[CERT-daily] Tageszusammenfassung - Mittwoch 16-12-2015

Wed Dec 16 18:15:53 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 15-12-2015 18:00 − Mittwoch 16-12-2015 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl


*** IBM Security Bulletin ***
---------------------------------------------
*** Multiple vulnerabilities in IBM Java SDK affect IBM Rational Connector for SAP Solution Manager ***
http://www.ibm.com/support/docview.wss?uid=swg21967447
---------------------------------------------
*** IBM Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager ***
http://www.ibm.com/support/docview.wss?uid=swg21972884
---------------------------------------------
*** IBM Security Bulletin: Openstack Cinder and Horizon vulnerabilities affect IBM Cloud Manager with OpenStack ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023146
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal attack. ***
http://www.ibm.com/support/docview.wss?uid=swg21967647
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg21972660
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Stored cross-site scripting. ***
http://www.ibm.com/support/docview.wss?uid=swg21973175
---------------------------------------------


*** FireEye Exploitation: Project Zero's Vulnerability of the Beast ***
---------------------------------------------
FireEye sell security appliances to enterprise and government customers. FireEye's flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet.To give a ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html


*** Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos ***
---------------------------------------------
And now for something completely different.">Python">Subtitle: Captain Obvious Applies Chaos Theory Introduction This diary breaks a bit from our expected norms todiscussmanaging possible outcomes originating froma data breach ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20495


*** Security Advisory: Multiple MySQL vulnerabilities ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59010802.html?ref


*** VB2015 video: Making a dent in Russian mobile banking phishing ***
---------------------------------------------
Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks.In the last few years, mobile malware has evolved from a mostly theoretical threat to a very serious one that affects many users. Indeed, several talks at VB2015 dealt with various aspects of mobile ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/12_16.xml


*** Adcon Telemetry A840 Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in Adcon Telemetry's A840 Telemetry Gateway Base Station.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01


*** Advantech EKI Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-344-01 Advantech EKI Vulnerabilities that was published December 10, 2015, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01


*** Sicherheitspaket UTM von Sophos löchrig ***
---------------------------------------------
Das Unified-Threat-Management-Paket von Sophos ist bedroht und einem Sicherheitsforscher zufolge können Angreifer etwa die Firewall deaktivieren. Die Lücken sollen bereits gefixt sein; Patches sind aber noch nicht verfügbar.
---------------------------------------------
http://heise.de/-3044717


*** DFN-CERT-2015-1937/">ISC BIND9: Zwei Schwachstellen ermöglichen einen Denial-of-Service-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1937/


*** Driving an industry towards secure code ***
---------------------------------------------
The German government made an unprecedented move this week by issuing requirements for all new vehicles' software to be made accessible to country regulators to ensure that emissions loopholes aren't ...
---------------------------------------------
http://www.net-security.org/article.php?id=2431


*** Playing With Sandboxes Like a Boss ***
---------------------------------------------
Last week, Guy wrote a nice diary to explain how to easily deploy IRMA to analyze suspicious files. Having a good tool to work on files locally is always interesting for multiple reasons. You are doing some independent research, you ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20501


*** Attacking WPA2 Enterprise ***
---------------------------------------------
The widespread use of mobile and portable devices in the enterprise environment requires a proper implementation of the wireless network infrastructure to provide them connectivity and ensure the business functionality. WPA-Enterprise is ..
---------------------------------------------
http://resources.infosecinstitute.com/attacking-wpa2-enterprise/


*** Open Source Network Security Tools for Newbies ***
---------------------------------------------
With so many open source tools available to help with network security, it can be tricky to figure out where to start, especially if you are an IT generalist who has been tasked with security. We all have to start somewhere. The question is, where? The sheer number of open source tools available can make ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/open-source-network-security-tools-for-newbies


*** [HTB23282]: RCE in Zen Cart via Arbitrary File Inclusion ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote ..
---------------------------------------------
https://www.htbridge.com/advisory/HTB23282


*** Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps ***
---------------------------------------------
CloudSek was monitoring an underground hacking team, that was selling a Desktop malware in various underground forums. The desktop malware is specifically designed for jumping air-gapped systems , and given the type of documents the attackers are seeking , it was collecting classified data from software companies and government organisations.
---------------------------------------------
https://www.cloudsek.com/announcements/blog/apt-malware-masquerade-as-christmas-apps-and-santa-claus/