End-of-Shift report
Timeframe: Mittwoch 29-03-2017 18:00 − Donnerstag 30-03-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
Tech support scammers and their banking woes
We all know about tech support scams by this point. Unfortunately for the scammers, banks know this as well, making it quite difficult at times to maintain an account to store the criminal's ill-gotten gains. So how does the enterprising criminal cash out with your money? Let's take a look.
https://blog.malwarebytes.com/cybercrime/2017/03/tech-support-scammers-and-their-banking-woes/
Security Advisory - Exposed System Interface Vulnerability on Huawei Smart Phones
There is a exposed system interface vulnerability on smart phones. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.
CVE-2017-2735
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170329-01-smartphone-en
Widespread Email Scam Targets Github Developers with Dimnie Trojan
Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit ...
http://thehackernews.com/2017/03/github-email-scam.html
Vuln: EMC Isilon OneFS CVE-2017-4980 Directory Traversal Vulnerability
EMC Isilon OneFS is prone to a directory-traversal vulnerability.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
http://www.securityfocus.com/bid/97222
[SANS ISC] Diverting built-in features for the bad
I published the following diary on isc.sans.org: 'Diverting built-in features for the bad'. Sometimes you may find very small pieces of malicious code. Yesterday, I caught this very small Javascript sample with only 2 lines of code
https://blog.rootshell.be/2017/03/30/sans-isc-diverting-built-features-bad/
Trend Micro InterScan Web Security Virtual Appliance Unspecified Flaws Let Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1038161
Mirai-Botnetz lernt neue Tricks
Das IoT-Botnetz Mirai beherrscht neuerdings auch DDoS-Angriffe auf dem Application Layer. Diese sind schwer zu entdecken und damit auch relativ schwer abzuwehren.
https://heise.de/-3670226
Hashfunktion: Der schwierige Abschied von SHA-1
Die Hashfunktion SHA-1 ist seit kurzem endgültig gebrochen. Doch an vielen Stellen ist SHA-1 noch im Einsatz. Beispielsweise in Git, in Bittorrent und - was manche überraschen wird - auch in TLS. (SHA-1, Google)
https://www.golem.de/news/hashfunktion-der-schwierige-abschied-von-sha-1-1703-127041-rss.html
IBM Security Bulletins
IBM Security Bulletin: IBM Algo One - Algo Risk Application (ARA) could allow retrieval of restricted files
http://www.ibm.com/support/docview.wss?uid=swg21999892
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale packaged the Elastic Storage Server and the GPFS Storage Server
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010042
IBM Security Bulletin: Vulnerability in the GSKit component of Tivoli Netcool/OMNIbus (CVE-2016-2183)
https://www-01.ibm.com/support/docview.wss?uid=swg22001105
IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300)
http://www-01.ibm.com/support/docview.wss?uid=swg21998701
IBM Security Bulletin: Vulnerabilities in Expat affect Intel (R) Manycore Platform Software Stack (MPSS) for Linux and Windows
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099554
IBM Security Bulletin: IBM TRIRIGA Document Manager Privilege Escalation (CVE-2017-1180)
http://www.ibm.com/support/docview.wss?uid=swg22001084
IBM Security Bulletin: Security vulnerabilities have been identified in data server connection and product integration shipped with InfoSphere Optim Query Workload Tuner [for LUW, z/OS
http://www.ibm.com/support/docview.wss?uid=swg22000601
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition
http://www.ibm.com/support/docview.wss?uid=swg22000398
IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM WebSphere MQ and IBM MQ Appliance (CVE-2016-5597)
http://www-01.ibm.com/support/docview.wss?uid=swg22000904
IBM Security Bulletin: IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management vulnerable to cross-site request forgery (CSRF)
http://www.ibm.com/support/docview.wss?uid=swg22000771