[CERT-daily] Tageszusammenfassung - Donnerstag 29-06-2017

Daily end-of-shift report team at cert.at
Thu Jun 29 18:03:54 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 28-06-2017 18:00 − Donnerstag 29-06-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Petya/NotPetya: Kein Erpressungstrojaner sondern ein "Wiper" ***
---------------------------------------------
Nach eingehenden Analysen des Schädlings NotPetya sind sich die meisten Experten einig: Der Schädling hatte es nicht auf Geld abgesehen sondern auf Randale, sprich: auf möglichst großen Datenverlust bei den Opfern.
---------------------------------------------
https://heise.de/-3759293




*** Update on Petya malware attacks ***
---------------------------------------------
As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/06/28/update-on-petya-malware-attacks/




*** Websites Grabbing User-Form Data Before Its Submitted ***
---------------------------------------------
Websites are sending information prematurely:...we discovered NaviStones code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it even if those people immediately changed their minds and closed the page.This is important because it goes [...]
---------------------------------------------
https://www.schneier.com/blog/archives/2017/06/websites_grabbi.html




*** Microsoft Announces "Controlled Folder Access" to Fend Off Crypto-Ransomware ***
---------------------------------------------
This fall, Microsoft plans to release a new Windows Defender feature called Controlled Folder Access, which blocks and blacklists unauthorized apps from making changes to files located inside specially-designated folders. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-controlled-folder-access-to-fend-off-crypto-ransomware/




*** DFN-CERT-2017-1124: Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1124/




*** Symantec Management Console XSS/XXE Issues ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170628_00




*** Kaspersky Anti-Virus for Linux File Server Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks, Remote Authenticated Users View Files on the Target System, and Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1038798




*** Bugtraq: ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540783




*** 2017-06-16 (updated 2017-06-27): Cyber Security Notification - CrashOverride/Industroyer Malware ***
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1003&LanguageCode=en&DocumentPartId=&Action=Launch




*** SMTP - Moderatley Critical - Information Disclosure - SA-CONTRIB-2017-055 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-055Project: SMTP Authentication Support (third-party module)Version: 7.x, 8.xDate: 2017-June-28Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureDescriptionThis SMTP module enables you to send mail using a third party (non-system) mail service instead of the local system mailer included with Drupal. When this module is in debugging mode, it will log privileged [...]
---------------------------------------------
https://www.drupal.org/node/2890357




*** Services - Critical - SQL Injection - SA-CONTRIB-2017-054 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-054Project: Services (third-party module)Version: 7.xDate: 2017-June-28Security risk: 19/25 ( Critical) AC:None/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module doesnt sufficiently sanitize column names provided by the client when they are querying for data and trying to sort it.This vulnerability is [...]
---------------------------------------------
https://www.drupal.org/node/2890353




*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2 and v5.0.2. (CVE-2017-3539, CVE-2016-9840, CVE-2016-9841,CVE-2016-9842, CVE-2016-9843) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005365




*** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1217) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004348




*** IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, ***
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/java_apr2017_advisory.asc


More information about the Daily mailing list