[CERT-daily] Tageszusammenfassung - Dienstag 22-11-2016

Tue Nov 22 18:38:53 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 21-11-2016 18:00 − Dienstag 22-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Windows 10 Cannot Protect Insecure Applications Like EMET Can ***
---------------------------------------------
Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points: (1) Microsoft will no longer support EMET after July 31, 2018, and (2) Windows 10 provides protections that make EMET unnecessary. In this blog post, I explain why Windows 10 does not provide the additional protections that EMET does and why EMET is still an important tool to help prevent exploitation of vulnerabilities.
---------------------------------------------
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html


*** SSA-603476 (Last Update 2016-11-21): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf


*** Facebook Messenger: Malware via SVG ***
---------------------------------------------
Vorsicht bei Dateianhängen in Facebooks Chat: Gekaperte Accounts versenden Schadsoftware - neuerdings in Form einer SVG-Grafik.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Facebook-Messenger-Malware-via-SVG-3493834.html


*** Moodle Vulns ***
---------------------------------------------
*** Vuln: Moodle MSA-16-0026 Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94456
---------------------------------------------
*** Vuln: Moodle CVE-2016-8643 Security Bypass Vulnerability ***
http://www.securityfocus.com/bid/94457
---------------------------------------------
*** Vuln: Moodle CVE-2016-8644 Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94458


*** Exploit Code Released for NTP Vulnerability ***
---------------------------------------------
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
---------------------------------------------
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/


*** The Kings in Your Castle, Pt. #3 ***
---------------------------------------------
In the third episode of Marion Marschaleks and Raphael Vinots series of articles on modern APTs, they will shine some light on the prevalence of Zero-Day vulnerabilities. In reality, the use of Zero-Days is far less common than expected. In fact, APT groups in some cases exploit vulnerabilities which are a couple of years old. On the side of the analysts, they will explain that identical hashes are by no means a reliable indicator for dealing with identical files.
---------------------------------------------
https://blog.gdatasoftware.com/2016/11/29302-kings-in-your-castle-pt-3


*** TYPO3 ***
---------------------------------------------
*** Path Traversal in TYPO3 Core ***
https://typo3.org/news/article/path-traversal-in-typo3-core/
---------------------------------------------
*** Insecure Unserialize in TYPO3 Backend ***
https://typo3.org/news/article/insecure-unserialize-in-typo3-backend/


*** Businesses as Ransomware's Goldmine: How Cerber Encrypts Database Files ***
---------------------------------------------
Possibly to maximize the earning potential of Cerber's developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KntWjaKLssw/


*** Android-Trojaner GT!tr.spy soll vor allem deutsche Bank-Kunden ins Visier nehmen ***
---------------------------------------------
Fortinet ist nach eigenen Angaben auf einen aktuellen Android-Trojaner mit der Bezeichnung GT!tr.spy gestoßen, der es in erster Linie auf Kreditkarten- und Log-in-Daten von deutschen und österreichischen Bank-Kunden abgesehen hat. Davon sollen Kunden von nicht näher beschriebenen 15 deutschen und fünf österreichischen Banken bedroht sein ...
---------------------------------------------
https://heise.de/-3494472


*** Exploit Code Released for NTP Vulnerability ***
---------------------------------------------
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
---------------------------------------------
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/


*** FortiOS flow-mode detection bypass under certain conditions ***
---------------------------------------------
A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions...
---------------------------------------------
http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-certain-conditions


*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2016-8610 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/11/sol11307303.html?ref=rss
---------------------------------------------
*** Security Advisory: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30403302.html?ref=rss
---------------------------------------------
*** Security Advisory: ImageMagick vulnerability CVE-2015-8898 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68785753.html?ref=rss
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991724
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack for Bare Machine Recovery Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) ***
http://www.ibm.com/support/docview.wss?uid=swg21993925
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) ***
http://www.ibm.com/support/docview.wss?uid=swg21993916
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990083
---------------------------------------------
*** IBM Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989336
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993565
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-0377 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993522
---------------------------------------------
*** IBM Vulnerabilities in BIND impact AIX (CVE-2016-2776, CVE-2016-2775) ***
http://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX ***
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc
---------------------------------------------