Tageszusammenfassung - 07.09.2017

End-of-Day report

Timeframe: Mittwoch 06-09-2017 18:00 − Donnerstag 07-09-2017 18:00 Handler: Stefan Lenzhofer Co-Handler: n/a

News

∗∗∗ BlackBerry powered by Android Security Bulletin – September 2017 ∗∗∗

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045672 ∗∗∗ Ransomware: What you need to know now | Salted Hash Ep 1, Pt 4 ∗∗∗ Reporters Fahmida Rashid and Steve Ragan talk about the latest ransomware threats, the holes in IT security and the burdens on enterprises.

https://www.csoonline.com/video/81516/ransomware-what-you-need-to-know-now-salted-hash-ep-1-pt-4#tk.rss_applicationsecurity ∗∗∗ Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim ∗∗∗ Researchers say a 18-year-old programming error by Microsoft is creating a kernel bug that can be abused by an attacker.

http://threatpost.com/microsoft-programming-error-is-behind-dangerous-kernel-bug-researchers-claim/127858/ ∗∗∗ Interesting List of Windows Processes Killed by Malicious Software ∗∗∗ Just a quick blog post about an interesting sample that I found today. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity[The post Interesting List of Windows Processes Killed by Malicious Software has been first published on /dev/random]

https://blog.rootshell.be/2017/09/06/interesting-list-windows-processes-killed-malicious-software/ ∗∗∗ Apache Struts “serialisation” vulnerability – what you need to know ∗∗∗ A bug in Apache Struts, a popular software toolkit for building web services, could let crooks take control of your server.

https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisation-vulnerability-what-you-need-to-know ∗∗∗ Hackers Are Distributing Backdoored Cobian RAT Hacking tool For Free ∗∗∗ Nothing is free in this world. If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax. Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack.

https://thehackernews.com/2017/09/backdoored-hacking-tools.html ∗∗∗ Expired domain names and malvertising - Malwarebytes Labs ∗∗∗

https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/ ∗∗∗ Gefälschte Microsoft-Warnung führt zu Datendiebstahl ∗∗∗ Kriminelle fälschen einen Microsoft-Warnhinweis. Darin behaupten sie, dass fremde Computer mit Schadsoftware befallen seien. Vermeintliche Opfer sollen sich deshalb an eine Kundenhotline wenden. In Wahrheit gelangen sie an Verbrecher/innen, die Zugang zum Computer fordern, Dateien kopieren und Zahlungsdaten stehlen.

https://www.watchlist-internet.at/sonstiges/gefaelschte-microsoft-warnung-fuehrt-zu-datendiebstahl/

Advisories

∗∗∗ DFN-CERT-2017-1567/">IBM Notes: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1567/ ∗∗∗ DFN-CERT-2017-1571/">Cisco ASR 5500 Series Routers: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1571/ ∗∗∗ DFN-CERT-2017-1574/">Cisco Prime Collaboration Provisioning Tool: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Manipulation beliebiger Systemdateien ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1574/ ∗∗∗ DFN-CERT-2017-1578/">Cisco ASR 920 Series Router: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und die Manipulation von Dateien ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1578/ ∗∗∗ DFN-CERT-2017-1579/">Cisco IOS, Cisco IOS XE: Zwei Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1579/ ∗∗∗ DFN-CERT-2017-1580/">Cisco IR800 Integrated Services Router: Eine Schwachstelle ermöglicht die komplette Kompromittierung des Systems ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1580/ ∗∗∗ Cisco Prime LAN Management Solution Token ID Reuse Lets Remote Authenticated Users Hijack the Target Users Session ∗∗∗

http://www.securitytracker.com/id/1039285 ∗∗∗ Cisco Catalyst 4000 Series Switch Dynamic ACL Bug Lets Remote Users Bypass Port Access Controls on the Target System ∗∗∗

http://www.securitytracker.com/id/1039284 ∗∗∗ TYPO3 API Bug Lets Remote Users Obtain Potentially Sensitive Version Information on the Target System ∗∗∗

http://www.securitytracker.com/id/1039294 ∗∗∗ TYPO3 File Storage Access Control Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information ∗∗∗

http://www.securitytracker.com/id/1039293 ∗∗∗ TYPO3 Input Validation Flaw in Backend Forms Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗

http://www.securitytracker.com/id/1039292