[CERT-daily] Tageszusammenfassung - Mittwoch 23-11-2016

Wed Nov 23 18:08:44 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 22-11-2016 18:00 − Mittwoch 23-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** The November 2016 issue of our SWITCH Security Report is available! ***
---------------------------------------------
The topics covered in this report are:
* IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking
* DDoS attack via IoT botnet shuts down parts of Internet
* Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price
---------------------------------------------
https://securityblog.switch.ch/2016/11/23/the-november-2016-issue-of-our-switch-security-report-is-available/


*** Securing Drupal with ModSecurity and the Core Rule Set (CRS3) ***
---------------------------------------------
Here is a guide aimed at the Drupal community to learn how to work with ModSecurity. OWASP ModSecurity Core Rule Set is a horrible name for a project, that's why we speak of CRS3. This is a security project and for those not familiar with the CRS, I will first give a brief intro first.
---------------------------------------------
https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/


*** DomainTools 101: How to Spot Phishy Domains on Cyber Monday ***
---------------------------------------------
Just as the Grumeti River in Tanzania harbors dangerous crocodiles just below its surface, a Phishing email usually contains malicious domains waiting for you to click. I read a great article by Bleeping Computer about finding some Google domains that were spoofed using what is known as small caps. This piqued my curiosity ...
---------------------------------------------
https://blog.domaintools.com/2016/11/domaintools-101-how-to-spot-phishy-domains-on-cyber-monday/


*** [DSA 3722-1] vim security update ***
---------------------------------------------
CVE ID : CVE-2016-1248 Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the filetype, syntax and keymap options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2016/msg00305.html


*** Mapping Attack Methodology to Controls, (Wed, Nov 23rd) ***
---------------------------------------------
Recently weve seen lots of malicious documents make it through our first protection layers. (https://www.virustotal.com/en/file/79ff976c5ca6025f3bb90ddfa7298286217c21309c897e6b530603d48dea0369/analysis/) . In the last week, these emails have a word document that spawns a command shell that kicks off a PowerShell script. When working incidents, it is important to map out the attacker lifecycle to determine where to improve your defenses.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21749&rss


*** Telegram API ransomware wrecked three weeks after launch ***
---------------------------------------------
Crypto so bad that getting around it is shooting fish in a barrel Ransomware scum abusing the protocol of the popular Telegram encrypted chat app have been wrecked and their malware ransom system decrypted.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/11/23/owned_telegram_api_ransomware_wrecked_three_weeks_after_launch/


*** Vuln: TP-LINK TL-WA5210G Buffer Overflow and Information Disclosure Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/94481


*** Pentest-Report cURL 08.2016 [PDF] ***
---------------------------------------------
This report documents findings of a source code audit dedicated to assessing the cURL software. The assessment of the tool was performed by Cure53 as part of the Mozilla's Secure Open Source track program. The results of the project encompass twenty-three security-relevant discoveries.
---------------------------------------------
https://wiki.mozilla.org/images/a/aa/Curl-report.pdf


*** Acunetix 10.0 DLL Hijacking ***
---------------------------------------------
Topic: Acunetix 10.0 DLL Hijacking Risk: Medium Text:Title: Acunetix 10 Multi DLL Hajacking Application: Acunetix Versions Affected: 10.0 Vendor URL: http://www.acunetix.com Di...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110196


*** Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-16-308-02 Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 3, 2016, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for resource consumption vulnerabilities affecting Schneider Electric's Magelis human-machine interface products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02


*** Security updates available in Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1 ***
---------------------------------------------
Foxit has released Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1, which address potential security and stability issues
---------------------------------------------
https://www.foxitsoftware.com/support/security-bulletins.php


*** Security Advisory: PHP vulnerability - CVE-2016-6288 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71814571.html?ref=rss


*** Siemens ***
---------------------------------------------
*** Siemens SIMATIC CP 1543-1 Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01
---------------------------------------------
*** Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02
---------------------------------------------
*** Siemens Industrial Products Local Privilege Escalation Vulnerability (Update A) ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02


*** Huawei ***
---------------------------------------------
*** Security Advisory - Multiple Security Vulnerabilities in Huawei Smart Phone Products ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-01-smartphone-en
---------------------------------------------
*** Security Advisory - Privilege Escalation Vulnerability in the FusionStorage ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-01-fusionstorage-en
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in TP Driver of Huawei Smart Phone ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-03-smartphone-en
---------------------------------------------
*** Security Advisory - Integer Overflow Vulnerability in Some Huawei Devices ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-01-vrp-en
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in HIFI Driver of Huawei Smart Phone ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-02-smartphone-en


*** VMware ***
---------------------------------------------
*** VMSA-2016-0022 ***
https://www.vmware.com/security/advisories/VMSA-2016-0022.html
---------------------------------------------
*** VMSA-2016-0021 ***
https://www.vmware.com/security/advisories/VMSA-2016-0021.html
---------------------------------------------
*** VMSA-2016-0018.3 ***
https://www.vmware.com/security/advisories/VMSA-2016-0018.html


*** Novell ***
---------------------------------------------
*** eDirectory 9.0.2 (non-root) for Linux ***
https://download.novell.com/Download?buildid=dgSdIXwk2Cc~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 8 for Linux ***
https://download.novell.com/Download?buildid=OFnb6Ew8wPM~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 8 for Windows ***
https://download.novell.com/Download?buildid=wPIC5t8Drqo~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 9 for Linux ***
https://download.novell.com/Download?buildid=zJBqj6SjCzg~
---------------------------------------------
*** iManager 3.0.2 for Linux ***
https://download.novell.com/Download?buildid=rIhWBDnLYU8~
---------------------------------------------
*** iManager 3.0.2 for Windows ***
https://download.novell.com/Download?buildid=iMupD_KbGcA~
---------------------------------------------
*** eDirectory 9.0.2 for Linux ***
https://download.novell.com/Download?buildid=TLXIiZ6uoho~
---------------------------------------------
*** eDirectory 9.0.2 for Windows ***
https://download.novell.com/Download?buildid=_N2FUsWAalg~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 9 (non-root) for Linux ***
https://download.novell.com/Download?buildid=Y9WDuLNbJxE~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 9 for Windows ***
https://download.novell.com/Download?buildid=aDcgeiAEaYc~