End-of-Shift report
Timeframe: Donnerstag 01-06-2017 18:00 − Freitag 02-06-2017 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller
This advisory contains mitigation details for a use of hard-coded password vulnerability in the Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller.
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-01
Passwords at the Border
The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesnt make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode ..
https://www.schneier.com/blog/archives/2017/06/passwords_at_th.html
Financial malware more than twice as prevalent as ransomware
Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate ..
https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware
CIA Malware Can Switch Clean Files With Malware When You Download Them via SMB
After taking last week off, WikiLeaks came back today and released documentation on another ..
https://www.bleepingcomputer.com/news/security/cia-malware-can-switch-clean-files-with-malware-when-you-download-them-via-smb/
DSA-3872 nss - security update
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure.
https://www.debian.org/security/2017/dsa-3872
DSA-3871 zookeeper - security update
It was discovered that Zookeeper, a service for maintaining configuration information, didn't restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption.
https://www.debian.org/security/2017/dsa-3871
Riverbed SteelHead VCX 9.6.0a Arbitrary File Read
https://cxsecurity.com/issue/WLB-2017060017
Weak DevOps cryptographic policies increase financial services cyber risk
Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications. This is a particular issue for financial services organizations, which have ..
https://www.helpnetsecurity.com/2017/06/02/weak-devops-cryptographic-policies/
Phishing Campaigns Follow Trends
https://isc.sans.edu/diary.html?storyid=22482
WannaCry and Vulnerabilities
There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which ..
https://www.schneier.com/blog/archives/2017/06/wannacry_and_vu.html
Hadoop Servers Expose Over 5 Petabytes of Data
Improperly configured HDFS-based servers, mostly Hadoop installs, are exposing over five petabytes of information, according to John Matherly, founder of Shodan, a ..
https://www.bleepingcomputer.com/news/security/hadoop-servers-expose-over-5-petabytes-of-data/
IBM Security Bulletin: Vulnerability in Samba affects IBM Netezza Host Management
http://www.ibm.com/support/docview.wss?uid=swg22003112
Check-Point-Bericht: Gefährliche Backdoor in jedem zehnten deutschen Unternehmensnetz
Die Fireball getaufte Adware ist mit über 250 Millionen Installationen nicht nur sehr verbreitet, sondern auch sehr gefährlich: Laut Check Point kann sie beliebigen Code auf dem System ausführen und so auch Malware nachladen.
https://heise.de/-3732893