[CERT-daily] Tageszusammenfassung - Donnerstag 7-04-2016

Thu Apr 7 18:37:15 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 06-04-2016 18:00 − Donnerstag 07-04-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Trojaner infiziert 3,2 Millionen Android-Geräte ***
---------------------------------------------
Über 100 Apps im offiziellen Google Play Store wurden mit einem Trojaner ausgeliefert. Millionen Android-User sind laut Sicherheitsforschern betroffen.
---------------------------------------------
http://futurezone.at/digital-life/trojaner-im-google-play-store-infiziert-3-2-millionen-android-geraete/191.279.960


*** Phishing Email That Knows Your Address ***
---------------------------------------------
An anonymous reader writes: BBC is reporting about a new type of phishing email that includes the recipients home address. The publication, citing sources, claims that thousands of people have already received such malicious emails. Clicking on the email apparently installs malware such as Cryptlocker ransomware on the recipients computing device. From the report, "Members of the BBC Radio 4s You and Yours team were among those who received the scam emails, claiming they owed hundreds of
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7bIiICdWlco/phishing-email-that-knows-your-address


*** Cisco warns of critical risks from web bugs and insecure SSH keys ***
---------------------------------------------
Fresh round of network security patches served Cisco has released a fresh crop of security advisories, including warnings for critical flaws in the UCS, Prime Infrastructure and Evolved Programmable Network Manager (EPNM) that would allow an attacker to gain root access over its products.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/06/cisco_warns_critical_flaws_three_products/


*** IETF-Tagung: Neue Vorschläge zum Sichern des Mailtransports ***
---------------------------------------------
Mailserver hinken sicherheitsmäßig immer noch hinter Webservern her, wie ein TLS-Check der IHK Stuttgart jüngst verdeutlichte. Mailprovider haben sich nun zusammengetan, um bei der IETF mit "Strict Transport Security" voranzukommen.
---------------------------------------------
http://heise.de/-3163818


*** Boffins boost IETF crypto efforts ***
---------------------------------------------
Nice elliptic curves, now show us your hardware so we can do this to TLS A pair of German engineers want to give a push to the adoption of new crypto in the IETF by pushing the curves in RFC 7748 into hardware.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/07/boffins_boost_ietf_crypto_efforts/


*** Remote code execution found and fixed in Apache OpenMeetings ***
---------------------------------------------
Password token snatch might explain that unexpected weirdo in your next online meeting Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/07/apache_openmeetings_remote_code_exec/


*** Panama Papers: Die katastrophale IT-Sicherheitspraxis von Mossack Fonseca ***
---------------------------------------------
Der Panama-Leaks-Firma Mossack Fonseca ist offenbar nicht nur das Steuerrecht herzlich egal - sondern auch die IT-Security. Kein TLS, Drown und uralte Versionen von Drupal und Outlook Web Access machen es Angreifern leicht.
---------------------------------------------
http://www.golem.de/news/panama-papers-die-katastrophale-it-sicherheitspraxis-von-mossack-fonseca-1604-120194-rss.html


*** Bypassing Phone Security through Social Engineering ***
---------------------------------------------
This works: Khan was arrested in mid-July 2015. Undercover police officers posing as company managers arrived at his workplace and asked to check his driver and work records, according to the source. When they disputed where he was on a particular day, he got out his iPhone and showed them the record of his work. The undercover officers asked to...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/04/bypassing_phone.html


*** Complete Tour of PE and ELF: Section Headers ***
---------------------------------------------
In the previous part, we have discussed the ELF and Program Header. In this article, we will cover the remaining part i.e. section headers. We will also see what effect packers have on binaries headers. Below is the structure of Section Header Sh_name: Remember in ELF Header we talked about string table. sh_name is an...
---------------------------------------------
http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-5/


*** Kärntner Unternehmen wurde Opfer eines Verschlüsselungs-Trojaners ***
---------------------------------------------
Produktionsmaschine fiel in der Folge für einen Tag aus
---------------------------------------------
http://derstandard.at/2000034398697


