[CERT-daily] Tageszusammenfassung - Freitag 10-03-2017

Fri Mar 10 18:09:27 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 09-03-2017 18:00 − Freitag 10-03-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  Stephan Richter


*** After CIA leak, Intel Security releases detection tool for EFI rootkits ***
---------------------------------------------
Intel Security has released a tool that allows users to check if their computers low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apples Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from...
---------------------------------------------
http://www.cio.com/article/3179345/security/after-cia-leak-intel-security-releases-detection-tool-for-efi-rootkits.html#tk.rss_security


*** Over a Third of Websites Use Outdated and Vulnerable JavaScript Libraries ***
---------------------------------------------
More than a third of the websites you visit online may include an outdated JavaScript library thats vulnerable to one or more security flaws. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/over-a-third-of-websites-use-outdated-and-vulnerable-javascript-libraries/


*** Middle East Government organizations hit with RanRan Ransomware ***
---------------------------------------------
Palo Alto Networks discovered a new strain of ransomware, dubbed RanRan ransomware, that has been used in targeted attacks in Middle East. Malware researchers at Palo Alto Networks have spotted a new strain of ransomware, dubbed RanRan, that has been used in targeted attacks against government organizations in the Middle East.
---------------------------------------------
http://securityaffairs.co/wordpress/57031/malware/ranran-ransomware.html


*** Sicherheit: Tails 2.11 und 3.0 Beta2 freigegeben ***
---------------------------------------------
Nur zwei Tage auseinander liegen die Veröffentlichungen von Tails 2.11 und 3.0 Beta. Während 2.11 eine der letzten Aktualisierungen der Distribution auf der Basis von Debian 8 "Jessie" ist, wird Tails 3.0 bei seinem Erscheinen im Juni auf Debian 9 "Stretch" setzen.
---------------------------------------------
https://www.golem.de/news/sicherheit-tails-2-11-und-3-0-beta2-freigegeben-1703-126648-rss.html


*** Firefox stellt Support für Windows XP und Vista ein ***
---------------------------------------------
Die aktuelle Version 52 des Browsers ist die letzte, die die veralteten Windows-Betriebsysteme unterstützt.
---------------------------------------------
https://futurezone.at/produkte/firefox-stellt-support-fuer-windows-xp-und-vista-ein/251.025.949


*** How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation ***
---------------------------------------------
The Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation. PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to...
---------------------------------------------
https://thehackernews.com/2017/03/decrypt-pgp-encryption.html


*** Why the SHA-1 collision means you should stop using the algorithm ***
---------------------------------------------
Realistically speaking, if your software or system uses the SHA-1 hashing algorithm, it is unlikely that it will be exploited in the foreseeable future. But it is also extremely difficult to be certain that your system wont be the exception.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/03/why-sha-1-collision-means-you-should-stop-using-algorithm/


*** CryptoBlock ransomware and its C2 ***
---------------------------------------------
CryptoBlock is an interesting ransomware to keep an eye on. We expect this to be a ransomware that is in development to eventually develop into a RaaS (Ransomware as a Service).Categories: MalwareThreat analysisTags: CryptoBlockraasransomwareRansomware as a Servicevirustotal(Read more...)
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/03/cryptoblock-and-its-c2/


*** DSA-3806 pidgin - security update ***
---------------------------------------------
It was discovered a vulnerability in Pidgin, a multi-protocol instantmessaging client. A server controlled by an attacker can send an invalidXML that can trigger an out-of-bound memory access. This might lead to acrash or, in some extreme cases, to remote code execution in theclient-side.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3806


*** Schneider Electric ClearSCADA ***
---------------------------------------------
This advisory contains mitigation details for an input validation vulnerability in Schneider Electrics ClearSCADA.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01


*** Security Advisory: Apache Struts 2 vulnerability CVE-2017-5638 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43451236.html?ref=rss


*** NetIQ Privileged User Manager 2.4.1 HF2 (2.4.1-2) ***
---------------------------------------------
Abstract: NetIQ Privileged User Manager 2.4.1 Hot Fix 2 (2.4.1.2). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release does not contain new features.Document ID: 5276651Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:netiq-npum-packages-2.4.1-2.tar.gz (139.85 MB)Products:Privileged User Manager 2.4.1Superceded Patches:PUM2.4.1HF...
---------------------------------------------
https://download.novell.com/Download?buildid=88wYDI-5uRA~


*** VMware Workstation update addresses multiple security issues ***
---------------------------------------------
a. VMware Workstation DLL loading vulnerability 
b. VMware Workstation SVGA driver vulnerability 
c. VMware Workstation NULL pointer dereference vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0003.html


*** Vuln: F-Secure Anti-Virus CVE-2017-6466 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96784


*** IBM Security Bulletin: Vulnerabilities in Nagios Core affect IBM Pure Power Integrated Manager (PPIM) (CVE-2016-9565, CVE-2016-9566) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1024796


*** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21997359


*** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21997358