[CERT-daily] Tageszusammenfassung - Mittwoch 27-01-2016

Wed Jan 27 18:27:43 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 26-01-2016 18:00 − Mittwoch 27-01-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** BGP Route Hijacking - An Overview ***
---------------------------------------------
BGP is the mechanism by which autonomous networks exchange "reachability" information between each other. A network with an assigned or allocated prefix of addresses "advertises" the block of addresses to a neighboring BGP speaking router, this is known as BGP peering. There is little hiding what BGP peering networks announce between each other. When two networks are reasonably small, and their assigned prefixes are limited and well known, enforcement of announcements...
---------------------------------------------
https://blog.team-cymru.org/2016/01/bgp-route-hijacking-an-overview/


*** More Fake Facebook "Security System Page" Scams ***
---------------------------------------------
We take a look at some variations on the same kind of Facebook scam currently doing the rounds.Categories:  Fraud/Scam AlertTags: facebookphishphishingscam(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/fraud-scam/2016/01/more-fake-facebook-security-system-page-scams/


*** If youre one of millions using Magento - stop whatever youre doing and patch now ***
---------------------------------------------
Ecommerce websites can be hijacked via critical flaw A huge security hole has been found in popular ecommerce platform Magento, requiring an immediate update.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/26/urgent_magento_update/


*** New Magic ransomware abuses open-source educational code ***
---------------------------------------------
Malware based on open-source code, created for educational purposes only, has been spotted in the wild by Bleeping Computers Lawrence Abrams.
---------------------------------------------
http://www.scmagazine.com/new-magic-ransomware-abuses-open-source-educational-code/article/467512/


*** Verschlüsselung: IETF standardisiert zwei weitere elliptische Kurven ***
---------------------------------------------
Die IETF hat die beiden elliptischen Kurven Curve25519 und Curve448 als RFC für Krypto-Funktionen offiziell abgesegnet. Eine Standardisierung der Kurven für den Schlüsselaustausch bei TLS wird ebenfalls erwartet.
---------------------------------------------
http://heise.de/-3084830


*** Security: Wenn der Drucker zum anonymen Fileserver wird ***
---------------------------------------------
Sicherheitsprobleme liegen oft bei den Anwendern von IT-Produkten. In einem aktuellen Fall zeigt ein Sicherheitsforscher, dass Angreifer auf ungeschützten Netzwerkdruckern von Hewlett-Packard anonym Dateien ablegen können.
---------------------------------------------
http://www.golem.de/news/security-wenn-der-drucker-zum-anonymen-fileserver-wird-1601-118772-rss.html


*** The Rising Sophistication of Network Scanning ***
---------------------------------------------
In this article I would like to show you a hidden system that is hard at work scanning thousands, maybe millions, of unsuspecting devices. And Ill show how this system efficiently harvests each devices personal IP address and hands it off to a scanner, which proceeds to run a port/security scan against each unsuspecting victim for vulnerabilities.
---------------------------------------------
http://netpatterns.blogspot.co.uk/2016/01/the-rising-sophistication-of-network.html


*** SQL Injection Analysis ***
---------------------------------------------
It is one thing to be able to execute a simple SQL injection attack; it is another to do a proper investigation of such an attack. Unfortunately, there is not much information on SQL Injection analysis. This article will assist in providing some tools for basic Incident Response. It can be fairly easily translated to...
---------------------------------------------
http://resources.infosecinstitute.com/sql-injection-analysis/


*** RuhrSec 2016 - supported by SBA Research ***
---------------------------------------------
April 28, 2016 - April 29, 2016 - All Day Veranstaltungszentrum, Ruhr-Universität Bochum Universitätsstraße 150 Bochum
---------------------------------------------
https://www.sba-research.org/events/ruhrsec-2016/


*** TP-Link-Router mit vorhersehbarem Standard-WLAN-Passwort ***
---------------------------------------------
Angreifer können das werkseitige WLAN-Passwort von einer TP-Link-Router-Serie vergleichsweise einfach herausfinden und sich so Zugang zum Netzwerk verschaffen. Weitere Serien könnten ebenfalls betroffen sein.
---------------------------------------------
http://heise.de/-3085482


*** Apple can read your iMessages despite them being encrypted ***
---------------------------------------------
Despite Apple taking a pro-encryption stance, with its CEO Tim Cook insisting that iMessages are safely encrypted, it turns out that if users backup data using iCloud Backup, they need to be aware that although Apple stores the backup in encrypted form, it uses its own key.
---------------------------------------------
http://www.scmagazine.com/apple-can-read-your-imessages-despite-them-being-encrypted/article/467675/


*** Bugtraq: [security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537368


*** Bugtraq: [security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537367


*** pfSense Firewall 2.2.5 Cross Site Request Forgery ***
---------------------------------------------
Topic: pfSense Firewall 2.2.5 Cross Site Request Forgery Risk: Low Text:<!-- # Exploit Title: pfSense Firewall 2.2.5 Cross-Site Request Forgery # Date: 23-01-2016 # Software Link: http://mirror.a...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016010178


*** Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms


*** Cisco RV220W Management Authentication Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220


*** Cisco Wide Area Application Service CIFS Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs


*** MICROSYS PROMOTIC Memory Corruption Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a memory corruption vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01


*** Rockwell Automation MicroLogix 1100 PLC Overflow Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Rockwell Automation's Allen-Bradley MicroLogix 1100 programmable logic controller systems.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-026-02


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM MQ Appliance (CVE-2016-0777) ***
http://www.ibm.com/support/docview.wss?uid=swg21975158
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of Communications Server for Data Center Deployment, AIX, Linux, System z, and Windows (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974589
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of Content Manager Enterprise Edition (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974700
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Content Collector for SAP Applications (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974333
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974407
---------------------------------------------
*** IBM Security Bulletin: A vulnerability has been addressed in the GSKit component of IBM Security Directory Server (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21975404
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Personal Communications (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974947
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in openssl affect Power Hardware Management Console (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021091
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Kenexa LMS along with IBM Kenexa Participate, IBM Kenexa LCMS on Cloud (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972995
---------------------------------------------
*** IBM Security Bulletin: Security Bulletin: Vulnerabilities in Java affect Power Hardware Management Console (CVE-2015-4843 CVE-2015-4868 CVE-2015-4806 CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4842 CVE-2015-4803) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021090
---------------------------------------------
*** IBM Security Bulletin: Two vulnerabilities exist in IBM Case Foundation and FileNet Business Process Manager (CVE-2012-5784 and CVE-2014-3596) ***
http://www.ibm.com/support/docview.wss?uid=swg21965451
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM MQ Appliance (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974599
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects RIT and RTCP in Rational Test Workbench, RTCP and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974922
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575). ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021096
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM MQ Appliance (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974598
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Security SiteProtector System (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974980
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of Content Manager OnDemand for Multiplatforms (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974698
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Sterling Connect:Direct for UNIX (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974884
---------------------------------------------
*** IBM Security Bulletin: IBM Platform Application Center Standard Edition is affected by a security vulnerability (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023269
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in the GSKit component of Transformation Extender (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420) ***
http://www.ibm.com/support/docview.wss?uid=swg21972246
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ***
http://www.ibm.com/support/docview.wss?uid=swg21973723
---------------------------------------------