[CERT-daily] Tageszusammenfassung - 25.09.2017
Daily end-of-shift report
team at cert.at
Mon Sep 25 18:09:46 CEST 2017
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 22-09-2017 18:00 − Montag 25-09-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Securing The Supply Chain Is As Important As Securing The Front Door ∗∗∗
---------------------------------------------
Today most organisations rely on a number of suppliers for providing services to their customers. Supply chain plays a key role within an organisation allowing them to innovate, create new products or services, increase their profitability and compete with other organisations. To be able to do so, organisations need to allow suppliers to connect to their systems/applications and also allow exchange of sensitive information with their suppliers and partners.
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/securing-the-supply-chain-is-as-important-as-securing-the-front-door
∗∗∗ 7% of All Amazon S3 Servers Are Exposed, Explaining Recent Surge of Data Leaks ∗∗∗
---------------------------------------------
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/7-percent-of-all-amazon-s3-servers-are-exposed-explaining-recent-surge-of-data-leaks/
∗∗∗ Krypto-Trojaner RedBoot infiziert MBR und zerstört Dateien ∗∗∗
---------------------------------------------
Eine neue Ransomware treibt ihr Unwesen im Master Boot Record von Windows-PCs. Darüber hinaus verschlüsselt sie auch Dateien – ohne jedoch einen Weg zur Entschüsselung zu bieten.
---------------------------------------------
https://heise.de/-3840923
∗∗∗ CCleaner-Malware: Avast veröffentlicht weitere Analyse-Ergebnisse ∗∗∗
---------------------------------------------
In einem neuen Blogeintrag nennt Avast weitere Details zum Schadcode in CCleaner 5.33.6162. Dazu zählen konkrete Angriffsziele und Infektionszahlen sowie weitere Details zu möglichen Herkunftsländern der Täter.
---------------------------------------------
https://heise.de/-3840809
∗∗∗ Gefälschte Apple-Nachricht: Subscription Confirmation ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte Apple-Nachricht. Darin behaupten sie, dass Empfänger/innen eine teure Anwendung gekauft haben. Sollte das nicht der Fall sein, können sie die Bestellung auf einer Website stornieren. Apple-Kund/innen, die den angeblichen Einkauf rückgängig machen wollen, übermitteln ihre Kreditkartendaten an Betrüger/innen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-apple-nachricht-subscription-confirmation/
∗∗∗ A Historical Perspective on IT & OT Convergence ∗∗∗
---------------------------------------------
Hello IIoT World readers, and thanks for engaging with my column. Over the course of the next few months, I plan to write on a number of topics that are, individually, highly relevant to the IIoT Security realm. Perhaps more importantly, many of these topics can be viewed as being all inter-related in a way that describes some of the things Continue ReadingThe post A Historical Perspective on IT & OT Convergence appeared first on Create a culture of innovation with IIoT World!.
---------------------------------------------
http://iiot-world.com/cybersecurity/a-historical-perspective-on-it-ot-convergence/
∗∗∗ The Ethics of Running a Data Breach Search Service ∗∗∗
---------------------------------------------
No matter how much anyone tries to sugar coat it, a service like Have I been pwned (HIBP) which deals with billions of records hacked out of other peoples systems is always going to sit in a grey area. There are degrees, of course; at one end of the spectrum [...]
---------------------------------------------
https://www.troyhunt.com/the-ethics-of-running-a-data-breach-search-service/
=====================
= Advisories =
=====================
∗∗∗ Authentication Bypass Vulnerability in Citrix NetScaler ADC and NetScaler Gateway Management Interface ∗∗∗
---------------------------------------------
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
---------------------------------------------
https://support.citrix.com/article/CTX227928
∗∗∗ IBM Security Bulletin: privilege escalation in IBM Business Process Manager (BPM) – CVE-2017-1539 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007451
∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager Process Center Console (CVE-2017-1531) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007354
∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager Process Admin Console (CVE-2017-1530) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007351
∗∗∗ IBM Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Process Manager (CVE-2017-1527) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22007346
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) – CVE-2017-1425 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006265
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21996096
∗∗∗ Alert for CVE-2017-9805 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
∗∗∗ Apache ActiveMQ vulnerability CVE-2016-6810 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K55444705
∗∗∗ HPESBNS03775 rev.1 - HPE NonStop Samba, Remote Disclosure of Information, Authentication Bypass, Unauthorized Elevation of Privilege ∗∗∗
---------------------------------------------
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list