[CERT-daily] Tageszusammenfassung - Montag 15-05-2017

Daily end-of-shift report team at cert.at
Mon May 15 18:35:57 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 12-05-2017 18:00 − Montag 15-05-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Ransomware: Experten warnen vor Zahlung der Wanna-Crypt-Erpressersumme ***
---------------------------------------------
Experten raten davon ab, im Falle einer Infektion mit Wanna Crypt die geforderten Bitcoins zu zahlen, denn offenbar sind die Angreifer vom Erfolg ihrer Operation überrascht. Ein kostenloses Werkzeug zum Wiederherstellen der Daten ist bislang auch nicht verfügbar.
---------------------------------------------
https://www.golem.de/news/ransomware-experten-warnen-vor-zahlung-der-wanna-crypt-erpressersumme-1705-127832-rss.html




*** WannaCry & Co.: So schützen Sie sich ***
---------------------------------------------
Nach WannaCry ist vor dem nächsten Erpressungstrojaner. Was Gefährdete jetzt tun sollten, wie Sie sich vor Nachahmern schützen können und welche Optionen bleiben, wenn der Verschlüsselungstrojaner schon zugeschlagen hat.
---------------------------------------------
https://heise.de/-3714596




*** Customer Guidance for WannaCrypt attacks ***
---------------------------------------------
Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious "WannaCrypt" software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/




*** Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry ***
---------------------------------------------
WannaCry distribution may have dropped, but the ransomware pandemic is not over. As we feared in yesterday's alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have huge potential of infection, [...]
---------------------------------------------
https://heimdalsecurity.com/blog/security-alert-uiwix-ransomware/




*** Microsoft posts PowerShell script that spawns pseudo security bulletins ***
---------------------------------------------
A Microsoft manager this week offered IT administrators a way to replicate -- in a fashion -- the security bulletins the company discarded last month."If you want a report summarizing todays #MSRC security bulletins, heres a script that uses the MSRC Portal API," John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.Lamberts tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new [...]
---------------------------------------------
http://www.cio.com/article/3196254/windows/microsoft-posts-powershell-script-that-spawns-pseudo-security-bulletins.html#tk.rss_security




*** WannaCry/WannaCrypt Ransomware Summary, (Mon, May 15th) ***
---------------------------------------------
The ransomware was first noticed on Fridayand spread very quickly through many large organizations worldwide [verge]. Unlike prior ransomware, this sample used the SMBv1 ETERNALBLUE exploit to spread. ETERNALBLUE became public about a month ago in April when it was published as part of the Shadowbroker archive of NSA hacking tools [shadow]. A month prior to the release of the hacking tool, Microsoft had patched the vulnerability as part of the March Patch Tuesday release. The patch was released [...]
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22420&rss




*** Ein paar Gedanken zu WannaCry ***
---------------------------------------------
Wir haben heute unsere offizielle Warnung bezüglich der WannaCry Ransomware veröffentlicht. Ich will in diesem Blogbeitrag ein bisschen Kontext liefern, und etwas strategischer denken.
---------------------------------------------
http://www.cert.at/services/blog/20170514232126-2007.html




*** DSA-3852 squirrelmail - security update ***
---------------------------------------------
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, awebmail application, incorrectly handled a user-supplied value. Thiswould allow a logged-in user to run arbitrary commands on the server.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3852




*** EMC Isilon OneFS NFS Export Upgrade ***
---------------------------------------------
Topic: EMC Isilon OneFS NFS Export Upgrade Risk: Medium Text:ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability EMC Identifier: ESA-2017-027 CVE Identifier: CVE-2017-49...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017050087




*** Security Advisory - WannaCry ransomware Vulnerabilities in Microsoft Windows Systems ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170513-01-windows-en




*** Security Notice - Statement on "WannaCry ransomware" attacks ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170513-01-windows-en




*** DRD Agent - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-047 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-047Project: DRD agent (third-party module)Version: 6.x, 7.x, 8.xDate: 2017-May-10Security risk: 19/25 ( Critical) AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:AllVulnerability: Cross Site Request Forgery, Open RedirectDescriptionThe Drupal Remote Dashboard (DRD) module enables you to manage and monitor any remote Drupal site and, this module, the DRD Agent is the remote module which responds to requests from authorised DRD sites.The module doesnt [...]
---------------------------------------------
https://www.drupal.org/node/2877392




*** DSA-3854 bind9 - security update ***
---------------------------------------------
Several vulnerabilities were discovered in BIND, a DNS serverimplementation. The Common Vulnerabilities and Exposures projectidentifies the following problems:
---------------------------------------------
https://www.debian.org/security/2017/dsa-3854




*** FortiPortal Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:CVE-2017-7337: Improper Access Control allows a user to potentially view firewall policies and objects from a VDOM s/he is not authorized to, enumerate other customer ADOMs and view other customers dataCVE-2017-7338: Application returns password hashes, and passwords for associated FortiAnalyzer devices via the UICVE-2017-7339: Persistent XSS via the Name and Description fields in the pop-up to add [...]
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-114




*** DFN-CERT-2017-0842: Moodle: Mehrere Schwachstellen ermöglichen u.a. einen Cross-Site-Request-Forgery-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0842/




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2016-2125, CVE-2016-2126 ) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010051
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified. ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009957
---------------------------------------------
*** IBM Security Bulletin: Tomcat apache vulnerability affects IBM Storwize V7000 Unified ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009993
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009995
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS (CVE-2016-5597 ) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009963
---------------------------------------------
*** IBM Security Bulletin: Open Source Apache Struts Vulnerabilities affect IBM Enterprise Records ***
https://www-01.ibm.com/support/docview.wss?uid=swg22000471
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Enterprise Records ***
https://www-01.ibm.com/support/docview.wss?uid=swg22000469
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by an XML External Entity vulnerability (CVE-2016-2908) ***
http://www.ibm.com/support/docview.wss?uid=swg22001175
---------------------------------------------


More information about the Daily mailing list