[CERT-daily] Tageszusammenfassung - Montag 26-06-2017

Daily end-of-shift report team at cert.at
Mon Jun 26 18:08:08 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 23-06-2017 18:00 − Montag 26-06-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Erneut kritische Lücke in Windows Defender & Co ***
---------------------------------------------
Alle AV-Produkte aus dem Hause Microsoft wiesen einen kritischen Fehler auf, der es erlaubte, Windows-Systeme zu kapern. Dazu genügte es, wenn die AV-Software etwa eine Datei in einer E-Mail oder auf der Festplatte auf Schadcode untersucht.
---------------------------------------------
https://heise.de/-3756013




*** Brutal Kangaroo: CIA-Werkzeug infiziert Rechner per USB-Stick ***
---------------------------------------------
WikiLeaks hat geheime CIA-Dokumente veröffentlicht, in denen eine Werkzeug-Suite beschrieben ist, mit der sich via USB-Stick Informationen von Rechnern abgreifen lassen, die nicht mit dem Internet verbunden sind.
---------------------------------------------
https://heise.de/-3754923




*** Aktuelle Intel-Prozessoren von "Albtraum"-Bug geplagt ***
---------------------------------------------
Debian-Projekt spürt Fehler auf, der zu Datenverlust unter allen Betriebssystemen führen kann
---------------------------------------------
http://derstandard.at/2000059819966




*** Cyber-Angriffe auf private E-Mail-Postfächer von Funktionsträgern ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet derzeit professionelle Cyber-Angriffe auf private E-Mail-Postfächer von Funktionsträgern aus Wirtschaft und Verwaltung. Bei dieser Angriffskampagne werden täuschend echt erscheinende Spearphishing-Mails an ausgewähltes Spitzenpersonal gesandt. Die Angreifer geben beispielsweise vor, Auffälligkeiten bei der Nutzung des Postfachs [...]
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Spearphishing_Mails_23062017.html




*** Traveling with a Laptop / Surviving a Laptop Ban: How to Let Go of "Precious", (Mon, May 29th) ***
---------------------------------------------
For a few months now, passengers on flights from certain countries are no longer allowed to carry laptops and other larger electronic devices into the cabin. Many news media reported over the last weeks that this policy may be expanded to flight from Europe, or to all flights entering the US. But even if you get to keep your laptop with you during your flight, it is difficult to keep it at your site when you travel. So regardless if this ban materializes or not (right now it looks like it will [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/22462




*** Malware: Der unvollständige Ransomware-Schutz von Windows 10 S ***
---------------------------------------------
Windows 10 S soll vor Ransomware schützen - sagt Microsoft. Einem Sicherheitsforscher gelang es trotzdem, innerhalb weniger Stunden Zugriff auf Systemprozesse zu bekommen.
---------------------------------------------
https://www.golem.de/news/malware-der-unvollstaendige-ransomware-schutz-von-windows-10-s-1706-128583-rss.html




*** Look, But Dont Touch: One Key to Better ICS Security ***
---------------------------------------------
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
---------------------------------------------
https://www.darkreading.com/vulnerabilities---threats/look-but-dont-touch-one-key-to-better-ics-security--/d/d-id/1328987?_mc=RSS_DR_EDT




*** Blocks and Chains now available ***
---------------------------------------------
Our book has just been published: Blocks and Chains: Introduction to Bitcoin, Cryptocurrencies, and Their Consensus Mechanisms. Aljosha Judmayer, Nicholas Stifter, Katharina Krombholz, and Egar Weippl
---------------------------------------------
https://www.sba-research.org/2017/06/24/blocks-and-chains-now-available/




*** DFN-CERT-2017-1100: Microsoft Malware Protection Engine: Eine Schwachstelle ermöglicht die komplette Systemübernahme ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1100/




*** Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Multiple Vulnerabilities ***
---------------------------------------------
Symantec has released an update to address three issues that were discovered in the Symantec Messaging Gateway (SMG).
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00




*** Vuln: Multiple Pivotal Products CVE-2017-4974 SQL Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/99254




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: API security restrictions can be bypassed in IBM API Connect (CVE-2017-1328) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003867
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting. (CVE-2017-1234) ***
http://www.ibm.com/support/docview.wss?uid=swg22004948
---------------------------------------------
*** IBM Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs. ***
http://www.ibm.com/support/docview.wss?uid=swg22004947
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22005149
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM has weak password requirements. (CVE-2016-9738) ***
http://www.ibm.com/support/docview.wss?uid=swg22004926
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972) ***
http://www.ibm.com/support/docview.wss?uid=swg22004925
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003998
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ***
http://www.ibm.com/support/docview.wss?uid=swg22004713
---------------------------------------------
*** IBM Security Bulletin: Vulnerability affects WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000300
---------------------------------------------
*** IBM Security Bulletin: October 2015 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009992
---------------------------------------------
*** IBM Security Bulletin: July 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009972
---------------------------------------------


More information about the Daily mailing list