Deutsch | English

[CERT-daily] Tageszusammenfassung - Dienstag 22-11-2016

Daily end-of-shift report team at cert.at
Tue Nov 22 18:38:53 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 21-11-2016 18:00 − Dienstag 22-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a




*** Windows 10 Cannot Protect Insecure Applications Like EMET Can ***
---------------------------------------------
Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points: (1) Microsoft will no longer support EMET after July 31, 2018, and (2) Windows 10 provides protections that make EMET unnecessary. In this blog post, I explain why Windows 10 does not provide the additional protections that EMET does and why EMET is still an important tool to help prevent exploitation of vulnerabilities.
---------------------------------------------
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html




*** SSA-603476 (Last Update 2016-11-21): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf




*** Facebook Messenger: Malware via SVG ***
---------------------------------------------
Vorsicht bei Dateianhängen in Facebooks Chat: Gekaperte Accounts versenden Schadsoftware - neuerdings in Form einer SVG-Grafik.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Facebook-Messenger-Malware-via-SVG-3493834.html



*** Moodle Vulns ***
---------------------------------------------
*** Vuln: Moodle MSA-16-0026 Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94456
---------------------------------------------
*** Vuln: Moodle CVE-2016-8643 Security Bypass Vulnerability ***
http://www.securityfocus.com/bid/94457
---------------------------------------------
*** Vuln: Moodle CVE-2016-8644 Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94458




*** Exploit Code Released for NTP Vulnerability ***
---------------------------------------------
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
---------------------------------------------
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/




*** The Kings in Your Castle, Pt. #3 ***
---------------------------------------------
In the third episode of Marion Marschaleks and Raphael Vinots series of articles on modern APTs, they will shine some light on the prevalence of Zero-Day vulnerabilities. In reality, the use of Zero-Days is far less common than expected. In fact, APT groups in some cases exploit vulnerabilities which are a couple of years old. On the side of the analysts, they will explain that identical hashes are by no means a reliable indicator for dealing with identical files.
---------------------------------------------
https://blog.gdatasoftware.com/2016/11/29302-kings-in-your-castle-pt-3




*** TYPO3 ***
---------------------------------------------
*** Path Traversal in TYPO3 Core ***
https://typo3.org/news/article/path-traversal-in-typo3-core/
---------------------------------------------
*** Insecure Unserialize in TYPO3 Backend ***
https://typo3.org/news/article/insecure-unserialize-in-typo3-backend/




*** Businesses as Ransomware's Goldmine: How Cerber Encrypts Database Files ***
---------------------------------------------
Possibly to maximize the earning potential of Cerber's developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KntWjaKLssw/




*** Android-Trojaner GT!tr.spy soll vor allem deutsche Bank-Kunden ins Visier nehmen ***
---------------------------------------------
Fortinet ist nach eigenen Angaben auf einen aktuellen Android-Trojaner mit der Bezeichnung GT!tr.spy gestoßen, der es in erster Linie auf Kreditkarten- und Log-in-Daten von deutschen und österreichischen Bank-Kunden abgesehen hat. Davon sollen Kunden von nicht näher beschriebenen 15 deutschen und fünf österreichischen Banken bedroht sein ...
---------------------------------------------
https://heise.de/-3494472




*** Exploit Code Released for NTP Vulnerability ***
---------------------------------------------
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
---------------------------------------------
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/




*** FortiOS flow-mode detection bypass under certain conditions ***
---------------------------------------------
A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions...
---------------------------------------------
http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-certain-conditions




*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2016-8610 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/11/sol11307303.html?ref=rss
---------------------------------------------
*** Security Advisory: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30403302.html?ref=rss
---------------------------------------------
*** Security Advisory: ImageMagick vulnerability CVE-2015-8898 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68785753.html?ref=rss
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991724
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack for Bare Machine Recovery Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) ***
http://www.ibm.com/support/docview.wss?uid=swg21993925
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) ***
http://www.ibm.com/support/docview.wss?uid=swg21993916
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990083
---------------------------------------------
*** IBM Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989336
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993565
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-0377 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993522
---------------------------------------------
*** IBM Vulnerabilities in BIND impact AIX (CVE-2016-2776, CVE-2016-2775) ***
http://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX ***
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc
---------------------------------------------








More information about the Daily mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).
Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung