[CERT-daily] Tageszusammenfassung - Montag 6-03-2017

Daily end-of-shift report team at cert.at
Mon Mar 6 18:09:24 CET 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 03-03-2017 18:00 − Montag 06-03-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** 25 Jahre Michelangelo: Der Tag der großen Virenpanik ***
---------------------------------------------
Am 6. März 1992 hielt die Welt den Atem an. An diesem Tag sollte der Michelangelo-Virus Tausende, wenn nicht gar Millionen Festplatten löschen. Zum 25. Jahrestag beleuchtet c't die Geschichte des berüchtigten Virus.
---------------------------------------------
https://heise.de/-3643630




*** Attacking machine learning with adversarial examples ***
---------------------------------------------
Conclusion Adversarial examples show that many modern machine learning algorithms can be broken in surprising ways. These failures of machine learning demonstrate that even simple algorithms can behave very differently from what their designers intend. We encourage machine learning researchers to get involved and design methods for preventing adversarial examples, in order to close this gap between what designers intend and how algorithms behave. If youre interested in working on adversarial...
---------------------------------------------
https://openai.com/blog/adversarial-example-research/




*** Lets Act Now to Prevent Hacking of the Power Grid ***
---------------------------------------------
Standards, guidelines and exercises have bolstered the security of high-voltage networks but little has been done to protect the low-voltage systems that power our homes and workplaces.
---------------------------------------------
http://europe.newsweek.com/lets-act-now-prevent-hacking-power-grid-563609




*** DFIR Tools ***
---------------------------------------------
Over 600 DFIR tools in an online searchable database.
---------------------------------------------
http://www.dfir.training/index.php/tools/advanced-search




*** Uber Uses Ubiquitous Surveillance to Identify and Block Regulators ***
---------------------------------------------
The New York Times reports that Uber developed apps that identified and blocked government regulators using the app to find evidence of illegal behavior:Yet using its app to identify and sidestep authorities in places where regulators said the company was breaking the law goes further in skirting ethical lines -- and potentially legal ones, too. Inside Uber, some of those who knew about the VTOS program and how the Greyball tool was being used were troubled by it.[...]One method involved...
---------------------------------------------
https://www.schneier.com/blog/archives/2017/03/uber_uses_ubiqu.html




*** Western Digital My Cloud: NAS-Gerät macht jeden zum Admin ***
---------------------------------------------
Western Digital hat in der Hackerszene nicht den Ruf, Schwachstellen schnell zu beheben. Sicherheitslücken, die den Login-Vorgang und die Ausführung von Code betreffen, wurden daher ohne Responsible Disclosure veröffentlicht - damit die Nutzer handeln können.
---------------------------------------------
https://www.golem.de/news/western-digital-my-cloud-nas-geraet-macht-jeden-zum-admin-1703-126550-rss.html




*** Nextcloud-Scan: Security-Prüfung für Cloud-Speicher ***
---------------------------------------------
Zwei Drittel der öffentlich erreichbaren Installation von ownCloud oder dessen Fork Nextcloud sind angreifbar. Ob die eigene Instanz betroffen ist, können Anwender auf einer Website überprüfen.
---------------------------------------------
https://heise.de/-3645045




*** MMD-0062-2017 - Credential harvesting by SSH Direct TCP Forward attack via IoT botnet ***
---------------------------------------------
In this post there is no malicious software/malware analyzed, but this is one of the impact of the malware infected IoT devices caused by weak credentials are described indirectly. The only malicious aspect written in the post is the individual(s) involved and participate to these attacks, and, well, I personally do not think the tool used is also malicious too since. in a way, it is very useful for UNIX networking and development.
---------------------------------------------
http://blog.malwaremustdie.org/2017/02/mmd-0062-2017-ssh-direct-tcp-forward-attack.html




*** Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170306-01-smartphone-en




*** Vuln: EPSON TMNet WebConfig CVE-2017-6443 Multiple HTML Injection Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/96556




*** Vuln: FreeIPA CVE-2017-2590 Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/96557




*** [R3] SecurityCenter 5.4.4 Fixes File Upload unserialize() Function PHP Object Handling Remote File Deletion ***
---------------------------------------------
Advisory Timeline 
2017-02-17 - [R1] Initial Release 
2017-02-28 - [R2] Adjust CVSS for worst-case scenario (AV:A -> AV:N) 
2017-03-03 - [R3] Add SC upgrade information
---------------------------------------------
https://www.tenable.com/security/tns-2017-05




*** Vuln: Piwik Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96567




*** keepassxc / zxcvbn-c One byte stack buffer overflow ***
---------------------------------------------
Topic: keepassxc / zxcvbn-c One byte stack buffer overflow Risk: High Text:Hi, I recently reported a one byte buffer overflow in keepassxc [1] [2]. Its a pretty typical C bug: An array supposed to ...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017030044




*** DSA-3802 zabbix - security update ***
---------------------------------------------
An SQL injection vulnerability has been discovered in the Latest datapage of the web frontend of the Zabbix network monitoring system
---------------------------------------------
https://www.debian.org/security/2017/dsa-3802




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSource GNU C library affects IBM Netezza Host Management (CVE-2015-8776) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997242
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the libgcrypt library (CVE-2016-6313) ***
http://www.ibm.com/support/docview.wss?uid=swg21999613
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-2177, CVE-2016-6306, CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999357
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in OpenLDAP (CVE-2015-6908) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999615
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999614
---------------------------------------------
*** IBM Security Bulletin: IBM WebSphere Commerce admin utilities could lead to disclosure of user personal data (CVE-2016-5894) ***
http://www.ibm.com/support/docview.wss?uid=swg21997408
---------------------------------------------


More information about the Daily mailing list