End-of-Shift report
Timeframe: Montag 15-05-2017 18:00 − Dienstag 16-05-2017 18:00
Handler: Petr Sikuta
Co-Handler: Stephan Richter
WannaCry? Do your own data analysis., (Tue, May 16th)
In God we trust. All others must bring data ~Bob Rudis With endless amounts of data, technical detail, and insights on WannaCrypt/WannaCry, and even more FUD, speculation, and even downright trolling, herein is a proposal for you to do your own data-driven security analysis. My favorite book to help you scratch that itch? Data Driven Security: Analysis, Visualization and Dashboards, by Jay Jacobs Bob Rudis. A few quick samples, using WannaCry data and R, the open source programming language and [...]
https://isc.sans.edu/diary.html?storyid=22424&rss
Digital signature service DocuSign hacked and email addresses stolen
Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems.The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through email, the company said. It confirmed after what it described as a complete forensic analysis that only email addresses were accessed, and not other details such as names, physical addresses, passwords, social security [...]
http://www.cio.com/article/3196854/security/digital-signature-service-docusign-hacked-and-email-addresses-stolen.html#tk.rss_security
Apple-Updates schließen unangenehme Sicherheitslücken in iCloud, iTunes und iOS
Patchday bei Apple: Das BSI warnt vor mehreren Sicherheitslücken in iTunes und iCloud auf Windows, sowie dem Mobilbetriebssystem iOS, die es Angreifern ermöglichen, Code auszuführen. Anwender sollten sicherstellen, dass die Updates installiert wurden
https://heise.de/-3715077
Chrome Browser Hack Opens Door to Credential Theft
Researchers at DefenseCode claim a vulnerability in Google's Chrome browser allows hackers to steal credentials and launch SMB relay attacks.
http://threatpost.com/chrome-browser-hack-opens-door-to-credential-theft/125686/
Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities
Two vulnerabilities in the protocol decoders of Snort++ (Snort 3) could allow an unauthenticated, remote attacker to create a Denial of Service (DoS) condition.The vulnerabilities are due to lack of validation in the protocol decoders. An attacker could exploit these vulnerabilities by crafting a malicious packet and sending it through the targeted device. A successful exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or [...]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170515-snort
Indicators Associated With WannaCry Ransomware
This alert is a follow-up to US-CERT alert TA17-132A Indicators Associated With WannaCry Ransomware, which was originally posted to the US-CERT web site on May 12, 2017.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01
Novell Messenger 3.0.3 P3
Abstract: Novell Messenger 3.0.3 P3 has been released. This release only includes fixes for the Linux platform. Please view the Change Log for modifications made to the program. There have also been changes to update security issues with the product. Please see the Security Fix section for details. NOTE: This version is not designed to work with eDir 9. If you require eDir 9 support, contact Micro Focus Technical Support. Document ID: 5296730Security Alert: YesDistribution Type:
https://download.novell.com/Download?buildid=U3MFbmzMet0~
IDM 4.6 RACF Driver 4.0.3.1
Abstract: IDM 4.6 Bi-Directional RACF Driver Version 4.0.3.1. This patch is for the Identity Manager 4.6 RACF Driver. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, RACFEXEC.XMTDocument ID: 5297291Security Alert: YesDistribution Type: Field Test FileEntitlement Required: YesFiles:idm46racf-patch1.tar.gz (2.66 MB)Products:Identity Manager 4.5Identity Manager 4.6Superceded Patches:IDM 4.0.2 RACF Driver Version 4.0.0.11 Patch 3
https://download.novell.com/Download?buildid=LSTFMkrcRo0~
Apple Security Updates
macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite
https://support.apple.com/kb/HT207797
iOS 10.3.2
https://support.apple.com/kb/HT207798
watchOS 3.2.2
https://support.apple.com/kb/HT207800
tvOS 10.2.1
https://support.apple.com/kb/HT207801
iCloud for Windows 6.2.1
https://support.apple.com/kb/HT207803
Safari 10.1.1
https://support.apple.com/kb/HT207804
iTunes 12.6.1 for Windows
https://support.apple.com/kb/HT207805
IBM Security Bulletin
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics (CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=swg22002966
IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU Jan 2017 Includes Oracle Jan 2017 CPU affect Content Collector for SAP Applications
https://www-01.ibm.com/support/docview.wss?uid=swg22001462
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS
http://www.ibm.com/support/docview.wss?uid=ssg1S1010199
IBM Security Bulletin: Multiple vulnerabilities in the zlib component affect IBM SPSS Statistics (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)
http://www.ibm.com/support/docview.wss?uid=swg22003212
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025160
IBM Security Bulletin: Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool
http://www.ibm.com/support/docview.wss?uid=swg22002897
IBM Security Bulletin: Multiple Vulnerabilities in Expat affects HTTP Server shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-4472, CVE-2016-0718)
http://www.ibm.com/support/docview.wss?uid=swg2C1000234
IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities IBM WebSphere MQ (CVE-2016-3092)
http://www.ibm.com/support/docview.wss?uid=swg22001563
IBM Security Bulletin: Vulnerability CVE-2017-2619 in Samba affects IBM i
http://www.ibm.com/support/docview.wss?uid=nas8N1022009
IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319)
http://www-01.ibm.com/support/docview.wss?uid=swg22002871
IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a cross-site scripting vulnerability (CVE-2017-1320)
http://www.ibm.com/support/docview.wss?uid=swg22002877
IBM Security Bulletin: Vulnerabilities in GnuTLS and OpenSSL affect IBM Flex System Manager (FSM) (CVE-2016-8610)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024887
IBM Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183)
http://www-01.ibm.com/support/docview.wss?uid=swg22002804