[CERT-daily] Tageszusammenfassung - Montag 8-02-2016

Mon Feb 8 18:20:25 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 05-02-2016 18:00 − Montag 08-02-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Magento PCI Compliance Issues and Theft Over TLS ***
---------------------------------------------
With about 30% of the market share, Magento is gradually becoming a "WordPress" of the ecommerce world. Like WordPress, it becomes a major target for hackers due to its popularity. However, in the case of Magento, the main goal that hackers pursue is to steal money, either from shop customers or the shop owners. During...
---------------------------------------------
https://blog.sucuri.net/2016/02/theft-over-tls-or-illusion-of-pci-compliance.html


*** Extracting and distributing information on incidents, or what is PROKI ***
---------------------------------------------
In the last blogpost, I promised to write something about our new project PROKI. PROKI is the abbreviation of the Czech phrase for "prediction and protection against cyber incidents" and in this project, our team set two goals for itself.
---------------------------------------------
http://en.blog.nic.cz/2016/02/05/extracting-and-distributing-information-on-incidents-or-what-is-proki/


*** GitHub bug bounty hunting ***
---------------------------------------------
Last month, I went hunting for security bugs in GitHub, a popular platform for sharing and collaborating on code. After spending many hours mapping out GitHub's infrastructure, and testing for weaknesses without any significant results or leads, I shifted my focus to the service providers. This is a write-up about two of the issues I found, which both have since been addressed.
---------------------------------------------
https://medium.com/@ircbot/github-bug-bounty-hunting-741de324be1c


*** Netgear-Router-Software: Schwachstelle ermöglicht Dateiupload und Download ***
---------------------------------------------
Die Router-Verwaltungssoftware Netgear Management System hat ein Sicherheitsproblem. Angreifer können zwischen einer Remote-Code-Execution und einer Directory-Traversal-Schwachstelle wählen. Einen Patch gibt es bislang nicht.
---------------------------------------------
http://www.golem.de/news/netgear-router-software-schwachstelle-ermoeglicht-dateiupload-und-download-1602-118987-rss.html


*** Bankomat-Trick: Geld abheben, Kontostand bleibt gleich ***
---------------------------------------------
Die Angriffe auf Finanzinstitute werden immer erfinderischer. Eine neue Schadsoftware bucht Finanzbeträge aufs Konto zurück, nachdem diese bei Bankomaten abgehoben wurden.
---------------------------------------------
http://futurezone.at/digital-life/bankomat-trick-geld-abheben-kontostand-bleibt-gleich/179.639.223


*** T9000 backdoor steals documents, records Skype conversations, victims actions ***
---------------------------------------------
A new backdoor Trojan with spyware capabilities is being used in targeted attacks against organizations based in the United States. It has been dubbed T9000, since its a newer, improved version of th...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3199


*** Avast SafeZone Browser Lets Attackers Access Your Filesystem ***
---------------------------------------------
Just two days after Comodos Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, its now Avasts turn to be scorned for failing to provide a "secure" browser for its users.
---------------------------------------------
http://news.softpedia.com/news/avast-safezone-browser-lets-attackers-access-your-filesystem-499990.shtml


*** Adwind: FAQ ***
---------------------------------------------
Adwind - a cross-platform RAT, multifunctional malware program which is distributed through a single malware-as-a-service platform. Different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world.
---------------------------------------------
http://securelist.com/blog/research/73660/adwind-faq/


*** Java installer flaw shows why you should clear your Downloads folder ***
---------------------------------------------
On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason is that older Java...
---------------------------------------------
http://www.cio.com/article/3030707/security/java-installer-flaw-shows-why-you-should-clear-your-downloads-folder.html#tk.rss_security


*** Netgear Pro NMS 300 Code Execution / File Download ***
---------------------------------------------
Topic: Netgear Pro NMS 300 Code Execution / File Download Risk: High Text:>> Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 >> Discovered by Pedro ...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020070


*** Oracle Security Alert for CVE-2016-0603 - 5 February 2016 ***
---------------------------------------------
To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious web site and download files into the user's system before installing Java SE 6, 7 or 8. Though relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html


*** Bugtraq: [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537461


*** Bugtraq: [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537460


*** 0Day Vulnerabilities in Advantech WebAccess ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-146/
http://www.zerodayinitiative.com/advisories/ZDI-16-147/
http://www.zerodayinitiative.com/advisories/ZDI-16-148/
http://www.zerodayinitiative.com/advisories/ZDI-16-149/
http://www.zerodayinitiative.com/advisories/ZDI-16-150/
http://www.zerodayinitiative.com/advisories/ZDI-16-151/
http://www.zerodayinitiative.com/advisories/ZDI-16-152/
http://www.zerodayinitiative.com/advisories/ZDI-16-153/
http://www.zerodayinitiative.com/advisories/ZDI-16-154/
http://www.zerodayinitiative.com/advisories/ZDI-16-155/
---------------------------------------------


*** SSA-253230 (Last Update 2016-02-08): Vulnerabilities in SIMATIC S7-1500 CPU ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdf


*** Bugtraq: Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537471


*** WooCommerce - Store Toolkit Plugin Privilege Escalation <= 1.5.6 ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8385


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in net-snmp affects IBM DataPower Gateways (CVE-2015-5621) ***
http://www.ibm.com/support/docview.wss?uid=swg21975340
---------------------------------------------
*** IBM Security Bulletin: A cross-site scripting vulnerability has been identified in IBM Security Access Manager for Web (CVE-2015-8531) ***
http://www.ibm.com/support/docview.wss?uid=swg21974651
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=swg21974652
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621) ***
http://www.ibm.com/support/docview.wss?uid=swg21974644
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM QRadar SIEM, and QRadar Incident Forensics (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976113
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM DataPower Gateways (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974965
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability found in IBM WebSphere Commerce (CVE-2015-7444) ***
http://www.ibm.com/support/docview.wss?uid=swg21974307
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager for Web is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183) ***
http://www.ibm.com/support/docview.wss?uid=swg21974648
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183) ***
http://www.ibm.com/support/docview.wss?uid=swg21974650
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Web (CVE-2015-7421, CVE-2015-7420) ***
http://www.ibm.com/support/docview.wss?uid=swg21974750
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Mobile (CVE-2015-7421, CVE-2015-7420) ***
http://www.ibm.com/support/docview.wss?uid=swg21974747
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Mobile ***
http://www.ibm.com/support/docview.wss?uid=swg21973139
---------------------------------------------
*** IBM Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Web (CVE-2015-1819) ***
http://www.ibm.com/support/docview.wss?uid=swg21974737
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in XML processing affects IBM DataPower Gateways (CVE-2015-1819) ***
http://www.ibm.com/support/docview.wss?uid=swg21975341
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Storage Manager ASNODENAME Vulnerability (CVE-2015-7408) ***
http://www.ibm.com/support/docview.wss?uid=swg21975957
---------------------------------------------
*** IBM Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Web (CVE-2015-3238) ***
http://www.ibm.com/support/docview.wss?uid=swg21974738
---------------------------------------------
*** IBM Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-3238) ***
http://www.ibm.com/support/docview.wss?uid=swg21975882
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2014-8121) ***
http://www.ibm.com/support/docview.wss?uid=swg21974653
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access Manager for Web (CVE-2015-2730) ***
http://www.ibm.com/support/docview.wss?uid=swg21974657
---------------------------------------------
*** IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a Denial of Service attack, and Sensitive Information Exposure. (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) ***
http://www.ibm.com/support/docview.wss?uid=swg21976148
---------------------------------------------