End-of-Shift report
Timeframe: Dienstag 14-03-2017 18:00 − Mittwoch 15-03-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
Sicherheitsupdates: Microsoft veranstaltet zwei Patchdays an einem Tag
Im März holt Microsoft den aus unbekannten Gründen verschobenen Patchday aus dem Februar nach, stellt zudem die Patches für den aktuellen Monat bereit und schließt insgesamt 140 Sicherheitslücken.
https://heise.de/-3653806
March 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month's security updates can be found on the Security Update Guide. Security bulletins were also published this month to give customers extra time to ensure they are...
https://blogs.technet.microsoft.com/msrc/2017/03/14/march-2017-security-update-release/
Propaganda auf Twitter
Der echte Groundhog Day ist noch nicht lange her, und manchmal kommt es einem so vor, als wäre im Internet jeden Tag "Groundhog Day": manche Sachen wiederholen sich einfach viel zu oft.Aktuell geht es um missbrauchte Twitter-Accounts. Das hatte wir schon im November: twittercounter.com hatte ein Problem, und schon werden Tweets unter falschem Namen verteilt. Das gleiche ist gerade wieder passiert...
http://www.cert.at/services/blog/20170315114231-1952.html
Patchday: Adobe umsorgt Flash und Shockwave Player
Wie gewohnt flickt Adobe den Flash Player - darüber hinaus bekommt diesen Monat auch der Shockwave Player ein Sicherheitsupdate serviert.
https://heise.de/-3653924
Citrix XenServer Multiple Security Updates
Two security issues have been identified within Citrix XenServer. These issues could, if exploited, allow the administrator ...
https://support.citrix.com/article/CTX220771
VMware Workstation and Fusion Memory Access Error in Drag and Drop Function Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1038025
DNSSEC-Schlüsseltausch 2017: ICANN setzt Testseite für Resolver auf
Sollte es Angreifern gelingen, einen DNSSEC-Schlüssel zu knacken, können sie glaubwürdig aussehende, aber falsche DNS-Replys verbreiten. Deshalb müssen Schlüssel ab und zu gewechselt werden. Bei der Root-Zone ist das eine heikle Sache.
https://www.heise.de/newsticker/meldung/DNSSEC-Schluesseltausch-2017-ICANN-setzt-Testseite-fuer-Resolver-auf-3653644.html
Petya ransomware returns, wrapped in extra VX nastiness
PetrWrap tries to blame its predecessor for attacks Researchers have spotted a variant of last years Petya ransomware, now with updated crypto and ransomware models.
http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/petya_returns_wrapped_in_extra_vx_nastiness/
Gefälschte Rechnung auf dropboxusercontent.com
In einer E-Mail mit dem Betreff "Zahlungsdetails" erhalten Internet-Nutzer/innen angeblich eine Rechnung. Sie steht unter dem Link "dl.dropboxusercontent.com/" als ZIP-Datei zum Download bereit. In Wahrheit handelt es sich bei dem Dokument um Schadsoftware. Aus diesem Grund dürfen Empfänger/innen die angebliche Rechnung nicht öffnen.
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnung-auf-dropboxusercontentcom/
Konsumentenschützer wollen Update-Verpflichtung
Verbraucherorganisationen aus aller Welt fordern die 20 führenden Industrie- und Schwellenländer (G20) zum grenzüberschreitenden Schutz der Konsumenten im Internet auf.
https://futurezone.at/digital-life/konsumentenschuetzer-wollen-update-verpflichtung/252.068.954
Schwere Sicherheitslücke in den Web-Oberflächen von WhatsApp und Telegram geschlossen
Eine Lücke bei WhatsApp Web und Telegram Web erlaubt es Angreifern, die Web-Sessions der Messenger zu kapern. Auf diesem Wege können sie Nachrichten mitlesen, Adressbücher kopieren und Schadcode an Kontakte verschicken.
https://heise.de/-3653793
Where Have All The Exploit Kits Gone?
For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what's replaced them?
http://threatpost.com/where-have-all-the-exploit-kits-gone/124241/
Vorsicht Fake: Betrüger locken mit Emulator für Nintendos Switch
Derzeit kursiert im Internet eine Anwendung, die Spiele von Nintendos aktueller Konsole Switch auf PCs emulieren können soll: Die "Entwickler" hinter dem vermeintlichen Emulator verfolgen aber ein ganz anderes Ziel.
https://heise.de/-3654299
PowerShell Remoting Artifacts: An Introduction
Since PowerShell usage by malware is on the rise, in this article series, we will learn about the various artifacts related to PowerShell remoting that can be very beneficial during the investigation and during building stories around Attack Chain.
http://resources.infosecinstitute.com/powershell-remoting-artifacts-part-1/
Gaps in NIS standardisation: Mapping the requirements of the NIS Directive to specific standards
ENISA publishes a report on European standardisation within the context of the NIS Directive.
https://www.enisa.europa.eu/news/enisa-news/gaps-in-nis-standardisation-mapping-the-requirements-of-the-nis-directive-to-specific-standards
VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
Vulnerability Note VU#553503 D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
http://www.kb.cert.org/vuls/id/553503
An Introduction to Penetration Testing Node.js Applications
In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues.
http://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/
SAP pushes to patch risky HANA security flaws before hackers strike
Europes top software maker SAP said on Tuesday it had patched vulnerabilities in its latest HANA software that had a potentially high risk of giving hackers control over databases and business applications used to run big multinational firms.
http://www.reuters.com/article/us-cyber-sap-idUSKBN16L1FH
JSON Libraries Patched Against Invalid Curve Crypto Attack
JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key.
http://threatpost.com/json-libraries-patched-against-invalid-curve-crypto-attack/124336/
Security Advisory - DoS Vulnerability in Vibrator Service of Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170315-01-smartphone-en
Vuln: SAP NetWeaver Visual Composer Denial of Service Vulnerability
http://www.securityfocus.com/bid/96865
JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates
http://kb.juniper.net/InfoCenter/index/content&id=JSA10759&actp=RSS
Vuln: SAP ERP Remote Authorization Bypass Vulnerability
http://www.securityfocus.com/bid/96871
Vuln: Trend Micro InterScan Messaging Security CVE-2017-6398 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/96859
IBM Security Bulletins
IBM Security Bulletin: IBM Algo One ARA reports can be accessed by another user
http://www.ibm.com/support/docview.wss?uid=swg21999754
IBM Security Bulletin: A security vulnerability has been identified in IBM Java SDK that affect IBM Security Directory Suite (CVE-2016-5597) October 2016 CPU
http://www-01.ibm.com/support/docview.wss?uid=swg21994296
IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840
http://www.ibm.com/support/docview.wss?uid=ssg1S1010008
IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900
http://www.ibm.com/support/docview.wss?uid=ssg1S1010007
IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900
http://www.ibm.com/support/docview.wss?uid=ssg1S1010009
IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840
http://www.ibm.com/support/docview.wss?uid=ssg1S1010010
IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology
http://www.ibm.com/support/docview.wss?uid=swg21999965
Cisco Security Advisories
Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800
Cisco Web Security Appliance URL Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa
Cisco WebEx Meetings Server XML External Entity Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms
Cisco Meshed Wireless LAN Controller Impersonation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh
Cisco WebEx Meetings Server Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-webex
Cisco UCS Director Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1
Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm
Cisco TelePresence Server API Privilege Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps
Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes
Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-psc
Cisco Nexus 9000 Series Switches Remote Login Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss1
Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss
Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo
Cisco Prime Infrastructure API Credentials Management Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpi
Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cns
Cisco StarOS SSH Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr
Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa