[CERT-daily] Tageszusammenfassung - Freitag 16-06-2017

Fri Jun 16 18:29:49 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 14-06-2017 18:00 − Freitag 16-06-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  n/a


*** Former Major Player Neutrino Exploit Kit Has Gone Dark ***
---------------------------------------------
The Neutrino exploit kit, a former leader of the exploit kit market, appears to have shut down, with the last activity recorded at the start of April, well over two months ago.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/former-major-player-neutrino-exploit-kit-has-gone-dark/


*** SAP Security Patch Day - June 2017 ***
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. 
---------------------------------------------
https://blogs.sap.com/2017/06/13/sap-security-patch-day-june2017/


*** Entschlüsselungstool für Erpressungstrojaner Jaff veröffentlicht ***
---------------------------------------------
Ein Sicherheitsforscher von Kaspersky hat eine Schwachstelle im Code der Ransomware Jaff entdeckt. Nun können Betroffene ihre Daten mit einem kostenlosen Tool entschlüsseln.
---------------------------------------------
https://heise.de/-3744042


*** New cyber security information service launched today by ENISA ***
---------------------------------------------
ENISA launched today its new cyber security information service "Cyber Security Info Notes" with the aim to provide timely key information and recommendations on cyber security topics and incidents.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/new-cyber-security-information-service-launched-today-by-enisa


*** Wikileaks Unveils Cherry Blossom - Wireless Hacking System Used by CIA ***
---------------------------------------------
WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a framework - which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices.
---------------------------------------------
https://thehackernews.com/2017/06/cia-wireless-router-hacking-tool.html


*** Samsung-Domain abgelaufen: Millionen Smartphones waren laut Experten für Hacker offen ***
---------------------------------------------
Laut Sicherheitsforscher hätten Hacker Malware einschleusen können - Samsung dementiert
---------------------------------------------
http://derstandard.at/2000059348103


*** Developer Creates Rootkit That Hides in PHP Server Modules ***
---------------------------------------------
A Dutch web developer has created a rootkit that hides inside a PHP module and can be used to take over web servers via a rarely used attack vector: Apache modules.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/developer-creates-rootkit-that-hides-in-php-server-modules/


*** Kein Patch für Denial-of-Service-Lücke in Windows Server ***
---------------------------------------------
Im Windows Internet Name Service (WINS) von Windows Server klafft eine Denial-of-Service-Lücke, die Microsoft nicht patchen wird - der Aufwand sei zu groß. Wer den Dienst noch nutzt, soll stattdessen auf DNS ausweichen.
---------------------------------------------
https://heise.de/-3744148


*** Cyber Security Notification - MicroSCADA Pro SYS600 and CRASHOVERRIDE ***
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A0857&LanguageCode=en&DocumentPartId=&Action=Launch


*** Bugtraq: ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability ***
---------------------------------------------
ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/540721


*** DFN-CERT-2017-1030 ISC BIND: Zwei Schwachstellen ermöglichen u.a. das Eskalieren von Privilegien ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1030/


*** Siemens ***
---------------------------------------------
*** Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A) ***
https://ics-cert.us-cert.gov/advisories/ICSA-17-129-01A
---------------------------------------------
*** Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A) ***
https://ics-cert.us-cert.gov/advisories/ICSA-17-129-02A
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified. ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010301
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025390
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025395
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manager (FSM) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025389
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024890
---------------------------------------------
*** IBM Security Bulletin: Vulnerability CVE-2017-7494 in Samba affects IBM i ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1022134
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-7494) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010317
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology ***
http://www.ibm.com/support/docview.wss?uid=swg22004599
---------------------------------------------
*** IBM Security Bulletin: IBM MQ and IBM MQ Appliance Open Source zlib is vulnerable to a denial of service (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001520
---------------------------------------------