Daily December 2016

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - Donnerstag 15-12-2016
by Daily end-of-shift report 15 Dec '16

15 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-12-2016 18:00 − Donnerstag 15-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** No More Ransom Project Expands with 34 New Partners, 32 New Free Decryption Tools *** --------------------------------------------- The "No More Ransom" project, set up in July by Intel Security, Kaspersky Lab, Europol, and the Dutch National police to help victims of ransomware infections, has expanded today with 34 new partners, and 32 new decryptors that can help ransomware victims unlock their files for free. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/no-more-ransom-project-expan… *** Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe *** --------------------------------------------- Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-p… *** Yahoo muss erneut Massenhack beichten: Eine Milliarde Opfer *** --------------------------------------------- Im September hatte Yahoo einen Hack von über einer halben Milliarde Nutzerkonten bekanntgegeben. Den Rekord hat Yahoo nun gebrochen. Diesmal geht es um über eine Milliarde Konten. Dazu kommen gezielte Attacken mittels Cookies. --------------------------------------------- https://heise.de/-3570674 *** Mobile Ransomware: How to Protect Against It *** --------------------------------------------- In our previous post, we looked at how malware can lock devices, as well as the scare tactics used to convince victims to pay the ransom. Now that we know what bad guys can do, well discuss the detection and mitigation techniques that security vendors can use to stop them. By sharing these details with other researchers, we hope to improve the industrys collective knowledge on mobile ransomware mitigation. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XaGWjnUqHoY/ *** DefCamp Romania 2016 Videos and Slides *** --------------------------------------------- November 10-11, 2016, Bucharest, Romania --------------------------------------------- https://def.camp/archives/2016/ *** The Kings in Your Castle, Pt #5 *** --------------------------------------------- The last part in the article series about analyzing modern APTs deals with naming and attribution of APTs. This is far less trivial than it sounds. Analysts are often facing the same enemy all over again without realizing it. --------------------------------------------- https://blog.gdatasoftware.com/2016/12/29379-the-kings-in-your-castle-pt-5 *** Sicherheitslücken: Updates auch für ältere macOS-Versionen *** --------------------------------------------- Neben den in macOS Sierra und dem Browser Safari gestopften Schwachstellen hat Apple auch Sicherheits-Updates für OS X El Capitan und Yosemite veröffentlicht. Diese beheben eine kritische Schwachstelle. --------------------------------------------- https://heise.de/-3572108 *** Ask Sucuri: How to Stop Brute Force Attacks? *** --------------------------------------------- Again, there is no mystery to this: Enforce a strong password for all the users and a brute force attack will not succeed. The underlying problem, however, is a bit more complicated --------------------------------------------- https://blog.sucuri.net/2016/12/ask-sucuri-how-to-stop-brute-force-attacks.… *** A Backdoor in Skype for Mac OS X *** --------------------------------------------- Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which provides an API to local programs/plugins executing on the local machine. The API is formally known as the Desktop API (previously known as the Skype... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-… *** 5 Best Password Auditing Tools *** --------------------------------------------- A single weak password exposes your entire network to an external threat. Password hacking is one of the most critical and commonly exploited network security threats. In many ways, passwords should be viewed as your first line of defense where protecting your company's data is concerned. The huge number of data breaches occurs because someone... --------------------------------------------- http://resources.infosecinstitute.com/5-best-password-auditing-tools/ *** DFN-CERT-2016-2040: Netgear Router: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes mit Administratorrechten *** --------------------------------------------- Version 3 (2016-12-15 15:42) Der Hersteller aktualisiert den referenzierten Sicherheitshinweis und bestätigt auch die Verwundbarkeit von DSL-Modems mit den Modellnummern D6220 und D6400. Für alle verwundbaren WLAN- und DSL-Router stehen mittlerweile Firmwareupdates im Beta-Status als temporäre Lösung zur Verfügung. Netgear arbeitet weiter an einer Produktionsversion der Firmware für alle betroffenen Geräte. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-2040/ *** Remote shell execution vulnerability affects Good Enterprise Mobility Server (BSRT-2016-008) *** --------------------------------------------- This advisory addresses a remote shell execution vulnerability that has been discovered in Good Enterprise Mobility Server (GEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited by the requirement that a potential attacker possess access to the internal network and by the functionality of the Karaf command shell. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038814 *** Bugtraq: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] *** --------------------------------------------- http://www.securityfocus.com/archive/1/539925 *** F5 Security Advisory: Kerberos vulnerability CVE-2014-4343 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15553.htm… *** Sentinel 7.4 SP4 (Sentinel 7.4.4.0) Build 2904 *** --------------------------------------------- Abstract: Sentinel 7.4.3 upgrade for Sentinel 7.4Document ID: 5264470Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.4.4.0-2904.x86_64.tar.gz (1.74 GB)sentinel_server-7.4.4.0-2904.x86_64.tar.gz.sha256 (109 bytes)Products:SentinelSentinel 7.4.4Sentinel 7.XSentinel 7.2Sentinel 7.4Sentinel 7.3Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4.1Sentinel 7.4.2Sentinel 7.3.3Sentinel 7.4.3Sentinel 7.3.4Superceded Patches:Sentinel 7.4 SP3 --------------------------------------------- https://download.novell.com/Download?buildid=RaGN-vIdupQ~ *** Security Advisory - Stack Overflow Vulnerability in Drive of Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161215-… *** SAP *** --------------------------------------------- *** Vuln: SAP Mobile Defense & Security Remote Authorization Bypass Vulnerability *** http://www.securityfocus.com/bid/94902 --------------------------------------------- *** Vuln: SAP HANA Cockpit Cross Site Scripting Vulnerability *** http://www.securityfocus.com/bid/94897 --------------------------------------------- *** Vuln: SAP HANA Remote Authorization Bypass Vulnerability *** http://www.securityfocus.com/bid/94898 --------------------------------------------- *** Vuln: SAP HANA XS Classic Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94896 --------------------------------------------- *** Vuln: SAP HANA Cockpit Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94910 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances allow web pages to be stored locally (CVE-2016-3024) *** http://www.ibm.com/support/docview.wss?uid=swg21995340 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3021) *** http://www.ibm.com/support/docview.wss?uid=swg21995436 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3023) *** http://www.ibm.com/support/docview.wss?uid=swg21995348 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to incorrect permission assignment (CVE-2016-3022) *** http://www.ibm.com/support/docview.wss?uid=swg21995360 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by cross-site scripting vulnerabilities (CVE-2016-3018) *** http://www.ibm.com/support/docview.wss?uid=swg21995347 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to misconfiguration (CVE-2016-3017) *** http://www.ibm.com/support/docview.wss?uid=swg21995519 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability related to code integrity checking (CVE-2016-3016) *** http://www.ibm.com/support/docview.wss?uid=swg21995518 --------------------------------------------- *** IBM Security Bulletin: IBM Notes is affected with Open Source Apache Struts Vulnerabilities (CVE-2016-1181, CVE-2016-1182) *** http://www-01.ibm.com/support/docview.wss?uid=swg21988182 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) *** http://www-01.ibm.com/support/docview.wss?uid=swg21989337 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3627) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991909 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995989 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSLaffect IBM WebSphere MQ V6.0 on OpenVMS Alpha and Itanium platforms ( CVE-2016-2183 ) *** http://www.ibm.com/support/docview.wss?uid=swg21995922 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-6316, CVE-2016-6317 *** http://www-01.ibm.com/support/docview.wss?uid=swg21991913 --------------------------------------------- *** IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033) *** http://www.ibm.com/support/docview.wss?uid=swg21995545 --------------------------------------------- *** IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991682 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-3485, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991910 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an SQL Injection vulnerability (CVE-2016-3046) *** http://www.ibm.com/support/docview.wss?uid=swg21995527 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information disclosure vulnerability (CVE-2016-3045) *** http://www.ibm.com/support/docview.wss?uid=swg21995435 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3043) *** http://www.ibm.com/support/docview.wss?uid=swg21995446 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4483) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991911 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 14-12-2016
by Daily end-of-shift report 14 Dec '16

