[CERT-daily] Tageszusammenfassung - Donnerstag 17-03-2016

Thu Mar 17 18:12:48 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 16-03-2016 18:00 − Donnerstag 17-03-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Blundering ransomware uses backdoored crypto, unlock keys spewed ***
---------------------------------------------
Hahah ... wait, what? A software developer whose example encryption code was used by a strain of ransomware has released the decryption keys for the malware.
---------------------------------------------
http://www.theregister.co.uk/2016/03/16/locky_ransomware_undone_for_now/


*** Netgear CG3000v2 Password Change Bypass ***
---------------------------------------------
I noticed a security issue in my Netgear CG3000v2 cable modem, as provided by Optus (an Australian phone/communications provider).
The "admin password" can be changed on the web interface, without providing the current password. The page http://192.168.0.1/SetPassword.asp prompts for old and new passwords (and repeat of new), but in fact ignores the old password provided, and changes the password to the new one, regardless.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030089


*** 2015-12-10: POODLE Vulnerability in RTU500 Series ***
---------------------------------------------
Affected Products: RTU500 series firmware of release 10 less than version 10.8.6 and of release 11 less than 11.2.1.
RTU500 series releases 9 and less are not affected.
Summary: A vulnerability has recently been published that affects the SSL protocol 3.0 and is
commonly referred to as “POODLE”. The vulnerability affects the product versions listed
above.
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=1KGT090264&LanguageCode=en&DocumentPartId=&Action=Launch


*** ADAC: Autos mit Keyless-Schlüssel sehr leichter zu stehlen ***
---------------------------------------------
Diebe können sich eine Sicherheitslücke in der Funkverbindung zunutze machen
---------------------------------------------
http://derstandard.at/2000033077997


*** APT Attackers Flying More False Flags Than Ever ***
---------------------------------------------
Investigators continue to focus on attack attribution, but Kaspersky researchers speaking at CanSecWest 2016 caution that attackers are manipulating data used to tie attacks to perpetrators.
---------------------------------------------
http://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/116814/


*** sol06223540: F5 TCP vulnerability CVE-2015-8240 ***
---------------------------------------------
Improper handling of TCP options under some circumstances may cause a denial-of-service (DoS) condition. (CVE-2015-8240) Versions known to be vulnerable: 11.6.0 HF5, 11.5.3 HF2, 11.4.1 HF9 on various BIG-IP products
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/06/sol06223540.html


*** Metaphor - A (real) reallife Stagefright exploit ***
---------------------------------------------
The team here at NorthBit has built a working exploit affecting Android versions 2.2 - 4.0 and 5.0 - 5.1, while bypassing ASLR on versions 5.0 - 5.1 (as Android versions 2.2 - 4.0 do not implement ASLR).
---------------------------------------------
https://www.exploit-db.com/docs/39527.pdf


*** Xen XSA-171: I/O port access privilege escalation in x86-64 Linux ***
---------------------------------------------
User mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks.
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-171.html


*** BSI veröffentlicht Anforderungskatalog für Cloud Computing ***
---------------------------------------------
Anhand des Katalogs können Kunden von Cloud-Dienstleistern herausfinden, wie es um die Informationssicherheit in einer Cloud steht. Aber auch Anbieter solcher Dienste können sich damit etwa auf eine anstehende Zertifizierung vorbereiten.
---------------------------------------------
http://heise.de/-3141368


*** Introducing SHIPS - Centralized Password Management ***
---------------------------------------------
The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton from TrustedSec to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts. Our goal is to make post exploitation more difficult and provide a simplistic way to manage multiple systems in an environment where Windows does not necessarily support an alternative. SHIPS supports both Linux
---------------------------------------------
https://www.trustedsec.com/january-2015/introducing-ships-centralized-local-password-management-windows/


*** New NIST Encryption Guidelines ***
---------------------------------------------
NIST has published a draft of their new standard for encryption use: "NIST Special Publication 800-175B, Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms." In it, the Escrowed Encryption Standard from the 1990s, FIPS-185, is no longer certified. And Skipjack, NSAs symmetric algorithm from the same period, will no longer be certified.
---------------------------------------------
https://www.schneier.com/blog/archives/2016/03/new_nist_encryp.html


*** Scores of Serial Servers Plagued by Lack of Authentication, Encryption ***
---------------------------------------------
Thousands of serial servers connected to the internet arent password protected and lack encryption, leaving any data that transfers between them and devices theyre connected to open to snooping, experts warn.
---------------------------------------------
http://threatpost.com/scores-of-serial-servers-plagued-by-lack-of-authentication-encryption/116834/


*** VU#897144: Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow ***
---------------------------------------------
The Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow.  Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2345
Solarwinds Dameware Remote Mini Controller is a software for assisting in remote desktop connections for helpdesk support.
---------------------------------------------
http://www.kb.cert.org/vuls/id/897144


*** Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks ***
---------------------------------------------
This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.
---------------------------------------------
https://mazinahmed.net/uploads/Bypassing%20NoScript%20Security%20Suite%20Using%20Cross-Site%20Scripting%20and%20MITM%20Attacks.pdf


*** Symantec Endpoint Protection Multiple Security Issues ***
---------------------------------------------
Symantec Endpoint Protection (SEP) was susceptible to a number of security findings that could potentially result in an authorized but less privileged user gaining elevated access to the Management Console. SEP Client security mitigations can potentially be bypassed allowing arbitrary code execution on a targeted client. 
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160317_00


*** IBM Security Bulletin ***
---------------------------------------------
*** IBM Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities (CVE-2015-5345, CVE-2015-5351) ***
http://www.ibm.com/support/docview.wss?uid=swg21978300
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-7575, CVE-2015-4872, CVE-2015-4893, CVE-2015-4803) ***
http://www.ibm.com/support/docview.wss?uid=swg21976573
---------------------------------------------
*** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry (CVE-2015-7713, CVE-2015-5286) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023399
---------------------------------------------
*** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5163 CVE-2015-3241 CVE-2015-5223) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023469
---------------------------------------------
*** IBM Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-5163 CVE-2015-3241 CVE-2015-5223) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023470
---------------------------------------------