[CERT-daily] Tageszusammenfassung - Dienstag 20-09-2016

Tue Sep 20 18:13:52 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 19-09-2016 18:00 − Dienstag 20-09-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** European Cyber Security Month - NIS Quiz ***
---------------------------------------------
This tool is designed to help you update your internet security knowledge, begin whenever you feel ready. It will take max 10 minutes and we hope youll enjoy the quiz and learn something useful!
---------------------------------------------
https://cybersecuritymonth.eu/references/quiz-demonstration/intro


*** The banker that can steal anything ***
---------------------------------------------
The use of root privileges is not typical for banking malware attacks, because money can be stolen in numerous other ways that dont require exclusive rights. However, in early February 2016, Kaspersky Lab discovered Trojan-Banker.AndroidOS.Tordow.a, whose creators decided that root privileges would come in handy.
---------------------------------------------
http://securelist.com/blog/mobile/76101/the-banker-that-can-steal-anything/


*** Erpressungs-Trojaner HDDCryptor soll Computer von Opfern abriegeln ***
---------------------------------------------
HDDCryptor verschlüsselt nicht nur Daten, sondern überschreibt offensichtlich auch den MBR von Windows-Computern und gibt infizierte Rechner erst nach einer Lösegeld-Zahlung wieder frei, warnen Sicherheitsforscher.
---------------------------------------------
http://heise.de/-3327880


*** Encryption Week ***
---------------------------------------------
Since CloudFlare's inception, we have worked tirelessly to make encryption as simple and as accessible as possible. Over the last two years, we've made CloudFlare the easiest way to enable encryption for web properties and internet services. From the launch of Universal SSL, which gives HTTPS to millions
---------------------------------------------
https://blog.cloudflare.com/encryption-week/


*** Mozilla und Tor schließen Certificate-Pinning-Lücke ***
---------------------------------------------
Durch einen Fehler beim Bau neuer Versionen von Firefox und des Tor Browsers waren diese anfällig gegen Man-in-the-Middle-Angriffe, über die Schadcode eingeschleust werden konnte.
---------------------------------------------
http://heise.de/-3328039


*** Hacking WordPress Sites on Shared Servers ***
---------------------------------------------
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites that share the same server permissions. This is called cross-site contamination. When it comes to WordPress websites, the core structure is well known by...
---------------------------------------------
https://blog.sucuri.net/2016/09/hacking-wordpress-sites-shared-servers.html


*** Steganography... what is that? ***
---------------------------------------------
When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding". The word "steganography" can...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Steganography----what-is-that-/


*** Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads ***
---------------------------------------------
A vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication.
---------------------------------------------
http://threatpost.com/vulnerability-patched-in-wordpress-theme-that-allows-unrestricted-uploads/120698/


*** High-Tech Bridge releases a new version of its free SSL testing service ***
---------------------------------------------
The new version of the service enables companies to easily test any SSL/TLS-based services for compliance with PCI DSS, HIPAA and NIST, while the new API provides much more flexibility for software developers.
---------------------------------------------
https://www.htbridge.com/news/ssl-testing-service-api-hipaa-compliance.html


*** Bugtraq: ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539424


*** Bugtraq: ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539423


*** VMSA-2016-0014 ***
---------------------------------------------
VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0014.html


*** VMSA-2016-0010.1 ***
---------------------------------------------
VMware product updates address multiple important security issues
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0010.html


*** ZDI-16-517: AlienVault Unified Security Management Remote Authentication Bypass Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of AlienVault Unified Security Manager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-517/


*** ZDI-16-518: Rockwell Automation RSLogix Micro Starter Lite Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation RSLogix Micro Starter Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-518/


*** Vuln: QEMU hw/usb/hcd-xhci.c Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93029


*** Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Security Update ***
---------------------------------------------
Symantec has released an update to address two issues in the RAR file parser component of the antivirus decomposer engine used by multiple Symantec products. Parsing of maliciously formatted RAR container files may cause an application-level denial of service condition.
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160919_00


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2016-5955) ***
http://www.ibm.com/support/docview.wss?uid=swg21990054
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libtiff affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024132
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024088
---------------------------------------------
*** IBM Security Bulletin: Rational Asset Analyzer (CVE-2016-5967) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990215
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in node.js processing affect IBM DataPower Gateways ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990050
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182) ***
http://www.ibm.com/support/docview.wss?uid=swg21989496
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Security Update for Multiple Vulnerabilities ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989067
---------------------------------------------
*** IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21981529
---------------------------------------------