End-of-Shift report
Timeframe: Donnerstag 11-05-2017 18:00 − Freitag 12-05-2017 18:00
Handler: Olaf Schwarz
Co-Handler: Stephan Richter
Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak
A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica - one of the countrys biggest telecommunications companies - has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomwares reach.
https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/
NHS hit by ransomware attack, hospitals across country shutting down
GP told of National hack of the computer health care system Updated Multiple NHS hospitals have shut down systems and are telling patients not to come in due to what is being described as a massive nationwide cyber attack.
http://go.theregister.com/feed/www.theregister.co.uk/2017/05/12/nhs_hospital_shut_down_due_to_cyber_attack/
Jaff argh snakes: 5m emails/hour ransomware floods inboxes
Locky-style nasty will squeeze you for two whole bitcoins The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed "Jaff".
http://go.theregister.com/feed/www.theregister.co.uk/2017/05/12/jaff_ransomware/
When Bad Guys are Pwning Bad Guys..., (Fri, May 12th)
A few months ago, I wrote a diary about webshells[1] and the numerous interesting features they offer. Theyre plenty of web shells available, there are easy to find and install. They are usually delivered as one big obfuscated (read: Base64, ROT13 encoded and gzip'd) PHP file that can be simply dropped on a compromised computer.
https://isc.sans.edu/diary.html?storyid=22410
Sicherheitslücke: Fehlerhaft konfiguriertes Git-Verzeichnis bei Redcoon
Was haben der Online-Händler Redcoon und die Volksverschlüsselung gemeinsam? Ein unsicher konfiguriertes Git-Repository. Immer wieder machen Webseitenbetreiber denselben Fehler. (Security, API)
https://www.golem.de/news/sicherheitsluecke-fehlerhaft-konfiguriertes-git-verzeichnis-bei-redcoon-1705-127777-rss.html
HP Releases Driver Update to Remove Accidental Keylogger
HP has issued an update to remove a keylogging mechanism found in the audio drivers included with some of its high-end laptops. [...]
https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
Phoenix Contact GmbH mGuard
This advisory contains mitigation details for resource exhaustion and improper authentication vulnerabilities in Phoenix Contact GmbH's mGuard network device.
https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01
Satel Iberia SenNet Data Logger and Electricity Meters
This advisory contains mitigation details for a command injection vulnerability in Satel Iberia's SenNet Data Logger and Electricity Meters.
https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02
HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
HPESBHF03743 rev.1 - A potential security vulnerability has been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerability could be exploited remotely to allow execution of code.
http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03743en_us
DSA-3849 kde4libs - security update
Several vulnerabilities were discovered in kde4libs, the core librariesfor all KDE 4 applications. The Common Vulnerabilities and Exposuresproject identifies the following problems:
https://www.debian.org/security/2017/dsa-3849
PostgreSQL 2017-05-11 Security Update Release
Three security vulnerabilities have been closed by this release: CVE-2017-7484: selectivity estimators bypass SELECT privilege checks, CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable, CVE-2017-7486: pg_user_mappings view discloses foreign server passwords
https://www.postgresql.org/about/news/1746/
IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160)
http://www.ibm.com/support/docview.wss?uid=swg22001575
IBM Security Bulletin: Vulnerability in the OpenSSL library affects IBM Tealeaf Customer Experience PCA (CVE-2017-3730).
http://www.ibm.com/support/docview.wss?uid=swg22000513
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for Corporate Payment Services
http://www.ibm.com/support/docview.wss?uid=swg22001540
IBM Security Bulletin: Information disclosure vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-9735)
http://www.ibm.com/support/docview.wss?uid=swg22003064
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software
http://www.ibm.com/support/docview.wss?uid=swg22003204