[CERT-daily] Tageszusammenfassung - Dienstag 10-05-2016

Tue May 10 18:05:36 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 09-05-2016 18:00 − Dienstag 10-05-2016 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl


*** [Xen-announce] Xen Security Advisory 179 (CVE-2016-3710, CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks ***
---------------------------------------------
Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. But an attacker can easily change access modes after setting the bank ..
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2016-05/msg00001.html


*** Finding Conditional SEO Spam in Drupal ***
---------------------------------------------
Nobody likes spam. It's never fun (unless you're watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of ..
---------------------------------------------
https://blog.sucuri.net/2016/05/seo-spam-in-drupal-database.html


*** DSA-3572 websvn - security update ***
---------------------------------------------
Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks viaspecially crafted file and directory names in repositories.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3572


*** Gamarue, Nemucod, and JavaScript ***
---------------------------------------------
JavaScript is now being used largely to download malware because it's easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/05/09/gamarue-nemucod-and-javascript/


*** Don�t Put Off Till Tomorrow What You Should Start Today (Part 1) ***
---------------------------------------------
For some, the upcoming EU legislative changes (the General Data Protection Regulation, referred to as GDPR, and the Network and Information Security Directive, referred to as the NIS Directive) may have seemed like they ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/05/cso-dont-put-off-till-tomorrow-what-you-should-start-today-part-1/


*** Performing network forensics with Dshell. Part 1: Basic usage, (Mon, May 9th) ***
---------------------------------------------
I found out recently there is a very interesting tool that enables some interesting capabilities to perform network forensics from a PCAP capture file. It"> in the command prompt. There is a major keyword that launches ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21035


*** This is what a root debug backdoor in the Linux kernel looks like ***
---------------------------------------------
Allwinners all-loser code makes it into shipped firmware A root backdoor for debugging Android gadgets managed to end up in shipped firmware - and were surprised this sort of colossal blunder doesnt happen more often.
---------------------------------------------
www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor/


*** DSA-3573 qemu - security update ***
---------------------------------------------
https://www.debian.org/security/2016/dsa-3573


*** SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers ***
---------------------------------------------
Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram.
---------------------------------------------
www.theregister.co.uk/2016/05/10/ss7_mobile_chat_hack/


*** Security Advisory: ImageMagick vulnerability CVE-2016-3714 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/03/sol03151140.html


*** Let's stop talking password flaws and instead discuss access management ***
---------------------------------------------
A good bit of attention has been given to a new report that suggests that there are organizations that don't change their administrative passwords at all, ever. While it may be a bit eye opening that many IT professionals said they did not ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/05/10/password-flaws-access-management/


*** xt:Commerce: Dringende Patches ohne Details ***
---------------------------------------------
Der Anbieter des Online-Shop-Systems xt:Commerce verteilt aktuell einen Sicherheitspatch. Betroffene Admins sollten die abgesicherten Versionen mit "sehr hoher ..
---------------------------------------------
http://heise.de/-3200152


*** Hacker Challenges ***
---------------------------------------------
Want to get started hacking things but don't want to do anything illegal? Here are some challenges others have made to help you practice some hacking skills. By participating in the challenges you could learn the following ..
---------------------------------------------
https://www.tunnelsup.com/hacker-challenges/


*** Ransomware Is Not a 'Malware Problem' - It's a Criminal Business Model ***
---------------------------------------------
Today Unit 42 published our latest paper on ransomware, which has quickly become one of the greatest cyberthreats facing organizations around the world. As a business model, ransomware has proven to be highly effective ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/05/unit-42-ransomware-trends/


*** Lateral Movement: Do You Have Enough Eyes? ***
---------------------------------------------
Sophisticated attackers can find their way into a corporate network in many ways. An attack could come from an external source, through the exploitation of a service, or by being brought in by a user whose laptop has been infected while ..
---------------------------------------------
http://resources.infosecinstitute.com/lateral-movement-do-you-have-enough-eyes/


*** Böse Bilder: Akute Angriffe auf Webseiten über ImageMagick  ***
---------------------------------------------
Die Gnadenfrist ist abgelaufen. Wer ein ungepatchtes ImageMagick auf seinem Server einsetzt, sollte schnellstens handeln, denn nun sind Exploits im Umlauf.
---------------------------------------------
http://heise.de/-3200773


*** Xen Security Advisory CVE-2016-3710,CVE-2016-3712 / XSA-179 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-179.txt


*** IBM Security Bulletin: Vulnerabilities in OpenSource PHP Affect IBM Lotus Protector For Mail Security (CVE-2016-3142 ) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21981983


*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg2C1000128


*** Hackers paradise: Outdated Internet Explorer, Flash installs in enterprises ***
---------------------------------------------
Two in five Flash users DO update. Surprised? A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more ..
---------------------------------------------
www.theregister.co.uk/2016/05/10/ie_flash_vulns_rife/