[CERT-daily] Tageszusammenfassung - Mittwoch 7-09-2016

Daily end-of-shift report team at cert.at
Wed Sep 7 18:26:37 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 06-09-2016 18:00 − Mittwoch 07-09-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Cleaning the Wp-Page Pharma Hack in WordPress ***
---------------------------------------------
Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceutical advertisements to visitors. Symptoms of a pharma hack include embedded links and anchor text on pages or modified listings in Search Engine Results Pages (SERPs). These attacks most often target search engines like Google...
---------------------------------------------
https://blog.sucuri.net/2016/09/cleaning-the-wp-page-pharma-hack-in-wordpress.html




*** How to Set Up Your Own Malware Trap, (Tue, Sep 6th) ***
---------------------------------------------
I am sure what you really want is more malware ;-). But a few people asked for tricks to collect malware.Malware can be useful for a number of reasons: First of all, you could extract indicators of compromise from malware using various more or less automated methods. In addition, it is a good idea to keep an eye on what your users may be seeing, in particular if they receive e-mail from sources other then your corporate e-mail system. Sadly, many corporations these days switch to cloud...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21447&rss




*** Google stopft letzte QuadRooter-Lücken in Android ***
---------------------------------------------
Im Rahmen seines allmonatliche Android-Patches stopft Google 47 Sicherheitslücken im Betriebssystem. Sieben der Lücken gelten als kritisch.
---------------------------------------------
http://heise.de/-3315023




*** Ungepatchte Lücken in Load-Balancern von Fortinet ***
---------------------------------------------
Fortinet hat mit einem Update eine Sicherheitslücke in seinen Load-Balancern der FortiWAN-Serie geschlossen. Andere Lücken scheinen davon aber unbenommen, was es Angreifern erlauben würde, Admin-Kommandos ohne entsprechende Rechte auszuführen.
---------------------------------------------
http://heise.de/-3315178




*** Keine Bestätigung persönlicher Daten bei Amazon erforderlich ***
---------------------------------------------
In einer Phishingmail schreiben Kriminelle, dass Amazon das Benutzerkonto von Empfänger/innen zeitweise eingefroren habe. Aus diesem Grund sollen Kund/innen ihre persönlichen Daten bestätigen. Dazu müssen sie einen Link aufrufen und Zugangsdaten auf einer Website bekannt geben. Das dürfen Nutzer/innen nicht tun!
---------------------------------------------
https://www.watchlist-internet.at/phishing/keine-bestaetigung-persoenlicher-daten-bei-amazon-erforderlich/




*** Back-dooring PE Files on Windows ***
---------------------------------------------
Introduction: Portable Executable (PE) files are very commonly used today. Many people download these files from the internet or get it from a friend and run it on their systems without realizing the dangers involved in running these kind of files. It is very easy to add malicious code to these files and have it...
---------------------------------------------
http://resources.infosecinstitute.com/back-dooring-pe-files-windows/




*** The Missing Piece - Sophisticated OS X Backdoor Discovered ***
---------------------------------------------
In a nutshell Backdoor.OSX.Mokes.a is the most recently discovered OS X variant of a cross-platform backdoor which is able to operate on all major operating systems (Windows,Linux,OS X). Please see also our analysis on the Windows and Linux variants.
---------------------------------------------
http://securelist.com/blog/research/75990/the-missing-piece-sophisticated-os-x-backdoor-discovered/




*** A bite of Python ***
---------------------------------------------
Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments. Though apparent language clarity and friendliness could lull the vigilance of software engineers and system administrators -- luring them into coding mistakes that may have serious security implications. In this article, which primarily targets people who are new to Python, a handful of security-related quirks are looked...
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2592591




*** OUCH! 2016 Newsletter ***
---------------------------------------------
September 2016: Email Dos and Donts
---------------------------------------------
https://securingthehuman.sans.org/resources/newsletters/ouch/2016




*** WordPress 4.6.1 Security and Maintenance Release ***
---------------------------------------------
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/




*** FortiWAN Multiple Vulnerabilities ***
---------------------------------------------
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.CVE-2016-4965 FortiWAN Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user contextCVE-20...
---------------------------------------------
http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities




*** [R5] PHP < 5.6.21 Vulnerabilities Affect Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-09




*** TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations ***
---------------------------------------------
Original release date: September 06, 2016 Systems Affected Network Infrastructure Devices  Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA16-250A