14 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-12-2016 18:00 − Mittwoch 14-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Facebook helps companies detect rogue SSL certificates for domains *** --------------------------------------------- Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best,... --------------------------------------------- http://www.cio.com/article/3149737/security/facebook-helps-companies-detect… *** MS16-DEC - Microsoft Security Bulletin Summary for December 2016 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for December 2016. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-DEC *** Patchday: Kritische Lücken in Edge, Windows & Co. *** --------------------------------------------- Microsoft veröffentlicht im Dezember insgesamt zwölf Sicherheitsupdates. Im schlimmsten Fall können Angreifer Computer von Opfern durch den bloßen Aufruf einer manipulierten Webseite kapern. --------------------------------------------- https://heise.de/-3569916 *** MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking *** --------------------------------------------- In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we continue taking down unwanted software, the pesky threats that force onto our computers things that we neither want nor need. BrowserModifier:Win32/Clodaconas, for instance, displays ads when you're browsing the internet. It modifies search results pages so that you see unsolicited ads related to your... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/12/13/msrt-december-2016-addr… *** "Statistisch gesehen": Verschlüsselungstrojaner - ein Millionengeschäft *** --------------------------------------------- Petya, Goldeneye - diese und andere Erpressungstrojaner haben weltweit viele Nutzer zur Kasse gebeten. Die Zahlungsmoral hängt nicht zuletzt von Empfehlungen der Behörden ab. Wie viel bisher wo gezahlt wurde, zeigt ein neues... --------------------------------------------- https://heise.de/-3569888 *** Malvertising Campaign Infects Your Router Instead of Your Browser *** --------------------------------------------- Malicious ads are serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting. Discovered by security researchers from US security firm Proofpoint, this malvertising campaign is powered by a new exploit kit called DNSChanger EK. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/malvertising-campaign-infect… *** Modbus Stager: Using PLCs as a payload/shellcode distribution system *** --------------------------------------------- This weekend I have been playing around with Modbus and I have developed a stager in assembly to retrieve a payload from the holding registers of a PLC. Since there are tons of PLCs exposed to the Internet, I thought whether it would be possible to take advantage of the processing and memory provided by them to store certain payload so that it can be recovered later (from the stager). --------------------------------------------- http://www.shelliscoming.com/2016/12/modbus-stager-using-plcs-as.html *** UAC Bypass in JScript Dropper *** --------------------------------------------- What makes this sample different? After the classic execution of the PE files, it tries to bypass the Windows UAC using a "feature" present in eventvwr.exe. This system tool runs as a high integrity process and uses HKCU / HKCR registry hives to start mmc.exe which opens finally eventvwr.msc. --------------------------------------------- https://isc.sans.edu/diary/UAC+Bypass+in+JScript+Dropper/21813 *** Sophos schließt Dirty-Cow-Lücke in Sicherheitspaket UTM *** --------------------------------------------- Die Unified-Thread-Management-Lüsung von Sophos bekommt Sicherheitsupdates, die mehrere Schwachstellen schließen. --------------------------------------------- https://heise.de/-3570179 *** Electronic Safe Lock Analysis: Part 2 *** --------------------------------------------- After performing an initial tear-down, we were able to map out the device's behaviors and attack surface. We then narrowed our efforts on analyzing the device's BLE wireless communication. The Prologic B01's main feature is that it can be unlocked by a mobile Android or iOS device over BLE. The end result was a fully-automated attack that allows us to remotely compromise any Prologic B01 lock up to 100 yards away. --------------------------------------------- http://www.somersetrecon.com/blog/2016/10/14/electronic-safe-lock-analysis-… *** Microsoft Fixes Windows 10 Issue That Knocked People off the Internet *** --------------------------------------------- Microsft has released KB3206632, a Windows update that fixes an issue introduced in an earlier update that crashed the CDPSVC service and prevented some users from receiving IP address information via the DCHP protocol, used by both home and enterprise-grade routers to connect users to the Internet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-… *** Xen Security Advisory 200 (CVE-2016-9932) - x86 CMPXCHG8B emulation fails to ignore operand size override *** --------------------------------------------- Impact: A malicious unprivileged guest may be able to obtain sensitive information from the host. --------------------------------------------- http://seclists.org/oss-sec/2016/q4/662 *** PHP: imagefilltoborder stackoverflow on truecolor images (CVE 2016-9933) *** --------------------------------------------- Invalid color causes stack exhaustion by recursive call to function gdImageFillToBorder when the image used is truecolor. This was tested on a 64 bits platform. --------------------------------------------- https://bugs.php.net/bug.php?id=72696 *** Joomla! Security Announcements *** --------------------------------------------- *** [20161203] - Core - Information Disclosure *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/EY3UcBwQtzI/666-20161203-c… --------------------------------------------- *** [20161202] - Core - Shell Upload *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/fI7Ty93n-Rk/665-20161202-c… --------------------------------------------- *** [20161201] - Core - Elevated Privileges *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/OjvlaBoXTCU/664-20161201-c… --------------------------------------------- *** [20161204] - Misc. Security Hardening *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/jYB3ItEGbWQ/667-20161204-m… --------------------------------------------- *** Novell Patches *** --------------------------------------------- *** Filr 2.0 - Security Update 3 *** https://download.novell.com/Download?buildid=Am-_TGOll0g~ --------------------------------------------- *** Filr 3.0 - Security Update 1 *** https://download.novell.com/Download?buildid=Qct0ao9jRAI~ --------------------------------------------- *** IDM 4.5 Delimited Text Driver 4.0.2.0 *** https://download.novell.com/Download?buildid=hX_xlukrkNY~ --------------------------------------------- *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in Wi-FI Driver of Huawei Smart Phone *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei Firewall *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** Security Advisory - E-mail Information Leak Vulnerability in Android System *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** Security Advisory - Memory Leak Vulnerability in Some Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** ICS-CERT Advisories *** --------------------------------------------- *** Visonic PowerLink2 Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01 --------------------------------------------- *** Moxa DACenter Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02 --------------------------------------------- *** Delta Electronics WPLSoft, ISPSoft, and PMSoft Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03 --------------------------------------------- *** Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX Vulnerability *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04 --------------------------------------------- *** Siemens S7-300/400 PLC Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect Content Collector for IBM Connections *** https://www-01.ibm.com/support/docview.wss?uid=swg21988356 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Asset analyzer. (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995883 --------------------------------------------- *** IBM Security Bulletin: Sweet32 Birthday attacks on 64-bit block ciphers in TLS affect Content Manager for z/OS (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995455 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in BIND affects IBM Netezza Host Management *** http://www.ibm.com/support/docview.wss?uid=swg21994505 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009647 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified. *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009554 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) *** http://www.ibm.com/support/docview.wss?uid=swg21995129 --------------------------------------------- *** IBM Security Bulletin: Password disclosure vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware vSphere GUI (CVE-2016-6034) *** http://www.ibm.com/support/docview.wss?uid=swg21995544 --------------------------------------------- *** IBM Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-5986 *** http://www.ibm.com/support/docview.wss?uid=swg21995745 --------------------------------------------- *** IBM Security Bulletin: Potential Information Disclosure in WebSphere Application Server *** http://www-01.ibm.com/support/docview.wss?uid=swg21991469 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center (CVE-2016-8941, CVE-2016-8942, CVE-2016-8943) *** http://www.ibm.com/support/docview.wss?uid=swg21995128 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 13-12-2016
by Daily end-of-shift report 13 Dec '16