*** EUROCRYPT 2016 - supported by SBA Research ***
---------------------------------------------
May 08, 2016 - May 12, 2016 - All Day Aula der Wissenschaften Wollzeile 27A Vienna
---------------------------------------------
https://www.sba-research.org/events/eurocrypt-2016-supported-by-sba-research/


*** ECRYPT-CSA Workshop on Cryptographic protocols for small devices - supported by SBA Research ***
---------------------------------------------
May 13, 2016 - All Day TU Wien Karlsplatz 13 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/ecrypt-csa-workshop-on-cryptographic-protocols-for-small-devices/


*** UPDATED: Security Advisory posted for Adobe Flash Player (APSA16-01) ***
---------------------------------------------
A Security Advisory (APSA16-01) has been published regarding a critical vulnerability (CVE-2016-1019) in Adobe Flash Player. UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running *Windows 10 and earlier* with Flash Player...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1330


*** Juniper Networks Completes ScreenOS Update ***
---------------------------------------------
As we committed to in our January 8, 2016 blog, we have replaced the cryptographic algorithm in the latest release of ScreenOS 6.3.
---------------------------------------------
https://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-Completes-ScreenOS-Update/ba-p/290368


*** Bugtraq: CVE-2016-3672 - Unlimiting the stack not longer disables ASLR ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537996


*** DFN-CERT-2016-0567: McAfee Email Gateway: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0567/


*** Panda Security URL Filtering Privilege Escalation ***
---------------------------------------------
Topic: Panda Security URL Filtering Privilege Escalation Risk: Medium Text:* CVE: CVE-2015-7378 * Vendor: Panda Security * Reported by: Kyriakos Economou * Date of Release: 05/04/2016 * Affected Pro...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016040048


*** Panda Endpoint Administration Agent Privilege Escalation ***
---------------------------------------------
Topic: Panda Endpoint Administration Agent Privilege Escalation Risk: Medium Text:* CVE: CVE-2016-3943 * Vendor: Panda Security * Reported by: Kyriakos Economou * Date of Release: 05/04/2016 * Affected Pro...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016040047


*** Security Advisory: Java vulnerabilities CVE-2016-0466 and CVE-2016-0483 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50118123.html?ref=rss


*** HP Security Bulletins ***
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information ***
http://www.securityfocus.com/archive/1/538003
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) ***
http://www.securityfocus.com/archive/1/538005
---------------------------------------------
*** HPE Universal Configuration Management Database Unspecified Flaw Lets Remote Users Obtain Information and Perform Redirect Attacks ***
http://www.securitytracker.com/id/1035505
---------------------------------------------
*** HPSBNS03571 rev.1 - HPE NonStop Virtual TapeServer (VTS), Remote Arbitrary Code Execution, Denial of Service (DoS), Unauthorized Information Disclosure ***
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05073516
---------------------------------------------
*** HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection ***
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05073504
---------------------------------------------


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
---------------------------------------------
*** Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode
---------------------------------------------
*** Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts
---------------------------------------------
*** Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2
---------------------------------------------
*** Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1
---------------------------------------------
*** Cisco UCS Invicta Default SSH Key Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Pure Power Integration Manager (PPIM) (CVE-2016-0777, CVE-2016-0778) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023271
---------------------------------------------
*** IBM Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability may affect DS8000 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005735
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21980641
---------------------------------------------
*** IBM Security Bulletin:A vulnerability in IBM Java SDK affects IBM Image Construction and Composition Tool. (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21980640
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21980638
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass-Thru (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21979712
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM PureApplication System. (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21980639
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2015-4872 CVE-2015-4840 CVE-2015-4903 ) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023588
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by Privilege Escalation security vulnerabilities (CVE-2015-7424) ***
http://www.ibm.com/support/docview.wss?uid=swg21971542
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Business Process Manager, and bundled products shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000112
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Cross Site Scripting Vulnerability (CVE-2016-0344) ***
http://www.ibm.com/support/docview.wss?uid=swg21980234
---------------------------------------------