End-of-Shift report
Timeframe: Donnerstag 09-03-2017 18:00 − Freitag 10-03-2017 18:00
Handler: Olaf Schwarz
Co-Handler: Stephan Richter
After CIA leak, Intel Security releases detection tool for EFI rootkits
Intel Security has released a tool that allows users to check if their computers low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apples Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from...
http://www.cio.com/article/3179345/security/after-cia-leak-intel-security-releases-detection-tool-for-efi-rootkits.html#tk.rss_security
Over a Third of Websites Use Outdated and Vulnerable JavaScript Libraries
More than a third of the websites you visit online may include an outdated JavaScript library thats vulnerable to one or more security flaws. [...]
https://www.bleepingcomputer.com/news/security/over-a-third-of-websites-use-outdated-and-vulnerable-javascript-libraries/
Middle East Government organizations hit with RanRan Ransomware
Palo Alto Networks discovered a new strain of ransomware, dubbed RanRan ransomware, that has been used in targeted attacks in Middle East. Malware researchers at Palo Alto Networks have spotted a new strain of ransomware, dubbed RanRan, that has been used in targeted attacks against government organizations in the Middle East.
http://securityaffairs.co/wordpress/57031/malware/ranran-ransomware.html
Sicherheit: Tails 2.11 und 3.0 Beta2 freigegeben
Nur zwei Tage auseinander liegen die Veröffentlichungen von Tails 2.11 und 3.0 Beta. Während 2.11 eine der letzten Aktualisierungen der Distribution auf der Basis von Debian 8 "Jessie" ist, wird Tails 3.0 bei seinem Erscheinen im Juni auf Debian 9 "Stretch" setzen.
https://www.golem.de/news/sicherheit-tails-2-11-und-3-0-beta2-freigegeben-1703-126648-rss.html
Firefox stellt Support für Windows XP und Vista ein
Die aktuelle Version 52 des Browsers ist die letzte, die die veralteten Windows-Betriebsysteme unterstützt.
https://futurezone.at/produkte/firefox-stellt-support-fuer-windows-xp-und-vista-ein/251.025.949
How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation
The Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation. PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to...
https://thehackernews.com/2017/03/decrypt-pgp-encryption.html
Why the SHA-1 collision means you should stop using the algorithm
Realistically speaking, if your software or system uses the SHA-1 hashing algorithm, it is unlikely that it will be exploited in the foreseeable future. But it is also extremely difficult to be certain that your system wont be the exception.
https://www.virusbulletin.com:443/blog/2017/03/why-sha-1-collision-means-you-should-stop-using-algorithm/
CryptoBlock ransomware and its C2
CryptoBlock is an interesting ransomware to keep an eye on. We expect this to be a ransomware that is in development to eventually develop into a RaaS (Ransomware as a Service).Categories: MalwareThreat analysisTags: CryptoBlockraasransomwareRansomware as a Servicevirustotal(Read more...)
https://blog.malwarebytes.com/threat-analysis/2017/03/cryptoblock-and-its-c2/
DSA-3806 pidgin - security update
It was discovered a vulnerability in Pidgin, a multi-protocol instantmessaging client. A server controlled by an attacker can send an invalidXML that can trigger an out-of-bound memory access. This might lead to acrash or, in some extreme cases, to remote code execution in theclient-side.
https://www.debian.org/security/2017/dsa-3806
Schneider Electric ClearSCADA
This advisory contains mitigation details for an input validation vulnerability in Schneider Electrics ClearSCADA.
https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01
Security Advisory: Apache Struts 2 vulnerability CVE-2017-5638
https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43451236.html?ref=rss
NetIQ Privileged User Manager 2.4.1 HF2 (2.4.1-2)
Abstract: NetIQ Privileged User Manager 2.4.1 Hot Fix 2 (2.4.1.2). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release does not contain new features.Document ID: 5276651Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:netiq-npum-packages-2.4.1-2.tar.gz (139.85 MB)Products:Privileged User Manager 2.4.1Superceded Patches:PUM2.4.1HF...
https://download.novell.com/Download?buildid=88wYDI-5uRA~
VMware Workstation update addresses multiple security issues
a. VMware Workstation DLL loading vulnerability
b. VMware Workstation SVGA driver vulnerability
c. VMware Workstation NULL pointer dereference vulnerability
https://www.vmware.com/security/advisories/VMSA-2017-0003.html
Vuln: F-Secure Anti-Virus CVE-2017-6466 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/96784
IBM Security Bulletin: Vulnerabilities in Nagios Core affect IBM Pure Power Integrated Manager (PPIM) (CVE-2016-9565, CVE-2016-9566)
http://www.ibm.com/support/docview.wss?uid=isg3T1024796
IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735)
http://www-01.ibm.com/support/docview.wss?uid=swg21997359
IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735)
http://www-01.ibm.com/support/docview.wss?uid=swg21997358