[CERT-daily] Tageszusammenfassung - Freitag 12-05-2017

Daily end-of-shift report team at cert.at
Fri May 12 18:27:03 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 11-05-2017 18:00 − Freitag 12-05-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  Stephan Richter


*** Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak ***
---------------------------------------------
A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica - one of the countrys biggest telecommunications companies - has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomwares reach.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/




*** NHS hit by ransomware attack, hospitals across country shutting down ***
---------------------------------------------
GP told of National hack of the computer health care system Updated Multiple NHS hospitals have shut down systems and are telling patients not to come in due to what is being described as a massive nationwide cyber attack.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/05/12/nhs_hospital_shut_down_due_to_cyber_attack/




*** Jaff argh snakes: 5m emails/hour ransomware floods inboxes ***
---------------------------------------------
Locky-style nasty will squeeze you for two whole bitcoins The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed "Jaff".
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/05/12/jaff_ransomware/




*** When Bad Guys are Pwning Bad Guys..., (Fri, May 12th) ***
---------------------------------------------
A few months ago, I wrote a diary about webshells[1] and the numerous interesting features they offer. Theyre plenty of web shells available, there are easy to find and install. They are usually delivered as one big obfuscated (read: Base64, ROT13 encoded and gzip'd) PHP file that can be simply dropped on a compromised computer.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22410




*** Sicherheitslücke: Fehlerhaft konfiguriertes Git-Verzeichnis bei Redcoon ***
---------------------------------------------
Was haben der Online-Händler Redcoon und die Volksverschlüsselung gemeinsam? Ein unsicher konfiguriertes Git-Repository. Immer wieder machen Webseitenbetreiber denselben Fehler. (Security, API)
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-fehlerhaft-konfiguriertes-git-verzeichnis-bei-redcoon-1705-127777-rss.html




*** HP Releases Driver Update to Remove Accidental Keylogger ***
---------------------------------------------
HP has issued an update to remove a keylogging mechanism found in the audio drivers included with some of its high-end laptops. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/




*** Phoenix Contact GmbH mGuard ***
---------------------------------------------
This advisory contains mitigation details for resource exhaustion and improper authentication vulnerabilities in Phoenix Contact GmbH's mGuard network device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01




*** Satel Iberia SenNet Data Logger and Electricity Meters ***
---------------------------------------------
This advisory contains mitigation details for a command injection vulnerability in Satel Iberia's SenNet Data Logger and Electricity Meters.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02




*** HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ***
---------------------------------------------
HPESBHF03743 rev.1 - A potential security vulnerability has been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerability could be exploited remotely to allow execution of code.
---------------------------------------------
http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03743en_us




*** DSA-3849 kde4libs - security update ***
---------------------------------------------
Several vulnerabilities were discovered in kde4libs, the core librariesfor all KDE 4 applications. The Common Vulnerabilities and Exposuresproject identifies the following problems:
---------------------------------------------
https://www.debian.org/security/2017/dsa-3849




*** PostgreSQL 2017-05-11 Security Update Release ***
---------------------------------------------
Three security vulnerabilities have been closed by this release: CVE-2017-7484: selectivity estimators bypass SELECT privilege checks, CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable, CVE-2017-7486: pg_user_mappings view discloses foreign server passwords
---------------------------------------------
https://www.postgresql.org/about/news/1746/




*** IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22001575
*** IBM Security Bulletin: Vulnerability in the OpenSSL library affects IBM Tealeaf Customer Experience PCA (CVE-2017-3730). ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22000513
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for Corporate Payment Services ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22001540
*** IBM Security Bulletin: Information disclosure vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-9735) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22003064
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22003204






More information about the Daily mailing list