Tageszusammenfassung - Montag 8-05-2017

End-of-Shift report

Timeframe: Freitag 05-05-2017 18:00 − Montag 08-05-2017 18:00 Handler: Stephan Richter Co-Handler: n/a

Intels ME-Sicherheitslücke: Tipps und Links

Praxistipps zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Firmware der Management Engine vieler Desktop-PCs, Server und Notebooks.

https://heise.de/-3704563

Researchers Disclose Intel AMT Flaw Research

Security firm Embedi releases further details on the Intel AMT flaw, revealing how it can be exploited and how potentially dangerous it can be.

http://threatpost.com/researchers-disclose-intel-amt-flaw-research/125503/

Dell patches AMT-vulnerable systems

BIOS fixes for most boxen landed Friday Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, has caught up with peers HP Inc, Lenovo and Fujitsu.

http://go.theregister.com/feed/www.theregister.co.uk/2017/05/07/dell_patches_amtvulnerable_systems/

Hacker-Wettbewerb: Cyber Security Challenge startet

Zahlreiche Teilnehmer der vergangenen Jahre haben über den Hacker-Wettbewerb Jobs in der Security-Branche gefunden. Heuer wird erstmals auch eine Starter Challenge angeboten.

https://futurezone.at/digital-life/hacker-wettbewerb-cyber-security-challenge-startet/262.640.648

Emsisoft Releases a Decryptor for the Amnesia Ransomware

On Satruday, Emsisofts CTO and malware researcher Fabian Wosar released a decryptor for the Amnesia Ransomware. This ransomware was first spotted in early May and has had one other variant released. It was named Amnesia based on the extension appended to encrypted files by the first variant. [...]

https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-the-amnesia-ransomware/

Exploring a P2P Transient Botnet - From Discovery to Enumeration, (Mon, May 8th)

[This is a guest diary by Renato Marinho of Morphus Labs. If you are interested in writing a guest diary: please send suggestions to us via our contact page] 1. Introduction We recently deployed a high interaction honeypotsexpecting it to be compromised by a specific malware. But in the first few days, instead of getting infected by the expected malware, it received a variety of attacks ranging from SSH port forwarding to Viagra and Cialis SPAM to XORDDoS failed deployment attempts. By the [...]

https://isc.sans.edu/diary.html?storyid=22392&rss

Phishingversuch bei willhaben-Kunden

Nutzer/innen von willhaben erhalten eine WhatsApp-Nachricht, die angeblich von der Kleinanzeigenplattform stammt.

https://www.watchlist-internet.at/phishing/phishingversuch-bei-willhaben-kunden/

In eigener Sache: CERT.at sucht Verstärkung

Für unser "Daily Business" suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich [...]

http://www.cert.at/services/blog/20170508172334-1993.html

DFN-CERT-2017-0796: Nextcloud: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0796/

Vuln: Panda Mobile Security for iOS CVE-2017-8060 TLS Certificate Validation Security Bypass Vulnerability

http://www.securityfocus.com/bid/98327

HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities

Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management.

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us

BlackBerry powered by Android Security Bulletin - May 2017

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (May 2017) and addresses issues in that bulletin that affect [...]

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044536

Bugtraq: CA20170504-01: Security Notice for CA Client Automation OS Installation Management

http://www.securityfocus.com/archive/1/540524

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Explorer for z/OS V3.0.1 (CVE-2016-5548 and CVE-2016-5549)

http://www-01.ibm.com/support/docview.wss?uid=swg22002413

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5597, CVE-2016-5542)

http://www-01.ibm.com/support/docview.wss?uid=swg21994526

Siemens Security Advisories

SSA-701708 (Last Update 2017-05-08): Local Privilege Escalation in Industrial Products

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf

SSA-156872 (Last Update 2017-05-08): Vulnerability in SIMATIC WinCC and SIMATIC WinCC Runtime Professional

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf

SSA-275839 (Last Update 2017-05-08): Denial-of-Service Vulnerability in Industrial Products

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf

SSA-293562 (Last Update 2017-05-08): Vulnerabilities in Industrial Products

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf

SSA-731239 (Last Update 2017-05-08): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf

F5 Security Advisories