[CERT-daily] Tageszusammenfassung - Dienstag 24-05-2016

Daily end-of-shift report team at cert.at
Tue May 24 18:17:26 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 23-05-2016 18:00 − Dienstag 24-05-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** DMA Locker 4.0 - Known Ransomware Preparing For A Massive Distribution ***
---------------------------------------------
We take a look at the step towards maturity of DMA Locker how this will be spreading on a bigger scale.Categories:  Malware Threat analysisTags: DMA Lockerransomware(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/2016/05/dma-locker-4-0-known-ransomware-preparing-for-a-massive-distribution/




*** Beware of keystroke loggers disguised as USB phone chargers, FBI warns ***
---------------------------------------------
Private industry notification comes 15 months after debut of KeySweeper.
---------------------------------------------
http://arstechnica.com/security/2016/05/beware-of-keystroke-loggers-disguised-as-usb-phone-chargers-fbi-warns/




*** SWIFT to unveil new security plan after hackers heists ***
---------------------------------------------
The SWIFT secure messaging service that underpins international banking said it plans to launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist. [...] Users frequently do not inform SWIFT of breaches of their SWIFT systems and even now, the co-operative has not proposed any sanctions for clients who fail to pass on information, which SWIFT itself says is key to stopping future attacks.
---------------------------------------------
http://www.reuters.com/article/us-cyber-banks-swift-idUSKCN0YE2S6




*** Kommentar: Allo, Google? Gehts noch? ***
---------------------------------------------
Googles WhatsApp-Alternative Allo verschlüsselt nicht konsequent, sondern liest stattdessen aktiv mit. Was soll das?
---------------------------------------------
http://heise.de/-3215729




*** WPAD name collision bug opens door for MitM attackers ***
---------------------------------------------
A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to mount MitM attacks from anywhere on the Internet, US-CERT warns. "With the New gTLD program, previously undelegated gTLD strings are now being delegated for public domain name registration. These strings may be used by private or enterprise networks, and in certain circumstances, such as when a work computer...
---------------------------------------------
https://www.helpnetsecurity.com/2016/05/24/wpad-name-collision-bug/




*** Hacker finds flaw in teleconference tool used by US Army, NASA and CERN ***
---------------------------------------------
Like we need another reason to hate videoconferences Sydney security tester Jamieson OReilly has reported a since-patched vulnerability in popular video platform Vidyo - used by the likes of the US Army, NASA and CERN - that could see videos leaked and systems compromised.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/05/19/popular_teleconf_tech_vidyo_throws_patch_over_data_leak_hole/




*** Pastejacking im Browser: Codeausführung per Copy and Paste ***
---------------------------------------------
Browser können den Inhalt der Zwischenablage selbstständig verändern. In einem Proof-of-Concept wird gezeigt, wie diese Funktion für Angriffe genutzt werden kann - und Nutzer sich recht einfach schützen können.
---------------------------------------------
http://www.golem.de/news/pastejacking-im-browser-codeausfuehrung-per-copy-and-paste-1605-121062-rss.html




*** Bösartige Apps stellen heimlich teure Telefonverbindungen her ***
---------------------------------------------
Warnung der Regulierungsbehörde
---------------------------------------------
http://derstandard.at/2000037564561




*** Neben Erpressung nun auch DDoS: Verschlüsselungs-Trojaner Cerber lernt dazu ***
---------------------------------------------
Mit einer neuen Version von Cerber wollen die Drahtzieher hinter der Ransomware noch mehr Profit generieren: Der Schädling nimmt persönliche Daten als Geisel und die Kriminellen können infizierte Computer für DDoS-Attacken missbrauchen.
---------------------------------------------
http://heise.de/-3217254




*** The Anti-Ransomware Protection Plan You Need to Follow Today ***
---------------------------------------------
Technology has made our lives both easier and more complicated - there's no denying that. Fast Internet access opened up a world of wisdom and all the distractions we can image. But the door is also open for cyber criminals with little to no scruples and a big appetite for money. And there's no better...
---------------------------------------------
https://heimdalsecurity.com/blog/anti-ransomware-protection-plan/




*** Xen Security Advisory CVE-2014-3672 / XSA-180 ***
---------------------------------------------
When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen.  This output is not rate-limited in any way.  The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large.
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-180.html




*** Pulse Connect Secure Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035932




*** Missing Access Check in TYPO3 CMS ***
---------------------------------------------
It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions.
---------------------------------------------
https://typo3.org/news/article/missing-access-check-in-typo3-cms/




*** Missing Access Check in extension "Frontend User Registration" (sf_register) ***
---------------------------------------------
It has been discovered that the extension "Frontend User Registration" (sf_register) lacks a proper access check.
---------------------------------------------
https://typo3.org/news/article/missing-access-check-in-extension-frontend-user-registration-sf-register/




*** Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm




*** Cisco UCS Invicta Software Default GPG Key Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160524-ucs-inv




*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: GNU C Library (glibc) vulnerability CVE-2016-3075 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?ref=rss
---------------------------------------------
*** Security Advisory: OpenSSH vulnerability CVE-2016-1907 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35424631.html?ref=rss
---------------------------------------------
*** Security Advisory: glibc vulnerability CVE-2016-3075 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?ref=rss
---------------------------------------------
*** Security Advisory: Java vulnerabilities CVE-2013-5782 and CVE-2013-5803 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14340611.html?ref=rss
---------------------------------------------
*** Security Advisory: PHP Vulnerability CVE-2016-4539 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35240323.html?ref=rss
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0264 ,CVE-2016-3449) ***
http://www.ibm.com/support/docview.wss?uid=swg21983578
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005812
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Security Update (CVE-2016-0322) ***
http://www.ibm.com/support/docview.wss?uid=swg21982611
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat may affect IBM WebSphere Application Server Community Edition (CVE-2015-5174) ***
http://www.ibm.com/support/docview.wss?uid=swg21983128
---------------------------------------------
*** IBM Applicable countries and regions ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099367
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities have been identified in the versions of IBM WebSphere Application Server Community Edition bundled with Web Experience Factory 7.0.x and 8.0.x (CVE-2015-5345) (CVE-2016-0706) (CVE-2016-0714) ***
http://www.ibm.com/support/docview.wss?uid=swg21981775
---------------------------------------------
*** IBM Security Bulletin: HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000121
---------------------------------------------


More information about the Daily mailing list