End-of-Shift report
Timeframe: Freitag 14-04-2017 18:00 − Dienstag 18-04-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Protecting customers and evaluating risk
Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to...
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
Ab sofort keine Updates mehr für Windows 7 und 8.1-Nutzer mit neuer Hardware
Es bleibt den Usern somit nur mehr das Upgrade auf Windows 10
http://derstandard.at/2000056017223
Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers
Microsoft fixed critical vulnerabilities in uncredited update released in March.
https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
Warnung - Betrugsversuche
Wir weisen darauf hin, dass E-Mails im Umlauf sind, die von gefälschten OeNB-Absende-Adressen aus verschickt werden. [...] Die versendeten E-Mails beinhalten Schadsoftware [...]
https://www.oenb.at/Ueber-Uns/Rechtliche-Grundlagen/warnung-betrugsversuche.html
Email Tracking Pixels Used for Pre-Hack Info Gathering
A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks. [...]
https://www.bleepingcomputer.com/news/security/email-tracking-pixels-used-for-pre-hack-info-gathering/
FIRST releases twenty years of conference materials
The leading association of incident response and security teams publishes its repository of twenty years of incident response learnings.
https://www.first.org/newsroom/releases/20170418
Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts
Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims. Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about. [...]
https://www.bleepingcomputer.com/news/security/edge-plagued-by-various-security-flaws-not-as-secure-as-microsoft-boasts/
Wartungsarbeiten Donnerstag, 20. 4. 2017
Am Donnerstag, 20. April 2017, ab etwa 19h, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen,...
http://www.cert.at/services/blog/20170418151642-1969.html
VU#676632: IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow
Vulnerability Note VU#676632 IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow Original Release date: 17 Apr 2017 | Last revised: 17 Apr 2017 Overview IBM Lotus Domino server, versions IMAP service contains a stack-based buffer overflow vulnerability in the EXAMINE command. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server Description IBM Lotus Domino includes an IMAP server. This server contains a stack buffer...
http://www.kb.cert.org/vuls/id/676632
NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
ProSAFE Plus Configuration Utility is vulnerable to improper access control.
http://jvn.jp/en/jp/JVN08740778/
Security Notice - Statement on Command Injection Vulnerability in Huawei HG532n Product
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170418-01-hg532n-en
2107-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1.
Multiple vulnerabilities have been resolved in the NorthStar Controller Application starting from version 2.1.0 Service Pack 1 and all subsequent releases.
https://kb.juniper.net/InfoCenter/index/content&id=JSA10783&cat=SIRT_1&actp=LIST
cURL and libcurl vulnerabilities in F5 products
https://support.f5.com/csp/article/K84940705
https://support.f5.com/csp/article/K85235351
https://support.f5.com/csp/article/K17742627
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tealeaf Customer Experience (CVE-2016-5597)
http://www-01.ibm.com/support/docview.wss?uid=swg22000439
IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-8610 and CVE-2017-3731 )
http://www.ibm.com/support/docview.wss?uid=nas8N1021869
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent (CVE-2017-3731, CVE-2017-3732)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025103
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)
http://www-01.ibm.com/support/docview.wss?uid=swg22000386
IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service (CVE-2016-4483)
http://www-01.ibm.com/support/docview.wss?uid=swg22001680
IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900
http://www.ibm.com/support/docview.wss?uid=ssg1S1010105
IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840
http://www.ibm.com/support/docview.wss?uid=ssg1S1010106
IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
http://www-01.ibm.com/support/docview.wss?uid=swg22000445
IBM Security Bulletin: Multiple ZLIB vulnerabilities affect IBM Mobile Connect
http://www.ibm.com/support/docview.wss?uid=swg22000094
IBM Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.
http://www-01.ibm.com/support/docview.wss?uid=swg22000816
IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=swg22001712
IBM Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010012
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization
http://www.ibm.com/support/docview.wss?uid=swg21992598