=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 17-01-2017 18:00 − Mittwoch 18-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Critical Patch Update - January 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
*** vBulletin Malware – When Hackers Compete for Backdoor Control ***
---------------------------------------------
A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we encountered had ..
---------------------------------------------
https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-…
*** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH and other third party software vulnerabilities affect NSM Appliance OS. ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS
*** Kill it with fire: US-CERT warns admins to dump Server Message Block ***
---------------------------------------------
Shadow Brokers may have loosed a zero-day, so youre better safe than sorry The US computer emergency readiness team ..
---------------------------------------------
www.theregister.co.uk/2017/01/18/uscert_warns_admins_to_kill_smb_after_shad…
*** Do web injections exist for Android? ***
---------------------------------------------
Man-in-the-Browser (MITB) attacks can be implemented using various means, including malicious DLLs, rogue ..
---------------------------------------------
http://securelist.com/blog/research/77118/do-web-injections-exist-for-andro…
*** In Review: 2016’s Mobile Threat Landscape Brings Diversity, Scale, and Scope ***
---------------------------------------------
65 million: the number of times we’ve blocked mobile threats in 2016. By December 2016, the total number of unique samples of malicious Android apps we’ve collected and ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/2016-mobile-thre…
*** Last call to replace SHA-1 certificates ***
---------------------------------------------
http://blog.sec-consult.com/2017/01/last-call-to-replace-sha-1-certificates…
*** The Carbanak gang is with a new modus operandi, Google services as C&C ***
---------------------------------------------
The infamous Carbanak cybercrime gang is back and is leveraging Google services for command-and-control of its malicious codes. The dreaded Carbanak cybercrime gang is back ..
---------------------------------------------
http://securityaffairs.co/wordpress/55427/cyber-crime/carbanak-google-servi…
*** Spora Ransomware Offers Victims Unique Payment Options ***
---------------------------------------------
Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options.
---------------------------------------------
http://threatpost.com/spora-ransomware-offers-victims-unique-payment-option…
*** Kritische Lücken in Java & Co: Oracle wirft Riesen-Patchpaket ab ***
---------------------------------------------
Das neueste Critical Patch Update von Oracle enthält unter anderem Sicherheitsupdates für Java, MySQL und VirtualBox. Wie immer gibt es Patches für fast alle Produkte des Herstellers.
---------------------------------------------
https://heise.de/-3601613
*** Ancient Mac backdoor discovered that targets medical research firms ***
---------------------------------------------
More secure than PC? Ha! Security researchers at Malwarebytes have discovered a Mac backdoor using antiquated code that targets biomedical research facilities.…
---------------------------------------------
ww.theregister.co.uk/2017/01/18/mac_malware/
*** Uncovering the Inner Workings of EyePyramid ***
---------------------------------------------
Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-inner…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 16-01-2017 18:00 − Dienstag 17-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Who's winning the cyber war? The squirrels, of course ***
---------------------------------------------
CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" can.
---------------------------------------------
http://arstechnica.com/information-technology/2017/01/whos-winning-the-cybe…
*** Dodgy Dutch developer built backdoors into thousands of sites ***
---------------------------------------------
Then hoovered out users personal data, stole identities galore and spent up big Dutch police are this week warning 20,000 users that their email accounts were hacked after ..
---------------------------------------------
www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_b…
*** [2017-01-17] Cross site scripting in TYPO3 CMS extension "Recommend page" ***
---------------------------------------------
The "Recommend page" extension (pb_recommend_page) for the TYPO3 CMS does not sanitize input properly. Hence an attacker can inject malicious HTML/JavaScript content which can cause harm to the users.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017…
*** Erpressung ist (immer noch) in! ***
---------------------------------------------
Das neue Jahr bringt sicherlich wieder viele technische Neuerungen und (potentiell unsägliche) Trends mit sich. Eines bleibt leider unverändert: Erpressung ist in.Neben DDoS-Drohungen und Ransomware in ..
---------------------------------------------
http://www.cert.at/services/blog/20170117104444-1861.html
*** CryptoSearch: Tool findet und sammelt von Ransomware verschlüsselte Dateien zur Verwahrung ein ***
---------------------------------------------
Wenn ein Erpressungs-Trojaner Daten in seine Gewalt gebracht hat, hoffen Opfer auf ein kostenloses Entschlüsselungstool - wann und ob überhaupt eins kommt, ist aber oft unklar. Ein Windows-Tool sammelt und archiviert bis dahin betroffene Dateien.
---------------------------------------------
https://heise.de/-3597757
*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
Security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to read a small part of ...
---------------------------------------------
https://support.citrix.com/article/CTX219378
*** Free-to-Play: Forum von Clash-of-Clans-Betreiber gehackt ***
---------------------------------------------
Erneut ist ein vBulletin-Forum gehackt worden. Betroffen sind vermutlich 1,1 Millionen Nutzer von Supercell-Foren. Der Spielehersteller vertreibt populäre Titel wie Clash of Clans und Clash Royale.
