[CERT-daily] Tageszusammenfassung - Mittwoch 14-06-2017
Daily end-of-shift report
team at cert.at
Wed Jun 14 18:16:42 CEST 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 13-06-2017 18:00 − Mittwoch 14-06-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Internet hygiene still stinks despite botnet and ransomware flood ***
---------------------------------------------
Millions of must-be-firewalled services sitting wide open Network security has improved little over the last 12 months - millions of vulnerable devices are still exposed on the open internet, leaving them defenceless to the next big malware attack.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/06/14/rapid7_device_scanning_audit/
*** June 2017 security update release ***
---------------------------------------------
Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heighted risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
*** When Your Plugins Turn Against You ***
---------------------------------------------
Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations like spam campaigns, malware spreading or simply to damage your SEO ranking among other events. The threat may not always come from outside though. There are occasions where we are indirectly the ones responsible for the infection and may never find out until we get blacklisted by a search engine, or alerted of malicious code from our users.
---------------------------------------------
https://blog.sucuri.net/2017/06/when-your-plugins-turn-against-you.html
*** MSRT June 2017: Removing sneaky Xiazai ***
---------------------------------------------
In the June release of the Microsoft Software Removal Tool (MSRT), we're adding Xiazai, a widespread family of browser modifiers that we have blocked and removed from millions of computers since 2015. Xiazai is a software bundler that can sneak in additional changes. Xiazai does not install itself or make autostart registry entries, but the...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/13/msrt-june-2017-removing-sneaky-xiazai/
*** ZDI-17-396: Trend Micro Maximum Security tmusa Time-Of-Check/Time-Of-Use Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local attackers to escalate privilege on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/FQzTY0SrpbU/
*** ZDI-17-395: Trend Micro Maximum Security tmusa Kernel Driver Untrusted Pointer Dereference Denial of Service Vulnerability ***
---------------------------------------------
This vulnerability allows local attackers to deny service on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/hoecBsyhda4/
*** Nmap 7.50 released: New NSE scripts, 300+ fingerprints, new Npcap ***
---------------------------------------------
Nmap 7.50 is the first big release since last December and has hundreds of improvements. One of the things the developers have worked on recently is the Npcap packet capturing driver and library for Windows. It is a replacement for WinPcap, which is no longer maintained. Npcap uses newer APIs for better performance and compatibility, including Windows 10 support. Developers also added loopback packet capture and injection, raw wireless sniffing, and extra security features ...
---------------------------------------------
https://www.helpnetsecurity.com/2017/06/14/nmap-7-50-released/
*** Patchday: Microsoft sichert XP und Vista ab, warnt vor neuem WannaCry ***
---------------------------------------------
In einem bisher nicht dagewesenen Schritt hat Microsoft am Patchday Updates für Windows-Versionen ausgeliefert, die nicht mehr unterstützt werden. Die Firma entschloss sich dazu, da sie weitere WannaCry-ähnliche Attacken befürchtet.
---------------------------------------------
https://heise.de/-3743004
*** Gefälschte Netflix-Nachricht: Problem with your Membership ***
---------------------------------------------
In einer gefälschten Netflix-Nachricht behaupten Kriminelle, dass es Probleme mit den Kreditkartendaten von Kund/innen gäbe. Aus diesem Grund sollen sie auf einer Website ihre Zahlungsmethode erneuern. Kund/inenn, die der Aufforderung nachkommen, übermitteln ihre Bankdaten an Kriminelle und werden Opfer eines Datendiebstahls.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-netflix-nachricht-problem-with-your-membership/
*** Mozilla Firefox Multiple Bugs Let Remote Users Spoof URLs, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can obtain elevated privileges on the target system.
A local user can modify files on the target system.
A remote user can obtain files on the target system.
A remote user can spoof the address bar.
Solution: The vendor has issued a fix (ESR 52.2; 54.0).
---------------------------------------------
http://www.securitytracker.com/id/1038689
*** Wegen Sicherheitsproblemen: Kein SMB1 in Windows-Neuinstallationen ***
---------------------------------------------
Microsoft plant den nächsten Schritt zur Abschaffung des SMB1-Protokolls. Nach den Updates im Herbst soll das über 30 Jahre alte Protokoll in Neuinstallationen von Windows standardmäßig deaktiviert sein.
---------------------------------------------
https://heise.de/-3743127
*** Security Advisory - Permission Control Vulnerability in Smart Phones ***
---------------------------------------------
Some Huawei Smart phones have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. CVE-2017-8216
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170614-01-smartphone-en
*** DDoS-Drohungen ***
---------------------------------------------
Seit gestern werden weltweit E-Mails mit einem Erpressungsversuch und einer angedrohten Denial of Service-Attacke verschickt. Diese E-Mails stammen von einer Gruppe, die sich HACKER TEAM - Meridian Collective nennt ... Es kann davon ausgegangen werden, dass - wie in der Vergangenheit - diesen Drohungen keinerlei tatsächliche Angriffe folgen werden. Den Forderungen sollte daher nicht nachgekommen werden.
---------------------------------------------
https://www.dfn-cert.de/aktuell/ddos-drohungen.html
*** FIRST Releases Framework for Product Security Incident Response Teams ***
---------------------------------------------
The leading association of incident response and security teams released a draft of the Product Security Incident Response Teams (PSIRT) Services Framework for public input. This is a formal list of services a PSIRT may consider implementing to address the needs of their constituency. Public input is welcomed until August 31, 2017 via psirt-comments at first.org.
---------------------------------------------
https://www.first.org/newsroom/releases/20170614
*** HIDDEN COBRA - North Korea's DDoS Botnet Infrastructure ***
---------------------------------------------
... DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea's distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders ...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA17-164A
*** EMC ***
---------------------------------------------
*** Vuln: EMC RSA BSAFE Cert-C CVE-2017-4981 Denial of Service Vulnerability ***
http://www.securityfocus.com/bid/99044
---------------------------------------------
*** Vuln: EMC Secure Remote Services Virtual Edition CVE-2017-4986 Authentication Bypass Vulnerability ***
http://www.securityfocus.com/bid/99036
---------------------------------------------
*** Vuln: EMC VNX1/VNX2 OE for File CVE-2017-4984 Remote Code Execution Vulnerability ***
http://www.securityfocus.com/bid/99039
---------------------------------------------
*** Vuln: EMC VNX1/VNX2 OE for File CVE-2017-4985 Local Privilege Escalation Vulnerability ***
http://www.securityfocus.com/bid/99037
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Algo One Counterparty Credit Risk (CVE-2016-8745) ***
http://www.ibm.com/support/docview.wss?uid=swg22000795
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ***
http://www.ibm.com/support/docview.wss?uid=isg3T1025202
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express. ***
http://www.ibm.com/support/docview.wss?uid=swg22002268
---------------------------------------------
More information about the Daily
mailing list