[CERT-daily] Tageszusammenfassung - 06.06.2018

Wed Jun 6 18:16:33 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 05-06-2018 18:00 − Mittwoch 06-06-2018 18:00
Handler:     Olaf Schwarz
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sofacy Group’s Parallel Attacks ∗∗∗
---------------------------------------------
Unit 42’s continued look at the Sofacy Group’s activity reveals the persistent targeting of government, diplomatic and other strategic organizations across North America and Europe.The post Sofacy Group’s Parallel Attacks appeared first on Palo Alto Networks Blog.
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/


∗∗∗ Converting PCAP Web Traffic to Apache Log ∗∗∗
---------------------------------------------
PCAP data can be really useful when you must investigate an incident but when the amount of PCAP files to analyse is counted in gigabytes, it may quickly become tricky to handle. Often, the first protocol to be analysed is HTTP because it remains a classic infection or communication vector used by malware. What if you could analyze HTTP connections like an Apache access log? This kind of log can be easily indexed/processed by many tools.
---------------------------------------------
https://isc.sans.edu/diary/rss/23739


∗∗∗ Researchers warn widespread Google Group misconfigurations are exposing sensitive data ∗∗∗
---------------------------------------------
A survey of 2.5 million domains looked for configurations publicly exposed, found 9,637 exposed organizations, then used a random sample of 171 public organizations to determine nearly 3,000 domains were leaking sensitive data.
---------------------------------------------
https://www.scmagazine.com/researchers-find-widespread-google-group-misconfigurations-exposing-sensitive-data/article/771144/


∗∗∗ VPNFilter Update - VPNFilter exploits endpoints, targets new devices ∗∗∗
---------------------------------------------
Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints.
---------------------------------------------
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html


∗∗∗ Schwachstelle Zip Slip: Beim Entpacken ist Schadcode inklusive ∗∗∗
---------------------------------------------
Viele Coding-Bibliotheken sind beim Entpacken von Archiven angreifbar. Ist eine Attacke erfolgreich, könnte Schadcode auf Computer gelangen.
---------------------------------------------
http://heise.de/-4070792


∗∗∗ Warnung vor anenberg.store ∗∗∗
---------------------------------------------
Auf anenberg.store finden Konsument/innen Grafikkarten und Krypto-Miner. Wir raten von einem Einkauf bei dem Anbieter ab, denn er zeigt Auffälligkeiten. Internet-Nutzer/innen warnen vor einer Bestellung, die Preise sind teilweise sehr niedrig und die Bezahlung der Ware ist nur im Voraus möglich.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-anenbergstore/


∗∗∗ Markenfälscher-Alarm auf backpacks.at! ∗∗∗
---------------------------------------------
Auf backpacks.at finden KonsumentInnen Schuhe und Taschen von Marken wie Michael Kors, Tamaris, Buffalo oder Ralph Lauren. Die Preise sind extrem niedrig und sollen zu einem schnellen Kauf verlocken. Die .at-Domain lässt zwar ein österreichisches Unternehmen vermuten, doch eigentlich wird der Shop aus Asien betrieben, gelieferte Ware entspricht nicht der Bestellten und ein Widerruf ist aussichtslos.
---------------------------------------------
https://www.watchlist-internet.at/news/markenfaelscher-alarm-auf-backpacksat/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (git), Fedora (php-symfony, php-symfony4, and thunderbird-enigmail), Mageia (glpi and libreoffice), openSUSE (dpdk-thunderxdpdk, git, and ocaml), SUSE (glibc, libvorbis, and zziplib), and Ubuntu (elfutils, git, and procps).
---------------------------------------------
https://lwn.net/Articles/756761/


∗∗∗ Philips IntelliVue Patient and Avalon Fetal Monitors ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01


∗∗∗ ABB IP Gateway ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-156-01


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016280


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-2602) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016679


∗∗∗ IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect (Tivoli Storage Manager) Windows and Macintosh Client (CVE-2018-2603, CVE-2018-2633) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016042


∗∗∗ IBM Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Spectrum Protect Plus (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016826


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability ( CVE-2017-3736) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016116

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily