Tageszusammenfassung - Freitag 3-03-2017

End-of-Shift report

Timeframe: Donnerstag 02-03-2017 18:00 − Freitag 03-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a

WhatsApp - Unsicher trotz Verschlüsselung

Die Einführung der Ende-zu-Ende-Verschlüsselung wurde von WhatsApp-Nutzern und Datenschützern sehr begrüßt. Dass es hierbei aber dennoch zu erheblichen Sicherheitsproblemen kommt, haben nun Forscher des Fraunhofer-Instituts für Angewandte und Integrierte Sicherheit AISEC herausgefunden. Betroffen sind vor allem Android-Nutzer.

https://www.aisec.fraunhofer.de/de/presse-und-veranstaltungen/presse/pressemitteilungen/2017/whatsapp.html

Undocumented Backdoor Account in DBLTek GoIP

Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in...

https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/

Command Input Typo Caused Massive AWS S3 Outage

In a postmortem status report, Amazon blamed a command input typo for the massive AWS S3 outage that took out a large chunk of the Internet three days ago. [...]

https://www.bleepingcomputer.com/news/hardware/command-input-typo-caused-massive-aws-s3-outage/

Malware Retrieves PowerShell Scripts from DNS Records

Malware researchers have come across a new Remote Access Trojan (RAT) that uses a novel technique to evade detection on corporate networks by fetching malicious PowerShell commands stored inside a domains DNS TXT records. [...]

https://www.bleepingcomputer.com/news/security/malware-retrieves-powershell-scripts-from-dns-records/

January-February 2017

The NCCIC/ICS-CERT Monitor for January/February 2017 is a summary of ICS-CERT activities for the previous two months.

https://ics-cert.us-cert.gov/monitors/ICS-MM201702

Lernkurve mit neuem Feed

Wir sammeln aus vielen Quellen Informationen zu Infektionen und anderen Sicherheitsproblemen im österreichischen Internet und geben diese an die Netzbetreiber weiter. Details dazu stehen in unserem Jahresbericht. Kürzlich haben wir eine neuen Anbieter in unser Portfolio aufgenommen, der unser Lagebild zu Infektionen verbessern sollte. Seit vorgestern verteilen wir Daten aus dieser Quelle. Wir bekamen von einigen Seiten Feedback, dass hier was...

http://www.cert.at/services/blog/20170303152402-1946.html

IDM 4.5 SAP HR Driver Version 4.0.1.0

Abstract: Patch update for the Identity Manager SAP HR driver with the SAP JCO version 3. This patch will take the driver version to 4.0.1.0. You must have IDM 4.5 with SP2 or later to use this driver. You should only use this if you are using SAP JCO3. It will not work with SAP JCO2. NetIQ/MicroFocus recommends that users of SAP JCO2 transition to SAP JCO3 and use the IDM SAP HR driver for JCO3. Beginning with IDM 4.0 JCO2 is no longer supported.Document ID: 5258492Security Alert:

https://download.novell.com/Download?buildid=KbKm3O1mw4M~

VMSA-2017-0002

Horizon DaaS update addresses an insecure data validation issue

https://www.vmware.com/security/advisories/VMSA-2017-0002.html

Vuln: Rapid7 Insight Collector CVE-2017-5234 DLL Loading Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/96545

IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in Network Security Services (NSS) (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)

http://www.ibm.com/support/docview.wss?uid=swg21998918

Eaton xComfort Ethernet Communication Interface

This advisory contains mitigation details for an improper access controls vulnerability in the Eaton xComfort Ethernet Communication Interface.

https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01

Schneider Electric Conext ComBox

This advisory contains mitigation details for a resource exhaustion vulnerability in Schneider Electric's Conext ComBox solar battery monitor.

https://ics-cert.us-cert.gov/advisories/ICSA-17-061-02