Daily November 2016

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Mittwoch 30-11-2016
by Daily end-of-shift report 30 Nov '16

30 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-11-2016 18:00 − Mittwoch 30-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Kritische Sicherheitslücke in Mozilla Firefox - aktiv ausgenützt - keine Patches verfügbar *** --------------------------------------------- Wie in diversen Medien berichtet wird, gibt es eine kritische Sicherheitslücke in aktuellen Versionen des Mozilla Firefox Browsers, für die noch kein Patch zur Verfügung steht. Diese wird auch bereits aktiv ausgenützt. --------------------------------------------- https://cert.at/warnings/all/20161130.html *** Port 7547 in Österreich *** --------------------------------------------- seit meinem letzten Blogpost zu Mirai/TR-069 sind ein paar neue Informationen dazugekommen --------------------------------------------- https://cert.at/services/blog/20161130165710-1834.html *** Ask Sucuri: Can Your cPanel Page Be Maliciously Redirected? *** --------------------------------------------- Many webmasters may not be aware that hackers are able to maliciously redirect cPanel pages. The specific tactic we describe in this article is unique. Included are recommendations to prevent it, along with other suspicious issues, through logs kept on cPanel servers. --------------------------------------------- https://blog.sucuri.net/2016/11/ask-sucuri-can-cpanel-page-maliciously-redi… *** Vuln: Dell iDRAC7 and iDRAC8 Devices CVE-2016-5685 Code Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94585 *** Emerson Liebert SiteScan XML External Entity Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an XML External Entity vulnerability affecting Emerson's Liebert SiteScan application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-334-01 *** Emerson DeltaV Easy Security Management Application Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a vulnerability that affects Emerson's DeltaV Easy Security Management application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02 *** Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a vulnerability in the Emerson DeltaV Wireless I/O Card. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03 *** Security Advisory: BIG-IP FastL4 profile vulnerability *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36300805.html?… *** Security Advisory - XSS Vulnerability in Huawei eSpace IAD *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161130-… *** Security Advisory - DoS Vulnerability in Huawei Switches *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161130-… *** DFN-CERT-2016-1960/">Apache Subversion: Eine Schwachstelle ermöglicht Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1960/ *** Security Advisory - Command Injection Vulnerability in Huawei FusionAccess *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161130-… *** GCHQ presents CyberChef, an Open Source Data Analysis Tool *** --------------------------------------------- The GCHQ has released the code of a new open source web tool dubbed CyberChef, specifically designed for analyzing and decoding data. --------------------------------------------- http://securityaffairs.co/wordpress/53908/intelligence/gchq-cyberchef.html *** Multiple I-O DATA network camera products multiple vulnerabilities *** --------------------------------------------- Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities. --------------------------------------------- http://jvn.jp/en/jp/JVN25059363/ *** New Cerber Variant Leverages Tor2Web Proxies, Google Redirects *** --------------------------------------------- Researchers have discovered that criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection. --------------------------------------------- http://threatpost.com/new-cerber-variant-leverages-tor2web-proxies-google-r… *** An overview of the Payment Card Industry (PCI) *** --------------------------------------------- The payment card industry consists of all the organizations which store, process and transmit cardholder data and carry transactions through debit and credit cards. Many standards are developed to conduct these types of services in a secure way. The well-known standard for this purpose is Payment Card Industry Data Security Standards. --------------------------------------------- http://resources.infosecinstitute.com/an-overview-of-the-payment-card-indus… *** Großstörung bei der Telekom: Was wirklich geschah *** --------------------------------------------- Ein Sicherheitsexperte hat die Reaktion eines der anfälligen Speedport-Modelle analysiert und kommt zu einer überraschenden Erkenntnis: Die Geräte waren gar nicht anfällig für die TR-069-Sicherheitslücke. --------------------------------------------- https://heise.de/-3520212 *** GET pwned: Web CCTV cams can be hijacked by single HTTP request *** --------------------------------------------- An insecure web server embedded in more than 35 models of internet-connected CCTV cameras leaves countless devices wide open to hijacking, it is claimed. --------------------------------------------- http://www.theregister.co.uk/2016/11/30/iot_cameras_compromised_by_long_url/ *** Vuln: OpenJPEG CVE-2016-9675 Incomplete Fix Multiple Remote Heap Based Buffer Overflow Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/94589 *** Cobalt Malware Threatens ATM Security *** --------------------------------------------- The hackers typically initiated the malware infection through phishing and spearphishing attacks. They sent malware laced emails to employees working at the banks. If some how a cyber security naive-employee clicked on a malicious link in an email or opened an attachment then their system would get infected. --------------------------------------------- https://blog.comodo.com/malware/cobalt-malware-threatens-atm-security/ *** Android-Malware Gooligan soll über 1 Million Google-Konten gekapert haben *** --------------------------------------------- Der Tojaner soll Smartphones rooten und Authentifizierungs-Tokens von Google-Accounts kopieren. Über einen Online-Service kann man prüfen, ob das eigene Konto betroffen ist. --------------------------------------------- https://heise.de/-3520778 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSH affects IBM i (CVE-2016-8858) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021734 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways *** http://www-01.ibm.com/support/docview.wss?uid=swg21992996 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000213 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities affect IBM Domino & IBM iNotes *** http://www.ibm.com/support/docview.wss?uid=swg21992835 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-0785) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994386 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 29-11-2016
by Daily end-of-shift report 29 Nov '16

29 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-11-2016 18:00 − Dienstag 29-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Bruce Schneier zur Netz-Sicherheit: "Die Ära von Spaß und Spielen ist vorbei" *** --------------------------------------------- Der renommierte Sicherheits-Experte warnte auf dem Security-Kongress der Telekom vor einer grenzenlosen Vernetzung. Staatliche Regulierung sei unausweichlich. --------------------------------------------- https://www.heise.de/newsticker/meldung/Bruce-Schneier-zur-Netz-Sicherheit-… *** PayPal Fixes OAuth Token Leaking Vulnerability *** --------------------------------------------- PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso, a senior software engineer at Adobe, after he came across the issue while testing his own OAuth client. --------------------------------------------- http://threatpost.com/paypal-fixes-oauth-token-leaking-vulnerability/122136/ *** Vuln: WordPress Image Gallery Plugin HTML Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94565 *** A Rowhammer ban-hammer for all, and its all in software *** --------------------------------------------- Sorry to go all MC Hammer on you, but boffins tell bit-flippers you cant touch this A group of German researchers reckon theyve cracked a pretty hard nut indeed: how to protect all x86 architectures from the 'Rowhammer' memory bug. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/29/a_rowhammer… *** Tenda / D-Link / TP-Link DHCP Cross Site Scripting *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110233 *** Every Windows 10 in-place Upgrade is a SEVERE Security risk *** --------------------------------------------- [...] There is a small but CRAZY bug in the way the "Feature Update" (previously known as "Upgrade") is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment). --------------------------------------------- http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html *** F-Secure: QUICK TIP: How To Make Your Passwords Uncrackable *** --------------------------------------------- TL;DR: 'The trick is to use a really long random password for each online account,' he tells us. 'The password length should be at least 20 symbols and numbers, but preferably 32.' --------------------------------------------- https://safeandsavvy.f-secure.com/2016/09/14/quick-tip-how-to-make-your-pas… *** Azure Security Best Practices *** --------------------------------------------- Moving applications and workloads to the cloud is a big draw for organizations, primarily due to the favorable economics, ease of deployment, and the flexibility and scale that the cloud provides. Microsoft Azure is one cloud platform seeing rising adoption in the past year. You may be contemplating moving workloads to Azure, particularly if you are a Microsoft shop. But like most organizations moving to the cloud, you are probably concerned about the security of your Azure environment. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/azure-security-best-pr… *** TYPO3 CMS 7.6.14 released *** --------------------------------------------- This version is a regression fix release for TYPO3 CMS 7.6.13 concerning the usage of the Composer mode with additional third party PHP libraries. This version contains bugfixes concerning Composer only. --------------------------------------------- https://typo3.org/news/article/typo3-cms-7614-released/ *** Kontonummern und E-Mail: Daten von Mitfahrgelegenheit.de gestohlen *** --------------------------------------------- Kontonummern und E-Mail-Adressen von ehemaligen Nutzern betroffen - Wenige Österreicher betroffen --------------------------------------------- http://derstandard.at/2000048456695 *** TR-069 NewNTPServer Exploits: What we know so far, (Tue, Nov 29th) *** --------------------------------------------- [This is a cleaned up version to summarize yesterdays diary about the attacks against DSL Routers] What is TR-069 TR-069 (or its earlier version TR-064) is a standard published by the Broadband Forum. The Broadband Forum is an industry organization defining standards used to manage broadband networks. It focuses heavily on DSL type modems and more recently included fiber optic connections. TR stands for Technical Report. TR-069 is considered the Broadband Forums Flagship Standard. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21763&rss *** Security Advisory: BIG-IP SPDY and HTTP/2 profile vulnerability CVE-2016-7475 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/01/sol01587042.html?… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark *** http://www-01.ibm.com/support/docview.wss?uid=swg21994185 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework (CVE-2016-5573, CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994184 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affect Web Experience Factory (CVE-2016-5573, CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994181 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition *** https://www-01.ibm.com/support/docview.wss?uid=swg21985393 --------------------------------------------- *** IBM Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows *** http://www.ibm.com/support/docview.wss?uid=swg21992933 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale (CVEs-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21993946 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus ( CVE-2016-2107,CVE-2016-2176) *** http://www.ibm.com/support/docview.wss?uid=swg21992894 --------------------------------------------- *** IBM Security Bulletin: IBM Integration Bus and WebSphere Message Broker, upon installation, set incorrect permissions for an object ( CVE-2016-0394 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21985013 --------------------------------------------- *** IBM Security Bulletin: Vulnerability has been identified in View All User Domain Tasks of IBM Cloud Orchestrator (CVE-2016-0202 ) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000134 --------------------------------------------- *** IBM Security Bulletin: FileNet Workplace XT can be affected by the File Extension validation vulnerability (CVE-2016-8921) *** http://www.ibm.com/support/docview.wss?uid=swg21994018 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified. *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009589 --------------------------------------------- *** IBM Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-2985 and CVE-2016-2984) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009324 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 28-11-2016
by Daily end-of-shift report 28 Nov '16

