[CERT-daily] Tageszusammenfassung - Mittwoch 9-03-2016

Wed Mar 9 18:10:47 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 08-03-2016 18:00 − Mittwoch 09-03-2016 18:00
Handler:     n/a
Co-Handler:  Stephan Richter


*** Apple denies researchers claims of bypassing iOS passcode using Siri ***
---------------------------------------------
Vulnerability Lab researchers claim to have spotted multiple passcode bypass vulnerabilities in the latest Apple iOS systems.
---------------------------------------------
http://www.scmagazine.com/researchers-says-ios-has-passcode-bypass-vulnerabilities/article/481796/


*** Microsoft-Patchday: Fünf kritische Lücken, alle Windows-Versionen betroffen ***
---------------------------------------------
Microsoft verteilt diesen Monat insgesamt 13 Updates für WIndows, Office und seine beiden Browser Internet Explorer und Edge. Mehrere Lücken erlauben es, Windows-Rechner aus der Ferne zu kapern.
---------------------------------------------
http://heise.de/-3131122


*** Trivial path for DDoS amplification attacks found by infosec bods ***
---------------------------------------------
600,000 servers are vulnerable to this little-known protocol Security researchers have discovered a new vector for DDoS amplification attacks - and its quite literally trivial.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/03/09/trivial_ddos_amplification_method/


*** KeRanger Mac ransomware is a rewrite of Linux Encoder ***
---------------------------------------------
KeRanger, the recently discovered first functional Mac ransomware, is a copy of Linux Encoder, the crypto-ransomware first unearthed and analyzed in November 2015 by Dr. Web researchers. "The encryption functions are identical and have same names: encrypt_file, recursive_task, currentTimestamp and createDaemon to only mention a few. The encryption routine is identical to the one employed in Linux.Encoder", explained Catalin Cosoi, Chief Security Strategist at Bitdefender.
---------------------------------------------
https://www.helpnetsecurity.com/2016/03/09/keranger-mac-ransomware-rewrite-linux-encoder/


*** A Wall Against Cryptowall? Some Tips for Preventing Ransomware, (Wed, Mar 9th) ***
---------------------------------------------
A lot of attention has been paid lately to the Cryptowall / Ransomware family (as in crime family) of malware. What I get asked a lot by clients is how can I prepare / prevent an infection? Prepare is a good word in this case, it encompasses both prevention and setting up processes for dealing with the infection that will inevitably happen in spite of those preventative processes. Plus its the first step in the Preparation / Identification / Containment / Eradication / Restore Service / Lessons...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20821&rss


*** Android-Sicherheitsupdates: Immer Ärger mit Stagefright ***
---------------------------------------------
Google wird die Stagefright-Probleme nicht los. Auch das März-Update patcht mehrere kritische Lücken, die in den Multimedia-Diensten der Android-Geräte stecken. Updates für Nexus-Smartphones und -Tablets werden bereits verteilt.
---------------------------------------------
http://heise.de/-3131138


*** RSA: Seven Attack Trends (March 3, 2016) ***
---------------------------------------------
At the RSA Conference in San Francisco last week, SANS researchers described seven cyberattack trends that are likely to come up again and again over the course of this year: Weaponization of Windows PowerShell; Stagefright-like mobile vulnerabilities; Developer environment vulnerabilities like Xcode Ghost; Industrial Control System (ICS) attacks; Targeting unsecure third-party software components; Internet of (Evil) Things; and Ransomware...
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/18/19/201


*** MS16-MAR - Microsoft Security Bulletin Summary for March 2016 - Version: 1.0 ***
---------------------------------------------
V1.0 (March 8, 2016): Bulletin Summary published.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-MAR


*** [R1] PHP < 5.6.18 / PCRE < 8.38 Vulnerabilities Affect Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-04


*** Bugtraq: [security bulletin] HPSBHF03557 rev.1 - HPE Networking Products using Comware 7 (CW7) running NTP, Remote Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537721


*** Persistent Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.x Web User Interface ***
---------------------------------------------
This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if this vulnerability is used to execute script in the browser of an authenticated administrator then the script may be able to gain access to the administrator's session or other potentially sensitive information.
---------------------------------------------
https://support.citrix.com/article/CTX207499


*** Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmre


*** Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc


*** Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-cmdos


*** Cisco Wireless Residential Gateway Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid