[CERT-daily] Tageszusammenfassung - Dienstag 24-01-2017

Tue Jan 24 18:29:56 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 23-01-2017 18:00 − Dienstag 24-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Java: Das Ende von MD5 und SHA-1 naht ***
---------------------------------------------
Oracle hat angekündigt, dass mit seinem nächsten Quartalsupdate MD5 für die Signatur von JAR-Paketen ausgemustert wird. Ebenso soll das JDK nur noch in Ausnahmen SHA-1-Zertifikate anerkennen.
---------------------------------------------
https://heise.de/-3606356


*** Elga ist laut Experten leicht zu hacken ***
---------------------------------------------
Personal braucht für Zugriff nur ein Passwort. Das sei zu wenig, warnt ein Fachmann.
---------------------------------------------
https://kurier.at/chronik%2Foesterreich/elga-ist-laut-experten-leicht-zu-hacken/242.796.533


*** Sicherheitsupdate: Apple patcht Root-Exploits für fast alle Plattformen ***
---------------------------------------------
Apple hat umfangreiche Sicherheitsupdates für alle Plattformen herausgegeben. Ein Root-Exploit im Kernel betrifft zahlreiche Geräte, darüber hinaus gibt es viele Fehler in Webkit und in verschiedenen Bibliotheken.
---------------------------------------------
http://www.golem.de/news/sicherheitsupdate-apple-patcht-root-exploits-fuer-fast-alle-plattformen-1701-125773-rss.html


*** Charger mobile ransomware steals contacts and SMS messages ***
---------------------------------------------
Check Point's mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger. Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user's device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment. Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and...
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/24/charger-mobile-ransomware/


*** Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution ***
---------------------------------------------
TL;DR: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target users system.
---------------------------------------------
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096


*** Microsoft Reveals Windows Defender Security Center Scheduled for Creators Update ***
---------------------------------------------
The Windows 10 Creators Update scheduled for launch later this year will include an upgrade of the default Windows Defender antivirus, which will feature a new settings panel named the Windows Defender Security Center. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-windows-defender-security-center-scheduled-for-creators-update/


*** Furby Rickroll demo: what fresh hell is this? ***
---------------------------------------------
Toy-makers, please quit this rubbish, youre NO GOOD at security Heres your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/01/24/furby_rickroll_demo_what_fresh_hell_is_this/


*** HummingBad Android Malware Found in 20 Google Play Store Apps ***
---------------------------------------------
HummingBad, an Android malware estimated to have touched over 85 million devices worldwide, was recently found in 46 new applications, 20 of which had even made their way into the official Play Store, passing Googles security checks. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hummingbad-android-malware-found-in-20-google-play-store-apps/


*** Advice to a New SCADA Engineer ***
---------------------------------------------
Target Audience As I have come in contact with those new to industrial control systems - whether they be supervisor control and data acquisition (SCADA) systems, building automation, process automation, or what not - I have come to the conclusion that whether the individual is trade school educated or college educated, they are not prepared...
---------------------------------------------
http://resources.infosecinstitute.com/advice-to-a-new-scada-engineer/


*** How to Have Fun With IPv6 Fragments and Scapy, (Mon, Jan 23rd) ***
---------------------------------------------
I may extend this with a second entry later this week. But as so often, I found myself on a long flight with some time on my hands, and since the IETF just released a new RFC regarding IPv6 atomic fragments, I figured I will play a bit with scapy to kill time. [1] And well, this also makes good material for my IPv6 class [2]. This is supposed to entice you to play and experiment. Let me know if you find anything neat. Fragmentation is a necessary evil of packet networking. Packets will...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21963&rss


*** Gefälschte A1 Online-Rechnung verbirgt Schadsoftware ***
---------------------------------------------
Kriminelle versenden eine gefälschte A1 Online-Rechnung. Darin nennen sie ein hohes Verbindungsentgelt und das verbrauchte Datenvolumen. Der Nachricht ist die Datei "rechnung_1.zip" beigefügt. Sie verbirgt Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-online-rechnung-verbirgt-schadsoftware/


*** Ein Jahr alte Root-Schwachstelle in Systemd aufgetaucht ***
---------------------------------------------
Die Entwickler des Init-Systems Systemd haben im vergangenen Jahr eine Lücke geschlossen, über die ein Angreifer Root-Rechte erlangen kann. Allerdings wurde diese Lücke zuerst unterschätzt und blieb unbeachtet.
---------------------------------------------
https://heise.de/-3606599


*** Vuln: LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95705


*** EMC Avamar Data Store and Avamar Virtual Edition File Ownership Error Lets Local Users Obtain Root Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1037667


*** RSA Security Analytics Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1037666


*** DFN-CERT-2017-0137: Apache Software Foundation Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0137/


*** Security Advisory 2017-01: Security Update for OTRS Business Solution ***
---------------------------------------------
January 24, 2017 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability.
---------------------------------------------
https://www.otrs.com/security-advisory-2017-01-security-update-otrs-business-solution/


*** DFN-CERT-2017-0136: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. eine Privilegieneskalation ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0136/


*** Forthcoming OpenSSL releases ***
---------------------------------------------
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2k, 1.1.0d. These releases will be made available on 26th January 2017 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity "moderate".
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2017-January/000091.html


*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: OpenSSH vulnerability CVE-2016-10009 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31440025.html?ref=rss
---------------------------------------------
*** Security Advisory: OpenSSH vulnerability CVE-2016-10010 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/64/sol64292204.html?ref=rss
---------------------------------------------
*** Security Advisory: PHPMailer vulnerability CVE-2016-10033 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74977440.html?ref=rss
---------------------------------------------


*** Apple Security Updates ***
---------------------------------------------
*** macOS Sierra 10.12.3 ***
https://support.apple.com/kb/HT207483
---------------------------------------------
*** iOS 10.2.1 ***
https://support.apple.com/kb/HT207482
---------------------------------------------
*** tvOS 10.1.1 ***
https://support.apple.com/kb/HT207485
---------------------------------------------
*** watchOS 3.1.3 ***
https://support.apple.com/kb/HT207487
---------------------------------------------
*** iCloud for Windows 6.1.1 ***
https://support.apple.com/kb/HT207481
---------------------------------------------
*** Safari 10.0.3 ***
https://support.apple.com/kb/HT207484
---------------------------------------------
*** iTunes 12.5.5 for Windows ***
https://support.apple.com/kb/HT207486
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in sudo affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024766
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in expat affects PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024767
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995440
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in GnuPG (gpg) affects PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024768
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024769
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in QEMU affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024770
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in nettle affects PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024771
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024772
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in cURL affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024773
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in NTP affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024775
---------------------------------------------