[CERT-daily] Tageszusammenfassung - Donnerstag 6-04-2017

Thu Apr 6 18:14:34 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 05-04-2017 18:00 − Donnerstag 06-04-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Forscher warnen vor Gefahr durch Viren-Signaturen ***
---------------------------------------------
Mit Hilfe der von Antiviren-Software eingesetzten Signaturen könnten Angreifer gezielt Fehlalarme auslösen. Im schlimmsten Fall kann das ein Opfer das komplette Mail-Archiv kosten.
---------------------------------------------
https://heise.de/-3675819


*** Teenager Arrested in Austria for Spreading Philadelphia Ransomware ***
---------------------------------------------
Austrian police arrested a 19-year-old teenager from Linz for infecting the network of a local company with the Philadelphia ransomware. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/teenager-arrested-in-austria-for-spreading-philadelphia-ransomware/


*** Trust issues: Know the limits of SSL certificates ***
---------------------------------------------
Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation's Let's Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to...
---------------------------------------------
http://www.cio.com/article/3187881/internet/trust-issues-know-the-limits-of-ssl-certificates.html#tk.rss_security


*** Cisco Access Points: Zugriff mit offenen Default-Accounts ***
---------------------------------------------
Bis zum Mittwoch konnten sich Angreifer mittels Default-Zugangsdaten Zugriff auf Cisco WLAN Access Points der Aeronet-Serie verschaffen. Ein Sicherheits-Update fixt das. Drei weitere schließen Einfallstore für DoS-Angriffe auf WLAN-Controller.
---------------------------------------------
https://heise.de/-3677288


*** Wie Sie verschlüsselte Dateien wiederherstellen können ***
---------------------------------------------
Mit einem Verschlüsselungstrojaner können Kriminelle Dateien von Opfern unbrauchbar machen. Sie verlangen Geld dafür, dass sie den Schaden beseitigen. Die Website nomoreransom.org/de hilft Opfern, die Dateien selbstständig wiederherzustellen, ohne dass sie dafür Geld an die Verbrecher/innen zahlen müssen.
---------------------------------------------
https://www.watchlist-internet.at/schadsoftware/wie-sie-verschluesselte-dateien-wiederherstellen-koennen/


*** Moodle Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Obtain Usernames and Conduct SQL Injection Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1038174


*** Bugtraq: Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540375


*** SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) 3.x Command Injection Remote Code Execution Vulnerability ***
---------------------------------------------
Trend Micro has released new Critical Patches (CP) for Trend Micro Smart Protection Server (Standalone) versions 3.0 and 3.1. These CPs resolve a vulnerability in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations.
---------------------------------------------
https://success.trendmicro.com/solution/1117033


*** BlackBerry powered by Android Security Bulletin - April 2017 ***
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?articleNumber=000039276


*** Certec EDV GmbH atvise scada ***
---------------------------------------------
This advisory contains mitigation details for cross-site scripting and header injection vulnerabilities in the Certec EDV GmbH atvise scada.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services session identifier vulnerability (CVE-2017-1152) ***
http://www.ibm.com/support/docview.wss?uid=swg22001551
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition, affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5549) (CVE-2016-5548) (CVE-2016-5547) (CVE-2016-5546) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999271
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Mobile Connect (CVE-2017-3272,CVE-2017-5548,CVE-2017-3261,CVE-2017-3231,CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg22000443
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ***
http://aix.software.ibm.com/aix/efixes/security/java_jan2017_advisory.asc
---------------------------------------------


*** Novell Patches ***
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 10 ***
https://download.novell.com/Download?buildid=VYtYu65T21Y~
---------------------------------------------
*** iManager 3.0.3 ***
https://download.novell.com/Download?buildid=3jd0pzoyux0~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 10 ***
https://download.novell.com/Download?buildid=5NqajLP7bSo~
---------------------------------------------
*** eDirectory 9.0.3 ***
https://download.novell.com/Download?buildid=D1U-cCj1YEs~
---------------------------------------------


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
---------------------------------------------
*** Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3
---------------------------------------------
*** Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet
---------------------------------------------
*** Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2
---------------------------------------------
*** Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1
---------------------------------------------
*** Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc
---------------------------------------------
*** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1
---------------------------------------------
*** Cisco UCS Director Virtual Machine Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director
---------------------------------------------
*** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs
---------------------------------------------
*** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1
---------------------------------------------
*** Cisco Unified Communications Manager SQL Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm
---------------------------------------------
*** Cisco Registered Envelope Service Open Redirect Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res
---------------------------------------------
*** Cisco IOS XE Software Startup Script Local Command Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe
---------------------------------------------
*** Cisco IOS XR Software Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios
---------------------------------------------
*** Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
---------------------------------------------
*** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2
---------------------------------------------
*** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1
---------------------------------------------
*** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli
---------------------------------------------
*** Cisco Integrated Management Controller Redirection Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc
---------------------------------------------
*** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1
---------------------------------------------
*** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw
---------------------------------------------
*** Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr
---------------------------------------------
*** Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
---------------------------------------------