13 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 12-12-2016 18:00 − Dienstag 13-12-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** (Adobe) Security Bulletins Posted *** --------------------------------------------- - Adobe Animate (APSB16-38) - Adobe Flash Player (APSB16-39) - Adobe Experience Manager Forms (APSB6-40) - Adobe DNG Converter (APSB16-41) - Adobe Experience Manager (APSB16-42) - Adobe InDesign (APSB16-43) - Adobe ColdFusion Builder (APSB16-44) - Adobe Digital Editions (APSB16-45) - Adobe RoboHelp (APSB16-46) --------------------------------------------- https://blogs.adobe.com/psirt/?p=1426 *** The importance of cryptography for the digital society *** --------------------------------------------- Following the Council meeting on 8th and 9th December 2016 in Brussels, ENISA's paper gives an overview into aspects around the current debate on encryption, while highlighting the Agency's key messages and views on the topic. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-importance-of-cryptography-… *** Vuln: PHP ext/wddx/wddx.c Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94846 *** Vuln: PHP ext/standard/var.c Incomplete Fix Use After Free Remote Code Execution Vulnerability *** --------------------------------------------- Use After Free in PHP7 unserialize() --------------------------------------------- http://www.securityfocus.com/bid/94849 *** Unrestricted Backend Login Backdoor Method Seen in OpenCart *** --------------------------------------------- >From the attacker's perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malware and perform different kinds of malicious activities. One of the ways attackers try to secure their access is by adding admin users, or pieces of malicious code throughout the site. This allows them to regain access easily, if needed. However, we recently found a unique way to achieve this kind of breach in OpenCart version 1.5.6.4. --------------------------------------------- https://blog.sucuri.net/2016/12/unrestricted-backend-login.html *** State of the Web 2016: Jede zweite Website ist ein Sicherheitsrisiko *** --------------------------------------------- Schwachstellen im Internet werden immer mehr, stellt Menlo Security in seinem Bericht über den "State of the Web" fest. Eine wichtige Rolle spielt das Nachladen externer Inhalte über Werbe-Netzwerke und Content Delivery Networks. --------------------------------------------- https://heise.de/-3569114 *** Netgear-Lücke dramatischer als angenommen, erste Sicherheits-Updates *** --------------------------------------------- Die hochkritische Lücke im Web-Interface betrifft deutlich mehr Netgear-Router als bislang angenommen. Für eine Handvoll Gerät hat der Hersteller inzwischen eine Beta-Firmware herausgegeben, die das Problem löst. --------------------------------------------- https://heise.de/-3569299 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995588 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU Oct 2016 Includes Oracle Oct 2016 CPU affect Content Collector for File Systems *** https://www-01.ibm.com/support/docview.wss?uid=swg21995474 --------------------------------------------- *** IBM Security Bulletin: Vulnerability CVE-2016-7099 and CVE-2016-5325 in Node.js affects IBM i *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021765 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Enterprise Content Management System Monitor (CVE-2016-6304, CVE-2016-2177) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995038 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Enterprise Content Management System Monitor (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995042 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Samba, BIND and Libreswan affect IBM Netezza Host Management *** http://www.ibm.com/support/docview.wss?uid=swg21994231 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload affect IBM Enterprise Content Management System Monitor (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995043 --------------------------------------------- *** IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On *** http://www.ibm.com/support/docview.wss?uid=swg21994534 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL and PHP affect IBM Tealeaf Customer Experience (CVE-2016-2107, CVE-2016-6290, CVE-2016-7125) *** http://www.ibm.com/support/docview.wss?uid=swg21992307 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and IBM Java Runtime affect IBM Tealeaf Customer Experience (CVE-2016-0378, CVE-2016-3485, CVE-2016-5986) *** http://www.ibm.com/support/docview.wss?uid=swg21994537 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 12-12-2016
by Daily end-of-shift report 12 Dec '16

