End-of-Shift report
Timeframe: Freitag 05-05-2017 18:00 − Montag 08-05-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Intels ME-Sicherheitslücke: Tipps und Links
Praxistipps zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Firmware der Management Engine vieler Desktop-PCs, Server und Notebooks.
https://heise.de/-3704563
Researchers Disclose Intel AMT Flaw Research
Security firm Embedi releases further details on the Intel AMT flaw, revealing how it can be exploited and how potentially dangerous it can be.
http://threatpost.com/researchers-disclose-intel-amt-flaw-research/125503/
Dell patches AMT-vulnerable systems
BIOS fixes for most boxen landed Friday Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, has caught up with peers HP Inc, Lenovo and Fujitsu.
http://go.theregister.com/feed/www.theregister.co.uk/2017/05/07/dell_patches_amtvulnerable_systems/
Hacker-Wettbewerb: Cyber Security Challenge startet
Zahlreiche Teilnehmer der vergangenen Jahre haben über den Hacker-Wettbewerb Jobs in der Security-Branche gefunden. Heuer wird erstmals auch eine Starter Challenge angeboten.
https://futurezone.at/digital-life/hacker-wettbewerb-cyber-security-challenge-startet/262.640.648
Emsisoft Releases a Decryptor for the Amnesia Ransomware
On Satruday, Emsisofts CTO and malware researcher Fabian Wosar released a decryptor for the Amnesia Ransomware. This ransomware was first spotted in early May and has had one other variant released. It was named Amnesia based on the extension appended to encrypted files by the first variant. [...]
https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-the-amnesia-ransomware/
Exploring a P2P Transient Botnet - From Discovery to Enumeration, (Mon, May 8th)
[This is a guest diary by Renato Marinho of Morphus Labs. If you are interested in writing a guest diary: please send suggestions to us via our contact page] 1. Introduction We recently deployed a high interaction honeypotsexpecting it to be compromised by a specific malware. But in the first few days, instead of getting infected by the expected malware, it received a variety of attacks ranging from SSH port forwarding to Viagra and Cialis SPAM to XORDDoS failed deployment attempts. By the [...]
https://isc.sans.edu/diary.html?storyid=22392&rss
Phishingversuch bei willhaben-Kunden
Nutzer/innen von willhaben erhalten eine WhatsApp-Nachricht, die angeblich von der Kleinanzeigenplattform stammt.
https://www.watchlist-internet.at/phishing/phishingversuch-bei-willhaben-kunden/
In eigener Sache: CERT.at sucht Verstärkung
Für unser "Daily Business" suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich [...]
http://www.cert.at/services/blog/20170508172334-1993.html
DFN-CERT-2017-0796: Nextcloud: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0796/
Vuln: Panda Mobile Security for iOS CVE-2017-8060 TLS Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/98327
HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities
Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management.
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us
BlackBerry powered by Android Security Bulletin - May 2017
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/bbsirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (May 2017) and addresses issues in that bulletin that affect [...]
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044536
Bugtraq: CA20170504-01: Security Notice for CA Client Automation OS Installation Management
http://www.securityfocus.com/archive/1/540524
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Explorer for z/OS V3.0.1 (CVE-2016-5548 and CVE-2016-5549)
http://www-01.ibm.com/support/docview.wss?uid=swg22002413
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5597, CVE-2016-5542)
http://www-01.ibm.com/support/docview.wss?uid=swg21994526
Siemens Security Advisories
SSA-701708 (Last Update 2017-05-08): Local Privilege Escalation in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf
SSA-156872 (Last Update 2017-05-08): Vulnerability in SIMATIC WinCC and SIMATIC WinCC Runtime Professional
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf
SSA-275839 (Last Update 2017-05-08): Denial-of-Service Vulnerability in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf
SSA-293562 (Last Update 2017-05-08): Vulnerabilities in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf
SSA-731239 (Last Update 2017-05-08): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf
F5 Security Advisories
BIG-IP APM redirect vulnerability CVE-2017-0302
https://support.f5.com/csp/article/K87141725
Insufficient validation of ICMP error messages CVE-2004-0790 (11.x - 13.x)
https://support.f5.com/csp/article/K23440942
BIG-IP management vulnerability CVE-2017-9250
https://support.f5.com/csp/article/K55792317
iControl REST vulnerability CVE-2016-9251
https://support.f5.com/csp/article/K41107914
Linux kernel vulnerability CVE-2017-2647
https://support.f5.com/csp/article/K32115847
Websocket profile vulnerability CVE-2016-9253
https://support.f5.com/csp/article/K51351360
TMM vulnerability CVE-2017-6137
https://support.f5.com/csp/article/K82851041
BIG-IP APM XSS vulnerability CVE-2016-9257
https://support.f5.com/csp/article/K43523962
Multiple Oracle MySQL vulnerabilities
https://support.f5.com/csp/article/K77508618