[CERT-daily] Tageszusammenfassung - Mittwoch 3-05-2017
Daily end-of-shift report
team at cert.at
Wed May 3 18:15:54 CEST 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 02-05-2017 18:00 − Mittwoch 03-05-2017 18:00
Handler: Olaf Schwarz
Co-Handler: Petr Sikuta
Co-Handler: Stephan Richter
*** Malware Hunter - Shodans new tool to find Malware C&C Servers ***
---------------------------------------------
Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks. But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and [...]
---------------------------------------------
https://thehackernews.com/2017/05/shodan-malware-hunter.html
*** Disambiguate "Zero-Day" Before Considering Countermeasures ***
---------------------------------------------
"Zero-day" is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we've accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion I've seen "zero-day" used to describe two related, but independent concepts. First,... Read more
---------------------------------------------
https://zeltser.com/zero-day-terminology/
*** Outlook Forms and Shells ***
---------------------------------------------
I set out to try and find another way to get a shell through Outlook, in the case of us having valid credentials[...] Fortunately for us, Outlook has a massive attack surface and provides several other interesting automation features. One of these is Outlook Forms.
---------------------------------------------
https://sensepost.com/blog/2017/outlook-forms-and-shells/
*** Compromising Industrial Robots: The Fallacy of Industrial Routers in the Industry 4.0 Ecosystem ***
---------------------------------------------
The increased connectivity of computer and robot systems in the industry 4.0. ecosystem, is, and will be exposing robots to cyber attacks in the future. Indeed, industrial robots - originally conceived to be isolated - have evolved, and are now exposed to corporate networks and the internet.While this provides synergy effects and higher efficiency in production, the security posture is not on par. In our latest report Rogue Robots: Testing the Limits of an Industrial Robot's [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6F0kroJASMA/
*** Steps to Stronger Passwords ***
---------------------------------------------
A journey of password The utilization of passwords is known to be old. Sentries would challenge those wishing to enter a territory or moving toward it to supply a secret word, and would just enable a man or gathering to pass if they knew the secret key. In present day times, username and passwords are [...]
---------------------------------------------
http://resources.infosecinstitute.com/steps-make-stronger-passwords/
*** Deutsche Bankkonten über UMTS-Sicherheitslücken ausgeräumt ***
---------------------------------------------
Kriminelle Hacker haben Konten von deutschen Bankkunden über Sicherheitslücken im Mobilfunknetz ausgeräumt, die seit Jahren bekannt sind. Eigentlich wollten die Provider schon 2014 entsprechende Gegenmaßnahmen ergreifen.
---------------------------------------------
https://heise.de/-3702194
*** Diskurs|Digital - Einblicke in gelebte Partizipation ***
---------------------------------------------
May 23, 2017 - 6:00 pm - 8:00 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/diskursdigital-einblicke-in-gelebte-partizipation/
*** Linuxwochen gastieren wieder in Wien ***
---------------------------------------------
Sowohl technische als auch netzpolitische Vorträge - Von Open Source bis Softwarepatenten
---------------------------------------------
http://derstandard.at/2000056925982
*** DFN-CERT-2017-0755: Intel Active Management Technology (AMT), Intel Small Business Technology (SBT), Intel Standard Manageability (ISM): Eine Schwachstelle ermöglicht die komplette Systemübernahme ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0755/
*** Android Security Bulletin—May 2017 ***
---------------------------------------------
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site. Security patch levels of May 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level.
---------------------------------------------
https://source.android.com/security/bulletin/2017-05-01
*** Schneider Electric Wonderware Historian Client ***
---------------------------------------------
This advisory contains mitigation details for an improper XML parser configuration vulnerability in Schneider Electric's Wonderware Historian Client.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01
*** CyberVision Kaa IoT Platform ***
---------------------------------------------
This advisory contains mitigation details for a code injection vulnerability in CyberVision's Kaa IoT Platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-02
*** Advantech B+B SmartWorx MESR901 ***
---------------------------------------------
This advisory contains mitigation details for a use of client-side authentication vulnerability in the Advantech B+B SmartWorx MESR901 Modbus gateway.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Open Redirect Vulnerability in IBM WebSphere Portal (CVE-2017-1156) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000153
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Identity Governance (CVE-2016-8610 CVE-2017-3731) ***
http://www.ibm.com/support/docview.wss?uid=swg22002387
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM JAVA Runtime affect AppScan Source (CVE-2016-5547 CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg22002633
---------------------------------------------
*** IBM Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg22002189
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus ***
http://www.ibm.com/support/docview.wss?uid=swg22002242
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Open Source openSSL affect IBM Security Identity Governance Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg22002397
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002374
---------------------------------------------
*** IBM Security Bulletin: Privilege escalation vulnerability affects IBM DB2 LUW (CVE-2017-1134) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002573
---------------------------------------------
*** IBM Security Bulletin: Cross Site Scripting vulnerability in IBM Marketing Platform (CVE-2016-0255) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001950
---------------------------------------------
More information about the Daily
mailing list