28 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-11-2016 18:00 − Montag 28-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Mirai goes TR-069 *** --------------------------------------------- Zu Mirai hab ich hier schon viel geschrieben. Bis jetzt hat sich dieses Botnet rein über das Erraten von Passwörtern auf Telnet-Interfaces weiterverbreitet. Das hat sich jetzt geändert: Am 7. November hat jemand einen Proof-of-concept exploit für ein CPE (Customer premise equipment -- also DSL-Modem, Kabelmodem & co) veröffentlicht, der zeigt, wie man per TR-069 dem Gerät Schadsoftware unterschieben kann. --------------------------------------------- http://www.cert.at/services/blog/20161128173929-1823.html *** DSA-3725 icu - security update *** --------------------------------------------- Several vulnerabilities were discovered in the International Componentsfor Unicode (ICU) library. --------------------------------------------- https://www.debian.org/security/2016/dsa-3725 *** [2016-11-28] Denial of service & heap-based buffer overflow in Guidance Software EnCase Forensic *** --------------------------------------------- EnCase Forensic Imager and the EnCase Forensic suite are widely used by computer forensic experts to analyze hard disks. Due to flaws in these products an attacker could manipulate a hard disk to keep an investigator from fully analyzing it (denial of service). Potentially, an attacker could execute malicious code on the investigators machine. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** DFN-CERT-2016-1949/">ImageMagick: Mehrere Schwachstellen ermöglichen u.a. Denial-of-Service-Angriffe *** --------------------------------------------- Mehrere Schwachstellen in ImageMagick ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe sowie das Ausspähen von Informationen. Debian stellt für die Distribution Debian Jessie (stable) ein Sicherheitsupdate bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1949/ *** Erpressungs-Trojaner: Locky setzt auf .zzzzz-Endung, Cerber geht in Version 5.0.1 um *** --------------------------------------------- Kriminelle sollen Berichten nach aktuell neue Versionen von Cerber und Locky verbreiten. Vorsicht: Viele Viren-Wächter springen offensichtlich noch nicht auf Cerber an. --------------------------------------------- https://heise.de/-3506049

1 0

Tageszusammenfassung - Freitag 25-11-2016
by Daily end-of-shift report 25 Nov '16

25 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-11-2016 18:00 − Freitag 25-11-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Kriminelle bieten Mirai-Botnetz mit 400.000 IoT-Geräten zur Miete an *** --------------------------------------------- Was macht das Mirai-Botnetz gerade? Die beiden Sicherheitsforscher mit den Pseudonymen 2sec4u und MalwareTech überwachen das Mirai-Botnetz und teilen aktuelle Aktivitäten via Twitter und eine Webseite. Aus der Live Map der Webseite geht hervor, dass bislang über die ganze Welt verteilt insgesamt mehr als 3 Millionen Geräte im Mirai-Botnetz gefangen waren. In den letzten 24 Stunden waren es knapp unter 100.000. --------------------------------------------- https://www.heise.de/security/meldung/Kriminelle-bieten-Mirai-Botnetz-mit-4… *** Gehackte Zugänge: Kriminelle versenden Malware mit Mailchimp-Accounts *** --------------------------------------------- Kriminelle nutzen offenbar übernommene Mailchimp-Accounts, um Malware zu verbreiten. Das geschieht vor allem über Mails mit angeblichen Rechnungen. Alle 2.000 betroffenen Accounts wurden vorläufig stillgelegt. --------------------------------------------- http://www.golem.de/news/gehackte-zugaenge-kriminelle-versenden-malware-mit… *** Locky hidden in image file hitting Facebook, LinkedIn users *** --------------------------------------------- Malware masquerading as an image file is still spreading on Facebook, LinkedIn, and other social networks. Check Point researchers have apparently discovered how cyber crooks are embedding malware in graphic and image files, and how they are executing the malicious code within these images to infect social media users with Locky ransomware variants. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. --------------------------------------------- https://www.helpnetsecurity.com/2016/11/25/locky-image-file-facebook-linked… *** The Week in Ransomware - November 25th 2016 - Locky, Decryptors, Cerber, Open Source Ransomware sucks, and More *** --------------------------------------------- Lots of ransomware stories this week. We have two new decryptors, quite a few new ransomware infections, PadCrypt being hidden inside a fake credit card generator, and a few new variants. The biggest news is two new variants of the Locky ransomware that append the .zzzzz and .aesir extensions for encrypted files. [...] --------------------------------------------- http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-novemb… *** Free Software Quick Security Checklist, (Fri, Nov 25th) *** --------------------------------------------- Free software (open source or not) is interesting for many reasons. It can be adapted to your own needs, it can be easily integrated within complex architectures but the most important remains, of course, the price. Even if they are many hidden costs related to free software. In case of issues, a lot of time may be spent in searching for a solution or diving into the source code (and everybody knows that time is money!). Today, more and more organisationsare not afraid anymore to deployfree... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21751&rss *** DFN-CERT-2016-1945: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebiger SQL-Befehle *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1945/ *** Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161125-… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to compromise the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.0. CVE-2016-9379, CVE-2016-9380, CVE-2016-9381, CVE-2016-9382, CVE-2016-9383, CVE-2016-9385, CVE-2016-9386 --------------------------------------------- https://support.citrix.com/article/CTX218775

