[CERT-daily] Tageszusammenfassung - 12.03.2018
Daily end-of-shift report
team at cert.at
Mon Mar 12 18:08:23 CET 2018
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 09-03-2018 18:00 − Montag 12-03-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files ∗∗∗
---------------------------------------------
A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victims files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted files name.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/
∗∗∗ Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers ∗∗∗
---------------------------------------------
Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer).
---------------------------------------------
https://www.bleepingcomputer.com/news/security/coinminer-campaigns-target-redis-apache-solr-and-windows-servers/
∗∗∗ SmartCam: Kritische Sicherheitslücken in Cloud-Anbindung von Samsung-IP-Kameras ∗∗∗
---------------------------------------------
Lücken in der IP-Kamera SNH-V6410PN/PNW ermöglichen es, das Linux darauf zu kapern. Da die Sicherheitslücke in der Cloud-Anbindung liegt, sind wahrscheinlich weitere SmartCam-Modelle betroffen. Der Cloud-Dienst verwaltet die Kameras per Jabber-Server.
---------------------------------------------
https://www.heise.de/security/meldung/SmartCam-Kritische-Sicherheitsluecken-in-Cloud-Anbindung-von-Samsung-IP-Kameras-3990242.html
∗∗∗ TLS 1.3 and Proxies ∗∗∗
---------------------------------------------
I'll generally ignore the internet froth in a given week as much as possible, but when Her Majesty's Government starts repeating misunderstandings about TLS 1.3 it is necessary to write something, if only to have a pointer ready for when people start citing it as evidence.
---------------------------------------------
http://www.imperialviolet.org/2018/03/10/tls13.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Multiple Critical Vulnerabilities in SecurEnvoy SecurMail ∗∗∗
---------------------------------------------
Several vulnerabilities in the SecurEnvoy SecurMail encrypted mail transfer solution allow an attacker to read other users' encrypted e-mails and overwrite or delete e-mails stored in other users' inboxes.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, libreoffice, php, quagga, and ruby), Debian (ming, util-linux, vips, and zsh), Fedora (community-mysql, php, ruby, and transmission), Gentoo (newsbeuter), Mageia (libraw and mbedtls), openSUSE (php7 and python-Django), Red Hat (MRG Realtime 2.5), and SUSE (kernel).
---------------------------------------------
https://lwn.net/Articles/749087/
∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1444) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22014392
∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects MegaRAID Storage Manager (CVE-2016-7055) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099769
∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009613
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013943
∗∗∗ IBM Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1681) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013339
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013818
∗∗∗ IBM Security Bulletin: Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013557
∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011110
∗∗∗ IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012171
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list