End-of-Shift report
Timeframe: Dienstag 30-05-2017 18:00 − Mittwoch 31-05-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Personal Security Guide - WiFi Network
This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach to security, you are protecting your website against attack vectors due to poor security practices in various aspects of your digital life. This post shares some insight on how to secure your network. When we talk about a network, we mean the way you connect to the internet.
https://blog.sucuri.net/2017/05/personal-security-guide-network-connection.html
Kritische Infrastruktur: Meldepflicht für IT-Vorfälle deutlich erweitert
Die Meldepflicht für IT-Sicherheitsvorfälle ist auf weitere Branchen ausgedehnt worden. Damit steigt die Gesamtzahl auf mehr als 1.600 Einrichtungen in ganz Deutschland.
https://www.golem.de/news/kritische-infrastruktur-meldepflicht-fuer-it-vorfaelle-um-ueber-900-anlagen-erweitert-1705-128134-rss.html
HospitalGown: Appthority Discovers Backend Exposure of 43TB of Enterprise Data
[...] It's understandable that in mobile security we focus on the device, the apps it runs, and the networks it connects to. But what happens to the data from there? Cloud computing and storage are ubiquitous, advertising networks are the default revenue model for many apps, and analytics frameworks are driving design and implementation decisions. We can't ignore where the data goes. Like any other component of the larger system, these backend servers can introduce additional risk, [...]
https://www.appthority.com/mobile-threat-center/blog/hospitalgown-appthority-discovers-backend-exposure-of-43tb-of-enterprise-data/
http://info.appthority.com/hubfs/website-LEARN-content/Appthority%20Q2-17%20Threat%20Report%20HospitalGown.pdf
XData Ransomware Master Decryption Keys Released. Kaspersky Releases Decryptor.
In what has become a welcome trend, today another ransomware master decryption key was released on BleepingComputer.com. This time the key that was released is for the XData Ransomware that was targeting the Ukraine around May 19th 2017. [...]
https://www.bleepingcomputer.com/news/security/xdata-ransomware-master-decryption-keys-released-kaspersky-releases-decryptor-/
Indicators Associated With WannaCry Ransomware (Update G)
This updated alert is a follow-up to the updated alert titled ICS-ALERT-17-135-01F Indicators Associated With WannaCry Ransomware that was published May 25, 2017, on the NCCIC/ICS-CERT web site.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01G
WannaCry: Two Weeks and 16 Million Averted Ransoms Later
[...] What WannaCry does has been extensively documented by others, as seen in reports by BAE Systems, MalwareBytes, Endgame, and Talos. Rather than focusing on the technical functionality of the malware, this article will open a window into our recent experience with managing, mitigating, and tracking the propagation and evolution of the WannaCry outbreak, and the true extent of its reach.
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2), (Wed, May 31st)
Introduction In my previous diary, I did a very brief introduction on what the ACH method is [1], so that now all readers, also those who had never seen it before, can have a common basic understanding of it. One more thing I have not mentioned yet is how the scores are calculated. There are three different algorithms: an Inconsistency Counting algorithm, a Weighted Inconsistency Counting algorithm, and a Normalized algorithm [2]. The Weighted Inconsistency Counting algorithm, the one used in [...]
https://isc.sans.edu/diary.html?storyid=22470&rss
[webapps] Trend Micro Deep Security version 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
https://www.exploit-db.com/exploits/42089/?rss
Vulnerability in Samba Affecting Cisco Products: May 2017
On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated attacker to execute arbitrary code remotely on a targeted system.This vulnerability has been assigned CVE ID CVE-2017-7494This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170530-samba On May 24, 2017, the Samba team disclosed a vulnerability in Samba server software that could allow an authenticated [...]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170530-samba
Huawei Security Advisories
Security Advisory - Command Injection Vulnerability in the GaussDB
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-02-gaussdb-en
Security Advisory - Command Injection Vulnerability in the NetEco
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-neteco-en
Security Advisory - Buffer Overflow Vulnerability in The GaussDB
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-gaussdb-en
Security Advisory - Four Command Injection Vulnerabilities in The FusionSphere OpenStack
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-01-openstack-en
Security Advisory - Authentication Bypass Vulnerability in the Backup Function of GaussDB
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-03-gaussdb-en
Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-04-gaussdb-en
Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170531-05-gaussdb-en
IBM Security Bulletins
IBM Security Bulletin: Multiple Vulnerabilities in tcpdump affect AIX
http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory2.asc
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager appliances
http://www.ibm.com/support/docview.wss?uid=swg22003237
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+
http://www-01.ibm.com/support/docview.wss?uid=swg22003752
IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments.
http://www.ibm.com/support/docview.wss?uid=swg22004048
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics.
http://www-01.ibm.com/support/docview.wss?uid=swg22002991
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web
http://www.ibm.com/support/docview.wss?uid=swg22003236
IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect Tivoli Storage Manager (IBM Spectrum Protect) for Virtual Environments: Data Protection for VMware and FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware
http://www.ibm.com/support/docview.wss?uid=swg22000212
IBM Security Bulletin: IBM Security Access Manager appliances may be affected by a kernel vulnerability known as the Dirty COW bug (CVE-2016-5195)
http://www.ibm.com/support/docview.wss?uid=swg21997991
IBM Security Bulletin: MQ Explorer directory created with owner '555' on Linux x86-64 vulnerability affects IBM MQ (CVE-2016-6089)
http://www-01.ibm.com/support/docview.wss?uid=swg22003509
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware
http://www.ibm.com/support/docview.wss?uid=swg22003620
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware
http://www.ibm.com/support/docview.wss?uid=swg22003480