[CERT-daily] Tageszusammenfassung - 24.10.2017
Daily end-of-shift report
team at cert.at
Tue Oct 24 18:23:30 CEST 2017
=====================
= End-of-Day report =
=====================
Timeframe: Montag 23-10-2017 18:00 − Dienstag 24-10-2017 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Achieving Online Anonymity Using Tails OS ∗∗∗
---------------------------------------------
Achieving anonymity while browsing the internet is the main concern for many people; everybody wants to make their communications secure and private. However, few in the world have really achieved this objective and many are still facing difficulties and trying different techniques to achieve online privacy. The InfoSec community has produced various tools and techniques that utilize the TOR network to send the data securely and privately.
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/achieving-online-anonymity-using-tails-os
∗∗∗ DUHK Crypto Attack Recovers Encryption Keys, Exposes VPN Connections, More ∗∗∗
---------------------------------------------
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Dont Use Hard-coded Keys) [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/duhk-crypto-attack-recovers-encryption-keys-exposes-vpn-connections-more/
∗∗∗ Stop relying on file extensions, (Tue, Oct 24th) ∗∗∗
---------------------------------------------
Yesterday, I found an interesting file in my spam trap. It was called '16509878451.XLAM'. To be honest, I was not aware of this extension and I found this on the web: "A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/22962
∗∗∗ Study: 18% of fed agencies embrace DMARC yet 25% of email fraudulent, unauthenticated ∗∗∗
---------------------------------------------
Of the 18 percent of agencies that do have DMARC in play, only half are maximizing the benefits of the standard by quarantining or rejecting unauthenticated email to prevent domain name spoofing.
---------------------------------------------
https://www.scmagazine.com/study-18-of-fed-agencies-embrace-dmarc-yet-25-of-email-fraudulent-unauthenticated/article/702134/
∗∗∗ News Feature: Google Security interview "human solutions - the way to go." ∗∗∗
---------------------------------------------
Google has launched of a range of personal and corporate security enhancements (below) this month. Google security expert Allison Miller, spoke to SC about the organisations approach to security and privacy concerns.
---------------------------------------------
https://www.scmagazine.com/news-feature-google-security-interview-human-solutions--the-way-to-go/article/702274/
∗∗∗ Please activate the anti-ransomware protection in your Windows 10 Fall Creators Update PC. Ta ∗∗∗
---------------------------------------------
Plus: Azure gets all Cray-cray A below-the-radar security feature in the Windows 10 Fall Creators Update, aka version 1709 released last week, can stop ransomware and other file-scrambling nasties dead.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/10/23/fyi_windows_10_ransomware_protection/
∗∗∗ Let’s Enhance ! How we found @rogerkver’s $1000 wallet obfuscated private key. ∗∗∗
---------------------------------------------
We could have simply named this post “How great QR code are and how we recovered one from almost nothing” but it’s much more interesting when the QR code is the key to a $1000 Bitcoin wallet.
---------------------------------------------
https://medium.com/@SassanoM/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433
∗∗∗ Android-Schädling Lokibot ist eine Transformer-Malware ∗∗∗
---------------------------------------------
In erster Linie ist Lokibot auf Bankdaten aus. Wer gegen den Trojaner vorgeht, bekommt ein anderes Gesicht des Schädlings zu sehen und sieht sich mit Erpressung konfrontiert.
---------------------------------------------
https://heise.de/-3868947
∗∗∗ Hackerangriff: Russische Nachrichtenagentur Interfax wohl von Kryptotrojaner getroffen ∗∗∗
---------------------------------------------
Die russische Nachrichtenagentur Interfax ist am Dienstag durch einen Hackerangriff lahmgelegt worden. Fast alle Server seien betroffen, sagte der stellvertretende Generaldirektor Alexej Gorschkow. Es sei unklar, wann das Problem behoben werden könne.
---------------------------------------------
https://heise.de/-3870349
∗∗∗ Reaper: Calm Before the IoT Security Storm? ∗∗∗
---------------------------------------------
Its been just over a year since the world witnessed some of the worlds top online Web sites being taken down for much of the day by "Mirai," a zombie malware strain that enslaved "Internet of Things" (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware [...]
---------------------------------------------
https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-storm/
∗∗∗ Keine Aktualisierung bei Netflix notwendig ∗∗∗
---------------------------------------------
Datendiebe versenden eine gefälschte Netflix-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie ihre Zahlungsinformationen auf einer Website aktualisieren. Wer das macht, übermittelt sensible Daten an die Betrüger/innen. Sie können auf Kosten ihres Opfers einkaufen gehen und Verbrechen unter seinem Namen begehen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/keine-aktualisierung-bei-netflix-notwendig/
∗∗∗ Reducing Vulnerability to Cyberattacks ∗∗∗
---------------------------------------------
The need for secure systems is a growing priority for Industry Control System (ICS) operators. Recent high profile cyber-attacks against critical infrastructure, coupled with the growing list of published equipment [...]
---------------------------------------------
http://blog.schneider-electric.com/cyber-security/2017/10/23/reducing-vulnerability-cyberattacks/
∗∗∗ Kiev metro hit with a new variant of the infamous Diskcoder ransomware ∗∗∗
---------------------------------------------
Public sources have confirmed that computer systems in the Kiev Metro, Odessa naval port, Odessa airport, Ukrainian ministries of infrastructure and finance, and also a number of organizations in Russia are among the affected organizations.The post Kiev metro hit with a new variant of the infamous Diskcoder ransomware appeared first on WeLiveSecurity
---------------------------------------------
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
=====================
= Vulnerabilities =
=====================
∗∗∗ Citrix XenServer Security Update for CVE-2017-15597 ∗∗∗
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.
---------------------------------------------
https://support.citrix.com/article/CTX229057
∗∗∗ Cisco Spark Hybrid Calendar Service Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Java Server Faces (JSF) used by WebSphere Application Server (CVE-2017-1583, CVE-2011-4343) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008707
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Functional Tester (CVE-2017-10115, CVE-2017-10116) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008877
∗∗∗ IBM Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009670
∗∗∗ IBM Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009715
∗∗∗ cURL Buffer Overread in Processing IMAP FETCH Response Data Lets Remote Users Deny Service or Obtain Potentially Sensitive Information ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039644
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list