---------------------------------------------
http://www.golem.de/news/free2play-forum-von-clash-of-clans-betreiber-gehac…
*** The Line of Death ***
---------------------------------------------
When building applications that display untrusted content, security designers have a major problems if an attacker has full control of a block of pixels, he can make those pixels look ..
---------------------------------------------
https://textslashplain.com/2017/01/14/the-line-of-death/
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 13-01-2017 18:00 − Montag 16-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Hardening Windows 10 with zero-day exploit mitigations ***
---------------------------------------------
Cyber attacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-wi…
*** WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs ***
---------------------------------------------
According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for ..
---------------------------------------------
http://securityaffairs.co/wordpress/55308/breaking-news/wordpress-4-7-1-rel…
*** DSA-3764 pdns - security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in pdns, an authoritativeDNS server. The Common Vulnerabilities and Exposures project identifiesthe following ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3764
*** DSA-3763 pdns-recursor - security update ***
---------------------------------------------
Florian Heinz and Martin Kluge reported that pdns-recursor, a recursiveDNS server, parses all records present in a query regardless of whetherthey are ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3763
*** Backup Files Are Good but Can Be Evil ***
---------------------------------------------
Since we started to work with computers, we always heard the following advice: Make backups!. Everytime you have to change something in a file or an application, first make a backup of the existing resources (code, configuration files, data). But, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21935
*** Compliance: Deutsche Bank verbannt Whatsapp und SMS von Diensthandys ***
---------------------------------------------
Mitarbeiter der Deutschen Bank können künftig nicht mehr untereinander per Whatsapp oder SMS kommunizieren. Die Apps sollen von den Geräten der Mitarbeiter entfernt werden - weil es die Behörden so wollen.
---------------------------------------------
http://www.golem.de/news/compliance-deutsche-bank-verbannt-whatsapp-und-sms…
*** DSA-3765 icoutils - security update ***
---------------------------------------------
Several programming errors in the wrestool tool of icoutils, a suiteof tools to create and extract MS Windows icons and ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3765
*** Rätselraten um NSA-Waffenhändler "Shadow Brokers" ***
---------------------------------------------
Hacker- Gruppe kündigte Rückzug an – lauter werdende Gerüchte um Verbindungen nach Russland
---------------------------------------------
http://derstandard.at/2000050751646
*** Datendiebstahl bei den iPhone-Hackern Cellebrite ***
---------------------------------------------
Die Firma, die die Verschlüsselung des iPhones für das FBI geknackt haben soll, wurde Opfer eines Datendiebstahls. 900 GB an Daten sind gestohlen worden.
---------------------------------------------
https://futurezone.at/digital-life/datendiebstahl-bei-den-iphone-hackern-ce…
*** Cyberangriffe zu deutschem Wahlkampf befürchtet: Abwehrzentrum geplant ***
---------------------------------------------
Bundestagspräsident: "Was technisch möglich ist, findet auch statt"
---------------------------------------------
http://derstandard.at/2000050779644
*** Google reveals its servers all contain custom security silicon ***
---------------------------------------------
Even the servers it colocates (!) says new docu revealing Alphabet subs security secrets Google has published a Infrastructure Security Design Overview that explains how it secures ..
---------------------------------------------
www.theregister.co.uk/2017/01/16/google_reveals_its_servers_all_contain_cus…
*** Blackberry DTEK60 im (Sicherheits-)Test: Sicher, weil isso! ***
---------------------------------------------
Blackberry will die Quadratur des Kreises schaffen: ein sicheres Android-Smartphone. Leider stellt der Hersteller wenig Informationen bereit und verwirrt Nutzer teils unnötig.
---------------------------------------------
http://www.golem.de/news/blackberry-60-im-sicherheits-test-sicher-weil-isso…
*** New Gmail phishing technique fools even tech-savvy users ***
---------------------------------------------
An effective new phishing attack is hitting Gmail users and tricking many into inputing their Gmail credentials into a fake login page. How the attack unfolds The phishers start by compromising a Gmail account, then they rifle through the emails ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/16/new-gmail-phishing-attack-fools-…
*** 35 Jahre C64: Die Geburtsstunde der "Cracker" und Kopierer ***
---------------------------------------------
In den 1980er-Jahren war es in Österreich vergleichsweise schwer, überhaupt Software zu kaufen
---------------------------------------------
http://derstandard.at/2000049895466
*** Cartapping: Autos werden seit 15 Jahren digital verwanzt ***
---------------------------------------------
Um den Standort eines Autos zu überwachen, muss längst keine GPS-Wanze mehr angebracht werden. In den USA wird das offenbar schon lange mithilfe der intelligenten Navigations- und Bordsysteme praktiziert.
---------------------------------------------
http://www.golem.de/news/cartapping-autos-werden-seit-15-jahren-digital-ver…
*** We reverse engineered 16k apps, here’s what we found ***
---------------------------------------------
In Nov’16, we created an online tool to reverse engineer any android app to look for secrets. This tool was built because of an internal need — we were constantly required to reverse ..
---------------------------------------------
https://medium.com/@mkagenius/afdccb592b81
*** Mailserver Dovecot: erfolgreiches Sicherheits-Audit ***
---------------------------------------------
Als weitestgehend sicher stuft das Berliner IT-Sicherheitsunternehmen Cure53 den Mailserver Dovecot ein. In Auftrag gegeben hatte diese Untersuchung die Mozilla Foundation.
---------------------------------------------
https://heise.de/-3596977
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 12-01-2017 18:00 − Freitag 13-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Critical Patch Update - January 2017 - Pre-Release Announcement ***
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
*** EMET 5.52 update is now available ***
---------------------------------------------
EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to...
---------------------------------------------
https://blogs.technet.microsoft.com/srd/2017/01/12/emet-5-52-update-is-now-…
*** Marlboro Ransomware Defeated in One Day ***
---------------------------------------------
A new ransomware family was snuffed in its crib today after security researchers tracked it down, analyzed its source code for weaknesses, and released a decrypter in less than 24 hours. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated…
*** Angriffe auf VoIP-Gateways von beroNet, Patch sorgt für Sicherheit ***
---------------------------------------------
Angreifer entdeckten eine Schwachstelle in den VoIP-Gateways des Berliner Herstellers beroNet und nutzen diese seit kurzem aus, um die Rechnungen ihrer Opfer in die Höhe zu treiben. Ein Patch des Herstellers stopft das Sicherheitsloch.
---------------------------------------------
https://heise.de/-3594737
*** November-December 2016 ***
---------------------------------------------
The NCCIC/ICS-CERT Monitor for November/December 2016 is a summary of ICS-CERT activities for the previous two months
---------------------------------------------
https://ics-cert.us-cert.gov/monitors/ICS-MM201612
*** Wie sich Banken vor Cyberangriffen schützen ***
---------------------------------------------
Olaf Schwarz, Information Security Officer bei der Direktbank ING DiBa Austria über Cyberangriffe auf Banken, Ransomware und Sicherheitsschulungen für Mitarbeiter.
---------------------------------------------
https://futurezone.at/digital-life/wie-sich-banken-vor-cyberangriffen-schue…
*** Whos Attacking Me?, (Fri, Jan 13th) ***
---------------------------------------------
I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. IVRE [1] (DRUNK in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. Its a network reconnaissance framework that includes: Passive recon features (via flow analysis coming from Bro or Nfdump Fingerprinting analysis Active recon (via Nmapor Zmap) Import tools (from Nmap or Masscan) I deployed this tool and feed it with...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21933&rss
*** MongoDB Hijackers Move on to ElasticSearch Servers ***
---------------------------------------------
After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mongodb-hijackers-move-on-to…
*** Schlüsselaustausch: Aufregung um angebliche Whatsapp-Backdoor ***
---------------------------------------------
Hat Whatsapp eine Backdoor? Das behaupten zumindest ein Sicherheitsforscher und der Guardian. Tatsächlich könnte es auch eine weniger spektakuläre Erklärung geben.
---------------------------------------------
http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsa…
*** Ploutus ATM Malware: Press F3 for Money ***
---------------------------------------------
Security researchers from FireEye have identified a new variant of the Ploutus ATM malware, used for the past few years to make ATMs spew out cash on command. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ploutus-atm-malware-press-f3…
*** Security Alert: RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware ***
---------------------------------------------
Cybersecurity experts obsessively repeat two types of advice: Use stronger passwords. Update your software. Today's security alert is all about the importance of applying software updates as soon as they're released. At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users. The campaign works by injecting malicious scripts into insecure...