1 0

Tageszusammenfassung - Donnerstag 24-11-2016
by Daily end-of-shift report 24 Nov '16

24 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-11-2016 18:00 − Donnerstag 24-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Don't let this Black Friday/Cyber Monday spam deliver Locky ransomware to you *** --------------------------------------------- We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we're seeing a spam campaign that Amazon customers need to be wary of. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/11/23/dont-let-this-black-fri… *** LXC CVE-2016-8649 Directory Traversal Vulnerability *** --------------------------------------------- An attacker can exploit this issue using directory-traversal characters (../) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks. --------------------------------------------- http://www.securityfocus.com/bid/94498/info *** Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability *** --------------------------------------------- Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy devices with Marshmallow 6.0 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/94494/info *** w3m Multiple Security Vulnerabilities *** --------------------------------------------- Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to w3m 0.5.3-33 are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/94464/discuss *** Research on unsecured Wi-Fi networks across the world *** --------------------------------------------- We compared the situation with Wi-Fi traffic encryption in different countries using data from our threat database. We counted the number of reliable and unreliable networks in each country that has more than 10 thousand access points known to us --------------------------------------------- https://securelist.com/blog/research/76733/research-on-unsecured-wi-fi-netw… *** DFN-CERT-2016-1942/">RealNetworks RealPlayer: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im RealPlayer ausnutzen, mit Hilfe einer schädlichen präparierten QCP-Mediendatei, zu deren Wiedergabe er einen Benutzer verleitet, um einen Denial-of-Service (DoS)-Angriff durchzuführen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1942/ *** Windows-Update für Secure-Boot-Fehler macht BIOS-Updates erforderlich *** --------------------------------------------- Mit dem Patch 3193479 beziehungsweise 3200970 für aktuelle Windows-(Server-)Versionen korrigiert Microsoft einen Bug in UEFI Secure Boot, doch einige Server starten danach nicht mehr. --------------------------------------------- https://heise.de/-3503589 *** Diagnosing cyber threats for smart hospitals *** --------------------------------------------- ENISA presents a study that sets the scene on information security for the adoption of IoT in Hospitals. The study which engaged information security officers from more than ten hospitals across the EU, depicts the smart hospital ICT ecosystem; and through a risk based approach focuses on relevant threats and vulnerabilities, analyses attack scenarios, and maps common good practices. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/diagnosing-cyber-threats-for-sm… *** Security Advisory: PHP vulnerability CVE-2016-6288 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71814571.html?… *** Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016 *** --------------------------------------------- Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…

1 0

Tageszusammenfassung - Mittwoch 23-11-2016
by Daily end-of-shift report 23 Nov '16

23 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-11-2016 18:00 − Mittwoch 23-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** The November 2016 issue of our SWITCH Security Report is available! *** --------------------------------------------- The topics covered in this report are: * IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking * DDoS attack via IoT botnet shuts down parts of Internet * Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price --------------------------------------------- https://securityblog.switch.ch/2016/11/23/the-november-2016-issue-of-our-sw… *** Securing Drupal with ModSecurity and the Core Rule Set (CRS3) *** --------------------------------------------- Here is a guide aimed at the Drupal community to learn how to work with ModSecurity. OWASP ModSecurity Core Rule Set is a horrible name for a project, that's why we speak of CRS3. This is a security project and for those not familiar with the CRS, I will first give a brief intro first. --------------------------------------------- https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-… *** DomainTools 101: How to Spot Phishy Domains on Cyber Monday *** --------------------------------------------- Just as the Grumeti River in Tanzania harbors dangerous crocodiles just below its surface, a Phishing email usually contains malicious domains waiting for you to click. I read a great article by Bleeping Computer about finding some Google domains that were spoofed using what is known as small caps. This piqued my curiosity ... --------------------------------------------- https://blog.domaintools.com/2016/11/domaintools-101-how-to-spot-phishy-dom… *** [DSA 3722-1] vim security update *** --------------------------------------------- CVE ID : CVE-2016-1248 Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the filetype, syntax and keymap options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. --------------------------------------------- https://lists.debian.org/debian-security-announce/2016/msg00305.html *** Mapping Attack Methodology to Controls, (Wed, Nov 23rd) *** --------------------------------------------- Recently weve seen lots of malicious documents make it through our first protection layers. (https://www.virustotal.com/en/file/79ff976c5ca6025f3bb90ddfa7298286217c2130…) . In the last week, these emails have a word document that spawns a command shell that kicks off a PowerShell script. When working incidents, it is important to map out the attacker lifecycle to determine where to improve your defenses. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21749&rss *** Telegram API ransomware wrecked three weeks after launch *** --------------------------------------------- Crypto so bad that getting around it is shooting fish in a barrel Ransomware scum abusing the protocol of the popular Telegram encrypted chat app have been wrecked and their malware ransom system decrypted. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/23/owned_teleg… *** Vuln: TP-LINK TL-WA5210G Buffer Overflow and Information Disclosure Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/94481 *** Pentest-Report cURL 08.2016 [PDF] *** --------------------------------------------- This report documents findings of a source code audit dedicated to assessing the cURL software. The assessment of the tool was performed by Cure53 as part of the Mozilla's Secure Open Source track program. The results of the project encompass twenty-three security-relevant discoveries. --------------------------------------------- https://wiki.mozilla.org/images/a/aa/Curl-report.pdf *** Acunetix 10.0 DLL Hijacking *** --------------------------------------------- Topic: Acunetix 10.0 DLL Hijacking Risk: Medium Text:Title: Acunetix 10 Multi DLL Hajacking Application: Acunetix Versions Affected: 10.0 Vendor URL: http://www.acunetix.com Di... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110196 *** Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-16-308-02 Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 3, 2016, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for resource consumption vulnerabilities affecting Schneider Electric's Magelis human-machine interface products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02 *** Security updates available in Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1 *** --------------------------------------------- Foxit has released Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1, which address potential security and stability issues --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php *** Security Advisory: PHP vulnerability - CVE-2016-6288 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71814571.html?… *** Siemens *** --------------------------------------------- *** Siemens SIMATIC CP 1543-1 Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 --------------------------------------------- *** Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02 --------------------------------------------- *** Siemens Industrial Products Local Privilege Escalation Vulnerability (Update A) *** https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02 *** Huawei *** --------------------------------------------- *** Security Advisory - Multiple Security Vulnerabilities in Huawei Smart Phone Products *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-… --------------------------------------------- *** Security Advisory - Privilege Escalation Vulnerability in the FusionStorage *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-… --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in TP Driver of Huawei Smart Phone *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-… --------------------------------------------- *** Security Advisory - Integer Overflow Vulnerability in Some Huawei Devices *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-… --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in HIFI Driver of Huawei Smart Phone *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-… *** VMware *** --------------------------------------------- *** VMSA-2016-0022 *** https://www.vmware.com/security/advisories/VMSA-2016-0022.html --------------------------------------------- *** VMSA-2016-0021 *** https://www.vmware.com/security/advisories/VMSA-2016-0021.html --------------------------------------------- *** VMSA-2016-0018.3 *** https://www.vmware.com/security/advisories/VMSA-2016-0018.html *** Novell *** --------------------------------------------- *** eDirectory 9.0.2 (non-root) for Linux *** https://download.novell.com/Download?buildid=dgSdIXwk2Cc~ --------------------------------------------- *** iManager 2.7 Support Pack 7 - Patch 8 for Linux *** https://download.novell.com/Download?buildid=OFnb6Ew8wPM~ --------------------------------------------- *** iManager 2.7 Support Pack 7 - Patch 8 for Windows *** https://download.novell.com/Download?buildid=wPIC5t8Drqo~ --------------------------------------------- *** eDirectory 8.8 SP8 Patch 9 for Linux *** https://download.novell.com/Download?buildid=zJBqj6SjCzg~ --------------------------------------------- *** iManager 3.0.2 for Linux *** https://download.novell.com/Download?buildid=rIhWBDnLYU8~ --------------------------------------------- *** iManager 3.0.2 for Windows *** https://download.novell.com/Download?buildid=iMupD_KbGcA~ --------------------------------------------- *** eDirectory 9.0.2 for Linux *** https://download.novell.com/Download?buildid=TLXIiZ6uoho~ --------------------------------------------- *** eDirectory 9.0.2 for Windows *** https://download.novell.com/Download?buildid=_N2FUsWAalg~ --------------------------------------------- *** eDirectory 8.8 SP8 Patch 9 (non-root) for Linux *** https://download.novell.com/Download?buildid=Y9WDuLNbJxE~ --------------------------------------------- *** eDirectory 8.8 SP8 Patch 9 for Windows *** https://download.novell.com/Download?buildid=aDcgeiAEaYc~

1 0

Tageszusammenfassung - Dienstag 22-11-2016
by Daily end-of-shift report 22 Nov '16

