[CERT-daily] Tageszusammenfassung - Donnerstag 22-06-2017

Daily end-of-shift report team at cert.at
Thu Jun 22 18:11:05 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 21-06-2017 18:00 − Donnerstag 22-06-2017 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities ***
---------------------------------------------
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp




*** Multiple vulnerabilities in Cisco Prime Infrastructure ***
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1




*** Multiple vulnerabilities in Cisco Identity Services ***
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ise1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ise




*** Multiple vulnerabilities in Cisco IOS XR ***
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios




*** Cisco Firepower Management Center Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc




*** Kritischer Bug in Kompressions-Bibliothek RAR gefährdet AV-Software ***
---------------------------------------------
Fehler beim Auspacken von Archiven sind kritisch, weil sie sich besonders einfach ausnutzen lassen – etwa wenn die Antiviren-Software nach Schadcode sucht. Umso bitterer ist es, wenn die sich fünf Jahre nach ihrer Entdeckung noch ausnutzen lassen.
---------------------------------------------
https://heise.de/-3751528




*** Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003 ***
---------------------------------------------
https://www.drupal.org/SA-CORE-2017-003




*** TeslaWare Plays Russian Roulette with your Files ***
---------------------------------------------
I was told about a new ransomware called TeslaWare that is being promoted on a black hat criminal site. After a quick search, I was able to find a sample that was compiled yesterday ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/teslaware-plays-russian-roulette-with-your-files/




*** Locky Ransomware Returns, but Targets Only Windows XP & Vista ***
---------------------------------------------
The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/locky-ransomware-returns-but-targets-only-windows-xp-and-vista/




*** NSA-Backed OpenC2.org Aims to Defend Systems at Machine Speed ***
---------------------------------------------
Security experts, vendors, business and the NSA are developing a standardized language that rather than autonomously understands threats, acts on them.
---------------------------------------------
http://threatpost.com/nsa-backed-openc2-org-aims-to-defend-systems-at-machine-speed/126454/




*** Web Application Pentest Guide Part-I ***
---------------------------------------------
In this article, we are going to pentest a web application which was developed by HP for scanner evaluation purpose. We will be demonstrating the complete process ..
---------------------------------------------
http://resources.infosecinstitute.com/web-application-pentest-guide-part/




*** Windows-Trojaner nutzt NSA-Hintertür um verdeckt Kryptowährungen zu schürfen ***
---------------------------------------------
Die DOUBLEPULSAR-Hintertür der NSA wird momentan missbraucht, um ungeschützte Windows-Rechner mit einem Trojaner zu infizieren, der heimlich die Kryptowährung Monero (XMR) schürft.
---------------------------------------------
https://heise.de/-3751247




*** [2017-06-22] Multiple vulnerabilities in Cisco Prime Infrastructure ***
---------------------------------------------
Multiple security vulnerabilities in Cisco Prime Infrastructure < 3.1.6 could allow local low-privileged user to read arbitrary files such as wireless access point configurations, read the hashed passwords of all the users including the administrator from database and infect other users with JavaScript trojan.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170622-0_Cisco_Prime_Infrastructure_XXE_SQLi_XSS_v10.txt




*** Understanding the true size of “Fireball” ***
---------------------------------------------
... when recent reports of the “Fireball” cybersecurity threat operation were presented as a new discovery, our teams knew ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/06/22/understanding-the-true-size-of-fireball/




*** IBM Security Bulletin: Multiple vulnerabilities in EBICS client in IBM Sterling B2B Integrator (CVE-2017-1132, CVE-2017-1347, CVE-2017-1348) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004199




*** IBM Security Bulletin: HTTP verb tampering vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1131) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004270




*** Why So Many Top Hackers Hail from Russia ***
---------------------------------------------
Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information ..
---------------------------------------------
https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russia/




*** DSA-3892 tomcat7 - security update ***
---------------------------------------------
Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet andJSP engine, static error pages used the original requests HTTP methodto serve content, instead of systematically using ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3892




*** DSA-3891 tomcat8 - security update ***
---------------------------------------------
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet andJSP engine, static error pages used the original requests HTTP methodto serve content, instead of systematically ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3891


More information about the Daily mailing list