[CERT-daily] Tageszusammenfassung - Donnerstag 12-05-2016

Thu May 12 18:13:57 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 11-05-2016 18:00 − Donnerstag 12-05-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Security Updates Available for Adobe Flash Player (APSB16-15) ***
---------------------------------------------
A Security Bulletin (APSB16-15) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. Adobe...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1352


*** Tips to Prevent Ransomware in Healthcare Environments ***
---------------------------------------------
If 2015 was the year of the healthcare breach, 2016 is shaping up to be the year of ransomware. By this time last year, 105 healthcare breaches had been reported to the U.S. Department of...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/05/tips-to-prevent-ransomware-in-healthcare-environments/


*** Entpacker 7-Zip kann zum Ausführen von Schadcode missbraucht werden ***
---------------------------------------------
Über eine Lücke im Kompressions-Tool 7-Zip können Angreifer Schadcode ausführen und eventuell auch den Rechner des Opfers kapern. Besonders brisant: Der Open-Source-Code des Tools steckt auch in Sicherheitssoftware.
---------------------------------------------
http://heise.de/-3206787


*** US-CERT warnt Betreiber von SAP-Systemen ***
---------------------------------------------
Anlass der Sicherheitswarnung des Computer-Notfall-Teams der USA ist ein Bericht, demzufolge mindestens 36 Organisationen in der ganzen Welt über eine SAP-Lücke angegriffen und kompromittiert wurden.
---------------------------------------------
http://heise.de/-3207245


*** New Wave of the Test0.com/Test5.xyz Redirect Hack ***
---------------------------------------------
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domain. This week the default7 .com domain went down but the attackers returned with a new wave of site infections and the new redirecting domain - test5 .xyz (registered just a few...
---------------------------------------------
https://blog.sucuri.net/2016/05/test0test5-com-redirect-hack-new-wave.html


*** Popular cache Squid skids as hacker pops lid ***
---------------------------------------------
Yet another mess we can blame on the combination of Flash and advertising Tsinghua University postgraduate student Jianjun Chen has reported a critical cache poisoning vulnerability in the Squid proxy server, a transparent cache widely deployed by internet service providers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/05/12/telco_fave_squid_skids_as_hacker_pops_lid/


*** Giving up Your Roots: A Root Remedy Checklist ***
---------------------------------------------
As an IT organization, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root?The post Giving up Your Roots: A Root Remedy Checklist appeared first on BeyondTrust.
---------------------------------------------
https://www.beyondtrust.com/blog/root-remedy-checklist/


*** Facebook CTF platform is now open source ***
---------------------------------------------
Capture the Flag competitions are a good - not to mention legal - way for hackers to build and hone their skills. But, quality CTF environments are difficult and expensive to build and run. This is a burden that Facebook aims to lighten by open sourcing the Facebook CTF platform, devised for the training of their own employees and used around the world by various organizations looking to interest kids in computer security. The now-free...
---------------------------------------------
https://www.helpnetsecurity.com/2016/05/12/facebook-ctf-platform-open-source/


*** From the Netherlands Presidency of the EU Council: Coordinated vulnerability disclosure Manifesto signed ***
---------------------------------------------
Approximately 30 organisations have signed the Coordinated Vulnerability Disclosure Manifesto today, in which they declare to support the principle of having a point of contact to report IT vulnerabilities to and already have this set up in their own organisations, or they plan to do so soon. By signing the manifesto, the participating...
---------------------------------------------
https://www.enisa.europa.eu/news/member-states/from-the-netherlands-presidency-of-the-eu-council-coordinated-vulnerability-disclosure-manifesto-signed


*** DFN-CERT-2016-0770: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0770/


*** DFN-CERT-2016-0739: OpenVPN: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0739/


*** Security Notice - Statement on Bogner Florian Revealing Privilege Escalation Vulnerability in Huawei E5373 LTE Mobile Wi-Fi Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160512-01-e5373-en


*** F5 Security Advisory: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23073482.html?ref=rss


*** BulletProof Security <= .53.3 - Multiple XSS Vulnerabilities ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8492


*** Bugtraq: [security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538359


*** Bugtraq: [security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538360


*** Bugtraq: [security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538365


*** Bugtraq: [security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538364


*** Bugtraq: [security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538366


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin:Vulnerability in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0363) ***
http://www.ibm.com/support/docview.wss?uid=swg21982489
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algorithmics Algo Risk Application - CVE-2016-0390 ***
http://www.ibm.com/support/docview.wss?uid=swg21981321
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000105
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) ***
http://www.ibm.com/support/docview.wss?uid=swg21982883
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Deployer. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) ***
http://www.ibm.com/support/docview.wss?uid=swg21982877
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus ***
http://www.ibm.com/support/docview.wss?uid=swg21982172
---------------------------------------------
*** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7488) ***
http://www.ibm.com/support/docview.wss?uid=swg21982874
---------------------------------------------
*** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7456) ***
http://www.ibm.com/support/docview.wss?uid=swg21982873
---------------------------------------------
*** IBM Security Bulletin: A potential vulnerability in IBM Java SDK affect InfoSphere Streams (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21973403
---------------------------------------------