End-of-Shift report
Timeframe: Montag 26-06-2017 18:00 − Dienstag 27-06-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Petya Ransomware Outbreak
Heute hat es in mehreren Firmen in Europa IT-Ausfälle durch Ransomware gegeben. Dabei dürfte die Ransomware auch ein "lateral movement" innerhalb einer Organisation durchführen, und so eine breitflächige Infektion und damit Verschlüsselung erreichen. Die Faktenlage zu den genauen Vektoren, sowohl für die initiale Infektion, als auch für die Weiterverbreitung innerhalb des lokalen Netzes, ist noch sehr dünn und [...]
http://www.cert.at/services/blog/20170627170903-2046.html
Second Global Ransomware Outbreak Under Way
A massive ransomware outbreak is spreading globally and being compared to WannaCry.
http://threatpost.com/second-global-ransomware-outbreak-under-way/126549/
E-Mails über angebliche Verkehrsstrafen
E-Mails über angebliche Verkehrsstrafen – ACHTUNG: dahinter verbirgt sich Schadsoftware
http://www.bmi.gv.at/cms/BK/betrug/files/2762017_E_Mails_ber_angebliche_Verkehrsstrafen.pdf
How Spora ransomware tries to fool antivirus
Spora ransomware is back and its trying to confuse antivirus products and email filters.
http://feedproxy.google.com/~r/nakedsecurity/~3/fpIDs0aHpNY/
$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks
The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies. [...]
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
How Not to Encrypt a File - Courtesy of Microsoft
A client recently sent me a crypto spec which involved some, how do I say, suboptimal use of crypto primitives. They're .Net users so I decided to search for a nice msdn crypto reference to set them straight. Instead I found the likely culprit behind their confusion.
https://medium.com/@bob_parks1/how-not-to-encrypt-a-file-courtesy-of-microsoft-bfadf2b0273d
New Shifr RaaS Lets Any Dummy Enter the Ransomware Business
Several security researchers have spotted a new Ransomware-as-a-Service (RaaS) portal over the weekend that lets anyone generate their own ransomware executable just by filling in three form fields and pressing a button. [...]
https://www.bleepingcomputer.com/news/security/new-shifr-raas-lets-any-dummy-enter-the-ransomware-business/
What's new in Windows Defender ATP Fall Creators Update
When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop...
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 Hot Patch 2
Abstract: Micro Focus GroupWise Mobility Service 2014 R2 Support Pack 2 HP2 has been released. Please see the details section below for installation instructions and the change log section for bug fixes since the last release. NOTE: Please do not continue using older versions of GMS SSLCheck. It has been superceded by GroupWise Mobility Service SSLCheck 1.1 found here:
http://download.novell.com/Download?buildid=9naDJkniVtg~Document ID: 5311890Security Alert: YesDistribution Type: [...]
https://download.novell.com/Download?buildid=SIbPzOKmofQ~
SSA-874235 (Last Update 2017-06-26): Intel Vulnerability in Siemens Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System
http://www-01.ibm.com/support/docview.wss?uid=swg22005209
IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK Java Technology Edition Version 6, 7, 8 and IBM Runtime Environment Java Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation
http://www.ibm.com/support/docview.wss?uid=swg22003154
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM PureApplication System (CVE-2017-3731)
http://www.ibm.com/support/docview.wss?uid=swg22005135
IBM Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement
http://www-01.ibm.com/support/docview.wss?uid=swg22003285
IBM Security Bulletin: Security vulnerability in SWF files shipped with IBM Cúram Social Program Management (CVE-2017-1106)
http://www-01.ibm.com/support/docview.wss?uid=swg22004580