12 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-12-2016 18:00 − Montag 12-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Windows 10: protection, detection, and response against recent Depriz malware attacks *** --------------------------------------------- A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-d… *** Microsoft Edges malware alerts can be faked, researcher says *** --------------------------------------------- Fiddle with a URL and you can pop up and tell users to do anything Technical support scammers have new bait with the discovery that Microsofts Edge browser can be abused to display native and legitimate-looking warning messages. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/12/12/microsoft_e… *** New Ransomware Offers The Decryption Keys If You Infect Your Friends *** --------------------------------------------- MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes: "With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BAJPIfARkR0/new-ransomware-… *** Escaping a restricted shell *** --------------------------------------------- help command outputs this list of available commands we can use, It's almost basically the web interface disguised as a shell session; Well not really but i'm sure you guys got the point. So let's begin with command substitution (a.k.a command injection) technique:... --------------------------------------------- https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/ *** Zcash, or the return of malicious miners *** --------------------------------------------- Despite this dramatic drop from the initial values (which was anticipated), Zcash mining remains among the most profitable compared to other cryptocurrencies. This has led to the revival of a particular type of cybercriminal activity - the creation of botnets for mining. A few years ago, botnets were created for bitcoin mining, but the business all but died out after it became only marginally profitable. --------------------------------------------- https://securelist.com/blog/research/76862/zcash-or-the-return-of-malicious… *** 5 Questions to Ask your IoT Vendors; But Do Not Expect an Answer. *** --------------------------------------------- 1 - For how long, after I purchase a device, should I expect security updates? 2 - How will I learn about security updates? 3 - Can you share a pentest report for your device? 4 - How can I report vulnerabilities? 5 - If you use encryption, then disclose what algorithms you use and how it is implemented --------------------------------------------- https://isc.sans.edu/diary/5+Questions+to+Ask+your+IoT+Vendors%3B+But+Do+No… *** VB2016 paper: Modern attacks on Russian financial institutions *** --------------------------------------------- Today, we publish the VB2016 paper and presentation (recording) by ESET researchers Jean-Ian Boutin and Anton Cherepanov, in which they look at sophisticated attacks against Russian financial institutions. --------------------------------------------- https://www.virusbulletin.com/blog/2016/december/vb2016-paper-modern-attack… *** Pentesting ICS Systems *** --------------------------------------------- Security of ICS systems is one of the most critical issues of this last year. In this article, we will have a brief introduction to ICS systems, risks, and finally, methodology and tools to pentest ICS based systems Introduction Industrial control system (ICS) is a term that includes many types of control systems and instrumentation... --------------------------------------------- http://resources.infosecinstitute.com/pentesting-ics-systems/ *** Ongoing Windows update bug woes affecting all ISPs *** --------------------------------------------- Virgin also advising customers knocked offline An ongoing software update bug on Windows 8 and 10 appears affecting users of several UK ISPs, with Virgin Media the latest provider to admit the problem is knocking a number of its customers offline. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/12/12/ongoing_win… *** Netgear-Router trivial angreifbar, noch kein Patch in Sicht *** --------------------------------------------- Im Web-Interface einiger Netgear-Router klafft offenbar eine kritische Sicherheitslücke, die Angreifer leicht ausnutzen können, um Code mit Root-Rechten auszuführen. Schutz verspricht bisher nur ein unorthodoxer Weg: Man soll die Lücke selbst ausnutzen. --------------------------------------------- https://heise.de/-3568679 *** DDoS tool encourages users to compete against each other for points *** --------------------------------------------- Sledgehammer tool encourages hackers to launch DDoS attacks - but theres a sting in the tail --------------------------------------------- https://nakedsecurity.sophos.com/2016/12/12/ddos-tool-encourages-users-to-c… *** VU#582384: Multiple Netgear routers are vulnerable to arbitrary command injection *** --------------------------------------------- Vulnerability Note VU#582384 Multiple Netgear routers are vulnerable to arbitrary command injection Original Release date: 09 Dec 2016 | Last revised: 09 Dec 2016 Overview Netgear R7000 and R6400 routers and possibly other models are vulnerable to arbitrary command injection. Description CWE-77: Improper Neutralization of Special Elements used in a Command (Command Injection) Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and... --------------------------------------------- http://www.kb.cert.org/vuls/id/582384 *** DSA-3730 icedove - security update *** --------------------------------------------- Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors,same-origin policy bypass issues, integer overflows, buffer overflowsand use-after-frees may lead to the execution of arbitrary code ordenial of service. --------------------------------------------- https://www.debian.org/security/2016/dsa-3730 *** Vuln: McAfee VirusScan Enterprise Multiple Security Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/94823 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: One vulnerability in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1 and v1.0.1.1 (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995653 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK for Node.js *** http://www.ibm.com/support/docview.wss?uid=swg21993007 --------------------------------------------- *** IBM Security Bulletin: Open Source Apache Tomcat Commons FileUpload Vulnerabilities affects Atlas Policy Suite (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995382 --------------------------------------------- *** IBM Security Bulletin: Potential Information Disclosure vulnerability in IBM MessageSight (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995246 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in OpenSSH (CVE-2015-5352, CVE-2015-6563, CVE-2015-6564) *** http://www.ibm.com/support/docview.wss?uid=swg21992610 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web version 7 software (CVE-2016-3550, CVE-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21993132 --------------------------------------------- *** IBM Security Bulletin: Open Redirect vulnerability in IBM MessageSight (CVE-2016-3040) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995247 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 CPU affect for IBM Connections (CVE-2016-0264 ) *** https://www-01.ibm.com/support/docview.wss?uid=swg21988365 --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 CPU affect Content Collector for Email (CVE-2016-0264) *** https://www-01.ibm.com/support/docview.wss?uid=swg21988357 --------------------------------------------- *** IBM Security Bulletin: Information Disclosure in IBM MessageSight (CVE-2016-0378) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995238 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 9-12-2016
by Daily end-of-shift report 09 Dec '16

