[CERT-daily] Tageszusammenfassung - Freitag 27-01-2017

Fri Jan 27 18:07:24 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 26-01-2017 18:00 − Freitag 27-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Zbot with legitimate applications on board ***
---------------------------------------------
Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader - a downloader installing on the victim machine a ZeuS-based malware.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2017/01/zbot-with-legitimate-applications-on-board/


*** Phishers unleash simple but effective social engineering techniques using PDF attachments ***
---------------------------------------------
The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We're seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks that attempt to steal your email credentials. Apparently, the...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/


*** Hintergrund: So hacken Maschinen ***
---------------------------------------------
Team Shellphish war einer der Teilnehmer der Cyber Grand Challenge der DARPA; jetzt beschreiben sie ihren Mechanical Phish und dessen Strategie.
---------------------------------------------
https://heise.de/-3608169


*** Bezahlung oder Kontosperre: Nationalbank warnt vor Telefonbetrug ***
---------------------------------------------
Unbekannte fälschen Telefonnummer von Bank und Anwalt, um Opfer unter Druck zu setzen
---------------------------------------------
http://derstandard.at/2000051638010


*** Security for Privacy on Data Protection Day ***
---------------------------------------------
On 28th January, ENISA joins 47 countries of the Council of Europe and the EU institutions, agencies and bodies, to celebrate the 11th annual European Data Protection Day.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-protection-day


*** Sicherheitsupdate: Entwickler von TigerVNC raten zur zügigen Aktualisierung ***
---------------------------------------------
Durch das Ausnutzen einer Lücke könnten Angreifer im Zuge einer Virtual-Network-Computing Session Clients kapern.
---------------------------------------------
https://heise.de/-3609051


*** Cisco starts patching critical flaw in WebEx browser extension ***
---------------------------------------------
Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx...
---------------------------------------------
http://www.cio.com/article/3162014/security/cisco-starts-patching-critical-flaw-in-webex-browser-extension.html#tk.rss_security


*** Heartbleed: (Almost) three years later ***
---------------------------------------------
Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets. I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are based on the list of domains under the Austrian ccTLD .at. We published a first report on these results in the summer of 2014. Were close to the three...
---------------------------------------------
http://www.cert.at/services/blog/20170127160051-1894_en.html


*** Security Advisory: OpenSSH vulnerability CVE-2016-10011 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24324390.html?ref=rss


*** IDM 4.5 Midrange BiDirectional Driver 201611271513 ***
---------------------------------------------
Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.5 or higher. Driver version will show i5os Driver Version 4.5 Build Date 201611271513.To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)This patch also requires the driver activation from IDM 4.5Document ID: 5271130Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45midrange20161127.tar.gz (47.54 MB)Products:Identity Manager 4.0.2Identity...
---------------------------------------------
https://download.novell.com/Download?buildid=lY8lK_WKOeQ~


*** Bugtraq: ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540060


*** Vuln: EMC PowerPath Virtual (Management) Appliance CVE-2016-0890 Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95832


*** Eaton ePDU Path Traversal Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a path traversal vulnerability in certain legacy Eaton ePDUs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01


*** Belden Hirschmann GECKO ***
---------------------------------------------
This advisory contains mitigation details for a path traversal vulnerability in Beldens Hirschmann GECKO switch.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02


*** RSA Web Threat Detection Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1037726


*** Vuln: Terminal Services Agent CVE-2017-5328 Spoofing Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95823


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542) ***
http://www.ibm.com/support/docview.wss?uid=swg21994101
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099533
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System Networking Switch products (CVE-2016-2183) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099505
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM System Networking RackSwitch products (CVE-2016-2183) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099506
---------------------------------------------