[CERT-daily] Tageszusammenfassung - Freitag 9-09-2016

Daily end-of-shift report team at cert.at
Fri Sep 9 18:00:41 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 08-09-2016 18:00 − Freitag 09-09-2016 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl


*** Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace




*** DSA-3662 inspircd - security update ***
---------------------------------------------
It was discovered that incorrect SASL authentication in the InspircdIRC server may lead to users impersonating other users.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3662




*** ZDI-16-505: AlienVault Unified Security Management get_directive_kdb directive_id SQL Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-505/




*** ZDI-16-504: AlienVault Unified Security Management Multiple PHP Scripts Remote Code Execution Vulnerabilities ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-504/




*** Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware ***
---------------------------------------------
A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler ..
---------------------------------------------
http://support.citrix.com/article/CTX216642




*** iPrint Appliance 2.0 Hot Patch 1 ***
---------------------------------------------
https://download.novell.com/Download?buildid=S7GK9olwBDk~




*** iPrint Appliance 2.1 Hot Patch 1 ***
---------------------------------------------
https://download.novell.com/Download?buildid=lVbNSynhgHU~




*** Asterisk RTP Session Management Bug Lets Remote Authenticated Users Consume Excessive Resources on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1036750




*** Asterisk Error in Processing Unknown Endpoints Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
http://www.securitytracker.com/id/1036749




*** Collecting Users Credentials from Locked Devices, (Fri, Sep 9th) ***
---------------------------------------------
Its a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, its just a matter of time. The best ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21461




*** Samsung Android Security Updates ***
---------------------------------------------
SMR-SEP-2016 - Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.
---------------------------------------------
http://security.samsungmobile.com/smrupdate.html




*** Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files ***
---------------------------------------------
Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets. While ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/picture-perfect-crylocker-ransomware-sends-user-information-as-png-files/




*** Your Seagate Central NAS could be hosting mining malware ***
---------------------------------------------
If you have discovered cryptocurrency mining malware on your system, have removed it, and got compromised again without an idea about how it happened, it could be that the ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/09/09/seagate-central-nas-hosting-malware/




*** Chrome soll vor nicht verschlüsselnden Webseiten warnen ***
---------------------------------------------
Zunächst brandmarkt der Browser nur Seiten, die Passwörter oder Kreditkarteninformationen enthalten. Nach und nach soll die Warnung dann ausgeweitet werden.
---------------------------------------------
http://heise.de/-3317393




*** Red Hat JBoss Enterprise Application Platform Input Validation Flaw Lets Remote Users Conduct HTTP Response Splitting and Content Injection Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1036758




*** HTTPS: Google Chrome will vor unverschlüsselten Webseiten warnen ***
---------------------------------------------
Wie umgehen mit unverschlüsselten Webseiten? Google will in Chrome künftig warnen, wenn unverschlüsselte Webseiten Passwörter und Kreditkartendaten abfragen. Doch das ist nur der Beginn der Planungen.
---------------------------------------------
http://www.golem.de/news/https-google-chrome-will-vor-unverschluesselten-webseiten-warnen-1609-123199.html





*** Asterisk RTP Session Management Bug Lets Remote Authenticated Users Consume Excessive Resources on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1036750




*** Asterisk Error in Processing Unknown Endpoints Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
http://www.securitytracker.com/id/1036749




*** Collecting Users Credentials from Locked Devices, (Fri, Sep 9th) ***
---------------------------------------------
Its a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, its just a matter of time. The best ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21461




*** Samsung Android Security Updates ***
---------------------------------------------
SMR-SEP-2016 - Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.
---------------------------------------------
http://security.samsungmobile.com/smrupdate.html




*** Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files ***
---------------------------------------------
Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets. While ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/picture-perfect-crylocker-ransomware-sends-user-information-as-png-files/




*** Your Seagate Central NAS could be hosting mining malware ***
---------------------------------------------
If you have discovered cryptocurrency mining malware on your system, have removed it, and got compromised again without an idea about how it happened, it could be that the ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/09/09/seagate-central-nas-hosting-malware/




*** Chrome soll vor nicht verschlüsselnden Webseiten warnen ***
---------------------------------------------
Zunächst brandmarkt der Browser nur Seiten, die Passwörter oder Kreditkarteninformationen enthalten. Nach und nach soll die Warnung dann ausgeweitet werden.
---------------------------------------------
http://heise.de/-3317393




*** Red Hat JBoss Enterprise Application Platform Input Validation Flaw Lets Remote Users Conduct HTTP Response Splitting and Content Injection Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1036758


More information about the Daily mailing list