09 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-12-2016 18:00 − Freitag 09-12-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Produktwarnung für Joomla! *** --------------------------------------------- [...] In den Joomla! Versionen 3.4.4 bis einschließlich 3.6.4 wurde eine Sicherheitslücke entdeckt, die es einem Angreifer aus dem Internet ermöglicht, beliebigen Programmcode auszuführen und dadurch erheblichen Schaden auf einem betroffenen... --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… *** Root-Rechte durch Linux-Lücke *** --------------------------------------------- Seit fünf Jahren klafft eine Lücke im Linux-Kernel, durch die sich lokale Nutzer erhöhte Rechte verschaffen können. Auch Android ist betroffen. --------------------------------------------- https://heise.de/-3565365 *** Mobile Ransomware: Pocket-Sized Badness *** --------------------------------------------- A few weeks ago, I spoke at Black Hat Europe 2016 on Pocket-Sized Badness: Why Ransomware Comes as a Plot Twist in the Cat-Mouse Game. While watching mobile ransomware from April 2015 to April 2016, I noticed a big spike in the number of Android ransomware samples. During that year, the number of Android ransomware increased by 140%. In certain areas, mobile ransomware accounts for up to 22 percent of mobile malware overall! (These numbers were obtained from the Trend Micro Mobile App... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/hPA6z0gnzFE/ *** Managed-Exchange-Dienst: Telekom-Cloud-Kunde konnte fremde Adressbücher einsehen *** --------------------------------------------- Durch einen Konfigurationsfehler konnte ein Nutzer der Telekom-Cloud-Dienste kurzzeitig auf fremde Adressbücher zugreifen, darunter sollen auch Strafverfolgungsbehörden gewesen sein. Schuld war wohl ein Berechtigungsfehler im Exchange-Dienst. (Telekom, Datenschutz) --------------------------------------------- http://www.golem.de/news/managed-exchange-dienst-telekom-cloud-kunde-konnte… *** Crooks Start Deploying New "August" Infostealer *** --------------------------------------------- During the month of November 2016, a cyber-crime group has started deploying a new malware family nicknamed "August," used mainly for information gathering and reconnaissance on the infected targets computer. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/crooks-start-deploying-new-a… *** PowerShell threats surge: 95.4 percent of analyzed scripts were malicious *** --------------------------------------------- Symantec analyzed 111 threat families that use PowerShell, finding that they leverage the framework to download payloads and traverse through networks. --------------------------------------------- https://www.symantec.com/connect/blogs/powershell-threats-surge-954-percent… *** Kaspersky Security Bulletin 2016. The ransomware revolution *** --------------------------------------------- Between January and September 2016 ransomware attacks on business increased three-fold - to the equivalent of an attack every 40 seconds. With the ransomware-as-a-service economy booming, and the launch of the NoMoreRansom project, Kaspersky Lab has named ransomware its key topic for 2016. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/76757/kaspersky-… *** Banking Trojan Uses Gmail Popup to Extend Infection to Victims Android Phone *** --------------------------------------------- A group of malware authors has come up with a new method of transcending an infection from the users computer to his Android smartphone. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/banking-trojan-uses-gmail-po… *** Industriespionage: Wie Thyssenkrupp seine Angreifer fand *** --------------------------------------------- Wie schützt man sein Netzwerk, wenn man 150.000 Mitarbeiter und 500 Tochterunternehmen hat? Thyssenkrupp lernte nach einem Angriff, dass es zwei Dinge braucht: Ausreichend Ressourcen und Freiheit für das Team. --------------------------------------------- http://www.golem.de/news/industriespionage-wie-thyssenkrupp-seine-angreifer… *** Now Mirai Has DGA Feature Built in *** --------------------------------------------- Nearly 2 weeks ago, 2 new infection vectors (aka TCP ports of 7547 and 5555) were found being used to spread MIRAI malwares . My colleague Gensheng quickly set up some honeypots for that sort of vectors and soon had his harvests: 11 samples were captured on Nov 28th. Till now 53 unique samples have been captured by our honeypots from 6 hosting servers. --------------------------------------------- http://blog.netlab.360.com/new-mirai-variant-with-dga/ *** Krypto-Trojaner: Lockys gieriger Bruder verlangt über 2000 Euro Lösegeld *** --------------------------------------------- Nicht nur der Erpressungs-Trojaner GoldenEye ist derzeit ein Ärgernis, auch die Verwandschaft des berüchtigten Locky-Trojaners geht weiter auf Raubzug. Eine Osiris genannte Variante schlägt derzeit vermehrt zu und verlangt ein saftiges Lösegeld. --------------------------------------------- https://heise.de/-3564812 *** Bugtraq: AST-2016-009: *** --------------------------------------------- http://www.securityfocus.com/archive/1/539888 *** Bugtraq: AST-2016-008: Crash on SDP offer or answer from endpoint using Opus *** --------------------------------------------- http://www.securityfocus.com/archive/1/539887 *** DFN-CERT-2016-2010: Sophos UTM: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-2010/ *** DFN-CERT-2016-1991: FreeBSD: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1991/ *** DSA-3729 xen - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:... --------------------------------------------- https://www.debian.org/security/2016/dsa-3729 *** Cisco Email Security Appliance Content Filter Bypass Vulnerability *** --------------------------------------------- A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.The vulnerability is due to improper filtering of certain TAR format files that are attached to email messages. An attacker could exploit this vulnerability by sending an email message that has a crafted TAR file attachment through an affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: libxml2 vulnerabilities CVE-2016-4447 and CVE-2016-4449 *** https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24322529.html?… --------------------------------------------- *** Security Advisory: PHP vulnerability CVE-2016-6290 *** https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15850913.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-5844 *** https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24036027.html?… --------------------------------------------- *** Security Advisory: PHP vulnerability CVE-2016-7126 *** https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40564589.html?… --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2016-6302 *** https://support.f5.com:443/kb/en-us/solutions/public/k/70/sol70844615.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1836 *** https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48220300.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2015-8932 *** https://support.f5.com:443/kb/en-us/solutions/public/k/90/sol90412202.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-5418 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35246595.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1835 *** https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43314223.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1837 *** https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05937379.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1833 *** https://support.f5.com:443/kb/en-us/solutions/public/k/62/sol62030064.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1762 *** https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14338030.html?… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-5983) *** http://www.ibm.com/support/docview.wss?uid=swg21994945 --------------------------------------------- *** IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2016-2775, CVE-2016-2776, CVE-2016-8864 and CVE-2016-6170) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021750 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2180, CVE-2016-2182, CVE-2016-6306) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021733 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 HTTPS support for Perl Collector *** http://www.ibm.com/support/docview.wss?uid=swg21990532 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in DHCP affect Power Hardware Management Console (‪CVE-2015-8605 and CVE-2016-2774‬‬) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021703 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect IBM Security AppScan Enterprise *** http://www-01.ibm.com/support/docview.wss?uid=swg21995118 --------------------------------------------- *** IBM Security Bulletin: Open Source Apache Tomcat , Commons FileUpload Vulnerabilities affecting IBM Algo Audit and Compliance (CVE-2016-3092) *** http://www.ibm.com/support/docview.wss?uid=swg21993305 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool *** http://www.ibm.com/support/docview.wss?uid=isg3T1024507 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Network Advisor (CVE-2016-3425, CVE-2016-3427, CVE-2016-0695). *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009640 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors and IBM Network Advisor (CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704, CVE-2016-0704, CVE-2016-2842). *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009631 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in pConsole impacts AIX (CVE-2016-0266) *** http://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Fabric Manager (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099504 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-4003) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994399 --------------------------------------------- *** IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Rational ClearQuest (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993816 --------------------------------------------- *** IBM Security Bulletin:Vulnerabilities in OpenSSL affect IBM SONAS *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009648 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Rational ClearCase (CVE-2016-2177, CVE-2016-2178, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306) *** http://www.ibm.com/support/docview.wss?uid=swg21993514 --------------------------------------------- *** IBM Security Bulletin: Tivoli Storage Manager (IBM Spectrum Protect) AIX Client Buffer Overflow (CVE-2016-5985) *** http://www.ibm.com/support/docview.wss?uid=swg21993695 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Websphere affects IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5983) *** http://www.ibm.com/support/docview.wss?uid=swg21992640 --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities affect the Report Builder and Data Collection Component that are shipped with Jazz Reporting Service (CVE-2016-5898, CVE-2016-5899, CVE-2016-6054, CVE-2016-6047) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991154 --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities affect the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2016-5897, CVE-2016-6039) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991153 --------------------------------------------- *** IBM Security Bulletin:Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2119) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009567 --------------------------------------------- *** IBM Security Bulletin:Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-3092) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009566 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware *** http://www-01.ibm.com/support/docview.wss?uid=swg21995039 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 7-12-2016
by Daily end-of-shift report 07 Dec '16

