[CERT-daily] Tageszusammenfassung - 07.09.2017

Daily end-of-shift report team at cert.at
Thu Sep 7 18:12:09 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 06-09-2017 18:00 − Donnerstag 07-09-2017 18:00
Handler:     Stefan Lenzhofer
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ BlackBerry powered by Android Security Bulletin – September 2017 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045672


∗∗∗ Ransomware: What you need to know now | Salted Hash Ep 1, Pt 4 ∗∗∗
---------------------------------------------
Reporters Fahmida Rashid and Steve Ragan talk about the latest ransomware threats, the holes in IT security and the burdens on enterprises.
---------------------------------------------
https://www.csoonline.com/video/81516/ransomware-what-you-need-to-know-now-salted-hash-ep-1-pt-4#tk.rss_applicationsecurity


∗∗∗ Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim ∗∗∗
---------------------------------------------
Researchers say a 18-year-old programming error by Microsoft is creating a kernel bug that can be abused by an attacker.
---------------------------------------------
http://threatpost.com/microsoft-programming-error-is-behind-dangerous-kernel-bug-researchers-claim/127858/


∗∗∗ Interesting List of Windows Processes Killed by Malicious Software ∗∗∗
---------------------------------------------
Just a quick blog post about an interesting sample that I found today. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity[The post Interesting List of Windows Processes Killed by Malicious Software has been first published on /dev/random]
---------------------------------------------
https://blog.rootshell.be/2017/09/06/interesting-list-windows-processes-killed-malicious-software/


∗∗∗ Apache Struts “serialisation” vulnerability – what you need to know ∗∗∗
---------------------------------------------
A bug in Apache Struts, a popular software toolkit for building web services, could let crooks take control of your server.
---------------------------------------------
https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisation-vulnerability-what-you-need-to-know


∗∗∗ Hackers Are Distributing Backdoored Cobian RAT Hacking tool For Free ∗∗∗
---------------------------------------------
Nothing is free in this world. If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax. Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack.
---------------------------------------------
https://thehackernews.com/2017/09/backdoored-hacking-tools.html


∗∗∗ Expired domain names and malvertising - Malwarebytes Labs ∗∗∗
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/


∗∗∗ Gefälschte Microsoft-Warnung führt zu Datendiebstahl ∗∗∗
---------------------------------------------
Kriminelle fälschen einen Microsoft-Warnhinweis. Darin behaupten sie, dass fremde Computer mit Schadsoftware befallen seien. Vermeintliche Opfer sollen sich deshalb an eine Kundenhotline wenden. In Wahrheit gelangen sie an Verbrecher/innen, die Zugang zum Computer fordern, Dateien kopieren und Zahlungsdaten stehlen.
---------------------------------------------
https://www.watchlist-internet.at/sonstiges/gefaelschte-microsoft-warnung-fuehrt-zu-datendiebstahl/



=====================
=    Advisories     =
=====================
∗∗∗ DFN-CERT-2017-1567/">IBM Notes: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1567/


∗∗∗ DFN-CERT-2017-1571/">Cisco ASR 5500 Series Routers: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1571/


∗∗∗ DFN-CERT-2017-1574/">Cisco Prime Collaboration Provisioning Tool: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Manipulation beliebiger Systemdateien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1574/


∗∗∗ DFN-CERT-2017-1578/">Cisco ASR 920 Series Router: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und die Manipulation von Dateien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1578/


∗∗∗ DFN-CERT-2017-1579/">Cisco IOS, Cisco IOS XE: Zwei Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1579/


∗∗∗ DFN-CERT-2017-1580/">Cisco IR800 Integrated Services Router: Eine Schwachstelle ermöglicht die komplette Kompromittierung des Systems ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1580/


∗∗∗ Cisco Prime LAN Management Solution Token ID Reuse Lets Remote Authenticated Users Hijack the Target Users Session ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039285


∗∗∗ Cisco Catalyst 4000 Series Switch Dynamic ACL Bug Lets Remote Users Bypass Port Access Controls on the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039284


∗∗∗ TYPO3 API Bug Lets Remote Users Obtain Potentially Sensitive Version Information on the Target System ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039294


∗∗∗ TYPO3 File Storage Access Control Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039293


∗∗∗ TYPO3 Input Validation Flaw in Backend Forms Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039292

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list