[CERT-daily] Tageszusammenfassung - 07.06.2018
Daily end-of-shift report
team at cert.at
Thu Jun 7 18:42:22 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 06-06-2018 18:00 − Donnerstag 07-06-2018 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Prowli Malware Targeting Servers, Routers, and IoT Devices ∗∗∗
---------------------------------------------
After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli, the campaign has been spreading malware and injecting malicious code ...
---------------------------------------------
https://thehackernews.com/2018/06/prowli-malware-botnet.html
∗∗∗ Crappy IoT on the high seas: Holes punched in hull of maritime security ∗∗∗
---------------------------------------------
Researchers: We can nudge ships off course Infosec Europe Years-old security issues mostly stamped out in enterprise technology remain in maritime environments, leaving ships vulnerable to hacking, tracking, and worse.
---------------------------------------------
https://www.theregister.co.uk/2018/06/06/infosec_europe_maritime_security/
∗∗∗ Cyber Europe 2018 – Get prepared for the next cyber crisis ∗∗∗
---------------------------------------------
EU Cybersecurity Agency ENISA organised an international cybersecurity exercise
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2018-get-prepared-for-the-next-cyber-crisis
∗∗∗ Retefe check ∗∗∗
---------------------------------------------
Check if your computer is infected with the Retefe banking trojan.
---------------------------------------------
http://retefe-check.ch/
∗∗∗ A Totally Tubular Treatise on TRITON and TriStation ∗∗∗
---------------------------------------------
Introduction In December 2017, FireEyes Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For both INDUSTROYER and TRITON, the attackers moved from the IT network to the OT (operational technology) network through systems that were accessible to both environments.
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-triton-and-tristation.html
∗∗∗ Sicherheitsupdates: Kritische Lücken in Cisco IOS und Prime ∗∗∗
---------------------------------------------
In verschiedenen Netzwerkgeräten und -Software von Cisco klaffen teils kritische Lücken. Betroffene Admins sollten die verfügbaren Patches zügig installieren.
---------------------------------------------
http://heise.de/-4072861
=====================
= Vulnerabilities =
=====================
∗∗∗ "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar ∗∗∗
---------------------------------------------
"Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar 7. Juni 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-5002 Adobe hat ein entsprechendes Update veröffentlicht, die Details befinden sich unter https://helpx.adobe.com/security/products/flash-player/apsb18-19.html.
---------------------------------------------
http://www.cert.at/warnings/all/20180607.html
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (memcached), Fedora (java-1.8.0-openjdk-aarch32, sqlite, and xen), Mageia (corosync, gimp, qtpass, and SDL_image), openSUSE (zziplib), Slackware (mozilla), SUSE (git and libvorbis), and Ubuntu (liblouis).
---------------------------------------------
https://lwn.net/Articles/756853/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633, CVE-2018-2783) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016041
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016028
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities have been fixed in IBM Security Identity Manager ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013617
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22015304
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list