[CERT-daily] Tageszusammenfassung - 21.09.2017
Daily end-of-shift report
team at cert.at
Thu Sep 21 18:09:41 CEST 2017
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-09-2017 18:00 − Donnerstag 21-09-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Transportverschlüsselung zwischen Mailservern ∗∗∗
---------------------------------------------
Empfehlungen zur Konfiguration mit Beispielen für Postfix und exim
---------------------------------------------
https://www.dfn-cert.de/aktuell/smtp-transportverschluesselung.html
∗∗∗ Optimierungsprogramm: Ccleaner-Malware sollte wohl Techkonzerne ausspionieren ∗∗∗
---------------------------------------------
Cisco widerspricht Avast: Die zweite Stufe der mit Ccleaner verteilten Malware sei sehr wohl aktiviert worden. Angeblich sollen die Macher der Kampagne es auf Betriebsgeheimnisse großer Techfirmen abgesehen haben.
---------------------------------------------
https://www.golem.de/news/optimierungsprogramm-ccleaner-malware-sollte-wohl-techkonzerne-ausspionieren-1709-130174-rss.html
∗∗∗ FedEX: TNT verliert durch NotPetya 300 Millionen US-Dollar ∗∗∗
---------------------------------------------
Angriffe auf die IT-Infrastruktur sind teuer: Nach Maersk hat auch das Logistikunternehmen TNT einen erheblichen Verlust durch NotPetya bekannt gegeben. Die Reparatur aller Systeme soll bis Ende September abgeschlossen werden.
---------------------------------------------
https://www.golem.de/news/fedex-tnt-verliert-durch-notpetya-300-millionen-us-dollar-1709-130192-rss.html
∗∗∗ Deep-Learning PassGAN Tool Improve Password Guessing ∗∗∗
---------------------------------------------
A deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.
---------------------------------------------
http://threatpost.com/deep-learning-passgan-tool-improve-password-guessing/128039/
∗∗∗ Introducing Burplay, A Burp Extension for Detecting Privilege Escalations ∗∗∗
---------------------------------------------
The seventh entry on the most recent OWASP Top 10 release (from 2013, due to the 2017 release candidate being rejected!) is "Missing Function Level Access Control", which is essentially what leads to Privilege Escalation issues. This common vulnerability related...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Introducing-Burplay,-A-Burp-Extension-for-Detecting-Privilege-Escalations/
∗∗∗ New FinFisher surveillance campaigns: Are internet providers involved? ∗∗∗
---------------------------------------------
New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy and sold to governments and their agencies worldwide, are in the wild. Besides featuring technical improvements, some of these variants have been using a cunning, previously-unseen infection vector with strong indicators of major internet service provider (ISP) involvement.
---------------------------------------------
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/
∗∗∗ Intel Management Engine gehackt ∗∗∗
---------------------------------------------
Sicherheitsexperten zeigten, wie sie eine Sicherheitslücke in Intels ME-Firmware nutzen, um unsignierten Code auszuführen. Die ME hat im Prinzip unbeschränkten Zugriff auf die Hardware des Systems, kann aber von Virenscannern nicht überwacht werden.
---------------------------------------------
https://heise.de/-3837239
∗∗∗ Verschlüsselung: Gpg4win 3.0 hält sich dezent im Hintergrund ∗∗∗
---------------------------------------------
Die Windows-Softwaresammlung Gpg4win verwendet Version 2.2 der freien Krypto-Engine GnuPG und sorgt dafür, dass Outlook mit dem OpenPGP/MIME-Standard umgehen kann.
---------------------------------------------
https://heise.de/-3837176
=====================
= Advisories =
=====================
∗∗∗ Samba Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: September 20, 2017 The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information.US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2017-12150, CVE-2017-12151, and CVE-2017-12163 and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2017/09/20/Samba-Releases-Security-Updates
∗∗∗ Page Access - Unsupported - SA-CONTRIB-2017-75 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2910306
∗∗∗ Skype Status - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-076 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2910308
∗∗∗ Clientside Validation - Critical - Arbitary PHP Execution - DRUPAL-SA-CONTRIB-2017-072 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2907118
∗∗∗ Security Update for tvOS 11 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT208113
∗∗∗ Security Update for watchOS 4 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT208115
∗∗∗ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic
∗∗∗ Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas
∗∗∗ Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs
∗∗∗ Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa
∗∗∗ Cisco Small Business Managed Switches Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
∗∗∗ Cisco FindIT DLL Preloading Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit
∗∗∗ Cisco Email Security Appliance Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa
∗∗∗ Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp
∗∗∗ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2
∗∗∗ Cisco Unified Intelligence Center User Interface Cross-Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1
∗∗∗ IBM Security Bulletin: Vulnerability in the Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-6214) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099637
∗∗∗ IBM Security Bulletin: IBM MQ termination of a client application causes denial of service (CVE-2017-1235) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005415
∗∗∗ IBM Security Bulletin: Open Source OpenSSL, GNUTls, RHEL CVE-2016-8610 'SSL-Death-Alert' affects IBM Cisco switches and directors. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010572
∗∗∗ IBM Security Bulletin: Multiple Java Vulnerabilities affect DB2 Text Search Stand Alone Accessories Suite ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007190
∗∗∗ OpenJDK vulnerabilities CVE-2015-2601, CVE-2015-2621, CVE-2015-2632, CVE-2015-4748, and CVE-2015-4749 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K84947349
∗∗∗ HPESBHF03705 rev.2 - HPE Integrated Lights-Out 4 and Moonshot Remote Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information ∗∗∗
---------------------------------------------
https://h20565.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03705en_us
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list