---------------------------------------------
https://heimdalsecurity.com/blog/rig-exploit-kit-cerber-ransomware-outdated…
*** DSA-3761 rabbitmq-server - security update ***
---------------------------------------------
It was discovered that RabbitMQ, an implementation of the AMQPprotocol, didnt correctly validate MQTT (MQ Telemetry Transport)connection authentication. This allowed anyone to login to an existinguser account without having to provide a password.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3761
*** Vuln: Splunk Enterprise CVE-2016-10126 Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95412
*** Vuln: Lenovo XClarity Administrator CVE-2016-8221 Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95417
*** HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information ***
---------------------------------------------
A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403
*** Vuln: Zabbix CVE-2016-10134 SQL Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95423
*** Security Advisory: BIND vulnerability CVE-2016-9147 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02138183.html?…
*** Security Advisory: BIND vulnerability CVE-2016-9131 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/86/sol86272821.html?…
*** Security Advisory: BIND vulnerability CVE-2016-9444 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40181790.html?…
*** PowerDNS Security Fixes ***
---------------------------------------------
PowerDNS Recursor 4.0.4 released
https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001051.ht…
---------------------------------------------
PowerDNS Recursor 3.7.4 released
https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001052.ht…
---------------------------------------------
PowerDNS Authoritative Server 4.0.2 released
https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001053.ht…
---------------------------------------------
PowerDNS Authoritative Server 3.4.11
released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001054.ht…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology ***
https://www.ibm.com/support/docview.wss?uid=swg21997084
---------------------------------------------
*** IBM Security Bulletin: Unauthenticated User Could Gain Remote Access to TS3100/TS3200 (CVE-2016-9005) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009656
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Image Construction and Composition Tool. (CVE-2016-5573, CVE-2016-5542, and CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21997055
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM PureApplication System. ***
http://www.ibm.com/support/docview.wss?uid=swg21994499
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. ***
http://www.ibm.com/support/docview.wss?uid=swg21997063
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996950
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099527
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-0378) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996968
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Monitoring (CVE-2015-1788) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997156
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 11-01-2017 18:00 − Donnerstag 12-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Personalisierte card complete-Phishingmail ***
---------------------------------------------
Eine personalisierte cardcomplete-Phishingmail, die EmpfÄnger/innen direkt beim Namen benennt, ist im Umlauf. In dieser behaupten Kriminelle, dass es zu verdÄchtigen Transaktionen gekommen sei, weshalb Kund/innen sich auf einer Website legitimieren sollen. Es handelt sich um einen Versuch, mit dem Kriminelle an fremde Kreditkartendaten gelangen wollen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/personalisierte-card-complete-ph…
*** The Most Dangerous User Right You (Probably) Have Never Heard Of ***
---------------------------------------------
One user right I overlooked, until Ben Campbell's post on constrained delegation, was SeEnableDelegationPrivilege. This right governs whether a user account can "Enable computer and user accounts to be trusted for delegation." Part of the reason I overlooked it is stated right in the documentation:...
---------------------------------------------
http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-y…
*** Sicherheitsloch im Herzschrittmacher ***
---------------------------------------------
Ein Firmware-Update soll Patienten mit Herzschrittmachern oder implantierten Defibrillatoren davor schützen, dass Hacker die Kontrolle über die Geräte übernehmen. Es gibt jedoch Zweifel daran, dass die Geräte nach dem Update sicher sind.
---------------------------------------------
https://heise.de/-3593932
*** Latest Adobe Acrobat Reader Update Silently Installs Chrome Extension ***
---------------------------------------------
An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the users Chrome browser. There is no mention of this "special package" on Acrobats changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page theyre on as a PDF file and share...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/s_zCwl6BNOY/latest-adobe-ac…
*** Some tools updates, (Thu, Jan 12th) ***
---------------------------------------------
A coupleof tools were updated and release today. Network Miner was updated. Version 2.1 is not available for download. Network Miner is packet sniffer/analyzer focused on extracting application layer forensic artifacts. The update adds new protocols and enhances email reassembly options. http://www.netresec.com/?page=Blogmonth=2017-01post=NetworkMiner-2-1-Releas… BlackhillsInformation Security released a Powershellversion of theDNSCAT2client. DNSCAT2 is a popular command and control tool...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21925&rss
*** System Resource Utilization Monitor, (Thu, Jan 12th) ***
---------------------------------------------
The attackers have come and gone and youare left behind to clean up the mess. You arrive on site to figure out how the bad guysgot in, what they took and how badly it will affect the customer. But, the customer doesnt syslog the firewall logs, so youare limited to the three days of logs that are held in thefirewalls memory. The Windows Event logs on most of the systems roll over every 5 minutes, and there is no centralized long term logging. There is no IDS. There is no full packet capture.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21927&rss
*** Hintergrund: Open Bug Bounty: Sicherheitslücken gegen Prämie ***
---------------------------------------------
heise Security machte nicht ganz freiwillig Bekanntschaft mit einer bisher weitgehend unbekannten Plattform, auf der Hacker und andere Forscher Sicherheitslücken melden können.
---------------------------------------------
https://heise.de/-3593886
*** Ansible: Update soll kritischen Fehler in den 2.x-Versionen beheben ***
---------------------------------------------
Da die Schwachstelle als hohes Risiko eingestuft wird, haben die Macher Release Candidates der Versionen 2.1.4 und 2.2.1 veröffentlicht, die den Fehler beheben.
---------------------------------------------
https://heise.de/-3594254
*** Rent an IP, Own a Domain ***
---------------------------------------------
The other day I was on a mission to locate a contact of mine that lived nearby. I had an address, but no phone, or email address. So I got the GPS out, programmed in the address, and away I went. Arriving at the location, I turned into the driveway, and it was an apartment...
