[CERT-daily] Tageszusammenfassung - Mittwoch 13-04-2016

Wed Apr 13 18:06:16 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 12-04-2016 18:00 − Mittwoch 13-04-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner


*** [R1] Nessus < 6.6 Fixes Two Vulnerabilities ***
---------------------------------------------
Tenable recently worked with Synacktiv to perform security testing for Nessus, as part of an ongoing initiative to proactively address security issues. During the test, their team found two issues that may impact a Nessus vulnerability scanner. Both issues require user authentication to exploit:
    CVE-2016-82012 - Stored XSS
    CVE-2016-82013 - XML External Entity (XXE) Expansion DoS
---------------------------------------------
http://www.tenable.com/security/tns-2016-08


*** UPDATE: Security Updates Available for Adobe Flash Player (APSB16-10) ***
---------------------------------------------
A Security Bulletin (APSB16-10) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. 
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1334


*** Security Bulletins Posted ***
---------------------------------------------
Security Bulletins for the Adobe Creative Cloud Desktop Application (APSB16-11) as well as RoboHelp Server (APSB16-12) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. 
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1336


*** MS16-APR - Microsoft Security Bulletin Summary for April 2016 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-APR


*** ZeuS Banking Trojan Resurfaces As Atmos Variant ***
---------------------------------------------
Atmos banking malware has perilous pedigree that includes Citadel and ZeuS.
---------------------------------------------
http://threatpost.com/zeus-banking-trojan-resurfaces-as-atmos-variant/117344/


*** Website Ransomware - CTB-Locker Goes Blockchain ***
---------------------------------------------
During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second most prominent wave of malware that makes money by directly selling 'malware removal' services to users of infected computers.
---------------------------------------------
https://blog.sucuri.net/2016/04/website-ransomware-ctb-locker-goes-blockchain.html


*** Badlock Vulnerability Falls Flat Against Its Hype ***
---------------------------------------------
The much anticipated Badlock vulnerability wasn't in the SMB protocol after all, but in SAM and LSAD and exposed Windows machines to privilege escalation.
---------------------------------------------
http://threatpost.com/badlock-vulnerability-falls-flat-against-its-hype/117349/


*** Cisco Unity Connection Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity


*** MSRT April release features Bedep detection ***
---------------------------------------------
As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep, Trojan family Win32/Upatre, Trojan family Ransom:MSIL/Samas [...] In this blog, we'll focus on the Bedep family of trojans. 
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/04/12/msrt-april-release-features-bedep-detection/


*** S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8442


*** Patchday: Microsoft stopft 13 Lücken, Adobe lässt es ruhig angehen ***
---------------------------------------------
Microsoft stellt Sicherheitspatches für sechs als kritisch und sieben als wichtig eingestufte Schwachstellen in Windows & Co. bereit. Adobe flickt diesen Monat lediglich jeweils eine kritische und wichtige Lücke.
---------------------------------------------
http://heise.de/-3171881


*** Badlock ***
---------------------------------------------
Gestern abend haben Microsoft und das Samba-Projekt Patches zum lange angekündigten (und mancherorts medial auch gut aufgebauschten) sog. "Badlock"-Bug (CVE-2016-0128) veröffentlicht [...] Inhaltlich ist das nicht wirklich tragisch - ein "Man-in-the-middle" könnte eine SMB-Verbindung übernehmen. Da SMB-Verbindungen normalerweise nur in lokalen Netzen oder via VPN aufgebaut werden, hält sich der Impact in Grenzen.
---------------------------------------------
http://www.cert.at/services/blog/20160413110435-1730.html


*** Siemens Industrial Products glibc Library Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a buffer overflow vulnerability in the glibc library affecting several of the Siemens industrial products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01


*** Siemens SCALANCE S613 Denial-of-Service Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a resource exhaustion vulnerability that causes a denial-of-service condition in the Siemens SCALANCE S613 device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-02


*** Siemens Industrial Products DROWN Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a DROWN attack that can affect some Siemens industrial products under certain conditions.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03


*** Honeywell Uniformance PHD Denial Of Service ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on March 10, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for a denial-of-service vulnerability in the Uniformance Process History Database (PHD).
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-070-02


*** Broken IBM Java Patch Prompts Another Disclosure ***
---------------------------------------------
Current versions of IBM SDK 7 and SDK 8 remain vulnerable to a 2013 Java vulnerability. Security Explorations discovered the original patch is broken and disclosed details on the flaw and a proof-of-concept exploit.
---------------------------------------------
http://threatpost.com/broken-ibm-java-patch-prompts-another-disclosure/117369/


*** DFN-CERT-2016-0601/">NVIDIA GPU-Treiber: Mehrere Schwachstellen ermöglichen u.a. Privilegieneskalation ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0601/