End-of-Day report
Timeframe: Donnerstag 06-07-2017 18:00 − Freitag 07-07-2017 18:00
Handler: Stephan Richter
Co-Handler:
News
∗∗∗ CIA Malware Can Steal SSH Credentials, Session Traffic ∗∗∗
WikiLeaks dumped today the documentation of two CIA hacking tools
codenamed BothanSpy and Gyrfalcon, both designed to steal SSH
credentials from Windows and Linux systems, respectively. [...]
https://www.bleepingcomputer.com/news/security
/cia-malware-can-steal-ssh-credentials-session-traffic/
∗∗∗ ZIP Bombs Can Protect Websites From Getting Hacked ∗∗∗
Webmasters can use so-called ZIP bombs to crash a hackers vulnerability
and port scanner and prevent him from gaining access to their website.
[...]
https://www.bleepingcomputer.com/news/security
/zip-bombs-can-protect-websites-from-getting-hacked/
∗∗∗ IT und Energiewende: Stromnetzbetreiber fordern das ganz große
Lastmanagement ∗∗∗
Silizium statt Kupfer und Stahl: Die Energiewende und die
Elektromobilität erfordern einen Ausbau des Stromnetzes. Doch die
Netzbetreiber setzen lieber auf Digitalisierung und "Flexibilisierung".
Stromlieferanten wollen sich gegen die Bevormundung wehren. (Smart
Grid, GreenIT)
https://www.golem.de/news
/it-und-energiewende-stromnetzbetreiber-fordern-das-ganz-grosse-last
management-1707-128779-rss.html
∗∗∗ Decryption Key to Original Petya Ransomware Released ∗∗∗
The key to decrypt the original Petya ransomware has been reportedly
released by the ransomware’s author.
http://threatpost.com
/decryption-key-to-original-petya-ransomware-released/126705/
∗∗∗ Someones phishing US nuke power stations. So far, no kaboom ∗∗∗
Stuxnet, this aint Dont panic, but attackers are trying to phish their
way into machines in various US power facilities, including nuclear
power station operators.
http://go.theregister.com/feed/www.theregister.co.uk/2017/071/07
/someones_phishing_us_nuke_power_stations_so_far_no_kaboom/
∗∗∗ Lets not help attackers by spreading fear, uncertainty and doubt
∗∗∗
Spreading FUD in the wake of cyber-attacks is never a good idea. But
its even worse when this might be one of the attackers implicit goals.
https://www.virusbulletin.com:443/blog/2017/07
/lets-not-help-attackers-spreading-fear-uncertainty-and-doubt/
∗∗∗ Hacker-Sammlung gefunden: 500 Mio. E-Mail-Adressen und
Passwörter betroffen ∗∗∗
Das Bundeskriminalamt hat in einer Underground-Economy-Plattform im
Internet eine Sammlung von ca. 500.000.000 ausgespähten Zugangsdaten
gefunden. Die Daten bestehen aus Email-Adressen mit dazugehörigen
Passwörtern. Vermutlich stammen die Daten von verschiedenen
Hacking-Angriffen und wurden über einen längeren Zeitraum
zusammengetragen. Die aktuellsten ausgespähten Zugangsdaten sind
wahrscheinlich aus Dezember 2016.
https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Kurzmeldungen
/170705_HackerSammlung.html
∗∗∗ Abgesicherte PHP-Versionen erschienen ∗∗∗
Trotz der Möglichkeit von Angreifern Schadcode ausführen zu können,
gilt der Bedrohungsgrad nicht als kritisch.
https://heise.de/-3766935
∗∗∗ Android-Mega-Patch: Google schließt haufenweise kritische Lücken
∗∗∗
Unter anderem werden Lücken in WLAN-Chipsets von Broadcom geschlossen,
die Angreifern das Ausführen von Code mittels manipulierter Wifi-Pakete
erlauben. Auch für Android 4.4 (KitKat) sind Patches dabei.
https://heise.de/-3767103
∗∗∗ New Ransomware Variant "Nyetya" Compromises Systems Worldwide ∗∗∗
Note: This blog post discusses active research by Talos into a new
threat. This information should be considered preliminary and will be
updated as research continues.Update 2017-07-06 12:30 EDT: Updated to
explain the modified DoublePulsar backdoor.Since the SamSam attacks
that targeted US healthcare entities in March 2016, Talos has been
concerned about the proliferation of malware via unpatched network
vulnerabilities. In May 2017, WannaCry ransomware took advantage of a
vulnerability in [...]
http://blog.talosintelligence.com/2017/06
/worldwide-ransomware-variant.html
Advisories
∗∗∗ Schneider Electric Wonderware ArchestrA Logger ∗∗∗
This advisory contains mitigation details for stack-based buffer
overflow, uncontrolled resource consumption, and null pointer deference
vulnerabilities in Schneider Electric’s Wonderware ArchestrA Logger.
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
∗∗∗ Schneider Electric Ampla MES ∗∗∗
This advisory contains mitigation details for cleartext transmission of
sensitive information and inadequate encryption strength
vulnerabilities in Schneider Electric’s Ampla MES.
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-05
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure ∗∗∗
https://cxsecurity.com/issue/WLB-2017070056
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack ∗∗∗
https://cxsecurity.com/issue/WLB-2017070060
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
∗∗∗
https://cxsecurity.com/issue/WLB-2017070059
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell ∗∗∗
https://cxsecurity.com/issue/WLB-2017070058
∗∗∗ Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity ∗∗∗
https://cxsecurity.com/issue/WLB-2017070057
∗∗∗ Bugtraq: KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials ∗∗∗
http://www.securityfocus.com/archive/1/540812
∗∗∗ Bugtraq: [SYSS-2017-011] Office 365: Insufficient Session
Expiration (CWE-613) ∗∗∗
http://www.securityfocus.com/archive/1/540814
∗∗∗ iManager 2.7 Support Pack 7 - Patch 10 Hotfix 2 ∗∗∗
https://download.novell.com/Download?buildid=WeEb4PchpTU~
∗∗∗ eDirectory 8.8 SP8 Patch 10 ∗∗∗
https://download.novell.com/Download?buildid=VYtYu65T21Y~
∗∗∗ IBM Security Bulletin: IBM MQ Java/JMS application can incorrectly
flow password in plain text. (CVE-2017-1337) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22003853
∗∗∗ IBM Security Bulletin: IBM MQ Passwords specified by MQ java or JMS
applications can appear in WebSphere Application Server trace.
(CVE-2017-1284) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22003851
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK
affect WebSphere Application Server and Tivoli Netcool Performance
Manager October 2016 and January 2017 CPU (multiple CVEs) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22005615
∗∗∗ IBM Security Bulletin: Vulnerabilities in tcpdump affect AIX ∗∗∗
http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory2.asc
∗∗∗ PHP Multiple Flaws Let Remote Users Obtain Potentially Sensitive
Information, Deny Service, and Execute Arbitrary Code ∗∗∗
http://www.securitytracker.com/id/1038837
∗∗∗ systemd vulnerability CVE-2017-9445 ∗∗∗