Tageszusammenfassung - Montag 27-02-2017

End-of-Shift report

Timeframe: Freitag 24-02-2017 18:00 − Montag 27-02-2017 18:00 Handler: Stephan Richter Co-Handler: n/a

Project Zero: Erneut ungepatchter Microsoft-Bug veröffentlicht

Project Zero meint es ernst: Zum dritten Mal innerhalb weniger Monate gibt es einen Bugreport ohne Patch von Microsoft. Dieses Mal handelt es sich um einen Type-Confusion-Fehler in Internet Explorer und Edge.

https://www.golem.de/news/project-zero-erneut-ungepatchter-microsoft-bug-veroeffentlicht-1702-126423-rss.html

DFN-CERT-2017-0348: Microsoft Internet Explorer, Microsoft Edge: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes

Ein entfernter, nicht authentifizierter Angreifer, welcher einen Benutzer zum Besuch einer bösartig manipulierten Webseite verleiten kann, kann die Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Zustand zu bewirken oder beliebigen Programmcode zur Ausführung zu bringen. Diese Schwachstelle wird von dem Google Projekt Zero veröffentlicht, da der Zeitraum, der dem Hersteller zum Beheben der Schwachstelle eingeräumt wurde (90 Tage), abgelaufen ist. Ein Sicherheitsupdate steht derzeit noch nicht zur Verfügung. Ein Proof-of-Concept zur Ausnutzung der Schwachstelle ist ebenfalls verfügbar.

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0348/

Cloudflare data leak...what does it mean to me?, (Fri, Feb 24th)

The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is that in raresituations, a bug in Cloudflares edge servers could be triggered, which would cause a buffer overrun to occur. When these buffer overruns occurred, random data would be returned in the replies from the Cloudflare servers. This data would be data from any of Cloudflares customer...

https://isc.sans.edu/diary.html?storyid=22113&rss

Zahlungsverkehr: Swift verlangt bessere Cyberabwehr

Im Kampf gegen Cyberkriminelle verlangt das Zahlungsverkehrssystem Swift größere Anstrengungen seitens der angeschlossenen Banken.

https://futurezone.at/b2b/zahlungsverkehr-swift-verlangt-bessere-cyberabwehr/248.531.357

DSA-3795 bind9 - security update

It was discovered that a maliciously crafted query can cause ISCsBIND DNS server (named) to crash if both Response Policy Zones (RPZ)and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. Itis uncommon for both of these options to be used in combination, sovery few systems will be affected by this problem in practice.

https://www.debian.org/security/2017/dsa-3795

SHA1 Collision Attack Makes Its First Victim: Subversion Repositories

It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday. [...]

https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-its-first-victim-subversion-repositories/

DSA-3796 apache2 - security update

Several vulnerabilities were discovered in the Apache2 HTTP server.

https://www.debian.org/security/2017/dsa-3796

More on Bluetooth Ingenico Overlay Skimmers

This blog has featured several stories about "overlay" card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. Im revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers.

https://krebsonsecurity.com/2017/02/more-on-bluetooth-ingenico-overlay-skimmers/

Gefälschte Oberbank-Nachricht: Konto gesperrt!

Kund/innen erhalten scheinbar eine E-Mail der Oberbank. Darin heißt es, dass es zu einem nicht autorisierten Zugriff auf ihr Konto gekommen sei. [...] Es handelt sich um einen Phishingversuch!

https://www.watchlist-internet.at/phishing/gefaelschte-oberbank-nachricht-konto-gesperrt/

Cyber extortionists hold MySQL databases for ransom

Ransomware has become cyber crooks' favorite attack methodology for hitting businesses, but not all cyber extortion attempts are effected with this particular type of malware. Since the beginning of the year, we have witnessed attackers compromising databases, exfiltrating data from them, wiping them and then asking for money (0.2 BTC) in order to return the data. They ransacked MongoDB, CouchDB and Hadoop databases, and now they've set MySQL databases in their sights. According to...

https://www.helpnetsecurity.com/2017/02/27/mysql-databases-ransom/

Security products and HTTPS: lets do it better

A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether?

https://www.virusbulletin.com:443/blog/2017/02/security-products-and-https-lets-do-it-better/