End-of-Shift report
Timeframe: Dienstag 27-06-2017 18:00 − Mittwoch 28-06-2017 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
Newport XPS-Cx, XPS-Qx
This advisory contains mitigation details for an improper authentication vulnerability in the Newport XPS-Cx and XPS-Qx controllers.
https://ics-cert.us-cert.gov/advisories/ICSA-17-178-01
Schroedinger’s Pet(ya)
Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time. Despite rampant public speculation, the following is what we can confirm from our independent analysis.
http://securelist.com/schroedingers-petya/78870/
Microsoft bringing EMET back as a built-in part of Windows 10
The built-in exploit mitigations are getting stronger and easier to configure.
https://arstechnica.com/?p=1124813
Citrix XenServer Multiple Security Updates
A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues ..
https://support.citrix.com/article/CTX224740
New ransomware, old techniques: Petya adds worm capabilities
On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the ..
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
DFN-CERT-2017-1114/">systemd: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff und die Ausführung beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1114/
DFN-CERT-2017-1112/">Microsoft Azure Active Directory (AD) Connect: Eine Schwachstelle ermöglicht eine Privilegieneskalation
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1112/
DSA-3900 openvpn - security update
Several issues were discovered in openvpn, a virtual private network application.
https://www.debian.org/security/2017/dsa-3900
Security Advisory - DoS Vulnerability of isub Service in Some Huawei Smartphones
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170628-01-isub-en
HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution
Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution.
http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbgn03763en_us
Linux-Kernel-Security: Torvalds bezeichnet Grsecurity als "Müll"
Mit seinem wie üblich wenig diplomatischen Feingefühl machte Kernel-Chefhacker Linus Torvalds auf der Kernel-Mailingliste deutlich, was er von dem auf Sicherheit fokussierten ..
https://www.golem.de/news/linux-kernel-security-torvalds-bezeichnet-grsecurity-als-muell-1706-128636.html
Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we recorded was:30 Mpps (millions of packets per second)80 ..
https://blog.cloudflare.com/ssdp-100gbps/