Tageszusammenfassung - 24.08.2017

End-of-Day report

Timeframe: Mittwoch 23-08-2017 18:00 − Donnerstag 24-08-2017 18:00 Handler: Olaf Schwarz Co-Handler: n/a


∗∗∗ 90% of Companies Get Attacked with Three-Year-Old Vulnerabilities ∗∗∗ A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.

https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/ ∗∗∗ Whatsapp und Signal: Zerodium bietet 500.000 US-Dollar für Messenger-Exploits ∗∗∗ Die staatliche Nachfrage nach Sicherheitslücken für die Quellen-TKÜ zeigt offenbar Wirkung. Schwachstellen in Whatsapp, Signal und anderen Messengern werden besser honoriert als Codeausführung in Windows.

https://www.golem.de/news/whatsapp-und-signal-zerodium-bietet-500-000-us-dollar-fuer-messenger-exploits-1708-129664-rss.html ∗∗∗ Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root ∗∗∗ An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

http://threatpost.com/deprecated-insecure-apple-authorization-api-can-be-abused-to-run-code-at-root/127618/ ∗∗∗ Decrypting NotPetya/Petya: Tools for Recovering Your MFT After an Attack ∗∗∗ In this blog post, we are making our findings, and tools, for decrypting NotPetya/Petya available to the general public. With the aid of the supplied tools, almost all of the Master File Table (MFT) can be successfully recovered within minutes.

https://www.crowdstrike.com/blog/decrypting-notpetya-tools-for-recovering-your-mft-after-an-attack/ ∗∗∗ Im giving up on HPKP ∗∗∗ HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. Whilst HPKP can offer a lot of protection, it can also cause a lot of harm too.

https://scotthelme.co.uk/im-giving-up-on-hpkp/ ∗∗∗ Crystal Finance Millennium used to spread malware ∗∗∗ [...] it was revealed the Crystal Finance Millennium website was indeed hacked, and serving three different flavors of malware. In this short blog post, well take a look at the malware variants that were distributed, and provide minimal background.

https://bartblaze.blogspot.de/2017/08/crystal-finance-millennium-used-to.html ∗∗∗ Malware über Facebook-Messenger im Umlauf, greift Windows und macOS an ∗∗∗ Sicherheitsforscher warnen aktuell vor einer Masche, mit der Facebook-Nutzer dazu verleitet werden sollen, trojanisierte Fake-Software zu installieren.

https://heise.de/-3811842 ∗∗∗ Kritische Sicherheitslücke in HPE iLo: "So schnell wie möglich handeln" ∗∗∗ Die Management-Software Integrated Lights-out 4 (iLO 4) von HP-Proliant-Servern enthält eine Sicherheitslücke, über die Angreifer aus der Ferne Schadcode ausführen können, ohne sich anmelden zu müssen.



∗∗∗ Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability ∗∗∗ A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials.The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms ∗∗∗ DFN-CERT-2017-1497/">Cacti: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1497/ ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects Sametime Community (CVE-2016-2183) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22006212 ∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used by Windows and z/OS Security Identity Adapters ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22007428 ∗∗∗ IBM Security Bulletin: Various Security vulnerabilities in IBM Sametime Media Server (CVE-2016-2970, CVE-2016-0729, CVE-2016-4449) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22006233 ∗∗∗ HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities ∗∗∗
