[CERT-daily] Tageszusammenfassung - Mittwoch 1-03-2017

Wed Mar 1 18:11:19 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 28-02-2017 18:00 − Mittwoch 01-03-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Dridex Becomes First Malware Family to Integrate AtomBombing Technique ***
---------------------------------------------
Bad news from malware-land after security researchers from IBM reported today theyd discovered the first samples of version 4.0 of the infamous and highly-active Dridex banking trojan. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/dridex-becomes-first-malware-family-to-integrate-atombombing-technique/


*** Android: Passwort-Manager mit Sicherheitslücken ***
---------------------------------------------
Passwort-Manager verwalten auf Smartphones diverse Zugangsdaten. Das ist zwar praktisch - doch nicht immer sind die Daten auch sicher verwahrt, wie das Frauenhofer SIT herausfand. Einige der untersuchten Apps wiesen gravierende Mängel auf.
---------------------------------------------
https://heise.de/-3640040


*** Botnets ***
---------------------------------------------
Botnets have existed for at least a decade. As early as 2000, hackers were breaking into computers over the Internet and controlling them en masse from centralized systems. Among other things, the hackers used the combined computing power of these botnets to launch distributed denial-of-service attacks, which flood websites with traffic to take them down.But now the problem is getting worse, thanks to a flood of cheap webcams, digital video recorders, and other gadgets in the "Internet of...
---------------------------------------------
https://www.schneier.com/blog/archives/2017/03/botnets.html


*** BSI legt Grundstein für Prüfungen gemäß IT-Sicherheitsgesetz ***
---------------------------------------------
Betreiber kritischer Infrastruktur müssen sich zukünftig regelmäßig prüfen lassen und dabei nachweisen, Sicherheitsvorkehrungen gemäß dem Stand der Technik vorgenommen zu haben. Die ersten Schulungen für Prüfer machen klar, was das konkret bedeutet.
---------------------------------------------
https://heise.de/-3632463


*** Wir werden alle an der Cloud verbluten .. oder so ***
---------------------------------------------
http://www.cert.at/services/blog/20170301112306-1918.html


*** [2017-03-01] XXE and XSS vulnerabilities in Aruba AirWave ***
---------------------------------------------
The authenticated XXE and reflected XSS vulnerabilities were found in Aruba AirWave versions prior to 8.2.3.1. The XXE flaw can be exploited by either a low-privileged user or a social engineering attack which could allow an attacker to read sensitive files on the system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170301-0_Aruba_AirWave_XXE_XSS_vulnerabilities_v10.txt


*** DFN-CERT-2017-0362: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0362/


*** SSA-934525 (Last Update 2017-03-01): Vulnerability in SINUMERIK Integrate ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf


*** SSA-701708 (Last Update 2017-03-01): Local Privilege Escalation in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf


*** SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro SafeSync for Enterprise (SSFE) 3.2 ***
---------------------------------------------
Trend Micro has released a new build for Trend Micro SafeSync for Enterprise (SSFE) 3.2. This fix resolves multiple vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations.
---------------------------------------------
https://success.trendmicro.com/solution/1116749


*** Cisco Prime Infrastructure Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. There are no workarounds that address this vulnerability.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-cpi


*** Cisco NetFlow Generation Appliance Stream Control Transmission Protocol Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data...
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-nga


*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718) ***
---------------------------------------------
A vulnerability has been identified in the Expat XML parser, which affects IBM Security Access Manager appliances. CVE(s): CVE-2016-0718 Affected product(s) and affected version(s): IBM Security Access Manager for Web 7.0 appliances, all firmware versions. IBM Security Access Manager for Web 8.0 appliances, all firmware versions. IBM Security Access Manager for Mobile 8.0 appliances, all...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21998991


*** IBM Security Bulletin: Tivoli Storage Manger (IBM Spectrum Protect) SQL interface vulnerable to unauthorized access (CVE-2016-8940) ***
---------------------------------------------
Tivoli Storage Manager (IBM Spectrum Protect) SQL interface is vulnerable to unauthorized access to user credentials and product sensitive information. CVE(s): CVE-2016-8940 Affected product(s) and affected version(s): This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels: 7.1.0.0 through 7.1.7.0 6.3.0.0 through 6.3.6.0 6.2, 6.1, and 5.5 all levels (these releases...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21998946


*** Novell Patches ***
---------------------------------------------
*** iManager 3.0.2.1 ***
https://download.novell.com/Download?buildid=z_UnDt0kYyM~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 9 HotFix 2 ***
https://download.novell.com/Download?buildid=KcXKGUw7GSg~
---------------------------------------------
*** eDirectory 9.0.2 Hot Fix 2 ***
https://download.novell.com/Download?buildid=dRl85TKqwOE~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 9 ***
https://download.novell.com/Download?buildid=v_njeFs4biE~
---------------------------------------------