[CERT-daily] Tageszusammenfassung - Freitag 3-03-2017

Fri Mar 3 18:08:19 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 02-03-2017 18:00 − Freitag 03-03-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** WhatsApp - Unsicher trotz Verschlüsselung ***
---------------------------------------------
Die Einführung der Ende-zu-Ende-Verschlüsselung wurde von WhatsApp-Nutzern und Datenschützern sehr begrüßt. Dass es hierbei aber dennoch zu erheblichen Sicherheitsproblemen kommt, haben nun Forscher des Fraunhofer-Instituts für Angewandte und Integrierte Sicherheit AISEC herausgefunden. Betroffen sind vor allem Android-Nutzer.
---------------------------------------------
https://www.aisec.fraunhofer.de/de/presse-und-veranstaltungen/presse/pressemitteilungen/2017/whatsapp.html


*** Undocumented Backdoor Account in DBLTek GoIP ***
---------------------------------------------
Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/


*** Command Input Typo Caused Massive AWS S3 Outage ***
---------------------------------------------
In a postmortem status report, Amazon blamed a command input typo for the massive AWS S3 outage that took out a large chunk of the Internet three days ago. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/hardware/command-input-typo-caused-massive-aws-s3-outage/


*** Malware Retrieves PowerShell Scripts from DNS Records ***
---------------------------------------------
Malware researchers have come across a new Remote Access Trojan (RAT) that uses a novel technique to evade detection on corporate networks by fetching malicious PowerShell commands stored inside a domains DNS TXT records. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malware-retrieves-powershell-scripts-from-dns-records/


*** January-February 2017 ***
---------------------------------------------
The NCCIC/ICS-CERT Monitor for January/February 2017 is a summary of ICS-CERT activities for the previous two months.
---------------------------------------------
https://ics-cert.us-cert.gov/monitors/ICS-MM201702


*** Lernkurve mit neuem Feed ***
---------------------------------------------
Wir sammeln aus vielen Quellen Informationen zu Infektionen und anderen Sicherheitsproblemen im österreichischen Internet und geben diese an die Netzbetreiber weiter. Details dazu stehen in unserem Jahresbericht. Kürzlich haben wir eine neuen Anbieter in unser Portfolio aufgenommen, der unser Lagebild zu Infektionen verbessern sollte. Seit vorgestern verteilen wir Daten aus dieser Quelle. Wir bekamen von einigen Seiten Feedback, dass hier was...
---------------------------------------------
http://www.cert.at/services/blog/20170303152402-1946.html


*** IDM 4.5 SAP HR Driver Version 4.0.1.0 ***
---------------------------------------------
Abstract: Patch update for the Identity Manager SAP HR driver with the SAP JCO version 3. This patch will take the driver version to 4.0.1.0. You must have IDM 4.5 with SP2 or later to use this driver. You should only use this if you are using SAP JCO3. It will not work with SAP JCO2. NetIQ/MicroFocus recommends that users of SAP JCO2 transition to SAP JCO3 and use the IDM SAP HR driver for JCO3. Beginning with IDM 4.0 JCO2 is no longer supported.Document ID: 5258492Security Alert:
---------------------------------------------
https://download.novell.com/Download?buildid=KbKm3O1mw4M~


*** VMSA-2017-0002 ***
---------------------------------------------
Horizon DaaS update addresses an insecure data validation issue
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0002.html


*** Vuln: Rapid7 Insight Collector CVE-2017-5234 DLL Loading Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96545


*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in Network Security Services (NSS) (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21998918


*** Eaton xComfort Ethernet Communication Interface ***
---------------------------------------------
This advisory contains mitigation details for an improper access controls vulnerability in the Eaton xComfort Ethernet Communication Interface.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01


*** Schneider Electric Conext ComBox ***
---------------------------------------------
This advisory contains mitigation details for a resource exhaustion vulnerability in Schneider Electric's Conext ComBox solar battery monitor.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-061-02