[CERT-daily] Tageszusammenfassung - Donnerstag 3-11-2016

Thu Nov 3 18:24:12 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 02-11-2016 18:00 − Donnerstag 03-11-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk ***
---------------------------------------------
Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user's websites.
---------------------------------------------
http://threatpost.com/unpatched-vulnerability-on-wix-com-puts-millions-of-sites-at-risk/121752/


*** Malware: Adwords-Anzeige verlinkt auf falschen Google Chrome ***
---------------------------------------------
Eine Malware-Kampagne, die sich gegen Apple-Nutzer richtet, bietet gefälschte Versionen von Googles Chrome-Browser. Dabei nutzten die Betrüger ausgerechnet Googles Adword-Anzeigen, um Opfer hereinzulegen.
---------------------------------------------
http://www.golem.de/news/malware-adwords-anzeige-verlinkt-auf-falschen-google-chrome-1611-124224-rss.html


*** Recognizing Packed Malware and its Unpacking Approaches-Part 2 ***
---------------------------------------------
In Part 1 of this article series, we had a look at the ways to recognize packed executables and various ways to automate the unpacking process. In this article, we will look at the manual process of unpacking a packed malware specimen. In the last article, we have seen how the malware specimen was packed...
---------------------------------------------
http://resources.infosecinstitute.com/recognizing-packed-malware-and-its-unpacking-approaches-part-2/


*** Bereits 30.000 Angriffe: Experten warnen vor Joomla-Lücke ***
---------------------------------------------
Cyberkriminelle verschaffen sich erweiterte Rechte - Webseiten-Betreiber sollten sofort auf die neueste Version updaten
---------------------------------------------
http://derstandard.at/2000046902782


*** Barracuda: Outage caused by large number of inbound connections ***
---------------------------------------------
Yet firm refuses to say the word DDoS. What are they hiding? Outage-hit security firm Barracuda appears to have been struck down by a DDoS - though the firm says its still investigating and refuses to confirm or deny it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/11/03/barracuda_outage_firm_wont_confirm_ddos/


*** These 12+ Internet Crime Stories Will Make You Care about Cybersecurity [Updated] ***
---------------------------------------------
Online security seems such an abstract and distant field, where other people get hurt, but you somehow stay safe, either by luck or internet savvy. But the truth is, it could happen to anyone, and it might even have happened to you in the past. They say that nothing beats learning from experience, but sometimes it's best...
---------------------------------------------
https://heimdalsecurity.com/blog/12-true-stories-that-will-make-you-care-about-cyber-security/


*** Browsererweiterungen: Plötzlich nackt im Netz ***
---------------------------------------------
Alle Suchwörter, alle Webseiten - der Browser-Verlauf eines ganzen Monats steht zum Verkauf. Unser Autor erlebte, wie das ist, wenn die eigenen Daten zur Ware werden.
---------------------------------------------
http://www.golem.de/news/browsererweiterungen-ploetzlich-nackt-im-netz-1611-124235-rss.html


*** Ubuntu Core Snaps door shut on Linuxs new Dirty COWs ***
---------------------------------------------
When did Linux start becoming like Windows? Canonical has released Ubuntu Core 16 for IoT, featuring Linux self-patching for a generation of users against future Bash or Dirty COWs.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/11/03/ubuntu_core_snaps_door_shut_on_new_dirty_cows/


*** HPSBUX03664 SSRT110248 rev.1 HP-UX BIND Service running named, Remote Denial of Service (DoS) ***
---------------------------------------------
Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS).
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05321107


*** Security Advisory: BIG-IP virtual server TCP sequence numbers vulnerability ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68401558.html?ref=rss


*** Security Advisory: OpenSSL vulnerability CVE-2016-6304 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/54/sol54211024.html?ref=rss


*** Security Advisory: BIND vulnerability CVE-2016-8864 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35322517.html?ref=rss


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993440
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time ***
https://www-01.ibm.com/support/docview.wss?uid=swg21993501
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source OpenSSL Vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=swg21992348
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-3426) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992149
---------------------------------------------
*** IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371) ***
http://www.ibm.com/support/docview.wss?uid=swg21985114
---------------------------------------------
*** IBM Security Bulletin: A Vulnerability in OpenSource Apache Taglibs Vulnerability affect Content Integrator (CVE-2015-0254) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993243
---------------------------------------------