22 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-11-2016 18:00 − Dienstag 22-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Windows 10 Cannot Protect Insecure Applications Like EMET Can *** --------------------------------------------- Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points: (1) Microsoft will no longer support EMET after July 31, 2018, and (2) Windows 10 provides protections that make EMET unnecessary. In this blog post, I explain why Windows 10 does not provide the additional protections that EMET does and why EMET is still an important tool to help prevent exploitation of vulnerabilities. --------------------------------------------- https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecur… *** SSA-603476 (Last Update 2016-11-21): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476… *** Facebook Messenger: Malware via SVG *** --------------------------------------------- Vorsicht bei Dateianhängen in Facebooks Chat: Gekaperte Accounts versenden Schadsoftware - neuerdings in Form einer SVG-Grafik. --------------------------------------------- https://www.heise.de/newsticker/meldung/Facebook-Messenger-Malware-via-SVG-… *** Moodle Vulns *** --------------------------------------------- *** Vuln: Moodle MSA-16-0026 Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94456 --------------------------------------------- *** Vuln: Moodle CVE-2016-8643 Security Bypass Vulnerability *** http://www.securityfocus.com/bid/94457 --------------------------------------------- *** Vuln: Moodle CVE-2016-8644 Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94458 *** Exploit Code Released for NTP Vulnerability *** --------------------------------------------- NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet. --------------------------------------------- http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/ *** The Kings in Your Castle, Pt. #3 *** --------------------------------------------- In the third episode of Marion Marschaleks and Raphael Vinots series of articles on modern APTs, they will shine some light on the prevalence of Zero-Day vulnerabilities. In reality, the use of Zero-Days is far less common than expected. In fact, APT groups in some cases exploit vulnerabilities which are a couple of years old. On the side of the analysts, they will explain that identical hashes are by no means a reliable indicator for dealing with identical files. --------------------------------------------- https://blog.gdatasoftware.com/2016/11/29302-kings-in-your-castle-pt-3 *** TYPO3 *** --------------------------------------------- *** Path Traversal in TYPO3 Core *** https://typo3.org/news/article/path-traversal-in-typo3-core/ --------------------------------------------- *** Insecure Unserialize in TYPO3 Backend *** https://typo3.org/news/article/insecure-unserialize-in-typo3-backend/ *** Businesses as Ransomware's Goldmine: How Cerber Encrypts Database Files *** --------------------------------------------- Possibly to maximize the earning potential of Cerber's developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KntWjaKLssw/ *** Android-Trojaner GT!tr.spy soll vor allem deutsche Bank-Kunden ins Visier nehmen *** --------------------------------------------- Fortinet ist nach eigenen Angaben auf einen aktuellen Android-Trojaner mit der Bezeichnung GT!tr.spy gestoßen, der es in erster Linie auf Kreditkarten- und Log-in-Daten von deutschen und österreichischen Bank-Kunden abgesehen hat. Davon sollen Kunden von nicht näher beschriebenen 15 deutschen und fünf österreichischen Banken bedroht sein ... --------------------------------------------- https://heise.de/-3494472 *** Exploit Code Released for NTP Vulnerability *** --------------------------------------------- NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet. --------------------------------------------- http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/ *** FortiOS flow-mode detection bypass under certain conditions *** --------------------------------------------- A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions... --------------------------------------------- http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-cer… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2016-8610 *** https://support.f5.com:443/kb/en-us/solutions/public/k/11/sol11307303.html?… --------------------------------------------- *** Security Advisory: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896 *** https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30403302.html?… --------------------------------------------- *** Security Advisory: ImageMagick vulnerability CVE-2015-8898 *** https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68785753.html?… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection *** http://www-01.ibm.com/support/docview.wss?uid=swg21991724 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack for Bare Machine Recovery Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) *** http://www.ibm.com/support/docview.wss?uid=swg21993925 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) *** http://www.ibm.com/support/docview.wss?uid=swg21993916 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990083 --------------------------------------------- *** IBM Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection *** http://www-01.ibm.com/support/docview.wss?uid=swg21989336 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993565 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-0377 *** http://www-01.ibm.com/support/docview.wss?uid=swg21993522 --------------------------------------------- *** IBM Vulnerabilities in BIND impact AIX (CVE-2016-2776, CVE-2016-2775) *** http://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX *** http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc ---------------------------------------------

