Tageszusammenfassung - Dienstag 24-01-2017

End-of-Shift report

Timeframe: Montag 23-01-2017 18:00 − Dienstag 24-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a

Java: Das Ende von MD5 und SHA-1 naht

Oracle hat angekündigt, dass mit seinem nächsten Quartalsupdate MD5 für die Signatur von JAR-Paketen ausgemustert wird. Ebenso soll das JDK nur noch in Ausnahmen SHA-1-Zertifikate anerkennen.

https://heise.de/-3606356

Elga ist laut Experten leicht zu hacken

Personal braucht für Zugriff nur ein Passwort. Das sei zu wenig, warnt ein Fachmann.

https://kurier.at/chronik%2Foesterreich/elga-ist-laut-experten-leicht-zu-hacken/242.796.533

Sicherheitsupdate: Apple patcht Root-Exploits für fast alle Plattformen

Apple hat umfangreiche Sicherheitsupdates für alle Plattformen herausgegeben. Ein Root-Exploit im Kernel betrifft zahlreiche Geräte, darüber hinaus gibt es viele Fehler in Webkit und in verschiedenen Bibliotheken.

http://www.golem.de/news/sicherheitsupdate-apple-patcht-root-exploits-fuer-fast-alle-plattformen-1701-125773-rss.html

Charger mobile ransomware steals contacts and SMS messages

Check Point's mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger. Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user's device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment. Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and...

https://www.helpnetsecurity.com/2017/01/24/charger-mobile-ransomware/

Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution

TL;DR: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target users system.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1096

Microsoft Reveals Windows Defender Security Center Scheduled for Creators Update

The Windows 10 Creators Update scheduled for launch later this year will include an upgrade of the default Windows Defender antivirus, which will feature a new settings panel named the Windows Defender Security Center. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-windows-defender-security-center-scheduled-for-creators-update/

Furby Rickroll demo: what fresh hell is this?

Toy-makers, please quit this rubbish, youre NO GOOD at security Heres your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes.

http://go.theregister.com/feed/www.theregister.co.uk/2017/01/24/furby_rickroll_demo_what_fresh_hell_is_this/

HummingBad Android Malware Found in 20 Google Play Store Apps

HummingBad, an Android malware estimated to have touched over 85 million devices worldwide, was recently found in 46 new applications, 20 of which had even made their way into the official Play Store, passing Googles security checks. [...]

https://www.bleepingcomputer.com/news/security/hummingbad-android-malware-found-in-20-google-play-store-apps/

Advice to a New SCADA Engineer

Target Audience As I have come in contact with those new to industrial control systems - whether they be supervisor control and data acquisition (SCADA) systems, building automation, process automation, or what not - I have come to the conclusion that whether the individual is trade school educated or college educated, they are not prepared...

http://resources.infosecinstitute.com/advice-to-a-new-scada-engineer/

How to Have Fun With IPv6 Fragments and Scapy, (Mon, Jan 23rd)

I may extend this with a second entry later this week. But as so often, I found myself on a long flight with some time on my hands, and since the IETF just released a new RFC regarding IPv6 atomic fragments, I figured I will play a bit with scapy to kill time. [1] And well, this also makes good material for my IPv6 class [2]. This is supposed to entice you to play and experiment. Let me know if you find anything neat. Fragmentation is a necessary evil of packet networking. Packets will...

https://isc.sans.edu/diary.html?storyid=21963&rss

Gefälschte A1 Online-Rechnung verbirgt Schadsoftware

Kriminelle versenden eine gefälschte A1 Online-Rechnung. Darin nennen sie ein hohes Verbindungsentgelt und das verbrauchte Datenvolumen. Der Nachricht ist die Datei "rechnung_1.zip" beigefügt. Sie verbirgt Schadsoftware.

https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-online-rechnung-verbirgt-schadsoftware/

Ein Jahr alte Root-Schwachstelle in Systemd aufgetaucht

Die Entwickler des Init-Systems Systemd haben im vergangenen Jahr eine Lücke geschlossen, über die ein Angreifer Root-Rechte erlangen kann. Allerdings wurde diese Lücke zuerst unterschätzt und blieb unbeachtet.

https://heise.de/-3606599

Vuln: LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/95705

EMC Avamar Data Store and Avamar Virtual Edition File Ownership Error Lets Local Users Obtain Root Privileges

http://www.securitytracker.com/id/1037667

RSA Security Analytics Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks

http://www.securitytracker.com/id/1037666

DFN-CERT-2017-0137: Apache Software Foundation Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0137/

Security Advisory 2017-01: Security Update for OTRS Business Solution

January 24, 2017 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability.

https://www.otrs.com/security-advisory-2017-01-security-update-otrs-business-solution/

DFN-CERT-2017-0136: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. eine Privilegieneskalation

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0136/

Forthcoming OpenSSL releases

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2k, 1.1.0d. These releases will be made available on 26th January 2017 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity "moderate".

https://mta.openssl.org/pipermail/openssl-announce/2017-January/000091.html