[CERT-daily] Tageszusammenfassung - Freitag 29-04-2016

Fri Apr 29 18:09:09 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 28-04-2016 18:00 − Freitag 29-04-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** A Dramatic Rise in ATM Skimming Attacks ***
---------------------------------------------
Skimming attacks on ATMs increased at an alarming rate last year for both American and European banks and their customers, according to recent stats collected by fraud trackers. The trend appears to be continuing into 2016, with outbreaks of skimming activity visiting a much broader swath of the United States than in years past.
---------------------------------------------
http://krebsonsecurity.com/2016/04/a-dramatic-rise-in-atm-skimming-attacks/


*** Security: Der Internetminister hat Heartbleed ***
---------------------------------------------
Die Webseite des Bundesministeriums für Verkehr und digitale Infrastruktur war für eine seit fast zwei Jahren geschlossene, kritische Sicherheitslücke anfällig. Das kompromittierte Zertifikat wird weiterhin verwendet. (Heartbleed, Verschlüsselung)
---------------------------------------------
http://www.golem.de/news/security-der-internetminister-hat-heartbleed-1604-120635-rss.html


*** Zahlreiche Zugangsdaten für den Messaging-Dienst Slack auf GitHub entdeckt ***
---------------------------------------------
Die Sicherheitsfirma Detectify hat über tausend Zugangs-Tokens für Slack in öffentlich zugänglichen GitHub-Repositories gefunden.
---------------------------------------------
http://heise.de/-3194000


*** eBay-Phisher gehen mit persönlichen Details auf Opferfang ***
---------------------------------------------
Derzeit sind besonders perfide Phishing-Mails im Namen von eBay unterwegs. In den Nachrichten werden die Empfänger mit komplettem Namen und vollständiger Anschrift angesprochen.
---------------------------------------------
http://heise.de/-3194026


*** Got ransomware? These tools may help ***
---------------------------------------------
Your computer has been infected by ransomware. All those files -- personal documents, images, videos, and audio files -- are locked up and out of your reach.There may be a way to get those files back without paying a ransom. But first a couple of basic questions:Do you you have complete backups? If so, recovery is simply a matter of wiping the machine -- bye bye, ransomware! -- reinstalling your applications, and restoring the data files. Its a little stressful, but doable.Are they good...
---------------------------------------------
http://www.cio.com/article/3063048/security/got-ransomware-these-tools-may-help.html#tk.rss_security


*** Sysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck. (Fri, Apr 29th) ***
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21001
https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51


*** BIND 9.9.9/9.10.4 released ***
---------------------------------------------
https://lists.isc.org/pipermail/bind-announce/2016-April/000986.html
https://lists.isc.org/pipermail/bind-announce/2016-April/000987.html
https://lists.isc.org/pipermail/bind-announce/2016-April/thread.html


*** DFN-CERT-2016-0686: Jenkins: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0686/


*** [HTB23301]: SQL Injection in GLPI ***
---------------------------------------------
Product: GLPI v0.90.2Vulnerability Type: SQL Injection [CWE-89]Risk level: High Creater: INDEPNET Advisory Publication: April 8, 2016 [without technical details]Public Disclosure: April 29, 2016 CVE Reference: Pending CVSSv2 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Vulnerability Details: High-Tech Bridge Security Research Lab discovered a high-risk SQL injection vulnerability in a popular Information Resource Manager (IRM) system GLPI. IRM systems are usually used for...
---------------------------------------------
https://www.htbridge.com/advisory/HTB23301


*** Bugtraq: [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538219


*** Cisco Information Server XML Parser Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis


*** APPLE-SA-2016-04-28-1 OS X: Flash Player plug-in blocked ***
---------------------------------------------
APPLE-SA-2016-04-28-1 OS X: Flash Player plug-in blockedDue to security and stability issues in older versions, Applehas updated the web plug-in blocking mechanism to disable allversions prior to Flash Player 21.0.0.226 and 18.0.0.343.Information on blocked web plug-ins will be posted to: [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Apr/msg00000.html


*** Moxa NPort Device Vulnerabilities (Update B) ***
---------------------------------------------
This alert update is a follow-up to the NCCIC/ICS-CERT updated alert titled ICS-ALERT-16-099-01A Moxa NPort Device Vulnerabilities that was published April 20, 2016, on the ICS-CERT web page. ICS-CERT is aware of a public report of vulnerabilities affecting multiple models of the Moxa NPort device. These vulnerabilities were reported by Reid Wightman of Digital Bonds Labs, who coordinated with the vendor but not with ICS-CERT.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01


*** SSA-763427 (Last Update 2016-04-29): Vulnerability in Communication Processor (CP) modules SIMATIC CP 343-1, TIM 3V-IE, TIM 4R-IE, and CP 443-1 ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf


*** SSA-921524 (Last Update 2016-04-29): Incorrect Frame Padding in ROS-based Devices ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf


*** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21982198


*** IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM QuickFile (CVE-2015-2017). ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21977561


*** Bugtraq: [SECURITY] [DSA 3561-1] subversion security update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538223


*** WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8473


*** WordPress <= 4.4.2 - Reflected XSS in Network Settings ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8474


*** WordPress <= 4.4.2 - Script Compression Option CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8475