End-of-Shift report
Timeframe: Mittwoch 28-06-2017 18:00 − Donnerstag 29-06-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Petya/NotPetya: Kein Erpressungstrojaner sondern ein "Wiper"
Nach eingehenden Analysen des Schädlings NotPetya sind sich die meisten Experten einig: Der Schädling hatte es nicht auf Geld abgesehen sondern auf Randale, sprich: auf möglichst großen Datenverlust bei den Opfern.
https://heise.de/-3759293
Update on Petya malware attacks
As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release...
https://blogs.technet.microsoft.com/msrc/2017/06/28/update-on-petya-malware-attacks/
Websites Grabbing User-Form Data Before Its Submitted
Websites are sending information prematurely:...we discovered NaviStones code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it even if those people immediately changed their minds and closed the page.This is important because it goes [...]
https://www.schneier.com/blog/archives/2017/06/websites_grabbi.html
Microsoft Announces "Controlled Folder Access" to Fend Off Crypto-Ransomware
This fall, Microsoft plans to release a new Windows Defender feature called Controlled Folder Access, which blocks and blacklists unauthorized apps from making changes to files located inside specially-designated folders. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-controlled-folder-access-to-fend-off-crypto-ransomware/
DFN-CERT-2017-1124: Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1124/
Symantec Management Console XSS/XXE Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170628_00
Kaspersky Anti-Virus for Linux File Server Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks, Remote Authenticated Users View Files on the Target System, and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038798
Bugtraq: ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability
http://www.securityfocus.com/archive/1/540783
2017-06-16 (updated 2017-06-27): Cyber Security Notification - CrashOverride/Industroyer Malware
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1003&LanguageCode=en&DocumentPartId=&Action=Launch
SMTP - Moderatley Critical - Information Disclosure - SA-CONTRIB-2017-055
Advisory ID: DRUPAL-SA-CONTRIB-2017-055Project: SMTP Authentication Support (third-party module)Version: 7.x, 8.xDate: 2017-June-28Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureDescriptionThis SMTP module enables you to send mail using a third party (non-system) mail service instead of the local system mailer included with Drupal. When this module is in debugging mode, it will log privileged [...]
https://www.drupal.org/node/2890357
Services - Critical - SQL Injection - SA-CONTRIB-2017-054
Advisory ID: DRUPAL-SA-CONTRIB-2017-054Project: Services (third-party module)Version: 7.xDate: 2017-June-28Security risk: 19/25 ( Critical) AC:None/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module doesnt sufficiently sanitize column names provided by the client when they are querying for data and trying to sort it.This vulnerability is [...]
https://www.drupal.org/node/2890353
IBM Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2 and v5.0.2. (CVE-2017-3539, CVE-2016-9840, CVE-2016-9841,CVE-2016-9842, CVE-2016-9843)
http://www-01.ibm.com/support/docview.wss?uid=swg22005365
IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1217)
http://www-01.ibm.com/support/docview.wss?uid=swg22004348
IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841,
http://aix.software.ibm.com/aix/efixes/security/java_apr2017_advisory.asc