[CERT-daily] Tageszusammenfassung - Donnerstag 9-06-2016

Thu Jun 9 18:18:03 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 08-06-2016 18:00 − Donnerstag 09-06-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** AVM warnt vor Telefonmissbrauch bei Routern mit älterer Firmware ***
---------------------------------------------
Fritzboxen mit "seltenen Konfigurationen" und älterer Firmware könnten aktuell Opfer von Angreifern werden, die auf Telefonbetrug zielen. AVM rät zu Updates.
---------------------------------------------
http://heise.de/-3232343


*** Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable ***
---------------------------------------------
D-Links DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited.
---------------------------------------------
http://threatpost.com/unpatched-d-link-wi-fi-camera-flaw-remotely-exploitable/118549/


*** Skype being used to distribute malware ***
---------------------------------------------
Skype being used to distribute QRAT malware to unsuspecting travelers looking for help on filling out U.S, travel documents.
---------------------------------------------
http://www.scmagazine.com/skype-being-used-to-distribute-malware/article/501869/


*** Searching for malspam, (Thu, Jun 9th) ***
---------------------------------------------
Introduction About a week ago, I stopped seeing the daily deluge of malicious spam (malspam) distributing Dridex banking trojans or Locky ransomware. Before this month, I generally noticed multiple waves of Dridex/Locky malspam almost every day. This malspam contains attachments with zipped .js files or Microsoft Office documents designed to download and install the malware. I havent found much discussion about the current absence of Dridex/Locky malspam. Since the actor(s) behind Dridex...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21145&rss


*** Security: Locky- und Dridex-Botnetz ist spurlos verschwunden ***
---------------------------------------------
Sicherheitsforscher haben einen massiven Rückgang von Infektionen der bekannten Malware-Familien Dridex und Locky beobachtet. Schuld sind offenbar Probleme beim verteilenden Botnetz. Für Locky gibt es keine neue Infrastruktur. Was mit Opfern passiert, ist derzeit offen.
---------------------------------------------
http://www.golem.de/news/security-wo-ist-nur-das-botnetz-hin-1606-121396-rss.html


*** REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2016-033Project: REST/JSON (third-party module)Version: 7.xDate: 2016-June-08Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Access bypass, Information Disclosure, Multiple vulnerabilitiesDescriptionThis module enables you to expose content, users and comments via a JSON API.The module contains multiple vulnerabilities includingNode access bypassComment access bypassUser enumerationField access bypassUser registration...
---------------------------------------------
https://www.drupal.org/node/2744889


*** Citrix XenServer Security Update for CVE-2016-5302 ***
---------------------------------------------
A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host.
---------------------------------------------
https://support.citrix.com/article/CTX213549


*** Bugtraq: ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538634


*** Bugtraq: ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538635


*** Security Advisory: Custom monitor privilege escalation vulnerability CVE-2016-5020 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00265182.html?ref=rss


*** Security Advisory: PHP vulnerability CVE-2016-4070 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/42/sol42065024.html?ref=rss


*** SSA-526760 (Last Update 2016-06-08): Weak Credentials Protection in SIMATIC WinCC flexible ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf


*** SSA-818183 (Last Update 2016-06-08): Denial-of-Service Vulnerability in S7-300 CPU ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf


*** SSA-301706 (Last Update 2016-06-08): GNU C Library Vulnerability in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf


*** Bugtraq: [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538630


*** Bugtraq: [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538629


*** Bugtraq: [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538633


*** Bugtraq: [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538632


*** Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet


*** Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic


*** Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino ***
http://www.ibm.com/support/docview.wss?uid=swg21984678
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984231
---------------------------------------------
*** IBM Security Bulletin: IBM Client Application Access InstallShield vulnerable to DLL planting (CVE-2016-2542) ***
http://www.ibm.com/support/docview.wss?uid=swg21981968
---------------------------------------------
*** IBM Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000151
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702) ***
http://www.ibm.com/support/docview.wss?uid=swg21981021
---------------------------------------------
*** IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM SDK for Node.js in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21983514
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ***
http://www.ibm.com/support/docview.wss?uid=swg21984424
---------------------------------------------
*** IBM Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427) ***
http://www.ibm.com/support/docview.wss?uid=swg21984436
---------------------------------------------