*** Security Advisory: Expat XML parser vulnerability CVE-2012-6702 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/65/sol65460334.html?ref=rss


*** Security Advisory: FreeType vulnerabilities CVE-2014-9746 and CVE-2014-9747 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52439336.html?ref=rss




*** Bugtraq: Infoblox Cross-site scripting vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539367


*** Bugtraq: [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539366




*** BMC BladeLogic Server Automation For Linux 8.7 Directory Dump ***
---------------------------------------------
Topic: BMC BladeLogic Server Automation For Linux 8.7 Directory Dump Risk: Medium Text:Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation Affected Software: BMC Bla...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016090036




*** VU#282991: DEXIS Imaging Suite 10 contains hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#282991 DEXIS Imaging Suite 10 contains hard-coded credentials Original Release date: 07 Sep 2016 | Last revised: 07 Sep 2016   Overview DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database.  Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6532 DEXIS Imaging Suite 10 contains several hard-coded database credentials...
---------------------------------------------
http://www.kb.cert.org/vuls/id/282991




*** VU#548399: Dentsply Sirona SchickTech CDR contains multiple hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#548399 Dentsply Sirona SchickTech CDR contains multiple hard-coded credentials Original Release date: 06 Sep 2016 | Last revised: 06 Sep 2016   Overview The Dentsply Sirona ShickTech CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access.  Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6530 ShickTech CDR DICOM version 5 and below contains several hard-coded database...
---------------------------------------------
http://www.kb.cert.org/vuls/id/548399




*** VU#619767: Open Dental contains hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#619767 Open Dental contains hard-coded credentials Original Release date: 06 Sep 2016 | Last revised: 06 Sep 2016   Overview Open Dental is a medical dental records management software. Open Dental contains hard-coded default credentials allowing administrative or root access to the patient database.  Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6531Open Dental contains a hard-coded default database credential. An unauthenticated remote attacker with...
---------------------------------------------
http://www.kb.cert.org/vuls/id/619767




*** VU#548399: Dentsply Sirona CDR DICOM contains multiple hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#548399 Dentsply Sirona CDR DICOM contains multiple hard-coded credentials Original Release date: 06 Sep 2016 | Last revised: 06 Sep 2016   Overview The Dentsply Sirona (previously known as Shick Technologies) CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access.  Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6530 Dentsply Sirona CDR DICOM version 5 and below...
---------------------------------------------
http://www.kb.cert.org/vuls/id/548399




*** Security Advisory - XML Bomb Vulnerability in AnyOffice ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160907-01-anyoffice-en


*** Security Advisory - Two Vulnerabilities in Huawei WS331a ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160907-01-ws331a-en


*** Security Advisory - TCP Connection Hijack Vulnerability ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160907-01-tcp-en


*** Security Advisory - Information Leak Vulnerability in Certain Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2015/hw-455876




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in NTP affect AIX (CVE-2015-7974, CVE-2016-1550, CVE-2016-1551, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-1547, CVE-2016-4957, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955) ***
http://http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc
---------------------------------------------
*** IBM Security Bulletin: Two vulnerabilities in libvirt affect PowerKVM (CVE-2015-5313, CVE-2016-5008) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024185
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024229
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the Apache HTTP Server affects PowerKVM (CVE-2016-5387) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024017
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a Pluggable Authentication Module (PAM) vulnerability (CVE-2013-7041) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024221
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-1181, CVE-2016-1182 ***
http://www.ibm.com/support/docview.wss?uid=swg21988638
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center April 2016 CPU (CVE-2016-3426) ***
http://www.ibm.com/support/docview.wss?uid=swg21988636
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libssh2 affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0787) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099450
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Rational Team Concert with potential for Cross-Site Scripting attack (CVE-2016-0331) ***
http://www.ibm.com/support/docview.wss?uid=swg21989899
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Taglibs vulnerability affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2015-0254 ***
http://www.ibm.com/support/docview.wss?uid=swg21988644
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in MD5 Signature and Hash Algorithm, glibc and OpenSSL affect IBM Netezza Firmware Diagnostics Tools ***
http://www-01.ibm.com/support/docview.wss?uid=swg21980965
---------------------------------------------


More information about the Daily mailing list