---------------------------------------------
https://blog.domaintools.com/2017/01/rent-an-ip-own-a-domain/
*** WordPress 4.7.1 Security and Maintenance Release ***
---------------------------------------------
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
---------------------------------------------
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance…
*** Bugtraq: ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540011
*** Vuln: libgit2 badssl.c Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95354
*** Bugtraq: IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540003
*** Vuln: Zimbra CVE-2016-3403 Multiple Cross Site Request Forgery Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95383
*** NetIQ Privileged Account Manager 3.0.1 HF3 (3.0.1-3) ***
---------------------------------------------
Abstract: NetIQ Privileged Account Manager 3.0.1 Hot Fix 3 (3.0.1.3). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release addresses does not contain new features.Document ID: 5267862Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:netiq-npam-packages-3.0.1-3.tar.gz (175.63 MB)Products:Privileged Account Manager 3.0.1Superceded Patches:NetIQ Privileged Account Manager 3.0.1 HF 1NetIQ Privileged
---------------------------------------------
https://download.novell.com/Download?buildid=Ciuap7psZuo~
*** DFN-CERT-2017-0054: ISC BIND: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0054/
*** Vuln: SAP NetWeaver XML External Entity Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95373
*** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95367
*** Juniper Security Advisories ***
---------------------------------------------
*** JSA10772 - 2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303) ***
http://kb.juniper.net/index?page=content&id=JSA10772&actp=RSS
---------------------------------------------
*** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH vulnerabilities affect NSM Appliance OS. ***
http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS
---------------------------------------------
*** JSA10773 - 2017-01 Security Bulletin: QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600: Etherleak memory disclosure in Ethernet padding data (CVE-2017-2304) ***
http://kb.juniper.net/index?page=content&id=JSA10773&actp=RSS
---------------------------------------------
*** JSA10771 - 2017-01 Security Bulletin: Junos: Denial of Service vulnerability in RPD (CVE-2017-2302) ***
http://kb.juniper.net/index?page=content&id=JSA10771&actp=RSS
---------------------------------------------
*** JSA10770 - 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 16.1R1 release. ***
http://kb.juniper.net/index?page=content&id=JSA10770&actp=RSS
---------------------------------------------
*** JSA10769 - 2017-01 Security Bulletin: Junos: Denial of service vulnerability in jdhcpd due to crafted DHCPv6 packets (CVE-2017-2301) ***
http://kb.juniper.net/index?page=content&id=JSA10769&actp=RSS
---------------------------------------------
*** JSA10768 - 2017-01 Security Bulletin: Junos: SRX Series denial of service vulnerability in flowd due to crafted multicast packets (CVE-2017-2300) ***
http://kb.juniper.net/index?page=content&id=JSA10768&actp=RSS
---------------------------------------------
*** IBM Security Bulletin ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) IBM Java SDK updates October 2016 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995972
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Netezza Analytics ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995049
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2016-5953) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994521
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in LMS 6.0 on Cloud ***
http://www.ibm.com/support/docview.wss?uid=swg21992072
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 10-01-2017 18:00 − Mittwoch 11-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** How to secure MongoDB - because it isnt by default and thousands of DBs are being hacked ***
---------------------------------------------
Stop right now and make sure youve configured it correctly The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/mongodb_ran…
*** Phishing per Autofill: Chrome, Safari, Opera und Erweiterungen wie LastPass angreifbar ***
---------------------------------------------
Chromium-basierte Browser, Safari und beliebte Erweiterungen wie der Passwortmanager LastPass lassen sich austricksen, um mehr über den Nutzer preiszugeben, als dieser ahnt.
---------------------------------------------
https://heise.de/-3593811
*** Injection of Unwanted Google AdSense Ads ***
---------------------------------------------
During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It's not uncommon to see adult ads since networks that work with the porn industry usually allow a higher level of anonymity and have less strict guidelines (if any) on the quality...
---------------------------------------------
https://blog.sucuri.net/2017/01/injection-unwanted-google-adsense-ads.html
*** Spora Ransomware Works Offline, Has the Most Sophisticated Payment Site as of Yet ***
---------------------------------------------
A new ransomware family made its presence felt today, named Spora, the Russian word for "spore." This new ransomwares most notable features are its solid encryption routine, ability to work offline, and a very well put together ransom payment site, the most sophisticated weve seen from ransomware authors as of yet. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offli…
*** Juniper warns: Borked upgrade opens root on firewalls ***
---------------------------------------------
Turn it off and turn it back on again. No, really Juniper is warning users of its SRX firewalls that a borked upgrade leaves a root-level account open to the world.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/juniper_war…
*** Hancitor/Pony/Vawtrak malspam, (Wed, Jan 11th) ***
---------------------------------------------
Introduction Until recently, I hadnt personally seen much malicious spam (malspam) using Microsoft office documents with Hancitor-based Visual Basic (VB) macros to send Pony and Vawtrak. It still happens, though. Occasionally, Ill find a report like this one from 2016-12-19, where Hancitor/Pony/Vawtrak malspam was disguised as a LogMeIn account notification, but I rarely come across an example on my own. At least until yesterday. This diary describes a recent wave of Hancitor/Pony/Vawtrak...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21919&rss
*** MS17-JAN - Microsoft Security Bulletin Summary for January 2017 - Version: 1.1 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS17-JAN
*** Bugtraq: ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539992http://www.securityfocus.com/archive/1/539993http://www.securityfocus.com/archive/1/539995
*** Vuln: Ansible CVE-2016-9587 Arbitrary Command Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95352
*** VU#767208: ThreatMetrix SDK for iOS fails to validate SSL certificates ***
---------------------------------------------
Vulnerability Note VU#767208 ThreatMetrix SDK for iOS fails to validate SSL certificates Original Release date: 10 Jan 2017 | Last revised: 10 Jan 2017 Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. Description ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity...
