Tageszusammenfassung - 12.03.2018

End-of-Day report

Timeframe: Freitag 09-03-2018 18:00 − Montag 12-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter

News

∗∗∗ Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files ∗∗∗ A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victims files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted files name.

https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-gnupg-to-encrypt-a-victims-files/ ∗∗∗ Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers ∗∗∗ Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer).

https://www.bleepingcomputer.com/news/security/coinminer-campaigns-target-redis-apache-solr-and-windows-servers/ ∗∗∗ SmartCam: Kritische Sicherheitslücken in Cloud-Anbindung von Samsung-IP-Kameras ∗∗∗ Lücken in der IP-Kamera SNH-V6410PN/PNW ermöglichen es, das Linux darauf zu kapern. Da die Sicherheitslücke in der Cloud-Anbindung liegt, sind wahrscheinlich weitere SmartCam-Modelle betroffen. Der Cloud-Dienst verwaltet die Kameras per Jabber-Server.

https://www.heise.de/security/meldung/SmartCam-Kritische-Sicherheitsluecken-in-Cloud-Anbindung-von-Samsung-IP-Kameras-3990242.html ∗∗∗ TLS 1.3 and Proxies ∗∗∗ I'll generally ignore the internet froth in a given week as much as possible, but when Her Majesty's Government starts repeating misunderstandings about TLS 1.3 it is necessary to write something, if only to have a pointer ready for when people start citing it as evidence.

http://www.imperialviolet.org/2018/03/10/tls13.html

Vulnerabilities

∗∗∗ Multiple Critical Vulnerabilities in SecurEnvoy SecurMail ∗∗∗ Several vulnerabilities in the SecurEnvoy SecurMail encrypted mail transfer solution allow an attacker to read other users' encrypted e-mails and overwrite or delete e-mails stored in other users' inboxes.

https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html ∗∗∗ Security updates for Monday ∗∗∗ Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, libreoffice, php, quagga, and ruby), Debian (ming, util-linux, vips, and zsh), Fedora (community-mysql, php, ruby, and transmission), Gentoo (newsbeuter), Mageia (libraw and mbedtls), openSUSE (php7 and python-Django), Red Hat (MRG Realtime 2.5), and SUSE (kernel).

https://lwn.net/Articles/749087/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1444) ∗∗∗

https://www-01.ibm.com/support/docview.wss?uid=swg22014392 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects MegaRAID Storage Manager (CVE-2016-7055) ∗∗∗

https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099769 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009613 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22013943 ∗∗∗ IBM Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1681) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22013339 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22013818 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability. ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22013557 ∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011110 ∗∗∗ IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22012171