[CERT-daily] Tageszusammenfassung - Donnerstag 24-11-2016

Thu Nov 24 18:07:39 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 23-11-2016 18:00 − Donnerstag 24-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Don't let this Black Friday/Cyber Monday spam deliver Locky ransomware to you ***
---------------------------------------------
We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we're seeing a spam campaign that Amazon customers need to be wary of.
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/11/23/dont-let-this-black-friday-cyber-monday-spam-deliver-locky-ransomware-to-you/


*** LXC CVE-2016-8649 Directory Traversal Vulnerability ***
---------------------------------------------
An attacker can exploit this issue using directory-traversal characters (../) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
---------------------------------------------
http://www.securityfocus.com/bid/94498/info


*** Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability ***
---------------------------------------------
Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy devices with Marshmallow 6.0 are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/94494/info


*** w3m Multiple Security Vulnerabilities ***
---------------------------------------------
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to w3m 0.5.3-33 are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/94464/discuss


*** Research on unsecured Wi-Fi networks across the world ***
---------------------------------------------
We compared the situation with Wi-Fi traffic encryption in different countries using data from our threat database. We counted the number of reliable and unreliable networks in each country that has more than 10 thousand access points known to us
---------------------------------------------
https://securelist.com/blog/research/76733/research-on-unsecured-wi-fi-networks-across-the-world/


*** DFN-CERT-2016-1942/">RealNetworks RealPlayer: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ***
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im RealPlayer ausnutzen, mit Hilfe einer schädlichen präparierten QCP-Mediendatei, zu deren Wiedergabe er einen Benutzer verleitet, um einen Denial-of-Service (DoS)-Angriff durchzuführen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1942/


*** Windows-Update für Secure-Boot-Fehler macht BIOS-Updates erforderlich ***
---------------------------------------------
Mit dem Patch 3193479 beziehungsweise 3200970 für aktuelle Windows-(Server-)Versionen korrigiert Microsoft einen Bug in UEFI Secure Boot, doch einige Server starten danach nicht mehr.
---------------------------------------------
https://heise.de/-3503589


*** Diagnosing cyber threats for smart hospitals ***
---------------------------------------------
ENISA presents a study that sets the scene on information security for the adoption of IoT in Hospitals. The study which engaged information security officers from more than ten hospitals across the EU, depicts the smart hospital ICT ecosystem; and through a risk based approach focuses on relevant threats and vulnerabilities, analyses attack scenarios, and maps common good practices. 
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/diagnosing-cyber-threats-for-smart-hospitals


*** Security Advisory: PHP vulnerability CVE-2016-6288 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71814571.html?ref=rss


*** Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016 ***
---------------------------------------------
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd