End-of-Shift report
Timeframe: Dienstag 06-06-2017 18:00 − Mittwoch 07-06-2017 18:00
Handler: Alexander Riepl
Co-Handler: Olaf Schwarz
Rockwell Automation PanelView Plus 6 700-1500
This advisory contains mitigation details for a missing authorization vulnerability in Rockwell Automation's PanelView Plus 6 700-1500.
https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01
Digital Canal Structural Wind Analysis
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Digital Canal Structural's Wind Analysis.
https://ics-cert.us-cert.gov/advisories/ICSA-17-157-02
Curiosity Kills Security When it Comes to Phishing
The results of an academic experiment reveal that recipients of Facebook messages are much more likely to click on suspicious links.
http://threatpost.com/curiosity-kills-security-when-it-comes-to-phishing/126101/
Privileges and Credentials: Phished at the Request of Counsel
Summary In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government.
http://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
Russische Hacker erteilen Befehle über Britney Spears Instagram
Adresse von Kontrollserver wurde in Nutzerkommentar zu Foto des Popstars versteckt.
http://derstandard.at/2000058853606
VMware-Admins aufgepasst: Es gibt wichtige Updates für ESXi
Wer Version 6.0 des ESXi-Hypervisors von VMware einsetzt, sollte Zeit zum Patchen einplanen. Einige Bugs und Sicherheitslücken wollen ausgebügelt werden.
https://heise.de/-3736872
[2017-06-07] Various WiMAX CPEs Authentication Bypass
Various WiMAX routers by GreenPacket, Huawei, MADA, MitraStar, ZTE and ZyXEL are affected by an authentication bypass vulnerability that allows an attacker to take over the web interface.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt
Ghosts from the past: Authentication bypass and OEM backdoors in WiMAX routers
SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user.
http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
PLATINUM continues to evolve, find ways to maintain invisibility
Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group.
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
VMSA-2017-0010
vSphere Data Protection (VDP) updates address multiple security issues.
https://www.vmware.com/security/advisories/VMSA-2017-0010.html