[CERT-daily] Tageszusammenfassung - Mittwoch 30-11-2016

Wed Nov 30 18:41:54 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 29-11-2016 18:00 − Mittwoch 30-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Kritische Sicherheitslücke in Mozilla Firefox - aktiv ausgenützt - keine Patches verfügbar ***
---------------------------------------------
Wie in diversen Medien berichtet wird, gibt es eine kritische Sicherheitslücke in aktuellen Versionen des Mozilla Firefox Browsers, für die noch kein Patch zur Verfügung steht. Diese wird auch bereits aktiv ausgenützt. 
---------------------------------------------
https://cert.at/warnings/all/20161130.html


*** Port 7547 in Österreich ***
---------------------------------------------
seit meinem letzten Blogpost zu Mirai/TR-069 sind ein paar neue Informationen dazugekommen
---------------------------------------------
https://cert.at/services/blog/20161130165710-1834.html


*** Ask Sucuri: Can Your cPanel Page Be Maliciously Redirected? ***
---------------------------------------------
Many webmasters may not be aware that hackers are able to maliciously redirect cPanel pages. The specific tactic we describe in this article is unique. Included are recommendations to prevent it, along with other suspicious issues, through logs kept on cPanel servers. 
---------------------------------------------
https://blog.sucuri.net/2016/11/ask-sucuri-can-cpanel-page-maliciously-redirected.html


*** Vuln: Dell iDRAC7 and iDRAC8 Devices CVE-2016-5685 Code Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94585


*** Emerson Liebert SiteScan XML External Entity Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an XML External Entity vulnerability affecting Emerson's Liebert SiteScan application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-334-01


*** Emerson DeltaV Easy Security Management Application Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a vulnerability that affects Emerson's DeltaV Easy Security Management application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02


*** Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a vulnerability in the Emerson DeltaV Wireless I/O Card.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03


*** Security Advisory: BIG-IP FastL4 profile vulnerability ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36300805.html?ref=rss


*** Security Advisory - XSS Vulnerability in Huawei eSpace IAD ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161130-01-espace-en


*** Security Advisory - DoS Vulnerability in Huawei Switches ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161130-01-switch-en


*** DFN-CERT-2016-1960/">Apache Subversion: Eine Schwachstelle ermöglicht Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1960/


*** Security Advisory - Command Injection Vulnerability in Huawei FusionAccess ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161130-01-ldap-en


*** GCHQ presents CyberChef, an Open Source Data Analysis Tool ***
---------------------------------------------
The GCHQ has released the code of a new open source web tool dubbed CyberChef, specifically designed for analyzing and decoding data.
---------------------------------------------
http://securityaffairs.co/wordpress/53908/intelligence/gchq-cyberchef.html


*** Multiple I-O DATA network camera products multiple vulnerabilities ***
---------------------------------------------
Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities.
---------------------------------------------
http://jvn.jp/en/jp/JVN25059363/


*** New Cerber Variant Leverages Tor2Web Proxies, Google Redirects ***
---------------------------------------------
Researchers have discovered that criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection.
---------------------------------------------
http://threatpost.com/new-cerber-variant-leverages-tor2web-proxies-google-redirects/122169/


*** An overview of the Payment Card Industry (PCI) ***
---------------------------------------------
The payment card industry consists of all the organizations which store, process and transmit cardholder data and carry transactions through debit and credit cards. Many standards are developed to conduct these types of services in a secure way. The well-known standard for this purpose is Payment Card Industry Data Security Standards.
---------------------------------------------
http://resources.infosecinstitute.com/an-overview-of-the-payment-card-industry-pci/


*** Großstörung bei der Telekom: Was wirklich geschah ***
---------------------------------------------
Ein Sicherheitsexperte hat die Reaktion eines der anfälligen Speedport-Modelle analysiert und kommt zu einer überraschenden Erkenntnis: Die Geräte waren gar nicht anfällig für die TR-069-Sicherheitslücke.
---------------------------------------------
https://heise.de/-3520212


*** GET pwned: Web CCTV cams can be hijacked by single HTTP request ***
---------------------------------------------
An insecure web server embedded in more than 35 models of internet-connected CCTV cameras leaves countless devices wide open to hijacking, it is claimed.
---------------------------------------------
http://www.theregister.co.uk/2016/11/30/iot_cameras_compromised_by_long_url/


*** Vuln: OpenJPEG CVE-2016-9675 Incomplete Fix Multiple Remote Heap Based Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/94589


*** Cobalt Malware Threatens ATM Security ***
---------------------------------------------
The hackers typically initiated the malware infection through phishing and spearphishing attacks. They sent malware laced emails to employees working at the banks. If some how a cyber security naive-employee clicked on a malicious link in an email or opened an attachment then their system would get infected.
---------------------------------------------
https://blog.comodo.com/malware/cobalt-malware-threatens-atm-security/


*** Android-Malware Gooligan soll über 1 Million Google-Konten gekapert haben ***
---------------------------------------------
Der Tojaner soll Smartphones rooten und Authentifizierungs-Tokens von Google-Accounts kopieren. Über einen Online-Service kann man prüfen, ob das eigene Konto betroffen ist.
---------------------------------------------
https://heise.de/-3520778


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSH affects IBM i (CVE-2016-8858) ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021734
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992996
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation ***
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000213
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities affect IBM Domino & IBM iNotes ***
http://www.ibm.com/support/docview.wss?uid=swg21992835
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-0785) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994386
---------------------------------------------