---------------------------------------------
http://www.kb.cert.org/vuls/id/767208
*** DFN-CERT-2017-0041: BlackBerry Enterprise Server: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0041/
*** BSRT-2017-003 Vulnerability in WatchDox Server components impacts WatchDox by BlackBerry ***
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?articleNumber=000038915
*** DFN-CERT-2017-0045: WebKitGTK+: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0045/
*** GnuTLS Lets Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037576
*** DFN-CERT-2017-0047: GnuTLS: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0047/
*** Vuln: PHP CVE-2017-5340 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95371
*** Bugtraq: Bit Defender #39 - Auth Token Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539999
*** Vuln: Computer Associates Service Desk Manager CVE-2016-10086 Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95366
*** Security Advisory - DoS Vulnerability in Multiple Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-…
*** Security Advisory - Camera DOS Vulnerability in ION Memory Management Module of Huawei Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-…
*** Security Notice - Statement on SaifAllah BenMassaoud Revealing CSRF Security Vulnerability in Huawei B660 Routers ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170111-01-…
*** Vuln: SAP Products ***
---------------------------------------------
*** Vuln: SAP Single Sign On Denial of Service Vulnerability ***
http://www.securityfocus.com/bid/95363
---------------------------------------------
*** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability ***
http://www.securityfocus.com/bid/95362http://www.securityfocus.com/bid/95365
---------------------------------------------
*** Vuln: SAP NetWeaver AS JAVA getUserUddiElements SQL Injection Vulnerability ***
http://www.securityfocus.com/bid/95364
---------------------------------------------
*** Vuln: SAP NetWeaver Application Server Java Portal App Component Cross Site Scripting Vulnerability ***
http://www.securityfocus.com/bid/95368
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Hard-coded credentials used in IBM dashDB Local (CVE-2016-8954) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994471
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21995685
---------------------------------------------
*** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5881) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995122
---------------------------------------------
*** IBM Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009328
---------------------------------------------
*** IBM Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009593
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 09-01-2017 18:00 − Dienstag 10-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Adobe Security Bulletins posted ***
---------------------------------------------
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB17-01) and Adobe Flash Player (APSB17-02). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1438https://helpx.adobe.com/security/products/acrobat/apsb17-01.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb17-02.html
*** Rätselhafte Netzwerk-Aktivitäten mit GRE-Paketen ***
---------------------------------------------
Aufmerksame Admins verzeichnen aktuell auf ihren VPN-Gateways und Firewalls eine Zunahme von scheinbar sinnlosen GRE-Paketen. Die Ursache ist bislang unklar.
---------------------------------------------
https://heise.de/-3592231
*** Krebs's Immutable Truths About Data Breaches ***
---------------------------------------------
Ive had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction.
---------------------------------------------
https://krebsonsecurity.com/2017/01/krebss-immutable-truths-about-data-brea…
*** Terror Exploit Kit? More like Error Exploit Kit ***
---------------------------------------------
Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-lik…
*** Über 1000 deutsche Online-Shops infiziert und angezapft ***
---------------------------------------------
Bei über tausend deutschen Online-Shops ziehen Kriminelle jetzt gerade Kundendaten und Zahlungsinformationen ab - und das zum Teil schon seit Monaten. Laut BSI ignorieren viele Shop-Betreiber das Problem.
---------------------------------------------
https://heise.de/-3592281
*** Datenklau an Geldautomaten steigt an, Schaden sinkt ***
---------------------------------------------
Datendiebe haben an Geldautomaten in Deutschland wieder häufiger zugeschlagen. Trotz moderner Technik verursacht Skimming nach wie vor Millionenschäden. An anderer Stelle allerdings sind Bankkunden noch mehr gefährdet.
---------------------------------------------
https://heise.de/-3592571
*** A Review of Cryptography - Part 1 ***
---------------------------------------------
Overview of Last Articles Our last few articles have dealt with the science and technology of Biometrics. To review, it is merely the Verification and/or Identification of an individual based on their unique physiological traits or even behavioral mannerisms. This is probably one of the best forms of Security technology to use because it is...
