End-of-Shift report
Timeframe: Montag 03-07-2017 18:00 − Dienstag 04-07-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Yet more reasons to disagree with experts on nPetya
In WW II, they looked at planes returning from bombing missions that were shot full of holes. Their natural conclusion was to add more armor to the sections that were damaged, to protect them in the future. But wait, said the statisticians. The original damage is likely spread evenly across the plane. Damage on returning planes indicates where they could damage and still return. The undamaged areas are where they were hit and couldnt return. Thus, its the undamaged areas you need to [...]
http://blog.erratasec.com/2017/07/yet-more-reasons-to-disagree-with.html
Analysis of TeleBots cunning backdoor
On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was spearheaded by the malware ESET products detect as Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya). This malware masquerades as typical ransomware: it encrypts the data on the computer and demands $300 bitcoins for recovery. In fact, the malware authors' intention was to cause damage, so they did all that they could to make data decryption very unlikely.
https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/
GnuPG crypto library cracked, look for patches
Boffins bust libgcrypt via side-channel Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.
http://go.theregister.com/feed/www.theregister.co.uk/2017/07/04/gnupg_crypto_library_cracked_look_for_patches/
Cryptology ePrint Archive: Report 2017/627
Sliding right into disaster: Left-to-right sliding windows leak
Abstract: It is well known that constant-time implementations of modular exponentiation cannot use sliding windows. However, software libraries such as Libgcrypt, used by GnuPG, continue to use sliding windows. It is widely believed that, even if the complete pattern of squarings and multiplications is observed through a side-channel attack, the number of exponent bits leaked is not sufficient to carry out a full key-recovery [...]
https://eprint.iacr.org/2017/627
ERCIM News 110 published - Special theme "Blockchain Engineering"
The ERCIM News No. 110 has just been published at with a special theme on "Blockchain Engineering". SBA Research contributes two articles in this issue. The first article is by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter and Edgar Weippl on [...]
https://www.sba-research.org/2017/07/03/ercim-news-110-published-special-theme-blockchain-engineering/
Joomla! 3.7.3 Release
Security Issues Fixed
Core - Information Disclosure (affecting Joomla 1.7.3-3.7.2)
Core - XSS Vulnerability (affecting Joomla 1.7.3-3.7.2)
Core - XSS Vulnerability (affecting Joomla 1.5.0-3.6.5)
https://www.joomla.org/announcements/release-news/5709-joomla-3-7-3-release.html
Petya Malware Variant (Update A)
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-181-01 Petya Ransomware Variant that was published June 30, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-181-01A
RSA Archer eGRC Multiple Flaws Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, and Open Redirect Attacks and Let Remote Authenticated Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1038815
DFN-CERT-2017-1145: Apache Subversion: Eine Schwachstelle ermöglicht die Manipulation von Daten
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1145/
SSA-563539 (Last Update: 2017-07-04): Vulnerabilities in OZW672 and OZW772
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf
SSA-323211 (Last Update: 2017-07-04): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Devices
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf
SSA-452237 (Last Update: 2017-07-04): Vulnerabilities in Reyrolle
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-452237.pdf
IBM Security Bulletin: Weak Cipher available in IBM API Connect (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=swg22003868
IBM Security Bulletin: Multiple vulnerabilities in Open Source zlib affects IBM Netezza Platform Software clients (CVE-2016-9840, CVE-2016-9841 and CVE-2016-9843).
http://www.ibm.com/support/docview.wss?uid=swg22001026