[CERT-daily] Tageszusammenfassung - 18.07.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 17-07-2017 18:00 − Dienstag 18-07-2017 18:00
Handler:     Stefan Lenzhofer
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ In eigener Sache: CERT.at sucht Verstärkung ∗∗∗
---------------------------------------------
Für unser "Daily Business" suchen wir derzeit 1 Berufsein- oder -umsteiger/in mit ausgeprägtem Interesse an IT-Security, welche/r uns bei den täglich anfallenden Standard-Aufgaben unterstützt. Details finden sich hier: https://www.cert.at/about/jobs/jobs.html
---------------------------------------------
https://www.cert.at/services/blog/20170718152748-2072.html


∗∗∗ Exploit Derived From ETERNALSYNERGY Upgraded to Target Newer Windows Versions ∗∗∗
---------------------------------------------
Thai security researcher Worawit Wang has put together an exploit based on ETERNALENERGY that can also target newer versions of the Windows operating system. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploit-derived-from-eternalsynergy-upgraded-to-target-newer-windows-versions/


∗∗∗ Economic losses from cyber attack ‘akin to natural disaster’ ∗∗∗
---------------------------------------------
Not just a disaster for your data, a major attack could cost the global economy up to $120bn, according to new study.
---------------------------------------------
https://www.htbridge.com/blog/economic-losses-from-cyber-attack-akin-to-natural-disaster.html


∗∗∗ Linux Users Urged to Update as a New Threat Exploits SambaCry ∗∗∗
---------------------------------------------
A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker could open a command shell in a vulnerable device and take control of
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/lri-dU9kM1o/


=====================
=    Advisories     =
=====================

∗∗∗ Cisco WebEx Browser Extension Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows.The
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex


∗∗∗ Bitdefender Remote Stack Buffer Overflow via 7z PPMD ∗∗∗
---------------------------------------------
submitted by  /u/landave   [link] [comments]
---------------------------------------------
https://www.reddit.com/r/netsec/comments/6o0gji/bitdefender_remote_stack_buffer_overflow_via_7z/


∗∗∗ Bitdefender Remote Stack Buffer Overflow via 7z PPMD ∗∗∗
---------------------------------------------
https://www.reddit.com/r/netsec/comments/6o0gji/bitdefender_remote_stack_buffer_overflow_via_7z/


∗∗∗ DFN-CERT-2017-1230/">XML::LibXML: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1230/


∗∗∗ [webapps] Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/42333/?rss


∗∗∗ [webapps] Sophos Web Appliance 4.3.0.2 - trafficType Remote Command Injection (Metasploit) ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/42332/?rss


∗∗∗ [remote] Belkin NetCam F7D7601 - Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/42331/?rss


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Server is affected by a user password being stored in plain text vulnerability (CVE-2017-1309) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005437


∗∗∗ IBM Security Bulletin: BigFix Family WebUI Component Has Security Vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005246


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Direct for UNIX (CVE-2017-3731) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005893


∗∗∗ IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct for UNIX (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005891


∗∗∗ IBM Security Bulletin: The BigFix Platform versions 9.1 and 9.2 have security vulnerabilities that have been addressed via patch releases ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006014


∗∗∗ IBM Security Bulletin: Detailed error messages in IBM Emptoris Contract Management are vulnerable to attacks (CVE-2016-6018) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005664


∗∗∗ IBM Tivoli Enterprise Portal Server Bugs Let Remote Users Execute Arbitrary Commands and Modify SQL Queries and Let Local Users Gain Elevated Privileges ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038913

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily