[CERT-daily] Tageszusammenfassung - Freitag 9-12-2016

Daily end-of-shift report team at cert.at
Fri Dec 9 18:18:29 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 07-12-2016 18:00 − Freitag 09-12-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Produktwarnung für Joomla! ***
---------------------------------------------
[...] In den Joomla! Versionen 3.4.4 bis einschließlich 3.6.4 wurde eine Sicherheitslücke entdeckt, die es einem Angreifer aus dem Internet ermöglicht, beliebigen Programmcode auszuführen und dadurch erheblichen Schaden auf einem betroffenen...
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_tw-t16-0140.html




*** Root-Rechte durch Linux-Lücke ***
---------------------------------------------
Seit fünf Jahren klafft eine Lücke im Linux-Kernel, durch die sich lokale Nutzer erhöhte Rechte verschaffen können. Auch Android ist betroffen.
---------------------------------------------
https://heise.de/-3565365




*** Mobile Ransomware: Pocket-Sized Badness ***
---------------------------------------------
A few weeks ago, I spoke at Black Hat Europe 2016 on Pocket-Sized Badness: Why Ransomware Comes as a Plot Twist in the Cat-Mouse Game. While watching mobile ransomware from April 2015 to April 2016, I noticed a big spike in the number of Android ransomware samples. During that year, the number of Android ransomware increased by 140%. In certain areas, mobile ransomware accounts for up to 22 percent of mobile malware overall! (These numbers were obtained from the Trend Micro Mobile App...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/hPA6z0gnzFE/




*** Managed-Exchange-Dienst: Telekom-Cloud-Kunde konnte fremde Adressbücher einsehen ***
---------------------------------------------
Durch einen Konfigurationsfehler konnte ein Nutzer der Telekom-Cloud-Dienste kurzzeitig auf fremde Adressbücher zugreifen, darunter sollen auch Strafverfolgungsbehörden gewesen sein. Schuld war wohl ein Berechtigungsfehler im Exchange-Dienst. (Telekom, Datenschutz)
---------------------------------------------
http://www.golem.de/news/managed-exchange-dienst-telekom-cloud-kunde-konnte-fremde-adressbuecher-einsehen-1612-124963-rss.html




*** Crooks Start Deploying New "August" Infostealer ***
---------------------------------------------
During the month of November 2016, a cyber-crime group has started deploying a new malware family nicknamed "August," used mainly for information gathering and reconnaissance on the infected targets computer. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/crooks-start-deploying-new-august-infostealer/




*** PowerShell threats surge: 95.4 percent of analyzed scripts were malicious ***
---------------------------------------------
Symantec analyzed 111 threat families that use PowerShell, finding that they leverage the framework to download payloads and traverse through networks.
---------------------------------------------
https://www.symantec.com/connect/blogs/powershell-threats-surge-954-percent-analyzed-scripts-were-malicious




*** Kaspersky Security Bulletin 2016. The ransomware revolution ***
---------------------------------------------
Between January and September 2016 ransomware attacks on business increased three-fold - to the equivalent of an attack every 40 seconds. With the ransomware-as-a-service economy booming, and the launch of the NoMoreRansom project, Kaspersky Lab has named ransomware its key topic for 2016.
---------------------------------------------
http://securelist.com/analysis/kaspersky-security-bulletin/76757/kaspersky-security-bulletin-2016-story-of-the-year/




*** Banking Trojan Uses Gmail Popup to Extend Infection to Victims Android Phone ***
---------------------------------------------
A group of malware authors has come up with a new method of transcending an infection from the users computer to his Android smartphone. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/banking-trojan-uses-gmail-popup-to-extend-infection-to-victims-android-phone/




*** Industriespionage: Wie Thyssenkrupp seine Angreifer fand ***
---------------------------------------------
Wie schützt man sein Netzwerk, wenn man 150.000 Mitarbeiter und 500 Tochterunternehmen hat? Thyssenkrupp lernte nach einem Angriff, dass es zwei Dinge braucht: Ausreichend Ressourcen und Freiheit für das Team.
---------------------------------------------
http://www.golem.de/news/industriespionage-wie-thyssenkrupp-seine-angreifer-fand-1612-124988-rss.html




*** Now Mirai Has DGA Feature Built in ***
---------------------------------------------
Nearly 2 weeks ago, 2 new infection vectors (aka TCP ports of 7547 and 5555) were found being used to spread MIRAI malwares . My colleague Gensheng quickly set up some honeypots for that sort of vectors and soon had his harvests: 11 samples were captured on Nov 28th. Till now 53 unique samples have been captured by our honeypots from 6 hosting servers.
---------------------------------------------
http://blog.netlab.360.com/new-mirai-variant-with-dga/