1 0

Tageszusammenfassung - Montag 21-11-2016
by Daily end-of-shift report 21 Nov '16

21 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-11-2016 18:00 − Montag 21-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Vuln: Huawei Smart Phones Multiple Local Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/94404 *** Vuln: Multiple Lenovo ThinkPad Products CVE-2016-8222 Local Security Bypass Vulnerability *** --------------------------------------------- Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. --------------------------------------------- http://www.securityfocus.com/bid/94409 *** Security Advisory: PHP vulnerability CVE-2016-6289 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52430518.html?… *** SSA-672373 (Last Update 2016-11-18): Vulnerabilities in SIMATIC CP 1543-1 *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373… *** SSA-701708 (Last Update 2016-11-18): Local Privilege Escalation in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… *** SAP NetWeaver AS ABAP 7.4 Directory Traversal *** --------------------------------------------- The code provides access to the file specified after the READ DATASET statement. The variable transmitted to the input of the statement is entered in it by user input. Thus, the user can access the files stored on the operating system. This vulnerability is called a Directory Traversal. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110168 *** Update wichtig: Sicherheitswarnung zu Symantec-Software *** --------------------------------------------- Das BSI hat eine Sicherheitswarnung der Stufe 4 bezüglich der Symantec-Produkte Endpoint Security herausgegeben und empfiehlt ein sofortiges Update. --------------------------------------------- https://heise.de/-3492125 *** Second Chinese Firm In a Week Found Hiding a Backdoor In Android Firmware *** --------------------------------------------- An anonymous reader quotes Bleeping Computer: Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the targets phone with root privileges. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/A1TnPdkseTU/second-chinese-… *** Putty Cleartext Password Storage *** --------------------------------------------- Putty.exe stores Passwords unencrypted for sessions that use a Proxy connection and specify a password to save. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110172 *** WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / XSS *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110174 *** Vuln: Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability *** --------------------------------------------- Apache OpenOffice is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Apache OpenOffice 4.1.2 and prior versions are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/94418 *** DFN-CERT-2016-1916/">GStreamer-Plugin: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer kann mit Hilfe einer speziell präparierten Mediendatei einen Pufferüberlauf auf dem Heap erzeugen, dadurch große Speicherbereiche kontrollieren und in der Folge beliebigen Programmcode ausführen. Die Schwachstelle kann im Kombination mit anderen Sicherheitslücken und Design-Entscheidungen auf bestimmten Linux-Systemen einfach durch den Besuch einer speziell präparierten Webseite ausgenutzt werden. Es ist dabei keine Interaktion des Benutzers notwendig. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1916/ *** Bugtraq: [security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) *** --------------------------------------------- HPE has made the following firmware updates available to resolve the vulnerability in iLO 3 and iLO 4: For iLO3, please upgrade to firmware v1.88 For iLO4, please upgrade to firmware v2.44 --------------------------------------------- http://www.securityfocus.com/archive/1/539791 *** Oil and Gas Cybersecurity part 3: Midstream Security for Oil *** --------------------------------------------- I hope you enjoyed the previous parts of Oil and Gas Cyber Security series (Upstream Cyber Security and Oil and Gas Cyber Security 101). Today we will talk about OT and ICS with a special focus on the Midstream sector of the petroleum industry. --------------------------------------------- http://resources.infosecinstitute.com/oil-and-gas-cybersecurity-part-3-mids… *** Nemucod Infections Spreading Locky Over Facebook *** --------------------------------------------- Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware. --------------------------------------------- http://threatpost.com/nemucod-infections-spreading-locky-over-facebook/1220… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM Social Rendering Templates for Digital Data Connector (CVE-2016-8936) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993895 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by a vulnerability discovered in XSTREAM (CVE-2016-3674) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992217 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and Switches (CVE-2016-0701, CVE-2015-3197) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009610 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and switches (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009608 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 18-11-2016
by Daily end-of-shift report 18 Nov '16

18 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-11-2016 18:00 − Freitag 18-11-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Webseite aufgerufen, Linux gehackt *** --------------------------------------------- Linux-Nutzer können sich durch das bloße Aufrufen einer Webseite Schadcode einfangen. Die Ursache ist eine Kombination eigentlich harmloser Ereignisse – und eine Zero-Day-Lücke. Betroffen ist vor allem Fedora Workstation. --------------------------------------------- https://heise.de/-3489774 *** Google Removing SHA-1 Support in Chrome 56 *** --------------------------------------------- Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates. --------------------------------------------- http://threatpost.com/google-removing-sha-1-support-in-chrome-56/122041/ *** MacBook Pro 2016: Malware-Schutz teils ab Werk deaktiviert *** --------------------------------------------- Apple hat offenbar verpasst, den macOS-Systemintegritätsschutz (System Integrity Protection) auf allen MacBook-Pro-Modellen mit Touch Bar zu aktivieren. SIP soll die Möglichkeiten von Schad-Software begrenzen. --------------------------------------------- https://heise.de/-3491210 *** 8 million GitHub profiles scraped, data found leaking online *** --------------------------------------------- Technology recruitment site GeekedIn has scraped 8 million GitHub profiles and left the information exposed in an unsecured MongoDB database. The backup of the database .. --------------------------------------------- https://www.helpnetsecurity.com/2016/11/18/8-million-github-profiles-scrape… *** DSA-3718 drupal7 - security update *** --------------------------------------------- Multiple vulnerabilities has been found in the Drupal content managementframework. For additional information, please refer to the upstream advisoryat https://www.drupal.org/SA-CORE-2016-005 --------------------------------------------- https://www.debian.org/security/2016/dsa-3718 *** Metadaten: Apple speichert Verbindungsdaten mehrere Monate in iCloud *** --------------------------------------------- Apple bezeichnet sich gern als Datenschutzkonzern. Eine jetzt entdeckte Funktion zeigt aber, dass Apple Verbindungsdaten mehrere Monate im iCloud-Backup ablegt. Das dürfte nicht jedem gefallen. --------------------------------------------- http://www.golem.de/news/metadaten-apple-speichert-verbindungsdaten-mehrere… *** Top-Level-Domain .box macht Fritzbox-Routern Probleme *** --------------------------------------------- Router ist im internen Netz über den Domainnamen fritz.box erreichbar --------------------------------------------- http://derstandard.at/2000047782737 *** iPhone: Lockscreen-Lücke erlaubt Zugriff auf Kontakte und Fotos *** --------------------------------------------- Angriffsmethode soll auch bei den neuesten Versionen von iOS funktionieren --------------------------------------------- http://derstandard.at/2000047783306 *** Google Project Brillo: IoT-Android wird sicherer als Smartphone-Android *** --------------------------------------------- Google krempelt die Zusammenarbeit mit Herstellern für sein Internet-of-Things-System Brillo im Vergleich zu Android völlig um. So gibt es nur einen Linux-Kernel, der .. --------------------------------------------- http://www.golem.de/news/google-project-brillo-iot-android-wird-sicherer-al… *** The Rampage of Locky *** --------------------------------------------- Locky has been a constant in the malware zoo for a considerable time. And while we are aware that there are still victims being hit by the variant sporting the .ODIN extension, .. --------------------------------------------- https://blog.gdatasoftware.com/2016/11/29310-the-rampage-of-locky *** Filesharing: Hacker erbeuten Sourcecoude von Mega.nz *** --------------------------------------------- Mehrere Gbyte an Quellcode und einige Admin-Zugänge wurden bei Kim Dotcoms Dienst Mega.nz kopiert. Nach Angaben des Unternehmens sind keine Nutzerdaten betroffen, die veröffentlichten Zugänge seien zudem veraltet. --------------------------------------------- http://www.golem.de/news/filesharing-hacker-erbeuten-sourcecoude-von-mega-n…

