End-of-Day report
Timeframe: Mittwoch 16-08-2017 18:00 − Donnerstag 17-08-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
∗∗∗ Banking Trojans Set Their Sights on Taxi and Ride-Hailing Apps ∗∗∗
It was to be expected that Android banking trojan operators would eventually set their sights on ride-hailing applications, considering that these apps work with a users financial data on a daily basis. [...]
https://www.bleepingcomputer.com/news/security/banking-trojans-set-their-sights-on-taxi-and-ride-hailing-apps/
∗∗∗ Ransomware: Locky kehrt erneut zurück ∗∗∗
Mit Locky kehrt eine bekannte Ransomware nach mehrmonatiger Abwesenheit zurück - mit den Dateiendungen Diablo6 und Lukitus. Immer wieder tauchen neue Versionen auf, die vermutlich von Kriminellen für erpresserische Zwecke gemietet werden. (Malware, Virus)
https://www.golem.de/news/ransomware-locky-kehrt-erneut-zurueck-1708-129539-rss.html
∗∗∗ NotPetya: Maersk erwartet bis zu 300 Millionen Dollar Verlust ∗∗∗
Containerterminals standen still, Schiffe konnten weder gelöscht noch beladen werden: Mehrere Wochen hielt der Trojaner den dänischen Mega-Konzern Maersk in Atem. Die Reederei Maersk Line und der Hafenbetreiber APM Terminals wurden schwer getroffen.
https://heise.de/-3804688
∗∗∗ Handy-Ersatzteile können Malware einschleusen ∗∗∗
Über Ersatzteile könnten Angreifer unbemerkt Malware in Smartphones schmuggeln. Erkennungsmethoden oder gar Abwehrmaßnahmen gibt es bislang keine, warnen israelische Sicherheitsforscher.
https://heise.de/-3804758
∗∗∗ Sicherheitsupdates: Angreifer könnten Drupal-Webseiten ein bisschen umbauen ∗∗∗
Nutzer von Drupal sollten zügig die aktuellen Versionen installieren. In diesen haben die Entwickler mehrere Sicherheitslücken geschlossen.
https://heise.de/-3805042
∗∗∗ iMessage: Neuer Betrugsversuch macht die Runde ∗∗∗
Aktuell erreichen Nutzer Nachrichten mit Links, die sie zur Eingabe persönlicher Daten nötigen. Sie stammen angeblich von Apple.
https://heise.de/-3804878
Advisories
∗∗∗ DSA-3944 mariadb-10.0 - security update ∗∗∗
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.32. Please see the MariaDB 10.0 Release Notes for furtherdetails:
https://www.debian.org/security/2017/dsa-3944
∗∗∗ Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004 ∗∗∗
Drupal 8.3.7 is a maintenance releases which contain fixes for security vulnerabilities.Download Drupal 8.3.7Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release.
https://www.drupal.org/SA-CORE-2017-004
∗∗∗ Filr 3.2.1 Update ∗∗∗
Abstract: This update provides a number of general bug fixes for Micro Focus Filr, Search and MySQL appliances including an updated Filr 3.2.1 Desktop client.
https://download.novell.com/Download?buildid=zZ3A-xIEvO0~
∗∗∗ VU#793496: Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency ∗∗∗
http://www.kb.cert.org/vuls/id/793496
∗∗∗ Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067 ∗∗∗
https://www.drupal.org/node/2902596
∗∗∗ Views refresh - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-069 ∗∗∗
https://www.drupal.org/node/2902606
∗∗∗ Views - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068 ∗∗∗
https://www.drupal.org/node/2902604
∗∗∗ Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
∗∗∗ Cisco TelePresence Video Communication Server Denial of Service Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs
∗∗∗ Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp
∗∗∗ Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf
∗∗∗ Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm
∗∗∗ Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3
∗∗∗ Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2
∗∗∗ Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1
∗∗∗ Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4
∗∗∗ Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3
∗∗∗ Cisco Elastic Services Controller Cross-Site Scripting Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2
∗∗∗ Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1
∗∗∗ Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em
∗∗∗ Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
∗∗∗ Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr
∗∗∗ Cisco Policy Suite Privilege Escalation Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps
∗∗∗ Cisco Prime Infrastructure HTML Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi
∗∗∗ Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw
∗∗∗ Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2
∗∗∗ IBM Security Bulletin: Security Vulnerabilities in Apache FOP and Apache Batik affect IBM WebSphere Portal (CVE-2017-5661, CVE-2017-5662) ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22006871