Tageszusammenfassung - 02.10.2017

End-of-Day report

Timeframe: Freitag 29-09-2017 18:00 − Montag 02-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a


∗∗∗ The Mobile Forensics Process: Steps & Types ∗∗∗ Introduction: Importance of Mobile Forensics The term "mobile devices" encompasses a wide array of gadgets ranging from mobile phones, smartphones, tablets, and GPS units to wearables and PDAs. What they all have in common is the fact that they can contain a lot of user information. Mobile devices are right in the middle of three[...]

http://resources.infosecinstitute.com/mobile-forensics-process-steps-types/ ∗∗∗ Investigating Security Incidents with Passive DNS, (Mon, Oct 2nd) ∗∗∗ Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that youre trying to reach has already been cleaned. We cannot blame system administrators and webmasters who are just doing their job. If some servers or websites remains compromised for weeks, others are very quickly restored/patched/cleaned to get rid of the malicious content. Its the same for domain names. Domains registered only for malicious [...]

https://isc.sans.edu/diary/rss/22886 ∗∗∗ DNSSEC Key Signing Key Rollover Postponed ∗∗∗ Original release date: September 29, 2017 The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that the change to the Root Zone Key Signing Key (KSK) scheduled for October 11, 2017, has been postponed. A new date for the Key Roll has not yet been determined.DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to [...]

https://www.us-cert.gov/ncas/current-activity/2017/09/29/DNSSEC-Key-Signing-Key-Rollover-Postponed ∗∗∗ European Cyber Security Month: United against Cyber Security Threats ∗∗∗ October 2017 is European Cyber Security Month and this year marks the 5th year anniversary of the European Cyber Security Month campaign.

https://www.enisa.europa.eu/news/enisa-news/european-cyber-security-month-united-against-cyber-security-threats ∗∗∗ Good Analysis = Understanding(tools + logs + normal) ∗∗∗ We had a reader send an email in a couple of weeks ago asking about understanding the flags field when looking at data in a report. He didnt understand what the "flags" were referring to or what the actual flags mean. "They don’t appear related to TCP header flags like I’ve normally seen...S is the most common but I occasionally see RSA, RUS and a few others."



∗∗∗ eDirectory 9.0.4 ∗∗∗ Abstract: This update is being provided to resolve important issues found since the original release of Novell eDirectory 9.0.

https://download.novell.com/Download?buildid=WKnTKcctISw~ ∗∗∗ iManager 3.0.4 ∗∗∗ Abstract: This patch addresses important issues found since the original release of iManager 3.0.

https://download.novell.com/Download?buildid=r_GBmD8A9cU~ ∗∗∗ XSA-245 ARM: Some memory not scrubbed at boot ∗∗∗ Impact: Sensitive information from one domain before a reboot might be visible to another domain after a reboot.

https://xenbits.xen.org/xsa/advisory-245.html ∗∗∗ Vuln: SolarWinds Network Performance Monitor CVE-2017-9538 Denial of Service Vulnerability ∗∗∗

http://www.securityfocus.com/bid/101066 ∗∗∗ DFN-CERT-2017-1723: GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebiger Befehle ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1723/ ∗∗∗ IBM Security Bulletins ∗∗∗

https://www.ibm.com/blogs/psirt/ ∗∗∗ SSA-535640 (Last Update 2017-10-02): Vulnerability in Industrial Products ∗∗∗

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf ∗∗∗ HPESBMU03753 rev.2 - HPE System Management Homepage for Windows and Linux, Multiple Remote Vulnerabilities ∗∗∗