---------------------------------------------
http://resources.infosecinstitute.com/a-review-of-cryptography-part-1/
*** Two New Edge Exploits Integrated into Sundown Exploit Kit ***
---------------------------------------------
Two recently published proof-of-concept exploits targeted Microsoft Edge were recently integrated into the Sundown Exploit Kit.
---------------------------------------------
http://threatpost.com/two-new-edge-exploits-integrated-into-sundown-exploit…
*** Port 37777 "MapTable" Requests, (Tue, Jan 10th) ***
---------------------------------------------
Thanks to Born for noticing an increase in %%port:37777%% TCP traffic. He wrote a blog with some of the payloads he found, and after he notified us, I was able to confirm his observations in our honeypot [1]. First 32 bytes of the payload: c1 00 00 00 00 14 00 00 63 6f 6e 66 69 67 00 00 c. o. n. f. i. g 31 00 00 00 00 00 00 00 ">{ Enable : 1, MapTable : [ { Enable : 1, InnerPort : 85, OuterPort : 85, Protocol : TCP, ServiceName : HTTP }, { Enable : 1, InnerPort : 37777, OuterPort :...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21913&rss
*** Vuln: DLink DGS-1100 Switch CVE-2016-10125 Local Hardcoded SSL Certificate Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95329
*** St. Jude Merlin@home Transmitter Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a channel accessible by non-endpoint vulnerability in St. Jude Medical's Merlin@home transmitter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01
*** Intel Ethernet Controller X710/XL710 NVM Security Vulnerability ***
---------------------------------------------
A security vulnerability in the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. Under certain use conditions the Ethernet controller will stop sending and receiving data until the controller is reset. All NVM versions 5.04 and earlier contain this vulnerability which is fully mitigated in NVM version 5.05.
---------------------------------------------
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&lang…
*** DFN-CERT-2017-0034: Foxit Reader, Foxit PhantomPDF, Foxit PDF Toolkit: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0034/
*** Moodle 3.2.1 release notes ***
---------------------------------------------
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
---------------------------------------------
https://docs.moodle.org/dev/Moodle_3.2.1_release_notes
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993856
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986) ***
http://www.ibm.com/support/docview.wss?uid=swg21996503
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995206
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995198
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378) ***
http://www.ibm.com/support/docview.wss?uid=swg21996502
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in SnapDrive for Windows may Result in Disclosure of Sensitive Information (CVE-2015-8544) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009256
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 05-01-2017 18:00 − Montag 09-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-01) ***
---------------------------------------------
A prenotification Security Advisory (APSB17-01) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, January 10, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1434
*** Great Misadventures of Security Vendors: Absurd Sandboxing Edition, (Fri, Jan 6th) ***
---------------------------------------------
Like many security researchers, I employ a variety of OPSEC techniques to help detect if I have been targeted by something for whatever reason. One of those techniques I use in Virustotal is basically a vanity Yara rule that looks for a variety of strings that would indicate malware was specifically targeting me or some data was uploaded that references me. Virustotal Intelligence is a useful too for doing that and many researchers have paid for access which allows you to also download samples...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21895&rss
*** Using Security Tools to Compromize a Network, (Sat, Jan 7th) ***
---------------------------------------------
One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox with our favourite tools.Yesterday, I read an interesting blog article about extracting saved credentials from a compromised Nessus system[1]. This in indeed a nice target forthe bad guy! Why? Such security tools deployed inside a network have interesting characteristics: They have...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21903&rss
*** Erpressertrojaner griffen kürzlich mehr als 10.000 Datenbanken an ***
---------------------------------------------
Schwachstellen bei MongoDB ausgenutzt, Sicherheitsforscher sprechen von Angriffswelle
---------------------------------------------
http://derstandard.at/2000050382671
*** Sicherheitsupdates: LibVNCServer gegen Speicherfehler gerüstet ***
---------------------------------------------
Seit über zwei Jahren hat die Programmbibliothek keine Updates spendiert bekommen. Nun schließen die Entwickler zwei Schwachstellen.
---------------------------------------------
https://heise.de/-3591417
*** 11 Steps to Improve Your Public Wi-Fi Security [Updated] ***
---------------------------------------------
A day without Wi-Fi is a day not fully lived. We're (somewhat) exaggerating, but it's fair to say Wi-Fi has become a staple of the modern life.
---------------------------------------------
https://heimdalsecurity.com/blog/11-security-steps-public-wi-fi-networks/
*** SWIFT speaks on fraudulent messages and the security moves the cooperative is making to assist its customers ***
---------------------------------------------
The February 2016 attack on Bangladesh Bank which involved the sending of fraudulent SWIFT messages from the bank's environment, was followed by a number of other attacks on banks using the SWIFT network. The criminal hackers' intention is to compromise the banks' environments in order to gain their SWIFT credentials, send fraudulent messages and route payments to themselves. Since that time, the SWIFT cooperative has instituted measures ultimately designed to help their...
