∗∗ IBM Security Bulletin: Weaker than expected security in IBM API Connect (CVE-2017-1386) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004981


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates April 2017 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005840


∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1303) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004979


∗∗∗ [2017-07-27] Kathrein UFSconnect 916 multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170727-1_Kathrein_UFSconnect_916_multiple_vulnerabilities_v10.txt


∗∗∗ [2017-07-27] Ubiquiti Networks UniFi Cloud Key multiple critical vulnerabilities ∗∗∗
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170727-0_Ubiquiti_Networks_UniFi_Cloud_Key_Multiple_Critical_Vulnerabilities_v10.txt

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily