[CERT-daily] Tageszusammenfassung - Freitag 28-10-2016

Daily end-of-shift report team at cert.at
Fri Oct 28 18:10:58 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 27-10-2016 18:00 − Freitag 28-10-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Vuln: HP Business Service Management CVE-2016-4392 Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93933




*** MS16-128 - Critical: Security Update for Adobe Flash Player (3201860) - Version: 1.0 ***
https://technet.microsoft.com/en-us/library/security/MS16-128




*** Vuln: Python urllib3 CVE-2016-9015 TLS Certificate Validation Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93941




*** Vuln: Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93944




*** iTunes 12.5.2 for Windows ***
---------------------------------------------
https://support.apple.com/kb/HT207274




*** iPrint Appliance 2.1 Patch 1 ***
---------------------------------------------
https://download.novell.com/Download?buildid=AmZsfGf_NQ4~




*** Malvertising ***
---------------------------------------------
Unsere Kollegen vom niederländischen NCSC haben eben ihr "Cyber Security Assessment Netherlands 2016" auch auf Englisch veröffentlicht. Da steckt viel Arbeit ..
---------------------------------------------
http://www.cert.at/services/blog/20161028083404-1815.html




*** Researchers tag new brace of bugs in NTP, but theyre fixable ***
---------------------------------------------
However, because these are protocol vulnerabilities, the researchers fixing NTP is more important. They propose replacing the current model with one that uses more ..
---------------------------------------------
http://www.theregister.co.uk/2016/10/28/researchers_tag_new_brace_of_bugs_in_ntp_but_theyre_fixable/




*** Honeywell Experion PKS Improper Input Validation Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a denial-of-service condition caused by an improper input validation vulnerability in Honeywell’s Experion Process Knowledge System platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01




*** Bugtraq: [security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539646




*** Bugtraq: [security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539645




*** Der Bot im Babyfon ***
---------------------------------------------
In ein Heimnetzwerk integrierte IoT-Geräte bauen oftmals selbstständig eine Verbindung zum Internet auf, indem sie den Router des Nutzers per UPnP (Universal Plug and Play) so konfigurieren, dass eine Portweiterleitung ..
---------------------------------------------
https://www.bsi-fuer-buerger.de/BSIFB/DE/Service/Aktuell/Informationen/Artikel/Botnetz_iot_24102016.html




*** Researchers expose Mirai vuln that could be used to hack back against botnet ***
---------------------------------------------
Exploit can halt attacks from IoT devices Security researchers have discovered flaws in the Mirai ..
---------------------------------------------
www.theregister.co.uk/2016/10/28/mirai_botnet_hack_back/


More information about the Daily mailing list