[CERT-daily] Tageszusammenfassung - Montag 7-03-2016

Mon Mar 7 18:28:25 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 04-03-2016 18:00 − Montag 07-03-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** When a WordPress Plugin Goes Bad ***
---------------------------------------------
Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin. When this plugin was removed from the official WordPress Plugin directory, the authors revived another WordPress account with a long abandoned plugin and uploaded SweetCaptcha as a "new version" of that plugin.
---------------------------------------------
https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html


*** Novel method for slowing down Locky on Samba server using fail2ban, (Sun, Mar 6th) ***
---------------------------------------------
One of our loyal readers, Gebhard, pointed out a nice post (in German) on how to slow down Lockyif you are using a Samba server for filesharing in your environment. The technique takes advantage of fail2ban and some additional Samba logging to keep Locky from encrypting all the files on the share. It is worth a look. ">[de]:">[en]:https://translate.google.com/translate?sl=autotl=enjs=yprev=_thl=enie=UTF-8u=http%3A%2F%2Fheise.de%2F-3120956edit-text= --------------- Jim Clausing,
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20805&rss


*** KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X ***
---------------------------------------------
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.
---------------------------------------------
http://heise.de/-3129346


*** Bundestags-Hack: Angriff mit gängigen Methoden und Open-Source-Tools ***
---------------------------------------------
Interne Dokumente bringen neue Details zum Hackerangriff auf den Bundestag im letzten Jahr ans Licht: Die Angreifer bedienten sich gängiger Methoden und setzten frei verfügbare Werkzeuge ein.
---------------------------------------------
http://heise.de/-3129862


*** Maintainers of new generic top level domains have a hard time keeping abuse in check ***
---------------------------------------------
Generic top-level domains (gTLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones.Spamhaus, an organization that monitors spam, botnet and malware activity on the Internet, has published a list of the worlds top 10 "worst TLDs" on Saturday. Whats interesting is that the list is not based on the overall number of abusive domains hosted under a TLD, but on the TLDs ratio of...
---------------------------------------------
http://www.cio.com/article/3041338/maintainers-of-new-generic-top-level-domains-have-a-hard-time-keeping-abuse-in-check.html#tk.rss_security


*** DFN-CERT-2016-0398: Squid: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0398/


*** HPE Network Automation Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1035192


*** Filr 2.0 - Security Update 1 ***
---------------------------------------------
Abstract: Security Updates for glibc and nscd on the Filr, Search and MySQL 2.0.0 appliances (CVE-2015-7547).Document ID: 5237510Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:MySQL-2.0.0.182.HP.zip (21.71 MB)Filr-2.0.0.422.HP.zip (23.03 MB)Search-2.0.0.400.HP.zip (21.71 MB)Products:Filr 2Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=LqikC-Hosps~


*** Filr 1.2 - Security Update 2 ***
---------------------------------------------
Abstract: Security Updates for glibc and nscd on the Filr, Search and MySQL 1.2.0 appliances (CVE-2015-7547).Document ID: 5237480Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:Filr-1.2.0.861.HP.zip (23.03 MB)MySQL-1.2.0.413.HP.zip (21.71 MB)Search-1.2.0.998.HP.zip (21.71 MB)Products:Filr 1.2Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=PQBDzZUKFac~


*** Sentinel 7.4 SP1 (Sentinel 7.4.1.0) Build 2512 ***
---------------------------------------------
Abstract: Sentinel 7.4.1 upgrade for Sentinel 7.4Document ID: 5237090Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.4.1.0-2512.x86_64.tar.gz.sha256 (109 bytes)sentinel_server-7.4.1.0-2512.x86_64.tar.gz (1.74 GB)Products:SentinelSentinel 7.3Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4Sentinel 7.2Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.4.1Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=ZEMvbiAk5k8~


*** innovaphone IP222 / IP232 Denial Of Service ***
---------------------------------------------
Topic: innovaphone IP222 / IP232 Denial Of Service Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA512 Advisory ID: SYSS-2015-053 Product: innovaphone IP222/IP232 Manufacturer: inn...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030035


*** Bugtraq: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537708


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in libpng affect PowerKVM (CVE-2015-8126, CVE-2015-8472) ***
2016-03-07T08:14:25-05:00
http://www.ibm.com/support/docview.wss?uid=isg3T1023374
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM MQ Appliance (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=swg21977498
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in the GNU C Library (glibc) affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023385
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Guardium (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=swg21977444
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in grub2 affect PowerKVM (CVE-2015-5281, CVE-2015-8370) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023376
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in netcf affects PowerKVM (CVE-2014-8119) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023367
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail affected by libcurl vulnerability (CVE-2016-0755) ***
http://www.ibm.com/support/docview.wss?uid=swg21977843
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023350
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in bind affects PowerKVM (CVE-2015-8704) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023372
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in MIT Kerberos 5 (krb5) affect PowerKVM (CVE-2014-5355, CVE-2015-2694) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023354
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in file affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023349
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in xfsprogs affects PowerKVM (CVE-2012-2150) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023356
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Gnu binutils affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023355
---------------------------------------------