End-of-Shift report
Timeframe: Dienstag 04-07-2017 18:00 − Mittwoch 05-07-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
#NoPetya-Attacke hinterließ Sicherheitslücke
Der weltweite Cyberangriff in der vergangenen Woche hat schwerwiegendere Folgen als bislang bekannt.
https://futurezone.at/digital-life/nopetya-attacke-hinterliess-sicherheitsluecke/273.471.438
Cyber-Attacke NotPetya: Angebliche Angreifer wollen 250.000 Euro für Datenrettung
Die mutmaßlichen Entwickler der Schadsoftware NotPetya wollen gegen 100 Bitcoin (fast 250.000 Euro) einen Schlüssel herausgeben, mit dem die Daten zu retten sein sollen. Ob sie Wort halten, ist unklar. Beobachter vermuten andere Motive hinter der Wendung.
https://heise.de/-3764208
Ukrainian Police Seize Servers From Where NotPetya Outbreak First Spread
Ukrainian Police announced today it seized the servers from where the NotPetya ransomware outbreak first started to spread. [...]
https://www.bleepingcomputer.com/news/security/ukrainian-police-seize-servers-from-where-notpetya-outbreak-first-spread/
The day a mysterious cyber-attack crippled Ukraine
On the morning of Tuesday, 27 June, Oleh Derevianko, the head of Kiev-based cybersecurity firm Information Security Systems Partners (ISSP), was at Bessarabska market, a popular food market in the heart of downtown. Derevianko was picking up a few things before heading out for the 300km drive to his parents' village. Wednesday was constitution day in Ukraine, a national holiday, and he'd be using the mid-week break to spend a couple days with his kids.
http://www.bbc.com/future/story/20170704-the-day-a-mysterious-cyber-attack-crippled-ukraine
NotPetya Group Moves All Their Bitcoin, Posts Proposition on the Dark Web
The person or group behind the NotPetya ransomware has made its first move since the outbreak that took place eight days ago. [...]
https://www.bleepingcomputer.com/news/security/notpetya-group-moves-all-their-bitcoin-posts-proposition-on-the-dark-web/
Doctor Web: M.E.Doc backdoor lets cybercriminals access computers
July 4, 2017 Doctor Web security researchers examined the update module M.E.Doc and discovered that it is involved in the distribution of at least one other malicious program. You may recall that independent researchers named specifically this M.E.Doc update module as the source of the recent outbreak of the encryption worm Trojan.Encoder.12544, also known as NePetya, Petya.A, ExPetya and WannaCry-2. M.E.Doc is tax accounting software that is popular in Ukraine.
http://news.drweb.com/show/?i=11363&lng=en&c=9
Qubes OS im Test: Linux sicher und nutzerfreundlich?
Anwendungen und Einsatzbereiche voneinander per Virtualisierung trennen, gleichzeitig eine für den regulären Nutzer einfach zu bedienende Desktop-Oberfläche bieten: Das Qubes-OS-Projekt hat sich einiges vorgenommen.
https://heise.de/-3764500
Österreich im Bereich Cybersicherheit auf Platz 30
Große Industriestaaten schneiden bei der Cybersicherheit einer UN-Studie zufolge teils schlechter ab als einige deutlich ärmere Staaten.
https://futurezone.at/digital-life/oesterreich-im-bereich-cybersicherheit-auf-platz-30/273.505.879
Introducing Linux Support for FakeNet-NG: FLARE's Next GenerationDynamic Network Analysis Tool
Introduction In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in Python. FakeNet-NG allows security analysts to observe and interact with network applications using standard or custom protocols on a single Windows host, which is especially useful for malware analysis and reverse engineering. Since FakeNet-NG's release, FLARE has added support for additional protocols. FakeNet-NG now has out-of-the-box support for DNS, HTTP (including BITS), FTP, TFTP, [...]
http://www.fireeye.com/blog/threat-research/2017/07/linux-support-for-fakenet-ng.html
The Hardware Forensic Database
The Hardware Forensic Database (or HFDB) is a project of CERT-UBIK aiming at providing a collaborative knowledge base related to IoT Forensic methodologies and tools.
http://hfdb.io/
Kundendaten: Datenleck bei der Deutschen Post
Eine Datenbank mit 200.000 Umzugsmitteilungen der Post lag ungeschützt im Netz. Tausende andere Firmen aus aller Welt haben exakt den gleichen Fehler gemacht.
https://www.golem.de/news/kundendaten-datenleck-bei-der-deutschen-post-1707-128751-rss.html
Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities
Talos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems. Vulnerabilities present in these applications could allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user.
http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html
Security Advisory - DoS Vulnerability in TLS of Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170705-01-tls-en
rt-sa-2017-011
Remote Command Execution in PDNS Manager
https://www.redteam-pentesting.de/advisories/rt-sa-2017-011.txt
DFN-CERT-2017-1159: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1159/
IBM Security Bulletin: Incorrect saved channel status enquiry could cause denial of service for IBM MQ (CVE-2017-1236)
http://www-01.ibm.com/support/docview.wss?uid=swg22003510
IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images
http://www-01.ibm.com/support/docview.wss?uid=swg22005108
IBM Security Bulletin: RabbitMQ vulnerability affect IBM Cloud Manager with OpenStack (CVE-2015-8786)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025403