[CERT-daily] Tageszusammenfassung - 06.09.2017

Daily end-of-shift report team at cert.at
Wed Sep 6 18:22:26 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 05-09-2017 18:00 − Mittwoch 06-09-2017 18:00
Handler:     Stefan Lenzhofer
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Hackers Gain ‘Switch-Flipping’ Access to US Power Systems ∗∗∗
---------------------------------------------
Hackers who hit American utilities this summer had the power to cause blackouts, Symantec says.
---------------------------------------------
https://www.wired.com/story/hackers-gain-switch-flipping-access-to-us-power-systems
see also: http://derstandard.at/2000063697965
see also: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group
see also: https://www.bleepingcomputer.com/news/security/sabotage-warning-issued-on-hackers-hiding-deep-inside-energy-sector/


∗∗∗ SynAck Ransomware Sees Huge Spike in Activity ∗∗∗
---------------------------------------------
Over the past two days, there was an increase in activity from a relatively unknown ransomware strain named SynAck, according to submissions to the ID-Ransomware service and users who complained on the Bleeping Computer ransomware support forums. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-spike-in-activity/


∗∗∗ Stop blaming users for security misses ∗∗∗
---------------------------------------------
Does the message to users about security need to change? Or does IT need to rebuild infrastructure so users can worry less about security? Wendy Nather, principal security strategist at Duo Security, talks with CSO senior writer Fahmida Rashid about how organizations can learn to do security right.
---------------------------------------------
https://www.csoonline.com/video/80055/stop-blaming-users-for-security-misses#tk.rss_applicationsecurity


∗∗∗ Security and education in the wake of WannaCry, Petya ∗∗∗
---------------------------------------------
Attacks occur for a variety of reasons, and in the wake of the most widespread ransomware attacks, WannaCry and Petya, many organizations are re-evaluating their security practices to figure out what went wrong.While those who were hit are still trying to understand where their security gaps are, others enterprises that rely on legacy systems and cant be patched are looking for ways to prevent being the next victim. No, the vulnerabilities attackers leverage are not new. They prey on systems
---------------------------------------------
https://www.csoonline.com/article/3208384/backup-recovery/security-and-education-in-the-wake-of-wannacry-petya.html#tk.rss_applicationsecurity


∗∗∗ The 15 biggest data breaches of the 21st centuryy ∗∗∗
---------------------------------------------
Data breaches happen daily, in too many places at once to keep count, take todays news of another Verizon breach that exposed the personal data of 6 million customers and a somewhat less dire breach at 14 Trump hotels. But what constitutes a huge breach versus a small one? CSO compiled a list of 15 of the biggest or most significant breaches of the 21st century.This list is based not necessarily on the number of records compromised, but on how much risk or damage the breach caused for
---------------------------------------------
https://www.csoonline.com/article/2130877/data-protection/the-15-biggest-data-breaches-of-the-21st-centuryy.html#tk.rss_applicationsecurity


∗∗∗ ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month ∗∗∗
---------------------------------------------
The dreaded hacking group ShadowBrokers posted a new message, promising to deliver two data dumps a month as part its monthly dumps. The notorious group ShadowBrokers is back with announcing new interesting changes to their Dump Service. The hackers published a new message on the Steemit platform announcing new changed to their service. “Missing theshadowbrokers? If someone […]The post ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month appeared first on
---------------------------------------------
http://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html


∗∗∗ A Critical Apache Struts Security Flaw Makes It Easy To Hack Fortune 100 Firms ∗∗∗
---------------------------------------------
An anonymous reader quotes a report from ZDNet: A critical security vulnerability in open-source server software enables hackers to easily take control of an affected server -- putting sensitive corporate data at risk. The vulnerability allows an attacker to remotely run code on servers that run applications using the REST plugin, built with Apache Struts, according to security researchers who discovered the vulnerability. All versions of Struts since 2008 are affected, said the researchers.
---------------------------------------------
https://apache.slashdot.org/story/17/09/05/2053200/a-critical-apache-struts-security-flaw-makes-it-easy-to-hack-fortune-100-firms?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29


∗∗∗ Hacker-Angriffe auf MongoDB treffen fast 27.000 Datenbanken ∗∗∗
---------------------------------------------
Erpresserische Angriffe auf sicherheitsanfällige MongoDB-Datenbanken liegen bei Online-Kriminellen bereits seit Ende letzten Jahres im Trend. Nun geht die Abzocke weiter: Drei neue Hackergruppen fordern Bitcoins im Tausch gegen Datenbankinhalte.
---------------------------------------------
https://heise.de/-3822955


∗∗∗ Security flaw affects 750,000 Estonian ID cards ∗∗∗
---------------------------------------------
An international group of cryptographers has flagged a serious security vulnerability in the chip embedded in Estonian ID cards, the country’s Information System Authority has announced. “Estonian experts assess there to be a possible security vulnerability and we will continue to verify the claims of the researchers,” said Taimar Peterkop, Director-General of the agency. “We have developed the primary solutions to mitigate the risk, and will do our utmost to ensure that
---------------------------------------------
https://www.helpnetsecurity.com/2017/09/06/estonian-id-cards-security-flaw/


=====================
=    Advisories     =
=====================

∗∗∗ Apache Struts: Jetzt updaten und kritische Lücke schließen ∗∗∗
---------------------------------------------
Eine soeben veröffentlichte Version von Apache Struts schließt eine kritische Lücke. Die Entwickler und der Entdecker der Sicherheitslücke rechnen damit, dass diese bald für Angriffe auf Firmen missbraucht wird. Also ist jetzt zügiges Handeln angesagt.
---------------------------------------------
https://heise.de/-3822948


∗∗∗ Bugtraq: [security bulletin] HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541129


∗∗∗ DFN-CERT-2017-1558/">Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1558/


∗∗∗ DFN-CERT-2017-1556/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1556/


∗∗∗ DFN-CERT-2017-1563/">Google Chrome, Chromium: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1563/


∗∗∗ DFN-CERT-2017-1561/">IBM AIX, IBM VIOS, IBM Java SDK: Mehrere Schwachstellen ermöglichen u.a. die komplette Kompromittierung des Systems ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1561/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22008080

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list