[CERT-daily] Tageszusammenfassung - 16.02.2018

Daily end-of-shift report team at cert.at
Fri Feb 16 18:58:40 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 15-02-2018 18:00 − Freitag 16-02-2018 18:00
Handler:     n/a
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ New Saturn Ransomware Actively Infecting Victims ∗∗∗
---------------------------------------------
A new ransomware was discovered this week by MalwareHunterTeam called Saturn. This ransomware will encrypt the files on a computer and then append the .saturn extension to the files name. At this time it is not known how Saturn Ransomware is being distributed.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-saturn-ransomware-actively-infecting-victims/


∗∗∗ Using the Chrome Task Manager to Find In-Browser Miners ∗∗∗
---------------------------------------------
The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/using-the-chrome-task-manager-to-find-in-browser-miners/


∗∗∗ Behörden ignorieren Sicherheitsbedenken gegenüber Windows 10 ∗∗∗
---------------------------------------------
Deutsche Behörden kaufen fleißig Software bei Microsoft. Dabei gibt es erhebliche Sicherheitsbedenken, die das US-Unternehmen wohl immer noch nicht ausräumen konnte. Unklar ist etwa, welche Daten an den Konzern fließen.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Behoerden-ignorieren-Sicherheitsbedenken-gegenueber-Windows-10-3971133.html


∗∗∗ Infizierte Heimrouter: Satori-Botnetz legt stark zu ∗∗∗
---------------------------------------------
Der Mirai-Nachfolger Satori infiziert immer mehr Heimrouter und IoT-Geräte. Die zugrundeliegenden Sicherheitslücken werden von den Herstellern oft ignoriert. In der Zwischenzeit schürfen die Angreifer munter Kryptogeld.
---------------------------------------------
https://www.heise.de/meldung/Infizierte-Heimrouter-Satori-Botnetz-legt-stark-zu-3971813.html


∗∗∗ Oracle WebLogic Server Flaw Exploited to Deliver Crypto-Miners ∗∗∗
---------------------------------------------
Threat actors are exploiting a recently patched vulnerability in Oracle WebLogic Server to infect systems with crypto-currency mining malware, FireEye reports.
---------------------------------------------
https://www.securityweek.com/oracle-weblogic-server-flaw-exploited-deliver-crypto-miners



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Nortek Linear eMerge E3 Series ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a command injection vulnerability in the Nortek Linear eMerge E3 Series.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-01


∗∗∗ GE D60 Line Distance Relay ∗∗∗
---------------------------------------------
This advisory contains mitigation details for stack-based buffer overflow and improper restriction of operations within the bounds of a memory buffer vulnerabilities in GE’s D60 Line Distance Relay.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02


∗∗∗ Schneider Electric IGSS Mobile ∗∗∗
---------------------------------------------
This advisory contains mitigation details for Improper certificate validation and plaintext storage of a password vulnerabilities in the Schneider Electric IGSS Mobile products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03


∗∗∗ Schneider Electric StruxureOn Gateway ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an unrestricted upload of file with dangerous type vulnerability in Schneider Electrics StruxureOn Gateway software management platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-04


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (quagga), Mageia (freetype2, kernel-linus, and kernel-tmb), openSUSE (chromium, GraphicsMagick, mupdf, openssl-steam, and xen), Slackware (irssi), SUSE (glibc and quagga), and Ubuntu (quagga).
---------------------------------------------
https://lwn.net/Articles/747439/rss


∗∗∗ 2018-01-06 (updated 2018-02-16): Cyber Security Notification - Meltdown & Spectre ∗∗∗
---------------------------------------------
http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A8219&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ DFN-CERT-2018-0320: Quagga: Mehrere Schwachstellen ermöglichen u.a. einen Distributed-Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0320/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027118


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013416


∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Host On-Demand ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012447


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Maximo Asset Management (CVE-2017-5662) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008816

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list