[CERT-daily] Tageszusammenfassung - Mittwoch 28-09-2016

Wed Sep 28 18:08:17 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 27-09-2016 18:00 − Mittwoch 28-09-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Warnung vor Rechnungen der "Austria Domain Hosting" ***
---------------------------------------------
Aktuell erhalten zahlreiche InternetnutzerInnen per E-Mail vermeintliche Rechnungen der "Austria Domain Hosting". Zu zahlen sind 179,40 Euro für eine nie bestellte Registrierung einer Domain. In Wirklichkeit handelt es sich um einen Betrugsversuch!
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/warnung-vor-rechnungen-der-austria-domain-hosting-1/


*** Datenschützer decken schwere Mängel im Internet der Dinge auf ***
---------------------------------------------
Das Global Privacy Network (GPEN) hat 314 vernetzte Geräte von Fitness-Trackern über Blutzuckermessgeräte bis zu Smart-TVs geprüft und ist auf große Lücken beim Datenschutz gestoßen. Selbst sensible Informationen würden kaum verschlüsselt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Datenschuetzer-decken-schwere-Maengel-im-Internet-der-Dinge-auf-3334561.html


*** Back in Time Memory Forensics, (Tue, Sep 27th) ***
---------------------------------------------
You might get into a case where you have only the disk image without having the memory image. Or even if you have the memory image but you wish If you have something back in time.With hibernation file (hiberfil.sys) ,PageFile (pageand crash dump that might be possible. And if you are lucky enough you might be able to recover them from volume shadow copy which is enabled by default in most of modern Windows OS .
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21527&rss


*** Bugtraq: ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539492


*** Vuln: libgd gd_webp.c Integer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93184


*** Security Advisory: BIND vulnerability CVE-2016-2776 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/18/sol18829561.html?ref=rss


*** Vuln: Symantec Messaging Gateway CVE-2016-5312 Directory Traversal Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93148


*** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 ***
---------------------------------------------
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as "Critical Severity" one as "Moderate Severity" and the other 12 as "Low Severity". Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. 
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl


*** Vuln: Apache Axis2 Document Type Declaration Processing Security Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/40976


*** Vuln: Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/91501


*** BIND Bug in buffer.c Constructing Query Responses Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
BIND Bug in buffer.c Constructing Query Responses Lets Remote Users Cause the Target Service to Crash
---------------------------------------------
http://www.securitytracker.com/id/1036903


*** Security Advisory: libssh vulnerability CVE-2016-0739 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/57/sol57255643.html?ref=rss


*** Security Advisory: TMM SSL/TLS virtual server vulnerability CVE-2016-6907 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/39/sol39508724.html?ref=rss


*** EMC ViPR SRM Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
EMC ViPR SRM Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
---------------------------------------------
http://www.securitytracker.com/id/1036904


*** Security Advisory - Path Traversal Vulnerability in Multiple Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160928-01-pathtraversal-en


*** SSA-378531 (Last Update 2016-09-27): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf


*** TP-Link Archer CR-700 Cross Site Scripting ***
---------------------------------------------
n running the command above, it send a DHCP request to the router. On a DHCP request, the host name is sent to which we have forcibly set it to an XSS script <script>alert(5)</script>
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016090203


*** Bugtraq: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) ***
---------------------------------------------
Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)
---------------------------------------------
http://www.securityfocus.com/archive/1/539502


*** ICS-CERT releases new tools for securing industrial control systems ***
---------------------------------------------
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published newer versions of two tools that can help administrators with securing industrial control systems: the Cyber Security Evaluation Tool (CSET), and a whitepaper on recommended practices for improving ICS cybersecurity with defense-in-depth strategies. While the former has received many update through the years (this newer version is v8.0), the whitepaper is a 'modernized' version of a document ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/09/28/tools-securing-industrial-control-systems/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-3485) ***
http://www.ibm.com/support/docview.wss?uid=swg21990448
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2016-3574, CVE-2016-3575, etc) ***
http://www.ibm.com/support/docview.wss?uid=swg21988718
---------------------------------------------
*** IBM Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM WebSphere Dashboard Framework (CVE-2016-3092 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990386
---------------------------------------------
*** IBM Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM Web Experience Factory (CVE-2016-3092 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990394
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo Credit Limits (CVE-2016-3092) ***
http://www.ibm.com/support/docview.wss?uid=swg21988584
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Rational BuildForge (CVE-2016-2107, CVE-2016-2176) ***
http://www.ibm.com/support/docview.wss?uid=swg21988081
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in sblim-sfcb affects IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2015-5185) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099487
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2015-8710) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099488
---------------------------------------------