07 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-12-2016 18:00 − Mittwoch 07-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Onlinewerbung: Forscher stoppen monatelange Malvertising-Kampagne *** --------------------------------------------- Über eine Malvertising-Kampagne ist in den vergangenen Monaten Schadcode verteilt worden. Die Macher des Stegano-Exploit-Kits versteckten dabei unsichtbare Pixel in Werbeanzeigen und nutzen Exploits in Flash und dem Internet Explorer. --------------------------------------------- http://www.golem.de/news/onlinewerbung-forscher-stoppen-monatelange-malvert… *** Petya-Variante: Goldeneye-Ransomware verschickt überzeugende Bewerbungen *** --------------------------------------------- Kurz vor dem Jahresende gibt es erneut eine größere Ransomware-Kampagne in Deutschland. Kriminelle verschicken mit Goldeneye professionell aussehende Bewerbungen an Personalabteilungen - und nutzen möglicherweise Informationen des Arbeitsamtes. --------------------------------------------- http://www.golem.de/news/petya-variante-goldeneye-ransomware-verschickt-ueb… *** Kriminelle könnten Daten von Visa-Kreditkarten vergleichsweise einfach erraten *** --------------------------------------------- In einer Studie zeigen Sicherheitsforscher, wie sie CVV-Nummern und andere Kreditkarten-Daten in wenigen Sekunden erraten und damit anschließend Geld überweisen. --------------------------------------------- https://heise.de/-3564898 *** Flash Exploit Found in Seven Exploit Kits *** --------------------------------------------- An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future. --------------------------------------------- http://threatpost.com/flash-exploit-found-in-seven-exploit-kits/122284/ *** Explained: Domain Generating Algorithm *** --------------------------------------------- Domain Generating Algorithms are in use by cyber criminals to prevent their servers from being blacklisted or taken down. The algorithm produces random looking domain names. The idea is that two machines using the same algorithm will contact the same domain at a given time.Categories: Security world TechnologyTags: algorithmdgadomainDomain Generating AlgorithmgeneratinggenerationPieter Arntz(Read more...) --------------------------------------------- https://blog.malwarebytes.com/security-world/2016/12/explained-domain-gener… *** Attacking NoSQL applications, (Tue, Dec 6th) *** --------------------------------------------- In last couple of years, the MEAN stack (MongoDB, Express.js, Angular.js and Node.js) became the stack of choice for many web application developers. The main reason for this popularity is the fact that the stack supports both client and server side programs written in JavaScript, allowing easy development. The core database used by the MEAN stack, MongoDB, is a NoSQL database program that uses JSON-like documents with dynamic schemas allowing huge flexibility. Although NoSQL databases are not... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21787&rss *** MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking *** --------------------------------------------- In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we continue taking down unwanted software, the pesky threats that force onto our computers things that we neither want nor need. BrowserModifier:Win32/Clodaconas, for instance, displays ads when you're browsing the internet. It modifies search results pages so that you see unsolicited ads related to your... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/12/06/msrt-december-2016-addr… *** Unrestricted Backend Login Method Seen in OpenCart *** --------------------------------------------- >From the attacker's perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malware and perform different kinds of malicious activities. One of the ways attackers try to secure their access is by adding admin users, or pieces of malicious code throughout the site. This allows them to regain access easily, if needed. However, we recently found a unique way to achieve this kind of breach. --------------------------------------------- https://blog.sucuri.net/2016/12/unrestricted-backend-login.html *** Crims using anti-virus exclusion lists to send malware to where it can do most damage *** --------------------------------------------- When vendors tell you what to whitelist, crims are reading too Advanced malware writers are using anti-virus exclusion lists to better target victims, researchers say. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/12/07/clever_crim… *** Deep Analysis of the Online Banking Botnet TrickBot *** --------------------------------------------- TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and Ireland, to name a few. --------------------------------------------- http://blog.fortinet.com/2016/12/06/deep-analysis-of-the-online-banking-bot… *** Debugging war story: the mystery of NXDOMAIN *** --------------------------------------------- The following blog post describes a debugging adventure on Cloudflares Mesos-based cluster. This internal cluster is primarily used to process log file information so that Cloudflare customers have analytics, and for our systems that detect and respond to attacks.The problem encountered didnt have any effect on our customers, --------------------------------------------- https://blog.cloudflare.com/debugging-war-story-the-mystery-of-nxdomain/ *** Popular smart toys violate children's privacy rights? *** --------------------------------------------- My Friend Cayla and i-Que, two extremely popular "smart" toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children's) rights to security and privacy, researchers have found. The toys come with companion apps, and the latter use services by Nuance Communications, a company headquartered in Massachussetts that specializes in voice-and speech-recognition services for a variety of industries. --------------------------------------------- https://www.helpnetsecurity.com/2016/12/07/smart-toys-privacy-rights/ *** Bugtraq: [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security *** --------------------------------------------- http://www.securityfocus.com/archive/1/539883 *** Security Advisory - Privilege Escalation Vulnerability in Some Huawei Storage Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161207-… *** Security Advisory - Dirty COW Vulnerability in Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161207-… *** Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161207-… *** Tesla Gateway ECU Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a Gateway ECU vulnerability in Teslas Model S automobile. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01 *** Locus Energy LGate Command Injection Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a command injection vulnerability in Locus Energy's LGate application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0 *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: Python urllib and urllib2 library vulnerability CVE-2016-5699 *** https://support.f5.com:443/kb/en-us/solutions/public/k/10/sol10420455.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1839 *** https://support.f5.com:443/kb/en-us/solutions/public/k/26/sol26422113.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1840 *** https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14614344.html?… --------------------------------------------- *** Security Advisory: PHP vulnerability CVE-2016-7127 *** https://support.f5.com:443/kb/en-us/solutions/public/k/89/sol89002224.html?… --------------------------------------------- *** Security Advisory: PHP vulnerabilities CVE-2016-6288 and CVE-2016-6289 *** https://support.f5.com:443/kb/en-us/solutions/public/k/34/sol34985231.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2016-1838 *** https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71926235.html?… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower Management Center Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Identity Services Engine Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS XR Software Default Credentials Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Frame Forwarding Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Intercloud Fabric Director Static Credentials Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Hybrid Media Service Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FirePOWER Malware Protection Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Expressway Series Software Security Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Email Security Appliance and Web Security Appliance Content Filter Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Emergency Responder Directory Traversal Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Emergency Responder Cross-Site Request Forgery Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- Next End-of-Shift report: 2016-12-09

1 0

Tageszusammenfassung - Dienstag 6-12-2016
by Daily end-of-shift report 06 Dec '16

06 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-12-2016 18:00 − Dienstag 06-12-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Dirty Cow Vulnerability Patched in Android Security Bulletin *** --------------------------------------------- Todays Android Security Bulletin included a patch for the Dirty Cow vulnerability, a seven-year-old Linux bug that had yet to be patched by Google. --------------------------------------------- http://threatpost.com/dirty-cow-vulnerability-patched-in-android-security-b… *** BlackBerry powered by Android Security Bulletin - December 2016 *** --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038813 *** Arista CloudVision Portal bug revealed, plus evidence its been used *** --------------------------------------------- You know the drill: face-palm, download, patch, grumble about state of security, relax Arista customers: if youre running a version of CloudVision Portal (CVP) older than 2016.1.2.1, get an update or risk getting p0wned. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/arista_clou… *** Printer security is so bad HP Inc will sell you services to fix it *** --------------------------------------------- Finally, FINALLY, someone is turning off Telnet and FTP Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/printer_sec… *** GNU Netcat 0.7.1 Out-Of-Bounds Write *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016120029 *** In the three years since IETF said pervasive monitoring is an attack, whats changed? *** --------------------------------------------- IETF Security director Stephen Farrell offers a report card on evolving defences --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/ietf_report… *** [2016-12-06] Backdoor vulnerability in Sony IPELA ENGINE IP Cameras *** --------------------------------------------- Sony IPELA Engine IP Cameras contain multiple backdoors. Those backdoor accounts allow an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or spy on people. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** DailyMotion anscheinend gehackt: 87,6 Millionen Nutzer betroffen *** --------------------------------------------- Unbekannte Hacker sollen in das Server-System die Videoportals eingestiegen sein und neben E-Mail-Adressen auch geschützte Passwörter kopiert haben. --------------------------------------------- https://heise.de/-3559563 *** Vuln: Joomla! Core CVE-2016-9836 Arbitrary File Upload Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94663 *** International Phone Fraud Tactics *** --------------------------------------------- This article outlines two different types of international phone fraud. --------------------------------------------- https://www.schneier.com/blog/archives/2016/12/international_p.html *** Aufgepasst: Neuer Verschlüsselungstrojaner Goldeneye verbreitet sich rasant *** --------------------------------------------- Ein bisher unbekannter Verschlüsselungstrojaner tarnt sich als Bewerbungs-E-Mail und versucht, Systeme in ganz Deutschland zu verschlüsseln. Momentan wird er von vielen Virenscannern noch nicht erkannt. --------------------------------------------- https://heise.de/-3561396 *** Roundcube 1.2.2: Command Execution via Email *** --------------------------------------------- In this post, we show how a malicious user can execute arbitrary commands on the underlying operating system remotely, simply by writing an email in Roundcube 1.2.2 (>= 1.0). This vulnerability is highly critical because all default installations are affected. We urge all administrators to update the Roundcube installation to the latest version 1.2.3 as soon as possible. --------------------------------------------- https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ *** Xen Security Advisory 199 (CVE-2016-9637) - qemu ioport array overflow *** --------------------------------------------- hen qemu is used as a device model within Xen, io requests are generated by the hypervisor and read by qemu from a shared ring. The entries in this ring use a common structure, including a 64-bit address field, for various accesses, including ioport addresses. Xen will write only 16-bit address ioport accesses. However, depending on the Xen and qemu version, the ring may be writeable by the guest. If so, the guest can generate out-of-range ioport accesses, resulting in wild pointer accesses --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2016-12/msg00001.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager. *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099503 --------------------------------------------- *** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Open Source Linux Kernel Vulnerabilities (CVE-2016-5195) *** http://www.ibm.com/support/docview.wss?uid=swg21994535 --------------------------------------------- *** IBM Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993006 --------------------------------------------- *** IBM Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to various CVEs. *** http://www.ibm.com/support/docview.wss?uid=swg21994719 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics *** http://www-01.ibm.com/support/docview.wss?uid=swg21994401 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388) *** http://www.ibm.com/support/docview.wss?uid=swg21994725 --------------------------------------------- *** IBM Security Bulletin: Open Source Apache Xerces-C XML parser vulnerabilities affect IBM Integration Bus and WebSphere Message Broker (CVE-2016-4463, CVE-2016-0729) *** http://www.ibm.com/support/docview.wss?uid=swg21985691 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM Streams (CVE-2016-3705) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991065 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in NTP and OpenSSL affect IBM Netezza Firmware Diagnostics Tools *** http://www-01.ibm.com/support/docview.wss?uid=swg21994484 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 5-12-2016
by Daily end-of-shift report 05 Dec '16

