[CERT-daily] Tageszusammenfassung - 01.09.2017
Daily end-of-shift report
team at cert.at
Fri Sep 1 18:06:56 CEST 2017
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 31-08-2017 18:00 − Freitag 01-09-2017 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Boobytrapped Word File Installs Locky Ransomware When You Close the Document ∗∗∗
---------------------------------------------
Summer vacation is over! During the past week, security researchers have discovered several distribution campaigns pushing the Locky ransomware via different methods, including a new variant that features one hell of a clever trick.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/boobytrapped-word-file-installs-locky-ransomware-when-you-close-the-document/
∗∗∗ US Government Site Was Hosting Ransomware ∗∗∗
---------------------------------------------
As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. The malware link has since been taken down.
---------------------------------------------
http://threatpost.com/us-government-site-removes-link-to-cerber-ransomware-downloader/127767/
∗∗∗ Malware writer offers free trojan to hackers ... with one small drawback ∗∗∗
---------------------------------------------
Beware of geeks bearing Cobian RAT gifts Those looking on the dark web for malware capable of hijacking computers might have thought they were getting a bargain when a free trojan appeared on various online souks over the past few months.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/08/31/free_trojan_for_hackers/
∗∗∗ Lücke in HPE Operations Orchestration ermöglicht Remote Code Execution ∗∗∗
---------------------------------------------
Die Software Operations Orchestration erlaubt in allen Versionen vor 10.80 die Codeausführung aus der Ferne. Hewlett Packard Enterprise rät zum Update. Auch für zwei Performancetest-Tools des Herstellers stehen Aktualisierungen bereit.
---------------------------------------------
https://heise.de/-3819782
=====================
= Advisories =
=====================
∗∗∗ OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04
∗∗∗ Moxa SoftCMS Live Viewer ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05
∗∗∗ Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01
∗∗∗ DFN-CERT-2017-1542/">Digium Asterisk, Digium Certified Asterisk: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1542/
∗∗∗ SSA-866217: SMBv1 Vulnerabilities in ACUSON S1000/2000/3000 ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-866217.pdf
∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Honor 5S Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170901-02-smartphone-en
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Some Huawei APKs ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170901-01-smartphone-en
∗∗∗ IBM Security Bulletin: IBM Expeditor is affected by a denial of service vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22002103
∗∗∗ IBM Security Bulletin: IBM Notes is affected by a denial of service vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21999385
∗∗∗ IBM Security Bulletin: IBM Notes is affected by a denial of service vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21999384
∗∗∗ IBM Security Bulletin: IBM Notes is affected by Open Source zlib vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21997877
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in Curl (CVE-2016-7167) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007553
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in bash (CVE-2016-9401, CVE-2016-7543, CVE-2016-0634) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007554
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007416
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Network Protection ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007918
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007552
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by potential issues of XML External Entity Injection (CVE-2017-1458) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007551
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by potential issues of Cross-Site Scripting (CVE-2017-1457) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007550
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security has updated commons-fileupload for known vulnerabilities (CVE-2016-3092) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007539
∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a less-secure algorithm during negotiations vulnerability (CVE-2017-1491) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007535
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list