[CERT-daily] Tageszusammenfassung - Freitag 8-04-2016

Fri Apr 8 18:57:58 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 07-04-2016 18:00 − Freitag 08-04-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Schweizer News-Site verbreitet Schadcode: Behörden und Firmen reagieren ***
---------------------------------------------
Weil darüber offenbar gehäuft Schadcode verbreitet wird, haben nun die Schweizer Bundesverwaltung und mehrere große Unternehmen des Landes den Zugang ihrer Mitarbeiter zu einer der größten News-Sites des Landes gesperrt.
---------------------------------------------
http://heise.de/-3165287


*** Security Features Nobody Implements, (Thu, Apr 7th) ***
---------------------------------------------
Nobody may be wording it a bit strong. But adoption of these security features is certainly not taking off. If you can think of any features I forgot, then please comment: DNSSEC That is probably my favorite issue. DNSSEC fixes on of the most important protocols. Without it, spoofing is always possible, and in some cases not even terribly hard. I think there are a number of reasons it is not implemented:  If you implement it, there is a good chance that you make your domain non-reachable if you...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20921&rss


*** Open-source vulnerabilities database shuts down ***
---------------------------------------------
An open-source project dedicated to cataloguing a huge range of computer security flaws has closed its doors as of Tuesday, according to an announcement on the Open-Source Vulnerability Database's blog.The OSVDB, which was founded in 2002, was meant to be an independent repository for security information, allowing researchers to compare notes without oversight from large corporate software companies.One of its founders was HD Moore, a well-known hacker and security researcher, best known...
---------------------------------------------
http://www.cio.com/article/3053695/open-source-tools/open-source-vulnerabilities-database-shuts-down.html#tk.rss_security


*** SBA Research @ Cyber-Physical Systems Week 2016 ***
---------------------------------------------
We will participate in the events of CPS Week 2016 (Vienna, Austria, April 11-14, 2016). On Monday (April 11), Johanna Ullrich presents our work on "The Quest for Privacy in the Consumer Internet of Things" at the International Workshop on Consumers and the Internet of Things (ConsIoT 2016). A live webcast by the IoEtv will...
---------------------------------------------
https://www.sba-research.org/2016/04/08/sba-research-cyber-physical-systems-week-2016/


*** Adobe fixes CVE-2016-1019 Zero-Day exploited to serve ransomware ***
---------------------------------------------
Cyber criminals are exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier disclosed by Adobe. Cyber criminals are already exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier (CVE-2016-1019) disclosed by Adobe this week. Researchers at security firm Proofpoint confirmed that cyber gangs are exploiting it to distribute a ransomware dubbed Cerber.
---------------------------------------------
http://securityaffairs.co/wordpress/46107/malware/adobe-fixes-cve-2016-1019.html


*** Breaking Semantic Image CAPTCHAs ***
---------------------------------------------
Interesting research: Suphannee Sivakorn, Iasonas Polakis and Angelos D. Keromytis, "I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs": Abstract: Since their inception, captchas have been widely used for preventing fraudsters from performing illicit actions. Nevertheless, economic incentives have resulted in an armsrace, where fraudsters develop automated solvers and, in turn, captcha services tweak their design to break the...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/04/breaking_semant.html


*** Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access ***
---------------------------------------------
The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicles OBD-II port and provides information about the vehicles performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands to the vehicles CAN bus.
---------------------------------------------
https://www.kb.cert.org/vuls/id/615456


*** DSA-3545 cgit - security update ***
---------------------------------------------
Several vulnerabilities were discovered in cgit, a fast web frontend forgit repositories written in C. A remote attacker can take advantage ofthese flaws to perform cross-site scripting, header injection or denialof service attacks.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3545


*** DSA-3544 python-django - security update ***
---------------------------------------------
Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common Vulnerabilities and Exposuresproject identifies the following problems:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3544


*** Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic


*** Symantec ITMS Inventory Solution Application Denial Functionality Bypass ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160407_00


*** Security Updates Available for Adobe Flash Player (APSB16-10) ***
---------------------------------------------
A Security Bulletin (APSB16-10) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. Adobe...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1334


*** SSA-751155 (Last Update 2016-04-08): Denial-of-Service Vulnerability in SCALANCE S613 ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-751155.pdf


*** SSA-623229 (Last Update 2016-04-08): DROWN Vulnerability in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf


*** SSA-301706 (Last Update 2016-04-08): GNU C Library Vulnerability in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf


*** IBM Security Bulletins ***
---------------------------------------------
*** Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Chassis Management Module (CMM) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099307
---------------------------------------------
*** Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Chassis Management Module (CVE-2016-0777, CVE-2016-0778) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099309
---------------------------------------------
*** Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260
---------------------------------------------
*** Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management ***
http://www.ibm.com/support/docview.wss?uid=swg21980207
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-1283) ***
http://www.ibm.com/support/docview.wss?uid=swg21977266&myns=swgother&mynp=OCSSDF7K&mync=E&cm_sp=swgother-_-OCSSDF7K-_-E
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-3183) ***
http://www.ibm.com/support/docview.wss?uid=swg21977267&myns=swgother&mynp=OCSSDF7K&mync=E&cm_sp=swgother-_-OCSSDF7K-_-E
---------------------------------------------