*** Krypto-Trojaner: Lockys gieriger Bruder verlangt über 2000 Euro Lösegeld ***
---------------------------------------------
Nicht nur der Erpressungs-Trojaner GoldenEye ist derzeit ein Ärgernis, auch die Verwandschaft des berüchtigten Locky-Trojaners geht weiter auf Raubzug. Eine Osiris genannte Variante schlägt derzeit vermehrt zu und verlangt ein saftiges Lösegeld.
---------------------------------------------
https://heise.de/-3564812




*** Bugtraq: AST-2016-009: ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539888




*** Bugtraq: AST-2016-008: Crash on SDP offer or answer from endpoint using Opus ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539887




*** DFN-CERT-2016-2010: Sophos UTM: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2010/




*** DFN-CERT-2016-1991: FreeBSD: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1991/




*** DSA-3729 xen - security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:...
---------------------------------------------
https://www.debian.org/security/2016/dsa-3729




*** Cisco Email Security Appliance Content Filter Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa




*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: libxml2 vulnerabilities CVE-2016-4447 and CVE-2016-4449 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24322529.html?ref=rss
---------------------------------------------
*** Security Advisory: PHP vulnerability CVE-2016-6290 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15850913.html?ref=rss
---------------------------------------------
*** Security Advisory: libarchive vulnerability CVE-2016-5844 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24036027.html?ref=rss
---------------------------------------------
*** Security Advisory: PHP vulnerability CVE-2016-7126 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40564589.html?ref=rss
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2016-6302 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/70/sol70844615.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1836 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48220300.html?ref=rss
---------------------------------------------
*** Security Advisory: libarchive vulnerability CVE-2015-8932 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/90/sol90412202.html?ref=rss
---------------------------------------------
*** Security Advisory: libarchive vulnerability CVE-2016-5418 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35246595.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1835 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43314223.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1837 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05937379.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1833 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/62/sol62030064.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1762 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14338030.html?ref=rss
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-5983) ***
http://www.ibm.com/support/docview.wss?uid=swg21994945
---------------------------------------------
*** IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2016-2775, CVE-2016-2776, CVE-2016-8864 and CVE-2016-6170) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021750
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2180, CVE-2016-2182, CVE-2016-6306) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021733
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4  HTTPS support for Perl Collector ***
http://www.ibm.com/support/docview.wss?uid=swg21990532
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in DHCP affect Power Hardware Management Console (‪CVE-2015-8605 and CVE-2016-2774‬‬) ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021703
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities affect IBM Security AppScan Enterprise ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995118
---------------------------------------------
*** IBM Security Bulletin: Open Source Apache Tomcat , Commons FileUpload Vulnerabilities affecting IBM Algo Audit and Compliance (CVE-2016-3092) ***
http://www.ibm.com/support/docview.wss?uid=swg21993305
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024507
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Network Advisor (CVE-2016-3425, CVE-2016-3427, CVE-2016-0695). ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009640
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors and IBM Network Advisor (CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704, CVE-2016-0704, CVE-2016-2842). ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009631
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in pConsole impacts AIX (CVE-2016-0266) ***
http://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Fabric Manager (CVE-2016-2183) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099504
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-4003) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994399
---------------------------------------------
*** IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Rational ClearQuest (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993816
---------------------------------------------
*** IBM Security Bulletin:Vulnerabilities in OpenSSL affect IBM SONAS ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009648
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Rational ClearCase (CVE-2016-2177, CVE-2016-2178, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306) ***
http://www.ibm.com/support/docview.wss?uid=swg21993514
---------------------------------------------
*** IBM Security Bulletin: Tivoli Storage Manager (IBM Spectrum Protect) AIX Client Buffer Overflow (CVE-2016-5985) ***
http://www.ibm.com/support/docview.wss?uid=swg21993695
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Websphere affects IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5983) ***
http://www.ibm.com/support/docview.wss?uid=swg21992640
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities affect the Report Builder and Data Collection Component that are shipped with Jazz Reporting Service (CVE-2016-5898, CVE-2016-5899, CVE-2016-6054, CVE-2016-6047) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991154
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities affect the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2016-5897, CVE-2016-6039) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991153
---------------------------------------------
*** IBM Security Bulletin:Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2119) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009567
---------------------------------------------
*** IBM Security Bulletin:Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-3092) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009566
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
---------------------------------------------


More information about the Daily mailing list