[CERT-daily] Tageszusammenfassung - Freitag 10-06-2016

Fri Jun 10 18:16:16 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 09-06-2016 18:00 − Freitag 10-06-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Reverse-engineering DUBNIUM ***
---------------------------------------------
DUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2/


*** "Webseiten werden angreifbarer" ***
---------------------------------------------
Alexander Mitter von nimbusec und Andreas Tomek von SBA Research über Sicherheits-Start-ups in Österreich, Bedrohungsszenarien und Viagra-Shops auf Unternehmenswebseiten.
---------------------------------------------
http://futurezone.at/thema/start-ups/webseiten-werden-angreifbarer/203.199.320


*** Offensive or Defensive Security? Both!, (Thu, Jun 9th) ***
---------------------------------------------
Sometimes students ask me the best way to jump into the security world. I usually compare information security to medicine: You start with a common base (a strong knowledge in IT) then you must choose a specialization: auditor, architect, penetrationtester, reverse engineer, incident handler, etc. Basically, those specializations can be grouped in two categories: offensiveand defensive. Many people like the first one because it looks more funny and the portrait of the hacker as depicted in Hollywood...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21149&rss


*** Secure Open Source: Mozilla stiftet Fonds für bessere Security ***
---------------------------------------------
In dem Programm Secure Open Source (SOS) stellt Mozilla zunächst 500.000 US-Dollar bereit, um die Sicherheit von Open-Source-Software zu verbessern. Anders als bei der Linux Foundation soll das Geld explizit für Audits und einen sauberen Umgang mit Sicherheitslücken genutzt werden.
---------------------------------------------
http://www.golem.de/news/secure-open-source-mozilla-stiftet-fonds-fuer-bessere-security-1606-121434-rss.html


*** Crysis ransomware fills vacuum left by TeslaCrypt ***
---------------------------------------------
TeslaCrypt has reached the end of the road, and other ransomware is ready to fill the vacuum left behind it. A relative newcomer to the market, Crysis ransomware is already laying claim to parts of TeslaCrypt's territory. The Crysis ransomware family � not to be confused with the Crisis backdoor/spyware Trojan that targeted both Windows and Mac users some four years ago - is currently in its second iteration, and doesn't differ much from other...
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/10/crysis-ransomware/


*** An Interview With the Hacker Probably Selling Your Password Right Now ***
---------------------------------------------
A conversation with the stolen-data wholesaler selling 800 million stolen passwords, and plaguing the security teams of LinkedIn, Twitter, and Tumblr.
---------------------------------------------
http://www.wired.com/2016/06/interview-hacker-probably-selling-password/


*** Optimizing TLS over TCP to reduce latency ***
---------------------------------------------
The layered nature of the Internet (HTTP on top of some reliable transport (e.g. TCP), TCP on top of some datagram layer (e.g. IP), IP on top of some link (e.g. Ethernet)) has been very important in its development. Different link layers have come and gone over...
---------------------------------------------
https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/


*** EMC and VMware both suffer malicious user access messes ***
---------------------------------------------
The wrong people can access data on Data Domain, NSX and vRealize VMware and EMC have each revealed security nasties.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/06/10/emc_and_vmware_both_suffer_malicious_user_access_messes/


*** VU#778696: Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass ***
---------------------------------------------
Vulnerability Note VU#778696 Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass Original Release date: 10 Jun 2016 | Last revised: 10 Jun 2016   Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware.  Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,...
---------------------------------------------
http://www.kb.cert.org/vuls/id/778696


*** USN-2995-1: Squid vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2995-19th June, 2016squid3 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Squid.Software description squid3 - Web proxy cache server  DetailsYuriy M. Kaminskiy discovered that the Squid pinger utility incorrectlyhandled certain ICMPv6 packets. A remote attacker could use this issue tocause Squid to crash, resulting in a...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2995-1/


*** DSA-3599 p7zip - security update ***
---------------------------------------------
Marcin Icewall Noga of Cisco Talos discovered an out-of-bound readvulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zrfile archiver with high compression ratio. A remote attacker can takeadvantage of this flaw to cause a denial-of-service or, potentially theexecution of arbitrary code with the privileges of the user runningp7zip, if a specially crafted UDF file is processed.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3599


*** Security Advisory: Java vulnerabilities CVE-2013-5825 and CVE-2013-5830 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48802597.html?ref=rss


*** Security Advisory: iControl REST vulnerability CVE-2016-5021 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/99/sol99998454.html?ref=rss


*** Bugtraq: ESA-2016-062: EMC Data Domain Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538642


*** VMSA-2016-0008 ***
---------------------------------------------
VMware vRealize Log Insight addresses important and moderate security issues.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0008.html


*** VMSA-2016-0007 ***
---------------------------------------------
VMware NSX and vCNS product updates address a critical information disclosure vulnerability
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0007.html


*** Bugtraq: [security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538640


*** [R2] OpenSSL 20160503 Advisory Affects Tenable Products ***
---------------------------------------------
Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed. Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time. [...] Advisory Timeline 2016-05-19 - [R1] Initial Release | 2016-06-09 - [R2] Security Center details added
---------------------------------------------
https://www.tenable.com/security/tns-2016-10


*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3705) ***
---------------------------------------------
There is a vulnerability in libxml2 that is used by IBM BigFix Compliance Analytics. IBM BigFix Compliance has addressed this vulnerability. CVE(s): CVE-2016-3705 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21984773X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112885
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21984773


*** IBM Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-0264) ***
---------------------------------------------
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fixpack 11 that is used by IBM BigFix Compliance Analytics. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-0264 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.8. Refer to...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21983689


*** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351) ***
---------------------------------------------
Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy. CVE(s): CVE-2015-5345, CVE-2015-5346, CVE-2015-5351 Affected product(s) and affected version(s): IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2, 6.2.0.1,...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg2C1000126


*** IBM Security Bulletin: IBM Notes InstallShield vulnerable to DLL planting (CVE-2016-2542) ***
---------------------------------------------
IBM Notes uses InstallShield which generates install executables that are vulnerable to a DLL-planting vulnerability. CVE(s): CVE-2016-2542 Affected product(s) and affected version(s): This vulnerability affects installers of following versions of IBM Notes...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21979808


*** IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254) ***
---------------------------------------------
There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. CVE(s): CVE-2015-0254 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server Version 8.5.5 Full Profile and Liberty Version 8.5 Full Profile and Liberty Version 8.0 Version...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21978495