End-of-Shift report
Timeframe: Freitag 12-05-2017 18:00 − Montag 15-05-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Ransomware: Experten warnen vor Zahlung der Wanna-Crypt-Erpressersumme
Experten raten davon ab, im Falle einer Infektion mit Wanna Crypt die geforderten Bitcoins zu zahlen, denn offenbar sind die Angreifer vom Erfolg ihrer Operation überrascht. Ein kostenloses Werkzeug zum Wiederherstellen der Daten ist bislang auch nicht verfügbar.
https://www.golem.de/news/ransomware-experten-warnen-vor-zahlung-der-wanna-crypt-erpressersumme-1705-127832-rss.html
WannaCry & Co.: So schützen Sie sich
Nach WannaCry ist vor dem nächsten Erpressungstrojaner. Was Gefährdete jetzt tun sollten, wie Sie sich vor Nachahmern schützen können und welche Optionen bleiben, wenn der Verschlüsselungstrojaner schon zugeschlagen hat.
https://heise.de/-3714596
Customer Guidance for WannaCrypt attacks
Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious "WannaCrypt" software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and...
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry
WannaCry distribution may have dropped, but the ransomware pandemic is not over. As we feared in yesterday's alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have huge potential of infection, [...]
https://heimdalsecurity.com/blog/security-alert-uiwix-ransomware/
Microsoft posts PowerShell script that spawns pseudo security bulletins
A Microsoft manager this week offered IT administrators a way to replicate -- in a fashion -- the security bulletins the company discarded last month."If you want a report summarizing todays #MSRC security bulletins, heres a script that uses the MSRC Portal API," John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.Lamberts tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new [...]
http://www.cio.com/article/3196254/windows/microsoft-posts-powershell-script-that-spawns-pseudo-security-bulletins.html#tk.rss_security
WannaCry/WannaCrypt Ransomware Summary, (Mon, May 15th)
The ransomware was first noticed on Fridayand spread very quickly through many large organizations worldwide [verge]. Unlike prior ransomware, this sample used the SMBv1 ETERNALBLUE exploit to spread. ETERNALBLUE became public about a month ago in April when it was published as part of the Shadowbroker archive of NSA hacking tools [shadow]. A month prior to the release of the hacking tool, Microsoft had patched the vulnerability as part of the March Patch Tuesday release. The patch was released [...]
https://isc.sans.edu/diary.html?storyid=22420&rss
Ein paar Gedanken zu WannaCry
Wir haben heute unsere offizielle Warnung bezüglich der WannaCry Ransomware veröffentlicht. Ich will in diesem Blogbeitrag ein bisschen Kontext liefern, und etwas strategischer denken.
http://www.cert.at/services/blog/20170514232126-2007.html
DSA-3852 squirrelmail - security update
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, awebmail application, incorrectly handled a user-supplied value. Thiswould allow a logged-in user to run arbitrary commands on the server.
https://www.debian.org/security/2017/dsa-3852
EMC Isilon OneFS NFS Export Upgrade
Topic: EMC Isilon OneFS NFS Export Upgrade Risk: Medium Text:ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability EMC Identifier: ESA-2017-027 CVE Identifier: CVE-2017-49...
https://cxsecurity.com/issue/WLB-2017050087
Security Advisory - WannaCry ransomware Vulnerabilities in Microsoft Windows Systems
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170513-01-windows-en
Security Notice - Statement on "WannaCry ransomware" attacks
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170513-01-windows-en
DRD Agent - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-047
Advisory ID: DRUPAL-SA-CONTRIB-2017-047Project: DRD agent (third-party module)Version: 6.x, 7.x, 8.xDate: 2017-May-10Security risk: 19/25 ( Critical) AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:AllVulnerability: Cross Site Request Forgery, Open RedirectDescriptionThe Drupal Remote Dashboard (DRD) module enables you to manage and monitor any remote Drupal site and, this module, the DRD Agent is the remote module which responds to requests from authorised DRD sites.The module doesnt [...]
https://www.drupal.org/node/2877392
DSA-3854 bind9 - security update
Several vulnerabilities were discovered in BIND, a DNS serverimplementation. The Common Vulnerabilities and Exposures projectidentifies the following problems:
https://www.debian.org/security/2017/dsa-3854
FortiPortal Multiple Vulnerabilities
Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:CVE-2017-7337: Improper Access Control allows a user to potentially view firewall policies and objects from a VDOM s/he is not authorized to, enumerate other customer ADOMs and view other customers dataCVE-2017-7338: Application returns password hashes, and passwords for associated FortiAnalyzer devices via the UICVE-2017-7339: Persistent XSS via the Name and Description fields in the pop-up to add [...]
http://fortiguard.com/psirt/FG-IR-17-114
DFN-CERT-2017-0842: Moodle: Mehrere Schwachstellen ermöglichen u.a. einen Cross-Site-Request-Forgery-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0842/
IBM Security Bulletins
IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2016-2125, CVE-2016-2126 )
http://www.ibm.com/support/docview.wss?uid=ssg1S1010051
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009957
IBM Security Bulletin: Tomcat apache vulnerability affects IBM Storwize V7000 Unified
http://www.ibm.com/support/docview.wss?uid=ssg1S1009993
IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2016-5597)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009995
IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS (CVE-2016-5597 )
http://www.ibm.com/support/docview.wss?uid=ssg1S1009963
IBM Security Bulletin: Open Source Apache Struts Vulnerabilities affect IBM Enterprise Records
https://www-01.ibm.com/support/docview.wss?uid=swg22000471
IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Enterprise Records
https://www-01.ibm.com/support/docview.wss?uid=swg22000469
IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by an XML External Entity vulnerability (CVE-2016-2908)
http://www.ibm.com/support/docview.wss?uid=swg22001175