05 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-12-2016 18:00 − Montag 05-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Bug des Tages: Forwarding issues related to MACs starting with a 4 or a 6 *** --------------------------------------------- OK aber wieso sollte denn ausgerechnet 4 oder 6 am Anfang ein Problem sein? Weil bei IPv4 und IPv6 die Header mit der "Version" anfangen, die ersten vier Bits sind bei IPv4 immer 4 und bei IPv6 immer 6. Nun kommt der IP-Header nach dem Ethernet-Header, d.h. da gibt es an sich keine Verwechslungsgefahr. Du weißt ja, worauf du gerade guckst. Aber anscheinend haben da einige Hersteller versucht, "selbstdenkende" Geräte zu bauen, die sich die ersten 4 Bits angucken,... --------------------------------------------- https://blog.fefe.de/?ts=a6bc62fc *** Studie: Herzschrittmacher lassen sich leicht hacken *** --------------------------------------------- Sicherheitsforscher aus Belgien und Großbritannien konnten mehrere verschiedene Modelle von Implantaten für Patienten mit Herzrhythmusstörungen aus der Ferne hacken. --------------------------------------------- https://futurezone.at/digital-life/studie-herzschrittmacher-lassen-sich-lei… *** Anti-Schnüffler-Tool SAMRi10 soll Windows-Netzwerke schützen *** --------------------------------------------- Mit dem kostenlosen PowerShell-Skript sollen Admins Schnüfflern den Zutritt zum Security Account Manager effektiver versperren können. --------------------------------------------- https://heise.de/-3550115 *** The Kings in Your Castle, Pt #4 *** --------------------------------------------- Oftentimes, there is talk about a "sophisticated" malware-based attack against an individual or an organization. The prevalent assumption is that a great deal of development work has gone into the attack tools. In the 4th part of the article series, Marion Marschalek and Raphael Vinot will demonstrate what sophistication means and what it actually looks like. --------------------------------------------- https://blog.gdatasoftware.com/2016/12/29343-the-kings-in-your-castle-pt-4 *** Identitätsdiebstahl mit gefälschter PayPal-Nachricht *** --------------------------------------------- Mit einer gefälschten PayPal-Nachricht wollen Kriminelle die Identität von Empfänger/innen stehlen. Damit sie ihr Ziel erreichen, behaupten sie, dass das Unternehmen das fremde PayPal-Konto deaktiviert habe. Es könne dieses nur reaktiveren, wenn es eine Personalausweis-Kopie der Kund/innen erhalte. Das ist falsch. --------------------------------------------- https://www.watchlist-internet.at/sonstiges/identitaetsdiebstahl-mit-gefael… *** Putting security risks on simmer with Chef *** --------------------------------------------- To remain PCI-compliant, I conduct quarterly security assessments of our infrastructure. This means external testing of our internet-facing PCI resources, using an approved scanning vendor (ASV), and what I call internal PCI full-population scans.Trouble TicketAt issue: Too many servers with too many different configurations make it tough to stay in compliance.Action plan: Use Chef and the CIS guidelines to ensure that servers are properly configured.We do the external scanning every month,... --------------------------------------------- http://www.cio.com/article/3147055/security/putting-security-risks-on-simme… *** Vuln: Alcatel-Lucent OmniVista 8770 CVE-2016-9796 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94649 *** FortiOS Local Admin Password Hash Leak Vulnerability *** --------------------------------------------- http://fortiguard.com/advisory/FG-IR-16-050 *** Bugtraq: CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used *** --------------------------------------------- http://www.securityfocus.com/archive/1/539873 *** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server (CVE-2016-3092) *** --------------------------------------------- An Apache Commons FileUpload vulnerability while processing file upload requests was addressed by IBM InfoSphere Information Server. CVE(s): CVE-2016-3092 Affected product(s) and affected version(s): The following product, running on all supported platforms, is affected: IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3, and 11.5 IBM InfoSphere Metadata Asset Manager: versions 8.7, 9.1, 11.3, and... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988564 *** IBM Security Bulletin: Vulnerability has been identified in IBM Cloud Orchestrator teamwork API (CVE-2016-0206 ) *** --------------------------------------------- A potential denial of service vulnerability has been identified in IBM Cloud Orchestrator teamwork executeServiceByName API if an invalid URL is provided by local authenticated user. IBM Cloud Orchestrator, formerly known as IBM SmartCloud Orchestrator has addressed the issue. CVE(s): CVE-2016-0206 Affected product(s) and affected version(s): IBM Cloud Orchestrator V2.3, V2.3.0.1 V2.4, V2.4.0.1, V2.4.0.2 Refer... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000141

1 0

Tageszusammenfassung - Freitag 2-12-2016
by Daily end-of-shift report 02 Dec '16

02 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 01-12-2016 18:00 − Freitag 02-12-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** BitUnmap: Attacking Android Ashmem *** --------------------------------------------- Posted by Gal Beniamini, Project ZeroThe law of leaky abstractions states that "all non-trivial abstractions, to some degree, are leaky". In this blog post we'll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result in security vulnerabilities affecting core system code. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-as… *** Exploited Script in WordPress Theme Sends Spam *** --------------------------------------------- As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins - which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code that is developed with good intentions but without taking security measures into consideration. --------------------------------------------- https://blog.sucuri.net/2016/12/exploited-script-wordpress-themes-send-spam… *** Blockchain Technology Explained - An Executive Summary *** --------------------------------------------- This article provides an executive summary on the Blockchain technology, what it is, how it works, and why everyone is excited about it. --------------------------------------------- https://www.whitehatsec.com/blog/blockchain-technology/ *** [0day] Bypassing Apples System Integrity Protection *** --------------------------------------------- Read how an attacker can bypass Apples SIP, via the local OS upgrade process --------------------------------------------- https://objective-see.com/blog/blog_0x14.html *** One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild *** --------------------------------------------- Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. This is an easily exploitable vulnerability which can be found in all supported versions of Windows, from Windows 7 to Windows 10. By changing one bit, the attacker can elevate the privileges of a thread, giving administrator access to a process that would not have it under normal circumstances. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bcdzgHcT2VE/ *** Protecting Powershell Credentials (NOT), (Fri, Dec 2nd) *** --------------------------------------------- If youre like me, youve worked through at least one Powershell tutorial, class or even a how-to blog. And youve likely been advised to use the PSCredential construct to store credentials. The discussion usually covers that this a secure way to collect credentials, then store them in a variable for later use. You can even store them in a file and read them back later. Awesome - this solves a real problem you thought - or does it? For instance, to collect credentials for a VMware vSphere... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21779&rss *** Remote management app exposes millions of Android users to hacking *** --------------------------------------------- Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app... --------------------------------------------- http://www.cio.com/article/3146916/security/remote-management-app-exposes-m… *** DFN-CERT-2016-1971: Google Chrome: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1971/ *** ZDI-16-617: Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL Universal Management Suite. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-617/ *** F5 Security Advisory: Apache Tomcat vulnerability CVE-2016-6816 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50116122.html?… *** F5 Security Advisory: Apache Tomcat vulnerability CVE-2016-8735 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49820145.html?… *** USN-3148-1: Ghostscript vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-3148-11st December, 2016ghostscript vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryGhostscript could be made to crash, run programs, or disclose sensitiveinformation if it processed a specially crafted file.Software description ghostscript - PostScript and PDF interpreter DetailsTavis Ormandy discovered multiple vulnerabilities in the way that --------------------------------------------- http://www.ubuntu.com/usn/usn-3148-1/ *** ICS-CERT Advisories *** --------------------------------------------- *** Siemens SICAM PAS Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01 --------------------------------------------- *** Moxa NPort Device Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02 --------------------------------------------- *** Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03 --------------------------------------------- *** Advantech SUSIAccess Server Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04 --------------------------------------------- *** Smiths-Medical CADD-Solis Medication Safety Software Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024545 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024478 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) that is bundled with IBM WebSphere Application Server Patterns. *** http://www.ibm.com/support/docview.wss?uid=swg21993759 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in redis affect PowerKVM (CVE-2015-4335, CVE-2013-7458) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024538 --------------------------------------------- *** IBM Security Bulletin: Authentication vulnerability affects IBM Integration Bus V10.0.0.4 onwards (CVE-2016-8918 ) *** http://www.ibm.com/support/docview.wss?uid=swg21995079 --------------------------------------------- *** IBM Security Bulletin: The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings (CVE-2016-6080) *** http://www.ibm.com/support/docview.wss?uid=swg21995004 --------------------------------------------- *** IBM Security Bulletin: IBM Mobile Connect is vulnerable to the Sweet32: Birthday Attacks (CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg21994927 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-5573, CVE-2016-5597, CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994297 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009581 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource libxml2 affect IBM Security Guardium (CVE-2016-2073) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984606 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 1-12-2016
by Daily end-of-shift report 01 Dec '16

01 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-11-2016 18:00 − Donnerstag 01-12-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** 0-Day: Tor und Firefox patchen ausgenutzten Javascript-Exploit *** --------------------------------------------- Tor und Mozilla haben schnell reagiert und veröffentlichen einen außerplanmäßigen Patch für eine kritische Sicherheitslücke. Der Fehler lag in einer Animationsfunktion für Vektorgrafiken. --------------------------------------------- http://www.golem.de/news/0-day-tor-und-firefox-patchen-kritische-schwachste… *** Avalanche Takedown *** --------------------------------------------- Am 30. November 2016 wurde durch ein breit angelegte Kooperation von Polizei (Europol, Eurojust, FBI, ...), Staatsanwälten und IT Sicherheitsorganisationen (BSI, Shadowserver, CERTs) das Avalanche Botnet übernommen. Die Zahlen von Shadowserver sind eindrucksvoll:... --------------------------------------------- http://www.cert.at/services/blog/20161201172722-1851.html *** IBM warns of rising VoIP cyberattacks *** --------------------------------------------- Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM's Security Intelligence group this week."SIP is one of the most commonly used application layer protocols in VoIP technology... we found that there has been an upward trend in attacks targeting the SIP protocol, with the most notable uptick occurring in the second... --------------------------------------------- http://www.cio.com/article/3146209/security/ibm-warns-of-rising-voip-cybera… *** Shamoon 2: Return of the Disttrack Wiper *** --------------------------------------------- In August 2012, an attack campaign known as Shamoon targeted a Saudi Arabian energy company to deliver a malware called Disttrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The attack four years ago resulted in 30,000 or more systems being damaged. Last week, Unit 42... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-… *** Fatal flaws in ten pacemakers make for Denial of Life attacks *** --------------------------------------------- Brit/Belgian research team decipher signals and devise wounding wireless attacks A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/12/01/denial_of_l… *** New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer *** --------------------------------------------- In January of 2016, we found various "SmsSecurity" mobile apps that claimed to be from various banks. Since then, weve found some new variants of this attack that add new malicious capabilities. These capabilities include: anti-analysis measures, automatic rooting, language detection, and remote access via TeamViewer. In addition, SmsSecurity now cleverly uses the accessibility features of Android to help carry out its routines in a stealthy manner, without interaction from the... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ckweihUN7n8/ *** SAMRi10: Windows 10 hardening tool for thwarting network recon *** --------------------------------------------- Microsoft researchers Itay Grady and Tal Be'ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced "Samaritan"). User2 (non-admin) gets access denied by SAMRi10 when calling Net User remotely to a hardened Domain Controller Both the Net Cease tool they released in October and SAMRi10 are simple PowerShell scripts and are aimed at preventing attackers that are already inside a corporate network from mapping it... --------------------------------------------- https://www.helpnetsecurity.com/2016/12/01/samri10-windows-10-hardening/ *** Security Notice - Statement on Newsmth.net Forum Revealing Security Issue in Huawei P9 Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20161130-01-… *** USN-3141-1: Thunderbird vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-3141-130th November, 2016thunderbird vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Thunderbird.Software description thunderbird - Mozilla Open Source mail and newsgroup client DetailsChristian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong,Tooru Fujisawa, and Randell Jesup discovered multiple memory safety... --------------------------------------------- http://www.ubuntu.com/usn/usn-3141-1/ *** Security Advisories Relating to Symantec Products - Norton App Lock Bypass *** --------------------------------------------- Symantec has addressed an issue where on some Android devices, Norton App Lock could have been bypassed, which could have allowed locked applications to be opened. --------------------------------------------- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s… *** OpenAFS Security Advisory 2016-003 *** --------------------------------------------- Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is physically visible on the fileserver vice partition,... --------------------------------------------- https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt *** Bugtraq: [security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/539855 *** Bugtraq: [security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/539857 *** Bugtraq: [security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/539863 *** Bugtraq: [security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection *** --------------------------------------------- http://www.securityfocus.com/archive/1/539864 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability in wget affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024556 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in DHCP affects PowerKVM (CVE-2016-5410) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024551 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM (CVE-2016-3119, CVE-2016-3120) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024550 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in util-linux affects PowerKVM (CVE-2016-5011) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024543 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in powerpc-utils-python affects PowerKVM (CVE-2014-8165) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024540 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in fontconfig affects PowerKVM (CVE-2016-5384) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024533 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in sudo affects PowerKVM (CVE-2016-7091) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024532 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Python-RSA affects PowerKVM (CVE-2016-1494) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024409 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in bind affect PowerKVM (CVE-2016-2776, CVE-2016-8864) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024402 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024401 ---------------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2016