[CERT-daily] Tageszusammenfassung - Dienstag 16-05-2017

Tue May 16 18:10:32 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 15-05-2017 18:00 − Dienstag 16-05-2017 18:00
Handler:     Petr Sikuta
Co-Handler:  Stephan Richter


*** WannaCry? Do your own data analysis., (Tue, May 16th) ***
---------------------------------------------
In God we trust. All others must bring data ~Bob Rudis With endless amounts of data, technical detail, and insights on WannaCrypt/WannaCry, and even more FUD, speculation, and even downright trolling, herein is a proposal for you to do your own data-driven security analysis. My favorite book to help you scratch that itch? Data Driven Security: Analysis, Visualization and Dashboards, by Jay Jacobs Bob Rudis. A few quick samples, using WannaCry data and R, the open source programming language and [...]
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22424&rss


*** Digital signature service DocuSign hacked and email addresses stolen ***
---------------------------------------------
Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems.The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through email, the company said. It confirmed after what it described as a complete forensic analysis that only email addresses were accessed, and not other details such as names, physical addresses, passwords, social security [...]
---------------------------------------------
http://www.cio.com/article/3196854/security/digital-signature-service-docusign-hacked-and-email-addresses-stolen.html#tk.rss_security


*** Apple-Updates schließen unangenehme Sicherheitslücken in iCloud, iTunes und iOS ***
---------------------------------------------
Patchday bei Apple: Das BSI warnt vor mehreren Sicherheitslücken in iTunes und iCloud auf Windows, sowie dem Mobilbetriebssystem iOS, die es Angreifern ermöglichen, Code auszuführen. Anwender sollten sicherstellen, dass die Updates installiert wurden
---------------------------------------------
https://heise.de/-3715077


*** Chrome Browser Hack Opens Door to Credential Theft ***
---------------------------------------------
Researchers at DefenseCode claim a vulnerability in Google's Chrome browser allows hackers to steal credentials and launch SMB relay attacks.
---------------------------------------------
http://threatpost.com/chrome-browser-hack-opens-door-to-credential-theft/125686/


*** Cisco Snort++ Protocol Decoder Denial of Service Vulnerabilities ***
---------------------------------------------
Two vulnerabilities in the protocol decoders of Snort++ (Snort 3) could allow an unauthenticated, remote attacker to create a Denial of Service (DoS) condition.The vulnerabilities are due to lack of validation in the protocol decoders. An attacker could exploit these vulnerabilities by crafting a malicious packet and sending it through the targeted device. A successful exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170515-snort


*** Indicators Associated With WannaCry Ransomware ***
---------------------------------------------
This alert is a follow-up to US-CERT alert TA17-132A Indicators Associated With WannaCry Ransomware, which was originally posted to the US-CERT web site on May 12, 2017.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01


*** Novell Messenger 3.0.3 P3 ***
---------------------------------------------
Abstract: Novell Messenger 3.0.3 P3 has been released. This release only includes fixes for the Linux platform. Please view the Change Log for modifications made to the program. There have also been changes to update security issues with the product. Please see the Security Fix section for details. NOTE: This version is not designed to work with eDir 9. If you require eDir 9 support, contact Micro Focus Technical Support. Document ID: 5296730Security Alert: YesDistribution Type:
---------------------------------------------
https://download.novell.com/Download?buildid=U3MFbmzMet0~


*** IDM 4.6 RACF Driver 4.0.3.1 ***
---------------------------------------------
Abstract: IDM 4.6 Bi-Directional RACF Driver Version 4.0.3.1. This patch is for the Identity Manager 4.6 RACF Driver. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, RACFEXEC.XMTDocument ID: 5297291Security Alert: YesDistribution Type: Field Test FileEntitlement Required: YesFiles:idm46racf-patch1.tar.gz (2.66 MB)Products:Identity Manager 4.5Identity Manager 4.6Superceded Patches:IDM 4.0.2 RACF Driver Version 4.0.0.11 Patch 3
---------------------------------------------
https://download.novell.com/Download?buildid=LSTFMkrcRo0~


*** Apple Security Updates ***
---------------------------------------------
*** macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite ***
https://support.apple.com/kb/HT207797
---------------------------------------------
*** iOS 10.3.2 ***
https://support.apple.com/kb/HT207798
---------------------------------------------
*** watchOS 3.2.2 ***
https://support.apple.com/kb/HT207800
---------------------------------------------
*** tvOS 10.2.1 ***
https://support.apple.com/kb/HT207801
---------------------------------------------
*** iCloud for Windows 6.2.1 ***
https://support.apple.com/kb/HT207803
---------------------------------------------
*** Safari 10.1.1 ***
https://support.apple.com/kb/HT207804
---------------------------------------------
*** iTunes 12.6.1 for Windows ***
https://support.apple.com/kb/HT207805
---------------------------------------------


*** IBM Security Bulletin ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics (CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg22002966
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU  Jan 2017  Includes Oracle Jan 2017 CPU affect Content Collector for SAP Applications ***
https://www-01.ibm.com/support/docview.wss?uid=swg22001462
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010199
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in the zlib component affect IBM SPSS Statistics (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) ***
http://www.ibm.com/support/docview.wss?uid=swg22003212
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025160
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool ***
http://www.ibm.com/support/docview.wss?uid=swg22002897
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in Expat affects HTTP Server shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-4472, CVE-2016-0718) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000234
---------------------------------------------
*** IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities IBM WebSphere MQ (CVE-2016-3092) ***
http://www.ibm.com/support/docview.wss?uid=swg22001563
---------------------------------------------
*** IBM Security Bulletin: Vulnerability CVE-2017-2619 in Samba affects IBM i ***
http://www.ibm.com/support/docview.wss?uid=nas8N1022009
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002871
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a cross-site scripting vulnerability (CVE-2017-1320) ***
http://www.ibm.com/support/docview.wss?uid=swg22002877
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in GnuTLS and OpenSSL affect IBM Flex System Manager (FSM) (CVE-2016-8610) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024887
---------------------------------------------
*** IBM Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002804
---------------------------------------------