[CERT-daily] Tageszusammenfassung - Freitag 19-08-2016

Fri Aug 19 18:04:37 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 18-08-2016 18:00 − Freitag 19-08-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** 18 Jahre lang vorhersehbare Zufallszahlen bei GnuPG ***
---------------------------------------------
Lange Zeit schlummerte eine Sicherheitslücke in Libgcrypt, der Krypto-Bibliothek des GnuPG-Projektes. Glücklicherweise scheint es so, als ob Nutzern ein großflächiger Austausch von PGP-Schlüsseln erspart bleiben wird.
---------------------------------------------
http://heise.de/-3300159


*** Neues von Locky: Der Erpressungstrojaner greift jetzt massenhaft Krankenhäuser an ***
---------------------------------------------
Die Drahtzieher hinter Locky verlegen sich von X-beliebigen Internetnutzern auf Firmen. Vor allem Krankenhäuser haben sich als lukratives Ziel erwiesen.
---------------------------------------------
http://heise.de/-3300555


*** Doctor Web discovers self-spreading Linux Trojan that can create P2P botnets ***
---------------------------------------------
August 19, 2016 The Linux operating system remains a major target for virus makers. Doctor Web's security researchers have examined yet another Trojan for Linux written in the Go programming language. This malware program attacks web servers that use various CMS, performs DDoS attacks, sends out spam messages, and distributes itself over networks. The new Trojan, named Linux.Rex.1, was first spotted by Kernelmode forum users who referred to this malware as "Drupal ransomware"...
---------------------------------------------
http://news.drweb.com/show/?i=10157&lng=en&c=9


*** Erpressungs-Trojaner Cerber rüstet sich gegen Entschlüsselungs-Tools ***
---------------------------------------------
Check Points und Trend Micros kostenlose Dechiffrierungs-Tools können Daten nicht mehr aus den Fängen der aktuellen Version des Verschlüsselungs-Trojaners Cerber befreien.
---------------------------------------------
http://heise.de/-3300589


*** Schwerwiegende Lücke im Teamspeak-Server offengelegt ***
---------------------------------------------
Angreifer können über die aktuelle Version des Teamspeak-Servers Schadcode einschleusen und auf dem Server ausführen. Da der Sicherheitsforscher, der die Lücke entdeckte, die Entwickler nicht vorher informiert hat, gibt es momentan keinen Patch.
---------------------------------------------
http://heise.de/-3300608


*** Pixpocket: So hätte die NSA VPNs ausspionieren können ***
---------------------------------------------
Der Shadow-Brokers-Datensatz liefert möglicherweise Informationen darüber, wie die NSA in der Lage war, VPN-Verbindungen abzuhören. Die Schwachstelle hat Ähnlichkeiten mit Heartbleed.
---------------------------------------------
http://www.golem.de/news/pixpocket-so-haette-die-nsa-vpns-ausspionieren-koennen-1608-122807-rss.html


*** DFN-CERT-2016-1359: PHP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1359/


*** Bugtraq: Horizontal Privilege Escalation/Code Injection in ownCloud's Windows Client ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539269


*** Cisco IOS and Cisco IOS XE Software OpenSSH TCP Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the handling of Secure Shell (SSH) TCP packets in the Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory on the device.The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on an SSH connection to the device. An attacker could exploit this vulnerability by connecting via SSH to the device and then crafting TCP packets which are out of
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr


*** Navis WebAccess SQL Injection Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report of an SQL Injection vulnerability with proof-of-concept (PoC) exploit code affecting Navis WebAccess application. This report was released by "bRpsd" without coordination with either the vendor or ICS-CERT. ICS-CERT has reached out to the affected vendor to validate the report. ICS-CERT is issuing this alert to provide notice of the report and to identify baseline mitigations for reducing risks to this and other cybersecurity attacks.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-230-01


*** IBM Security Bulletin: IBM Connections Security Update ***
---------------------------------------------
IBM Connections Security Update for multiple CVEs. There are multiple vulnerabilities in IBM Connections, see details below for remediation information. CVE(s): CVE-2016-2995, CVE-2016-2997, CVE-2016-2998, CVE-2016-3005, CVE-2016-3010 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 5.5 IBM Connections 5.0 IBM Connections 4.5 IBM Connections 4.0 Refer to the following...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21988991


*** IBM Security Bulletin: The IBM BigFix Platform has a Cross-Site Scripting vulnerability (CVE-2016-0293 ) ***
---------------------------------------------
A .beswrpt can be injected/modified to contain malicious JavaScript CVE(s): CVE-2016-0293 Affected product(s) and affected version(s): 9.0, 9.1, 9.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21985743X-Force Database:...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21985743