End-of-Day report
Timeframe: Donnerstag 13-07-2017 18:00 − Freitag 14-07-2017 18:00
Handler: Stephan Richter
Co-Handler:
News
∗∗∗ Hackers Are Using Automated Scans to Target Unfinished WordPress Installs ∗∗∗
Experts from security firm Wordfence say they have observed a wave of web attacks that took aim at unfinished WordPress installations. [...]
https://www.bleepingcomputer.com/news/security/hackers-are-using-automated-scans-to-target-unfinished-wordpress-installs/
∗∗∗ Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data ∗∗∗
An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data.
http://threatpost.com/experts-warn-too-often-aws-s3-buckets-are-misconfigured-leak-data/126826/
∗∗∗ Reverse Engineering Hardware of Embedded Devices: From China to the World ∗∗∗
This article covers some basic hardware reverse engineering techniques on PCB-level, which are applicable to any electronic embedded device to showcase how to analyze a previously unknown (to the researcher or public white-hat community) hardware device.
http://blog.sec-consult.com/2017/07/reverse-engineering-hardware.html
∗∗∗ Code Injection in Signed PHP Archives (Phar) ∗∗∗
PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts some additional security benefits by signing archives with a digital signature, disallowing the modification of the archives on production machines.
https://blog.sucuri.net/2017/07/code-injection-in-phar-signed-php-archives.html
∗∗∗ Peng!!! Comic HACKT Linux ∗∗∗
Der unter Linux weit verbreitete Dokumenten-Betrachter Evince weist eine kritische Lücke auf, die sich ausnutzen lässt, um das System mit Schad-Software zu infizieren. Der Fehler lässt sich durch Comic-Books auslösen; Updates werden bereits ausgeliefert.
https://heise.de/-3771980
∗∗∗ Thieves Used Infrared to Pull Data from ATM ‘Insert Skimmers’ ∗∗∗
A greater number of ATM skimming incidents now involve so-called "insert skimmers," wafer-thin fraud devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. New evidence suggests that at least some of these insert skimmers -- which record card data and store it on a tiny embedded flash drive are -- equipped with technology allowing it to transmit stolen card data wirelessly via infrared, the same technology built into a television remote control.
https://krebsonsecurity.com/2017/07/thieves-used-infrared-to-pull-data-from-atm-insert-skimmers/
∗∗∗ Gefälschte Rechnung verbreitet Schadsoftware ∗∗∗
Mit einer gefälschten Rechnung fordern Kriminelle Empfänger/innen dazu auf, einen Dateianhang zu öffnen. Er beinhalt angeblich eine "vollständige Kostenaufstellung". Diese ist in Wahrheit Schadsoftware. Rechnungsempfänger/innen dürfen sie nicht öffnen, andernfalls drohen ihnen erhebliche Nachteile.
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnung-verbreitet-schadsoftware/
Advisories
∗∗∗ Siemens SiPass integrated ∗∗∗
This advisory contains mitigation details for improper authentication, improper privilege management, channel accessible by non-endpoint, and storing passwords in a recoverable format vulnerabilities in the Siemens SiPass integrated access control system.
https://ics-cert.us-cert.gov/advisories/ICSA-17-194-01
∗∗∗ GE Communicator ∗∗∗
This advisory contains mitigation details for a heap-based buffer overflow vulnerability in the GE Communicator.
https://ics-cert.us-cert.gov/advisories/ICSA-17-194-02
∗∗∗ Vulnerabilities in Dasan Networks GPON ONT WiFi Router H64X Series ∗∗∗
https://cxsecurity.com/issue/WLB-2017070101
https://cxsecurity.com/issue/WLB-2017070102
https://cxsecurity.com/issue/WLB-2017070103
https://cxsecurity.com/issue/WLB-2017070104
∗∗∗ DrupalChat - Critical - Multiple vulnerabilities - SA-CONTRIB-2017-057 ∗∗∗
https://www.drupal.org/node/2892404
∗∗∗ Search 404 - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2017-053 ∗∗∗
https://www.drupal.org/node/2888094
∗∗∗ DFN-CERT-2017-1218: Evince: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1218/
∗∗∗ DFN-CERT-2017-1221: GLPi: Mehrere Schwachstellen ermöglichen SQL-Injektionen und das Löschen beliebiger Dateien ∗∗∗
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1221/
∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System FC5022 16Gb SAN Scalable Switch and IBM Flex System EN4023 10Gb Scalable Switch (CVE-2016-2108) ∗∗∗
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099625
∗∗∗ Critical Patch Update - July 2017- Pre-Release Announcement ∗∗∗
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
∗∗∗ Apache mod_auth_digest Uninitialized Memory Error Lets Remote Users Obtain Potentially Sensitive Information and Deny Service ∗∗∗
http://www.securitytracker.com/id/1038906
∗∗∗ EMC ViPR SRM Default Accounts Let Remote Users Access the Target System ∗∗∗
http://www.securitytracker.com/id/1038905
∗∗∗ Pulse Connect Secure Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
http://www.securitytracker.com/id/1038880
∗∗∗ SSA-589378 (Last Update 2017-07-13): Vulnerabilities in Android App SIMATIC
Sm at rtClient ∗∗∗
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf
∗∗∗ SSA-874235 (Last Update 2017-07-13): Intel Vulnerability in Siemens Industrial Products ∗∗∗
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf