End-of-Day report
Timeframe: Dienstag 05-06-2018 18:00 - Mittwoch 06-06-2018 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
News
Sofacy Group-s Parallel Attacks
Unit 42-s continued look at the Sofacy Group-s activity reveals the persistent targeting of government, diplomatic and other strategic organizations across North America and Europe.The post Sofacy Group-s Parallel Attacks appeared first on Palo Alto Networks Blog.
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
Converting PCAP Web Traffic to Apache Log
PCAP data can be really useful when you must investigate an incident but when the amount of PCAP files to analyse is counted in gigabytes, it may quickly become tricky to handle. Often, the first protocol to be analysed is HTTP because it remains a classic infection or communication vector used by malware. What if you could analyze HTTP connections like an Apache access log? This kind of log can be easily indexed/processed by many tools.
https://isc.sans.edu/diary/rss/23739
Researchers warn widespread Google Group misconfigurations are exposing sensitive data
A survey of 2.5 million domains looked for configurations publicly exposed, found 9,637 exposed organizations, then used a random sample of 171 public organizations to determine nearly 3,000 domains were leaking sensitive data.
https://www.scmagazine.com/researchers-find-widespread-google-group-misconfigurations-exposing-sensitive-data/article/771144/
VPNFilter Update - VPNFilter exploits endpoints, targets new devices
Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints.
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Schwachstelle Zip Slip: Beim Entpacken ist Schadcode inklusive
Viele Coding-Bibliotheken sind beim Entpacken von Archiven angreifbar. Ist eine Attacke erfolgreich, könnte Schadcode auf Computer gelangen.
http://heise.de/-4070792
Warnung vor anenberg.store
Auf anenberg.store finden Konsument/innen Grafikkarten und Krypto-Miner. Wir raten von einem Einkauf bei dem Anbieter ab, denn er zeigt Auffälligkeiten. Internet-Nutzer/innen warnen vor einer Bestellung, die Preise sind teilweise sehr niedrig und die Bezahlung der Ware ist nur im Voraus möglich.
https://www.watchlist-internet.at/news/warnung-vor-anenbergstore/
Markenfälscher-Alarm auf backpacks.at!
Auf backpacks.at finden KonsumentInnen Schuhe und Taschen von Marken wie Michael Kors, Tamaris, Buffalo oder Ralph Lauren. Die Preise sind extrem niedrig und sollen zu einem schnellen Kauf verlocken. Die .at-Domain lässt zwar ein österreichisches Unternehmen vermuten, doch eigentlich wird der Shop aus Asien betrieben, gelieferte Ware entspricht nicht der Bestellten und ein Widerruf ist aussichtslos.
https://www.watchlist-internet.at/news/markenfaelscher-alarm-auf-backpacksat/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by Arch Linux (git), Fedora (php-symfony, php-symfony4, and thunderbird-enigmail), Mageia (glpi and libreoffice), openSUSE (dpdk-thunderxdpdk, git, and ocaml), SUSE (glibc, libvorbis, and zziplib), and Ubuntu (elfutils, git, and procps).
https://lwn.net/Articles/756761/
Philips IntelliVue Patient and Avalon Fetal Monitors
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
ABB IP Gateway
https://ics-cert.us-cert.gov/advisories/ICSA-18-156-01
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru
http://www-01.ibm.com/support/docview.wss?uid=swg22016280
IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-2602)
http://www.ibm.com/support/docview.wss?uid=swg22016679
IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect (Tivoli Storage Manager) Windows and Macintosh Client (CVE-2018-2603, CVE-2018-2633)
http://www.ibm.com/support/docview.wss?uid=swg22016042
IBM Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Spectrum Protect Plus (CVE-2016-1000031)
http://www.ibm.com/support/docview.wss?uid=swg22016826
IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability ( CVE-2017-3736)
http://www-01.ibm.com/support/docview.wss?uid=swg22016116