[CERT-daily] Tageszusammenfassung - Montag 30-05-2016

Mon May 30 18:07:19 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 27-05-2016 18:00 − Montag 30-05-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Security baseline for Windows Server 2016 Technical Preview 5 (TP5) ***
---------------------------------------------
Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows Server 2016, corresponding to Technical ..
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2016/05/27/security-baseline-for-windows-server-2016-technical-preview-5-tp5/


*** New Locky ransomware campaign sets sights on Amazon customers ***
---------------------------------------------
Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.
---------------------------------------------
http://www.scmagazine.com/new-locky-ransomware-campaign-sets-sights-on-amazon-customers/article/499282/


*** How Attackers Use a Flash Exploit to Distribute Crimeware and Other Malware ***
---------------------------------------------
Background Adobe Flash is multimedia software that runs on more than 1 billion systems worldwide. Its long list of security vulnerabilities and huge market presence ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/how-attackers-use-a-flash-exploit-to-distribute-crimeware-and-other-malware


*** VMSA-2016-0005.2 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0005.html


*** Security Advisory: Stored XSS in Jetpack ***
---------------------------------------------
During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites. The ..
---------------------------------------------
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html


*** ZDI-16-361: (Pwn2Own) Apple OS X libATSServer Heap-based Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-361/


*** ZDI-16-360: (Pwn2Own) Apple OS X fontd Sandbox Escape Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-360/


*** Microsoft stattet Windows 10 mit doppelten Virenschutz aus ***
---------------------------------------------
http://derstandard.at/2000037805637


*** Nach LinkedIn Datenleck auch bei MySpace ***
---------------------------------------------
Der LinkedIn-Hacker hat laut eigenen Angaben auch 360 Millionen E-Mail-Adressen von MySpace-Nutzern und ..
---------------------------------------------
http://futurezone.at/digital-life/nach-linkedin-datenleck-auch-bei-myspace/201.396.487


*** Duqu 2.0 kernel exploitation technique analysis (part 1 of 2) ***
---------------------------------------------
Out of the multiple components used in the sophisticated Duqu 2.0 cyberespionage attack, we had a chance to look into one of the kernel exploits used for its ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/05/29/%e2%80%8bduqu-2-0-kernel-exploitation-technique-analysis-part-1-of-2/


*** CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename ***
---------------------------------------------
All existing releases of GraphicsMagick and ImageMagick support a file open syntax where if the first character of the file specification is a |, then the remainder of the filename is passed to the shell for execution using the ..
---------------------------------------------
http://permalink.gmane.org/gmane.comp.security.oss.general/19669


*** breaking into a wordpress site without knowing wordpress/php or infosec at all ***
---------------------------------------------
This is a post about how I tried and broke into my colleges wordpress installation without having any prior knowledge of wordpress/php and without any experience with hacking web-servers. The attempts were spread out over a month, ..
---------------------------------------------
https://notehub.org/5zo2v


*** Saudi-Arabien soll Cyberangriffe gegen Iran gestartet haben ***
---------------------------------------------
http://derstandard.at/2000037865736


*** Microsoft geht gegen zu einfache Passwörter vor ***
---------------------------------------------
Künftig sollen Nutzer von Azure und anderen Diensten Warnungen erhalten, wenn ihr Kennwort ..
---------------------------------------------
http://derstandard.at/2000037866342


*** Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6


*** Angreifer erbeuten Nutzerdaten von sz-magazin.de ***
---------------------------------------------
Ein Unbefugter habe sich Mitte Mai rechtswidrig Zugriff auf einen Datenbankserver des SZ-Magazins verschafft.
---------------------------------------------
http://heise.de/-3222586


*** Hintergrund: Zertifikate sperren - so gehts ***
---------------------------------------------
Verkehrte Welt -- um ein Zertifikat zu sperren, muss man es erst installieren. Mit der folgenden Anleitung ..
---------------------------------------------
http://heise.de/-3222308


*** Zum Weltnichtrauchertag: BSI warnt vor Malware in E-Zigaretten ***
---------------------------------------------
Wer E-Zigaretten raucht, erspart seiner Lunge Teer, setzt aber die Gesundheit seines Rechners aufs Spiel - zumindest, wenn die E-Zigarette per USB aufgeladen wird.
---------------------------------------------
http://www.golem.de/news/zum-weltnichtrauchertag-bsi-warnt-vor-malware-in-e-zigaretten-1605-121180.html