End-of-Shift report
Timeframe: Dienstag 07-02-2017 18:00 − Mittwoch 08-02-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
As Valve eradicates serious bug in Steam, here's what you need to know
Steam, an online game platform with more than 125 million active accounts, is in the process of fixing a serious security hole that opens users to hacks that could redirect them to attack sites, spend their market funds, or possibly make malicious changes to their user profiles.
https://arstechnica.com/security/2017/02/as-valve-eradicates-serious-bug-in-steam-heres-what-you-need-to-know/
Fileless attacks against enterprise networks
This threat was originally discovered by a bank's security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim's host to the attacker's C2.
http://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/
Strategies to Mitigate Cyber Security Incidents
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, business email compromise and industrial control systems.
http://www.asd.gov.au/infosec/mitigationstrategies.htm
ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability
An attacker can exploit the vulnerability to bypass authentication and thereby gain administrator privileges.
http://www.securityfocus.com/archive/1/540100
When A Pony Walks Out Of A Pub
Talos has observed a small email campaign leveraging the use of Microsoft Publisher files.
...
Unlike other applications within the Microsoft Office suite, Microsoft Publisher does not support a Protected View mode.
...
The file used in this campaign was aimed at infecting the victim with the, well known, Pony malware
http://blog.talosintel.com/2017/02/pony-pub-files.html
Multiple Vulnerabilities in Trend Micro Control Manager (TMCM) 6.0
CVSS 2.0 Score(s): 4.0 - 6.8
Severity Rating(s): Medium
Trend Micro has released a new build for Trend Micro Conrol Manager 6.0. This build resolves multiple vulnerabilities related to potential remote code execution, directory traversal, SQL injections, and unauthorized access to XML files.
https://success.trendmicro.com/solution/1116624
SAP Security for Beginners Part 5: SAP Risks - Sabotage
Sabotage attacks on SAP systems were promised as a today's topic, so, let's look at potential sabotage vectors.
http://resources.infosecinstitute.com/sap-security-beginners-part-5-sap-risks-sabotage/
Sielco Sistemi Winlog SCADA Software
This advisory contains mitigation details for an uncontrolled search path vulnerability in Sielco Sistemis Winlog SCADA Software.
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
BD Alaris 8000 Insufficiently Protected Credentials Vulnerability
This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an insufficiently protected credentials vulnerability in BD's Alaris 8000 Point of Care unit, which provides a common user interface for programming intravenous infusions.
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01
BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities
This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for protected credentials vulnerabilities in BD's Alaris 8015 Point of Care unit, which provides a common user interface for programming intravenous infusions.
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02
BINOM3 Electric Power Quality Meter (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-17-031-01 BINOM3 Electric Power Quality Meter that was published January 31, 2017, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter.
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
Citrix NetScaler Nonce Generation Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1037795
Huawei Security Advisories
Security Advisory - Buffer Overflow Vulnerability in Emergdata Driver of Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-01-smartphone-en
Security Advisory - Buffer Overflow Vulnerability in Goldeneye Driver of Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-02-smartphone-en
Security Advisory - MITM Vulnerability in Huawei Vmall APP
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-01-vmall-en
Cisco Security Advisories
Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect
Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server
http://www-01.ibm.com/support/docview.wss?uid=swg21995427
IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2016-6055)
http://www.ibm.com/support/docview.wss?uid=swg21995515
IBM Security Bulletin: Vulnerability in Rational Rhapsody Design Manager with potential for Denial of Service attack
http://www.ibm.com/support/docview.wss?uid=swg21997798
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect IBM Mobile Connect as a product bundler
http://www-01.ibm.com/support/docview.wss?uid=swg21989670
IBM Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009543
IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2016-8858, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012)
http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc