[CERT-daily] Tageszusammenfassung - Donnerstag 1-12-2016

Thu Dec 1 18:17:57 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 30-11-2016 18:00 − Donnerstag 01-12-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** 0-Day: Tor und Firefox patchen ausgenutzten Javascript-Exploit ***
---------------------------------------------
Tor und Mozilla haben schnell reagiert und veröffentlichen einen außerplanmäßigen Patch für eine kritische Sicherheitslücke. Der Fehler lag in einer Animationsfunktion für Vektorgrafiken.
---------------------------------------------
http://www.golem.de/news/0-day-tor-und-firefox-patchen-kritische-schwachstelle-1612-124808-rss.html


*** Avalanche Takedown ***
---------------------------------------------
Am 30. November 2016 wurde durch ein breit angelegte Kooperation von Polizei (Europol, Eurojust, FBI, ...), Staatsanwälten und IT Sicherheitsorganisationen (BSI, Shadowserver, CERTs) das Avalanche Botnet übernommen. Die Zahlen von Shadowserver sind eindrucksvoll:...
---------------------------------------------
http://www.cert.at/services/blog/20161201172722-1851.html


*** IBM warns of rising VoIP cyberattacks ***
---------------------------------------------
Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM's Security Intelligence group this week."SIP is one of the most commonly used application layer protocols in VoIP technology... we found that there has been an upward trend in attacks targeting the SIP protocol, with the most notable uptick occurring in the second...
---------------------------------------------
http://www.cio.com/article/3146209/security/ibm-warns-of-rising-voip-cyberattacks.html#tk.rss_security


*** Shamoon 2: Return of the Disttrack Wiper ***
---------------------------------------------
In August 2012, an attack campaign known as Shamoon targeted a Saudi Arabian energy company to deliver a malware called Disttrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The attack four years ago resulted in 30,000 or more systems being damaged. Last week, Unit 42...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/


*** Fatal flaws in ten pacemakers make for Denial of Life attacks ***
---------------------------------------------
Brit/Belgian research team decipher signals and devise wounding wireless attacks A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/01/denial_of_life_attacks_on_pacemakers/


*** New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer ***
---------------------------------------------
In January of 2016, we found various "SmsSecurity" mobile apps that claimed to be from various banks. Since then, weve found some new variants of this attack that add new malicious capabilities. These capabilities include: anti-analysis measures, automatic rooting, language detection, and remote access via TeamViewer. In addition, SmsSecurity now cleverly uses the accessibility features of Android to help carry out its routines in a stealthy manner, without interaction from the...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ckweihUN7n8/


*** SAMRi10: Windows 10 hardening tool for thwarting network recon ***
---------------------------------------------
Microsoft researchers Itay Grady and Tal Be'ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced "Samaritan"). User2 (non-admin) gets access denied by SAMRi10 when calling Net User remotely to a hardened Domain Controller Both the Net Cease tool they released in October and SAMRi10 are simple PowerShell scripts and are aimed at preventing attackers that are already inside a corporate network from mapping it...
---------------------------------------------
https://www.helpnetsecurity.com/2016/12/01/samri10-windows-10-hardening/


*** Security Notice - Statement on Newsmth.net Forum Revealing Security Issue in Huawei P9 Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20161130-01-smartphone-en


*** USN-3141-1: Thunderbird vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-3141-130th November, 2016thunderbird vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Thunderbird.Software description thunderbird - Mozilla Open Source mail and newsgroup client  DetailsChristian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong,Tooru Fujisawa, and Randell Jesup discovered multiple memory safety...
---------------------------------------------
http://www.ubuntu.com/usn/usn-3141-1/


*** Security Advisories Relating to Symantec Products - Norton App Lock Bypass ***
---------------------------------------------
Symantec has addressed an issue where on some Android devices, Norton App Lock could have been bypassed, which could have allowed locked applications to be opened.
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161130_00


*** OpenAFS Security Advisory 2016-003 ***
---------------------------------------------
Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is physically visible on the fileserver vice partition,...
---------------------------------------------
https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt


*** Bugtraq: [security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539855


*** Bugtraq: [security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539857


*** Bugtraq: [security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539863


*** Bugtraq: [security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539864


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in wget affects PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024556
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in DHCP affects PowerKVM (CVE-2016-5410) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024551
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM (CVE-2016-3119, CVE-2016-3120) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024550
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in util-linux affects PowerKVM (CVE-2016-5011) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024543
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in powerpc-utils-python affects PowerKVM (CVE-2014-8165) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024540
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in fontconfig affects PowerKVM (CVE-2016-5384) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024533
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in sudo affects PowerKVM (CVE-2016-7091) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024532
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Python-RSA affects PowerKVM (CVE-2016-1494) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024409
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in bind affect PowerKVM (CVE-2016-2776, CVE-2016-8864) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024402
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024401
---------------------------------------------