End-of-Shift report
Timeframe: Freitag 03-03-2017 18:00 − Montag 06-03-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
25 Jahre Michelangelo: Der Tag der großen Virenpanik
Am 6. März 1992 hielt die Welt den Atem an. An diesem Tag sollte der Michelangelo-Virus Tausende, wenn nicht gar Millionen Festplatten löschen. Zum 25. Jahrestag beleuchtet c't die Geschichte des berüchtigten Virus.
https://heise.de/-3643630
Attacking machine learning with adversarial examples
Conclusion Adversarial examples show that many modern machine learning algorithms can be broken in surprising ways. These failures of machine learning demonstrate that even simple algorithms can behave very differently from what their designers intend. We encourage machine learning researchers to get involved and design methods for preventing adversarial examples, in order to close this gap between what designers intend and how algorithms behave. If youre interested in working on adversarial...
https://openai.com/blog/adversarial-example-research/
Lets Act Now to Prevent Hacking of the Power Grid
Standards, guidelines and exercises have bolstered the security of high-voltage networks but little has been done to protect the low-voltage systems that power our homes and workplaces.
http://europe.newsweek.com/lets-act-now-prevent-hacking-power-grid-563609
DFIR Tools
Over 600 DFIR tools in an online searchable database.
http://www.dfir.training/index.php/tools/advanced-search
Uber Uses Ubiquitous Surveillance to Identify and Block Regulators
The New York Times reports that Uber developed apps that identified and blocked government regulators using the app to find evidence of illegal behavior:Yet using its app to identify and sidestep authorities in places where regulators said the company was breaking the law goes further in skirting ethical lines -- and potentially legal ones, too. Inside Uber, some of those who knew about the VTOS program and how the Greyball tool was being used were troubled by it.[...]One method involved...
https://www.schneier.com/blog/archives/2017/03/uber_uses_ubiqu.html
Western Digital My Cloud: NAS-Gerät macht jeden zum Admin
Western Digital hat in der Hackerszene nicht den Ruf, Schwachstellen schnell zu beheben. Sicherheitslücken, die den Login-Vorgang und die Ausführung von Code betreffen, wurden daher ohne Responsible Disclosure veröffentlicht - damit die Nutzer handeln können.
https://www.golem.de/news/western-digital-my-cloud-nas-geraet-macht-jeden-zum-admin-1703-126550-rss.html
Nextcloud-Scan: Security-Prüfung für Cloud-Speicher
Zwei Drittel der öffentlich erreichbaren Installation von ownCloud oder dessen Fork Nextcloud sind angreifbar. Ob die eigene Instanz betroffen ist, können Anwender auf einer Website überprüfen.
https://heise.de/-3645045
MMD-0062-2017 - Credential harvesting by SSH Direct TCP Forward attack via IoT botnet
In this post there is no malicious software/malware analyzed, but this is one of the impact of the malware infected IoT devices caused by weak credentials are described indirectly. The only malicious aspect written in the post is the individual(s) involved and participate to these attacks, and, well, I personally do not think the tool used is also malicious too since. in a way, it is very useful for UNIX networking and development.
http://blog.malwaremustdie.org/2017/02/mmd-0062-2017-ssh-direct-tcp-forward-attack.html
Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170306-01-smartphone-en
Vuln: EPSON TMNet WebConfig CVE-2017-6443 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/96556
Vuln: FreeIPA CVE-2017-2590 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/96557
[R3] SecurityCenter 5.4.4 Fixes File Upload unserialize() Function PHP Object Handling Remote File Deletion
Advisory Timeline
2017-02-17 - [R1] Initial Release
2017-02-28 - [R2] Adjust CVSS for worst-case scenario (AV:A -> AV:N)
2017-03-03 - [R3] Add SC upgrade information
https://www.tenable.com/security/tns-2017-05
Vuln: Piwik Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/96567
keepassxc / zxcvbn-c One byte stack buffer overflow
Topic: keepassxc / zxcvbn-c One byte stack buffer overflow Risk: High Text:Hi, I recently reported a one byte buffer overflow in keepassxc [1] [2]. Its a pretty typical C bug: An array supposed to ...
https://cxsecurity.com/issue/WLB-2017030044
DSA-3802 zabbix - security update
An SQL injection vulnerability has been discovered in the Latest datapage of the web frontend of the Zabbix network monitoring system
https://www.debian.org/security/2017/dsa-3802
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in OpenSource GNU C library affects IBM Netezza Host Management (CVE-2015-8776)
http://www-01.ibm.com/support/docview.wss?uid=swg21997242
IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the libgcrypt library (CVE-2016-6313)
http://www.ibm.com/support/docview.wss?uid=swg21999613
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-2177, CVE-2016-6306, CVE-2016-2183)
http://www-01.ibm.com/support/docview.wss?uid=swg21999357
IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in OpenLDAP (CVE-2015-6908)
http://www-01.ibm.com/support/docview.wss?uid=swg21999615
IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5986)
http://www-01.ibm.com/support/docview.wss?uid=swg21999614
IBM Security Bulletin: IBM WebSphere Commerce admin utilities could lead to disclosure of user personal data (CVE-2016-5894)
http://www.ibm.com/support/docview.wss?uid=swg21997408