[CERT-daily] Tageszusammenfassung - Freitag 16-12-2016

Daily end-of-shift report team at cert.at
Fri Dec 16 18:16:43 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 15-12-2016 18:00 − Freitag 16-12-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** My Yahoo Account Was Hacked! Now What? ***
---------------------------------------------
Many readers are asking what they should be doing in response to Yahoos disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q&A format.
---------------------------------------------
https://krebsonsecurity.com/2016/12/my-yahoo-account-was-hacked-now-what/




*** 0-days hitting Fedora and Ubuntu open desktops to a world of hurt ***
---------------------------------------------
If your desktop runs a mainstream release of Linux, chances are youre vulnerable.
---------------------------------------------
http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-hacking-desktop-linux-is-now-a-thing/




*** One, if by email, and two, if by EK: The Cerbers are coming!, (Fri, Dec 16th) ***
---------------------------------------------
Introduction One, if by land, and two, if by sea is a phrase used by American poet Henry Wadsworth Longfellow in his poem Paul Reveres Ride first published in 1861. Longfellows poem tells a somewhat fictionalized tale of Paul Revere in 1775 during the American revolution. If British troops came to attack by land, Paul would hang one lantern in a church tower as a signal light. If British troops came by sea, Paul would hang two lanterns. Much like the British arriving by land or by sea, Cerber
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21823&rss




*** Phishing: "Es gibt immer noch genügend Opfer" ***
---------------------------------------------
Olaf Schwarz, Information Security Officer bei der Direktbank ING-DiBa Austria, über Phishing und andere Betrugsmethoden bei Bankgeschäften im Internet.
---------------------------------------------
https://futurezone.at/digital-life/phishing-es-gibt-immer-noch-genuegend-opfer/235.972.707




*** Hackerangriff auf Thyssenkrupp: Winnti spioniert deutsche Wirtschaft aus ***
---------------------------------------------
Der Angriff auf Thyssenkrupp soll auf das Konto der Hackergruppe Winnti gehen, die früher Gaming-Plattformen attackiert hat. Weitere deutsche Firmen sollen betroffen sein.
---------------------------------------------
http://www.golem.de/news/hackerangriff-auf-thyssenkrupp-winnti-spioniert-deutsche-wirtschaft-aus-1612-125103-rss.html




*** Microsoft to ditch Flash - sort of ***
---------------------------------------------
Edge is getting more granular Flash controls, but that means you wont have to have it on for all sites just so its on for one.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/12/16/microsoft-to-ditch-flash-sort-of/




*** Mac-Passwort lässt sich über Thunderbolt auslesen ***
---------------------------------------------
Mit Hardware von der Stange kann ein Angreifer in rund 30 Sekunden das im Klartext vorliegende Passwort abgreifen und so Apples Festplattenverschlüsselung FileVault überwinden.
---------------------------------------------
https://heise.de/-3573385




*** Linux-Sicherheit: Ubuntu-Bug ermöglicht das Ausführen von Schadcode ***
---------------------------------------------
Ein schwerer Fehler in Ubuntus Crash-Handler Apport ermöglicht es Angreifern, auf einem Zielrechner beliebigen Code aus der Ferne auszuführen.
---------------------------------------------
http://www.golem.de/news/linux-sicherheit-ubuntu-bug-ermoeglicht-das-ausfuehren-von-schadcode-1612-125112-rss.html




*** Smart Airports: How to protect airport passengers from cyber disruptions ***
---------------------------------------------
ENISA publishes a study on "Securing smart airports" providing airport decision makers and security personnel a concrete guide on preventing cyber-attacks and disruptions.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/smart-airports-how-to-protect-airport-passengers-from-cyber-disruptions




*** Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161216-01-smartphone-en




*** SSA-856492 (Last Update 2016-12-16): Limited Entropy in PRNG of Desigo PX Web Modules ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf




*** Bugtraq: [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539934




*** DFN-CERT-2016-2081: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2081/




*** Security Advisory: TMM vulnerability CVE-2016-9247 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/33/sol33500120.html?ref=rss




*** Security Advisory: BIG-IP TMM iRules vulnerability CVE-2016-5024 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/92/sol92859602.html?ref=rss




*** Sentinel 8.0.0 P1 (Sentinel 8.0.0.1) Build 3404 ***
---------------------------------------------
Abstract: Sentinel 8.0.0. upgrade patch for Sentinel 7 and 8Document ID: 5264730Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz (65.02 MB)sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz.sha256 (117 bytes)sentinel_server-8.0.0.1-3404.x86_64.tar.gz (2.09 GB)sentinel_server-8.0.0.1-3404.x86_64.tar.gz.sha256 (109 bytes)Products:Sentinel 7SentinelSentinel 7.3Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4Sentinel 7.3.3Sentinel
---------------------------------------------
https://download.novell.com/Download?buildid=3iJxPcG2H9M~




*** Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Fatek Automation's PLC WinProladder application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01




*** OmniMetrix OmniView Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in OmniMetrix's OmniView web application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02




*** Mutiple SONY Videoconference Systems do not properly perform authentication ***
---------------------------------------------
Mutiple SONY Videoconference Systems do not properly perform authentication.
---------------------------------------------
http://jvn.jp/en/jp/JVN42070907/




*** ZDI-16-670: Avira Free Antivirus ssmdrv Kernel Driver Memory Corruption Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to escalate privileges on vulnerable installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-670/




*** ZDI: Autodesk Design Review Remote Code Execution Vulnerabilities ***
---------------------------------------------
*** ZDI-16-669: Autodesk Design Review JFIF Buffer Overflow Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-669/
---------------------------------------------
*** ZDI-16-668: Autodesk Design Review PNG Use-After-Free Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-668/
---------------------------------------------
*** ZDI-16-667: Autodesk Design Review BMP Buffer Overflow Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-667/
---------------------------------------------
*** ZDI-16-666: Autodesk Design Review FLI Buffer Overflow Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-666/
---------------------------------------------
*** ZDI-16-665: Autodesk Design Review GIF LZW Out-Of-Bounds Indexing Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-665/
---------------------------------------------
*** ZDI-16-664: Autodesk Design Review JPEG DHT Out-Of-Bounds Indexing Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-664/
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM StoredIQ (CVE-2016-2177, CVE-2016-2178, CVE-2016-2180) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994870
---------------------------------------------
*** IBM Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher affects Communications Server for Data Center Deployment, Communications Server for AIX, Linux, Linux on System z, and Windows (CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg21995057
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993842
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2016-3485 CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21990635
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024669
---------------------------------------------


More information about the Daily mailing list