1 0

Tageszusammenfassung - Donnerstag 17-11-2016
by Daily end-of-shift report 17 Nov '16

17 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-11-2016 18:00 − Donnerstag 17-11-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** VMSA-2016-0020 *** --------------------------------------------- vRealize Operations update addresses REST API deserialization vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0020.html *** VMSA-2016-0016.1 *** --------------------------------------------- vRealize Operations (vROps) updates address privilege escalation vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0016.html *** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005 *** --------------------------------------------- https://www.drupal.org/SA-CORE-2016-005 *** VMSA-2016-0018.1 *** --------------------------------------------- VMware product updates address local privilege escalation vulnerability in Linux kernel --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-00201.html *** VMSA-2016-0018.1 *** --------------------------------------------- VMware product updates address local privilege escalation vulnerability in Linux kernel --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0018.html *** Antivirus tools are a useless box-ticking exercise says Google security chap *** --------------------------------------------- Advocates whitelists and other tools that genuinely help security Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort .. --------------------------------------------- www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_ju… *** DSA-3716 firefox-esr - security update *** --------------------------------------------- Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3716 *** Tails 2.7 is out *** --------------------------------------------- https://tails.boum.org/news/version_2.7/ *** Malware Hunters Catch New Android Spyware For Governments In The Wild *** --------------------------------------------- A group of malware hunters has caught a new Android spyware in the wild. The spyware is marketed to governments and police forces and was made in Italy—but it wasn’t built by the infamous surveillance tech vendor Hacking Team. --------------------------------------------- https://motherboard.vice.com/read/malware-hunters-catch-new-android-spyware… *** Internet of Things: US-Regierung veröffentlicht Security-Strategie *** --------------------------------------------- Sechs Empfehlungen für ein weniger unsicheres Internet of Things hat die US-Regierung ausgearbeitet. Das offizielle Dokument könnte Entwicklern und Sicherheitsabteilungen Rückenwind geben. --------------------------------------------- https://heise.de/-3488886 *** Erpressungs-Trojaner Ransoc soll Social-Media-Accounts ausspionieren *** --------------------------------------------- Sicherheitsforschern zufolge droht Ransoc damit, persönliche Daten zu veröffentlichen. Dafür soll er eine individuelle Erpresserbotschaft mit privaten Bildern und Informationen bauen. --------------------------------------------- https://heise.de/-3488976 *** Call for Papers Domain pulse 2017 *** --------------------------------------------- Das Generalthema des Domain pulse 2017 lautet „Netzwerken in Netzwerken“ – im weitesten Sinne des Begriffs. Wer oder was wird vernetzt? Wie wichtig ist Vernetzung? Wo findet sie statt? Wie kann sie bestmöglich gelingen? Und welche Probleme kann sie lösen? --------------------------------------------- http://www.domainpulse.at/de/call-for-papers *** Forensik-Tool-Hersteller: Apple speichert iPhone-Anrufprotokolle in iCloud – für viele Monate *** --------------------------------------------- Apple synchronisiert die Anrufhistorie von iCloud-Nutzern automatisch ohne darauf explizit hinzuweisen. Die Software des Herstellers soll Strafverfolgungsbehörden .. --------------------------------------------- https://heise.de/-3490866 *** Confessions of a Google Spammer *** --------------------------------------------- Before I became an inbound marketer, I once made $50,000 a month spamming Google. I worked a maximum of 10 hours a week. And I am telling you from the bottom of my heart: never, never ever follow in my footsteps. --------------------------------------------- https://readthink.com/confessions-of-a-google-spammer-4f2e0c3e9869

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily November 2016