[CERT-daily] Tageszusammenfassung - Donnerstag 28-07-2016

Thu Jul 28 18:04:04 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 27-07-2016 18:00 − Donnerstag 28-07-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Taking Steps to Fight Back Against Ransomware ***
---------------------------------------------
Ransomware is an attack in which malware encrypts files and extorts money from victims. It has become a favorite among cybercriminals because it is easy to develop, simple to execute, and does a very good job of compelling users to pay to regain access to their precious files or systems. Almost anyone and every business...
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/taking-steps-to-fight-back-against-ransomware/


*** Infection Monkey: Test a network from an attacker's point of view ***
---------------------------------------------
Infection Monkey, a tool designed to test the resiliency of modern data centers against cyber attacks, was developed as an open source tool by GuardiCore's research group. "Traditional testing tools are no longer able to effectively detect vulnerabilities in today's data center networks as they cannot continuously exploit the weakest link and propagate in-depth, resulting in a very partial view of network vulnerabilities" said Pavel Gurvich, CEO of GuardiCore. How...
---------------------------------------------
https://www.helpnetsecurity.com/2016/07/28/infection-monkey-test-network-attackers-point-view/


*** Verifying SSL/TLS certificates manually, (Thu, Jul 28th) ***
---------------------------------------------
I think that we can surely say that, with all its deficiencies, SSL/TLS is still a protocol we cannot live without, and basis of todays secure communication on the Internet.Quite often I get asked on how certificates are really verified by browsers or other client utilities. Sure, the canned answer that certificates get signed by CAs and a browser verifies if signatures are correct is always there, but more persistent questions on how it exactly works happen here and there as well. So, if you...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21311&rss


*** Passwort Manager: Lastpass behebt kritische Lücke ***
---------------------------------------------
Die gestern von Tavis Ormandy gemeldete kritische Schwachstelle im Passwort-Manager Lastpass ist nach Angaben des Unternehmens inzwischen geschlossen worden. Ein neue Lastpass-Version soll unter Firefox bereitstehen.
---------------------------------------------
http://www.golem.de/news/passwort-manager-lastpass-bestaetigt-behebung-kritischer-luecke-1607-122396-rss.html


*** Phishing-Angriff auf Pollin-Kunden ***
---------------------------------------------
Bei heise Security haben sich mehrere Kunden des Elektronikhändlers Pollin gemeldet, die befürchten, dass ihre persönlichen Daten einschließlich Bankverbindung bei dem Händler kopiert wurden.
---------------------------------------------
http://heise.de/-3280449


*** You cant turn off Cortana in the Windows 10 Anniversary Update ***
---------------------------------------------
Microsoft made an interesting decision with Windows 10's Anniversary Update, which is now in its final stages of development before it rolls out on August 2. Cortana, the personal digital assistant that replaced Windows 10's search function and taps into Bing's servers to answer your queries with contextual awareness, no longer has an off switch.
---------------------------------------------
http://www.pcworld.com/article/3100358/windows/you-cant-turn-off-cortana-in-the-windows-10-anniversary-update.html


*** Security Holes Exposed In Smart Lighting System ***
---------------------------------------------
Sylvania Osram Lightify vulnerabilities could allow an attacker to turn out the lights or ultimately infiltrate the corporate network.
---------------------------------------------
http://www.darkreading.com/cloud/security-holes-exposed-in-smart-lighting-system/d/d-id/1326385?_mc=RSS_DR_EDT


*** Hintergrund: Windows 10 mit Schutz vor Pass-the-Hash-Angriffen ***
---------------------------------------------
Mit Hilfe moderner Virtualisierungstechnik soll der Credential Guard eine der gefährlichsten Angriffstechniken für Windows-Netze entschärfen.
---------------------------------------------
http://heise.de/-3280610


*** DSA-3633 xen - security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3633


*** DSA-3632 mariadb-10.0 - security update ***
---------------------------------------------
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.26. Please see the MariaDB 10.0 Release Notes for furtherdetails:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3632


*** Vuln: DBD::mysql my_login() Function Use After Free Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/92118


*** Vuln: QEMU hw/scsi/esp.c Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/92119


*** F5 Security Advisory: glibc vulnerability CVE-2016-4429 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17075474.html?ref=rss


*** AXIS Authenticated Remote Command Execution ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016070209


*** DFN-CERT-2016-1153: Apache Software Foundation HTTP-Server, Lighttpd: Eine "Schwachstelle" ermöglicht HTTP-Proxy-Umleitungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1153/


*** DFN-CERT-2016-1216: Red Hat JBoss Operations Network: Mehrere Schwachstelle ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1216/


*** Xen Security Advisory CVE-2016-5403 / XSA-184 ***
---------------------------------------------
A guest can submit virtio requests without bothering to wait for completion and is therefore not bound by virtqueue size. (This requires reusing vring descriptors in more than one request, which is incorrect but possible.) Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation controlled by the guest.
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-184.html


*** Sentinel 7.3 SP3 (Sentinel 7.3.3.0) ***
---------------------------------------------
Abstract: Sentinel 7.3.3 upgrade for Sentinel 7.3Document ID: 5250650Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.3.3.0-2205.x86_64.tar.gz.sha256 (109 bytes)sentinel_server-7.3.3.0-2205.x86_64.tar.gz (1.69 GB)Products:Sentinel 7.3.2Sentinel 7.1.1Sentinel 7.1Sentinel 7.3.1Sentinel 7.2Sentinel 7.2.1Sentinel 7.3Sentinel 7.2.2Sentinel 7.0Sentinel 7.0.1Sentinel 7.0.2Sentinel 7.0.3Sentinel 7.3.3Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=aGwCXcABsl0~


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-avs
---------------------------------------------
*** Cisco Wireless LAN Controller Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-wlc
---------------------------------------------
*** Cisco Videoscape Session Resource Manager Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-vsrm
---------------------------------------------
*** Cisco Prime Service Catalog Reflected Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-psc
---------------------------------------------
*** Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight
---------------------------------------------
*** Cisco Email Security Appliance File Type Filtering Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-esa
---------------------------------------------