Tageszusammenfassung - 18.10.2017

End-of-Day report

Timeframe: Dienstag 17-10-2017 18:00 − Mittwoch 18-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a

News

∗∗∗ RSA-Sicherheitslücke: Infineon erzeugt Millionen unsicherer Krypto-Schlüssel ∗∗∗ RSA-Schlüssel von Hardware-Kryptomodulen der Firma Infineon lassen sich knacken. Das betrifft unter anderem Debian-Entwickler, Anbieter qualifizierter Signatursysteme, TPM-Chips in Laptops und estnische Personalausweise.

https://www.golem.de/news/rsa-sicherheitsluecke-infineon-erzeugt-millionen-unsicherer-krypto-schluessel-1710-130691-rss.html ∗∗∗ Browser security beyond sandboxing ∗∗∗ Security is now a strong differentiator in picking the right browser. We all use browsers for day-to-day activities like staying in touch with loved ones, but also for editing sensitive private and corporate documents, and even managing our financial assets. A single compromise through a web browser can have catastrophic results. It doesn’t help that...

https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing/ ∗∗∗ uBlock Origin ad-blocker knocked for blocking hack attack squawking ∗∗∗ Block all the things! No, wait, not the XSS security alerts Top ad-blocking plugin uBlock Origin has come under fire for being a little too eager in its quest to murder nasty stuff on the internet: it prevents browsers from sounding the alarm on hacking attacks.

http://go.theregister.com/feed/www.theregister.co.uk/2017/10/17/ublock_origin_csp_reports/ ∗∗∗ Hancitor malspam uses DDE attack ∗∗∗ Malicious spam (malspam) pushing Hancitor malware (also known as Chanitor or Tordal) changed tactics on Monday 2017-10-16. Instead of pushing Microsoft Word documents with malicious macros, this malspam began pushing Word documents taking advantage of Microsofts Dynamic Data Exchange (DDE) technique.

https://isc.sans.edu/diary/22936 ∗∗∗ Klage wegen Urheberrechtsverletzung verbreitet Schadsoftware ∗∗∗ In erfundenen Schreiben behaupten unbekannte Absender/innen, dass Empfänger/innen eine Urheberrechtsverletzung begangen haben und deshalb verklagt werden. Für weiterführende Informationen dazu sollen Adressat/innen eine ZIP-Datei herunterladen. Sie verbirgt Schadsoftware und darf nicht geöffnet werden.

https://www.watchlist-internet.at/schadsoftware/klage-wegen-urheberrechtsverletzung-verbreitet-schadsoftware/

Vulnerabilities

∗∗∗ HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data ∗∗∗ A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data.

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us ∗∗∗ Progea Movicon SCADA/HMI ∗∗∗

https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01 ∗∗∗ IC3 Issues Alert on IoT Devices ∗∗∗

https://www.us-cert.gov/ncas/current-activity/2017/10/17/IC3-Issues-Alert-IoT-Devices ∗∗∗ Huawei Security Advisories ∗∗∗

http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM Connections Portlets For WebSphere Portal (CVE-2015-0254) ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22006285 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2017-3735) ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=isg3T1025909 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+ ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22009532 ∗∗∗ JSA10826 - 2017-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 17.1R1 release ∗∗∗

http://kb.juniper.net/InfoCenter/index/content&id=JSA10826&actp=RSS ∗∗∗ Critical Patch Update - October 2017 ∗∗∗

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ Solaris Third Party Bulletin - October 2017 ∗∗∗

http://www.oracle.com/technetwork/topics/security/bulletinoct2017-3958668.html ∗∗∗ Oracle Linux Bulletin - October 2017 ∗∗∗

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2017-4005894.html ∗∗∗ Oracle VM Server for x86 Bulletin - October 2017 ∗∗∗

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2017-4005895.html ∗∗∗ Multiple vulnerabilities in Linksys E-series products ∗∗∗

https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-linksys-e-series-products/index.html ∗∗∗ Multiple vulnerabilities in Afian AB FileRun ∗∗∗

https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-afian-ab-filerun/index.html ∗∗∗ SSA-523365 (Last Update 2017-10-18): Vulnerability in SIMATIC PCS 7 ∗∗∗

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-523365.pdf