End-of-Day report
Timeframe: Mittwoch 06-06-2018 18:00 - Donnerstag 07-06-2018 18:00
Handler: Olaf Schwarz
Co-Handler: n/a
News
Prowli Malware Targeting Servers, Routers, and IoT Devices
After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli, the campaign has been spreading malware and injecting malicious code ...
https://thehackernews.com/2018/06/prowli-malware-botnet.html
Crappy IoT on the high seas: Holes punched in hull of maritime security
Researchers: We can nudge ships off course Infosec Europe Years-old security issues mostly stamped out in enterprise technology remain in maritime environments, leaving ships vulnerable to hacking, tracking, and worse.
https://www.theregister.co.uk/2018/06/06/infosec_europe_maritime_security/
Cyber Europe 2018 - Get prepared for the next cyber crisis
EU Cybersecurity Agency ENISA organised an international cybersecurity exercise
https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2018-get-prepared-for-the-next-cyber-crisis
Retefe check
Check if your computer is infected with the Retefe banking trojan.
http://retefe-check.ch/
A Totally Tubular Treatise on TRITON and TriStation
Introduction In December 2017, FireEyes Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For both INDUSTROYER and TRITON, the attackers moved from the IT network to the OT (operational technology) network through systems that were accessible to both environments.
http://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-triton-and-tristation.html
Sicherheitsupdates: Kritische Lücken in Cisco IOS und Prime
In verschiedenen Netzwerkgeräten und -Software von Cisco klaffen teils kritische Lücken. Betroffene Admins sollten die verfügbaren Patches zügig installieren.
http://heise.de/-4072861
Vulnerabilities
"Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar
"Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar 7. Juni 2018 Beschreibung Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2018-5002 Adobe hat ein entsprechendes Update veröffentlicht, die Details befinden sich unter
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html.
http://www.cert.at/warnings/all/20180607.html
Security updates for Thursday
Security updates have been issued by Debian (memcached), Fedora (java-1.8.0-openjdk-aarch32, sqlite, and xen), Mageia (corosync, gimp, qtpass, and SDL_image), openSUSE (zziplib), Slackware (mozilla), SUSE (git and libvorbis), and Ubuntu (liblouis).
https://lwn.net/Articles/756853/
IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633, CVE-2018-2783)
http://www.ibm.com/support/docview.wss?uid=swg22016041
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V
http://www.ibm.com/support/docview.wss?uid=swg22016028
IBM Security Bulletin: Multiple vulnerabilities have been fixed in IBM Security Identity Manager
http://www.ibm.com/support/docview.wss?uid=swg22013617
IBM Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V
http://www.ibm.com/support/docview.wss?uid=swg22015304