[CERT-daily] Tageszusammenfassung - Freitag 13-01-2017

Daily end-of-shift report team at cert.at
Fri Jan 13 18:14:29 CET 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 12-01-2017 18:00 − Freitag 13-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Critical Patch Update - January 2017 - Pre-Release Announcement ***
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html




*** EMET 5.52 update is now available ***
---------------------------------------------
EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to...
---------------------------------------------
https://blogs.technet.microsoft.com/srd/2017/01/12/emet-5-52-update-is-now-available/




*** Marlboro Ransomware Defeated in One Day ***
---------------------------------------------
A new ransomware family was snuffed in its crib today after security researchers tracked it down, analyzed its source code for weaknesses, and released a decrypter in less than 24 hours. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-in-one-day/




*** Angriffe auf VoIP-Gateways von beroNet, Patch sorgt für Sicherheit ***
---------------------------------------------
Angreifer entdeckten eine Schwachstelle in den VoIP-Gateways des Berliner Herstellers beroNet und nutzen diese seit kurzem aus, um die Rechnungen ihrer Opfer in die Höhe zu treiben. Ein Patch des Herstellers stopft das Sicherheitsloch.
---------------------------------------------
https://heise.de/-3594737




*** November-December 2016 ***
---------------------------------------------
The NCCIC/ICS-CERT Monitor for November/December 2016 is a summary of ICS-CERT activities for the previous two months
---------------------------------------------
https://ics-cert.us-cert.gov/monitors/ICS-MM201612




*** Wie sich Banken vor Cyberangriffen schützen ***
---------------------------------------------
Olaf Schwarz, Information Security Officer bei der Direktbank ING DiBa Austria über Cyberangriffe auf Banken, Ransomware und Sicherheitsschulungen für Mitarbeiter.
---------------------------------------------
https://futurezone.at/digital-life/wie-sich-banken-vor-cyberangriffen-schuetzen/240.231.033




*** Whos Attacking Me?, (Fri, Jan 13th) ***
---------------------------------------------
I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. IVRE [1] (DRUNK in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. Its a network reconnaissance framework that includes:  Passive recon features (via flow analysis coming from Bro or Nfdump Fingerprinting analysis Active recon (via Nmapor Zmap) Import tools (from Nmap or Masscan)  I deployed this tool and feed it with...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21933&rss




*** MongoDB Hijackers Move on to ElasticSearch Servers ***
---------------------------------------------
After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mongodb-hijackers-move-on-to-elasticsearch-servers/




*** Schlüsselaustausch: Aufregung um angebliche Whatsapp-Backdoor ***
---------------------------------------------
Hat Whatsapp eine Backdoor? Das behaupten zumindest ein Sicherheitsforscher und der Guardian. Tatsächlich könnte es auch eine weniger spektakuläre Erklärung geben.
---------------------------------------------
http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsapp-backdoor-1701-125571-rss.html




*** Ploutus ATM Malware: Press F3 for Money ***
---------------------------------------------
Security researchers from FireEye have identified a new variant of the Ploutus ATM malware, used for the past few years to make ATMs spew out cash on command. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ploutus-atm-malware-press-f3-for-money/




*** Security Alert: RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware ***
---------------------------------------------
Cybersecurity experts obsessively repeat two types of advice: Use stronger passwords. Update your software. Today's security alert is all about the importance of applying software updates as soon as they're released. At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users. The campaign works by injecting malicious scripts into insecure...
---------------------------------------------
https://heimdalsecurity.com/blog/rig-exploit-kit-cerber-ransomware-outdated-software/




*** DSA-3761 rabbitmq-server - security update ***
---------------------------------------------
It was discovered that RabbitMQ, an implementation of the AMQPprotocol, didnt correctly validate MQTT (MQ Telemetry Transport)connection authentication. This allowed anyone to login to an existinguser account without having to provide a password.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3761




*** Vuln: Splunk Enterprise CVE-2016-10126 Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95412




*** Vuln: Lenovo XClarity Administrator CVE-2016-8221 Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95417




*** HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information ***
---------------------------------------------
A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403




*** Vuln: Zabbix CVE-2016-10134 SQL Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95423




*** Security Advisory: BIND vulnerability CVE-2016-9147 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02138183.html?ref=rss


*** Security Advisory: BIND vulnerability CVE-2016-9131 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/86/sol86272821.html?ref=rss


*** Security Advisory: BIND vulnerability CVE-2016-9444 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40181790.html?ref=rss




*** PowerDNS Security Fixes ***
---------------------------------------------
PowerDNS Recursor 4.0.4 released 
https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001051.html
---------------------------------------------
PowerDNS Recursor 3.7.4 released 
https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001052.html 
---------------------------------------------
PowerDNS Authoritative Server 4.0.2 released 
https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001053.html 
---------------------------------------------
PowerDNS Authoritative Server 3.4.11 
released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001054.html
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology ***
https://www.ibm.com/support/docview.wss?uid=swg21997084
---------------------------------------------
*** IBM Security Bulletin: Unauthenticated User Could Gain Remote Access to TS3100/TS3200 (CVE-2016-9005) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009656
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Image Construction and Composition Tool. (CVE-2016-5573, CVE-2016-5542, and CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21997055
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM PureApplication System. ***
http://www.ibm.com/support/docview.wss?uid=swg21994499
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. ***
http://www.ibm.com/support/docview.wss?uid=swg21997063
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996950
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099527
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-0378) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996968
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Monitoring (CVE-2015-1788) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997156
---------------------------------------------


More information about the Daily mailing list