[CERT-daily] Tageszusammenfassung - Freitag 24-02-2017

Fri Feb 24 18:13:06 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 23-02-2017 18:00 − Freitag 24-02-2017 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Kriminelle versenden gefälschte BAWAK P.S.K.-SMS ***
---------------------------------------------
In einer gefälschten BAWAG P.S.K.-SMS heißt es, dass die Bank das Konto von Kund/innen gesperrt habe. Damit diese ihr Konto wieder aktivieren können, sollen sie eine Website aufurfen und ihre Zugangsdaten bekannt geben. Achtung: Es handelt sich um einen Phishingversuch. Am besten ist es, wenn Sie die SMS löschen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/kriminelle-versenden-gefaelschte-bawak-psk-sms/


*** Worlds Largest Spam Botnet Adds DDoS Feature ***
---------------------------------------------
Necurs, the worlds largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/worlds-largest-spam-botnet-adds-ddos-feature/


*** Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities ***
---------------------------------------------
Just by preventing access to admin accounts, a system administrator could safeguard all the computers under his watch and prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft patched during the past year. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/removing-user-admin-rights-mitigates-94-percent-of-all-critical-microsoft-vulnerabilities/


*** Bleeding clouds: Cloudflare server errors blamed for leaked customer data ***
---------------------------------------------
While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and tokens, to credentials.Cloudflare moved quickly to fix things, but their postmortem downplays the risk to customers, Ormandy said.The problem on Cloudflares side, which impacted big brands like Uber, Fitbit, 1Password, and OKCupid, was a memory leak. The flaw
---------------------------------------------
http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflare-server-errors-blamed-for-leaked-customer-data.html#tk.rss_applicationsecurity


*** Leaked Android Banking Trojan Spotted in Disguise on the Google Play Store ***
---------------------------------------------
Just as security experts have predicted, the source code of a potent Android banking trojan that was leaked online in mid-December 2016, is now being seen in live attacks on a regular basis. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/leaked-android-banking-trojan-spotted-in-disguise-on-the-google-play-store/


*** LibreOffice Calc and Writer Embedded Object Preview Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037893


*** [Xen-announce] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe ***
---------------------------------------------
A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation.
---------------------------------------------
https://lists.xen.org/archives/html/xen-announce/2017-02/msg00004.html


*** [Xen-announce] Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages ***
---------------------------------------------
A malicious or buggy guest may corrupt hypervisor state, commonly leading to a host crash (Denial of Service). Privilege escalation or information leaks cannot be excluded.
---------------------------------------------
https://lists.xen.org/archives/html/xen-announce/2017-02/msg00005.html


*** Novell: NetIQ Access Manager 4.3 Support Pack 1 4.3.1.0-53 ***
---------------------------------------------
The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.3 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, Analytics Server and Admin Console. CVE - 20145183
---------------------------------------------
https://download.novell.com/Download?buildid=30pOHdA3ETQ~


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time ***
https://www.ibm.com/support/docview.wss?uid=swg21997192
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition ***
https://www.ibm.com/support/docview.wss?uid=swg21997194
---------------------------------------------
*** IBM Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998385
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999362
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645) ***
http://www.ibm.com/support/docview.wss?uid=swg21998196
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5983) ***
http://www.ibm.com/support/docview.wss?uid=swg21996871
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) related to IBM WebSphere Application Server Liberty ***
http://www.ibm.com/support/docview.wss?uid=swg21999209
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Security Refresh (CVE-2016-5932) ***
http://www.ibm.com/support/docview.wss?uid=swg21998294
---------------------------------------------
*** IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463) ***
http://www.ibm.com/support/docview.wss?uid=swg21996869
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred ***
http://www.ibm.com/support/docview.wss?uid=swg21997638
---------------------------------------------