[CERT-daily] Tageszusammenfassung - Mittwoch 20-04-2016

Wed Apr 20 18:18:35 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 19-04-2016 18:00 − Mittwoch 20-04-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Oracle critical updates released, (Wed, Apr 20th) ***
---------------------------------------------
Oracle has released their critical updates list. Looking through it there is a very wide range of products, including java that require a fix. Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay. There are quite a few remotely exploitable, no auth required issues that are addressed by these patches. You may want to peruse the list to see if some of your products are affected.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20965&rss


*** Java: Neue JDK-Versionen bringen strengere Sicherheitsvorgaben ***
---------------------------------------------
Die Updates JDK 8u91 und 8u92 adressieren erneut vor allem das Thema Security: Unter anderem gilt der MD5-Algorithmus nun als unsicher, und die JVM bekommt Einstellungen zur Behandlung von Speicherüberlauffehlern.
---------------------------------------------
http://heise.de/-3178164


*** Hacking and manipulating traffic sensors ***
---------------------------------------------
With the advent of the Internet of Things, we're lucky to have researchers looking into these devices and pointing out the need for securing them better. One of these researchers is Kaspersky Lab's Denis Legezo, who took it upon himself to map the traffic sensors in Moscow and see whether they could be tampered with. The answer to that question is yes, they can be manipulated, and consequently lead to poor traffic management and annoyance...
---------------------------------------------
https://www.helpnetsecurity.com/2016/04/20/hacking-manipulating-traffic-sensors/


*** PoS Malware Steals Credit Card Numbers via DNS Requests ***
---------------------------------------------
A new version of the NewPosThings PoS malware is using a clever technique to extract data from infected PoS terminals that almost no security solution monitors for malware activity.
---------------------------------------------
http://news.softpedia.com/news/pos-malware-steals-credit-card-numbers-via-dns-requests-503180.shtml


*** Using a Braun Shaver to Bypass XSS Audit and WAF ***
---------------------------------------------
TL;DR: Sometimes you just need to spend a couple of months to exploit a XSS with a hygiene product.
---------------------------------------------
https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify


*** Encryption everywhere? ***
---------------------------------------------
This article discusses opportunistic encryption (OE), ways to set up systems so that they will automatically encrypt whenever they can rather than just whenever the user requests it. Many types of encryption require a choice by the user - encrypt with PGP rather than sending email in the clear, log into a remote system with...
---------------------------------------------
http://resources.infosecinstitute.com/encryption-everywhere/


*** Towards Generic Ransomware Detection ***
---------------------------------------------
Im not claiming these ideas are novel, nor unbeatable. My goal is simply to raise awareness about alternate means to help stymie the ransomware epidemic. Plus, attempting to write a tool that could generically protect my computer against OS X ransomware, seemed like a fun challenge! Finally, both this research and tool are version 1.0, meaning, likely room for improvement - so feedback is welcome :)
---------------------------------------------
https://objective-see.com/blog/blog_0x0F.html


*** DRAM bitflipping exploits that hijack computers just got easier ***
---------------------------------------------
Approach relies on already installed code, including widely used glibc library.
---------------------------------------------
http://arstechnica.com/security/2016/04/dram-bitflipping-exploits-that-hijack-computers-just-got-easier/


*** Panama Papers - How Hackers Breached the Mossack Fonseca Firm ***
---------------------------------------------
Introduction The Panama Papers are a huge trove of high confidential documents stolen from the computer systems of the Panamanian law firm Mossack Fonseca that was leaked online during recently. It is considered the largest data leaks ever, the entire archive contains more than 11.5 Million files including 2.6 Terabytes of data related the activities of offshore...
---------------------------------------------
http://resources.infosecinstitute.com/panama-papers-how-hackers-breached-the-mossack-fonseca-firm/


*** Kippo and dshield , (Tue, Apr 19th) ***
---------------------------------------------
In this diary I will talk about how to configure kippo honeypot and how to submit your kippos log to SANS Dshield
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20963&rss


*** Security Update for Microsoft Graphics Component (3148522) Version: 2.0 ***
---------------------------------------------
V2.0 (April 19, 2016): To comprehensively address CVE-2016-0145, Microsoft re-released security update 3144432 for affected editions of Microsoft Live Meeting 2007 Console. Customers running Microsoft Live Meeting 2007 Console should install the update to be fully protected from the vulnerability. See Microsoft Knowledge Base Article 3144432 for more information.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-039


*** Bugtraq: ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538133


*** Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios


*** F5 Security Advisory: glibc vulnerability CVE-2015-8779 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/39/sol39250133.html?ref=rss


*** VMSA-2016-0002.1 ***
---------------------------------------------
VMware product updates address a critical glibc security vulnerability
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0002.html


*** VMSA-2015-0009.2 ***
---------------------------------------------
VMware product updates address a critical deserialization vulnerability
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0009.html