---------------------------------------------
http://www.cio.com/article/3155253/security/swift-speaks-on-fraudulent-mess…
*** FTC Takes D-Link to Court Because of Insecure Routers and Cameras ***
---------------------------------------------
The US Federal Trade Commission (FTC) has filed a lawsuit against D-Link, a Taiwanese hardware manufacturer, for misrepresentations about the security of various devices it sold in the US, and for failing to take action and secure devices when security flaws were reported. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ftc-takes-d-link-to-court-be…
*** WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs ***
---------------------------------------------
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/wordpress-joomla-and-magento…
*** DFN-CERT-2017-0027: OpenSSL: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ***
---------------------------------------------
Eine Schwachstelle in OpenSSL sowie den Derivaten wie z.B. LibreSSL und BoringSSL ermöglicht einem lokalen, nicht authentisierten Angreifer das Ausspähen von privatem Schlüsselmaterial.
Die Entwickler von OpenSSL stellen bislang noch keine Sicherheitsupdates zur Verfügung.
OpenBSD stellt Source Code Patches für die Versionen OpenBSD 5.9 und 6.0 als Sicherheitsupdates bereit.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0027/
*** NETGEAR ProSAFE Firewall Bug Lets Remote Users Traverse the Directory to View Files on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037548
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996761
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime and Apache Tomcat affects IBM RLKS Administration and Reporting Tool Admin (CVE-2016-5597, CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995448
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009699
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere DataStage is vulnerable to Cross-Frame Scripting issue (CVE-2016-9000) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995257
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability (CVE-2016-8999) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995155
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21995687
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995758
---------------------------------------------
*** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995691
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in 64-bit block ciphers affects IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2183, CVE-2016-6329) ***
http://www.ibm.com/support/docview.wss?uid=swg21993665
---------------------------------------------
*** IBM Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024708
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 04-01-2017 18:00 − Donnerstag 05-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** E-Banking-Trojaner: Über 100.000 Euro Schaden ***
---------------------------------------------
Eine E-Banking-Schadsoftware hat bei einer Netzwerktechnikfirma in der Stadt Salzburg über 100.000 Euro Schaden angerichtet. Mehrere Überweisungen wurden auf ein slowakisches Konto umgeleitet.
---------------------------------------------
http://salzburg.orf.at/news/stories/2818225/
*** Microsoft kills off security bulletins - for good ***
---------------------------------------------
Microsoft's last ever security bulletin is next week - so has the manual bulletin had its day?
---------------------------------------------
https://www.htbridge.com/blog/microsoft-kills-off-security-bulletins-for-go…
*** VB2016 paper: Open Source Malware Lab ***
---------------------------------------------
At VB2016, ThreatConnect Director of Research Innovation Robert Simmons presented a paper on setting up an open source malware lab. Today, we share the accompanying paper and video.
---------------------------------------------
https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware…
*** What Hack? Burlington Electric Speaks Out ***
---------------------------------------------
Burlington Electric Department general manager Neale Lunderville speaks out about last weeks incident and response to reports the electric grid had been hacked.
---------------------------------------------
http://threatpost.com/what-hack-burlington-electric-speaks-out/122860/
*** Hackers could turn your smart meter into a bomb and blow your family to smithereens - new claim ***
---------------------------------------------
And before that, pwn your IoT gadgets via power supply gear Smart meters are "dangerously insecure," according to researcher Netanel Rubin - who claimed the gear uses weak encryption, relies on easily pwned protocols, and can be programmed to explode.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/01/04/smart_metre…
*** FireCrypt Ransomware Comes With a DDoS Component ***
---------------------------------------------
A new ransomware family named FireCrypt will encrypt the users files, but also attempt to launch a very feeble DDoS attack on a URL hardcoded in its source code.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-w…
*** Emsisoft releases a decryptor for version 3 of the Globe Ransomware ***
---------------------------------------------
Fabian Wosar of Emisoft has released a decrypter for version 3 of the Globe Ransomware. This decryptor will decrypt the Globe Ransomware variants that commonly append the .decrypt2017 and .hnumkhotep extensions to encrypted files.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decrypto…
*** Mixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password Goes Wrong, (Wed, Jan 4th) ***
---------------------------------------------
A writer wrote in to send us an interesting phishing attempt they had received at their organization. An email from a school domain that purported to be VetMeds send an encrypted PDF that required a user-name and password to log in to. The subject of the email was Assessment document. The PDF itself was created with Microsoft Word and included a link that suggested it was a locked document and you needed to click a link to unlock it which pointed to chai[.]myjino[.]ru and gave a screen with a...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21881&rss
*** KillDisk Ransomware Now Targets Linux, Prevents Boot-Up, Has Faulty Encryption ***
---------------------------------------------
Researchers have discovered a Linux variant of the KillDisk ransomware, which itself is a new addition to the KillDisk disk wiper malware family, previously used only to sabotage companies by randomly deleting data and altering files. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/killdisk-ransomware-now-targ…
*** [R1] Nessus 6.9.3 Fixes One Vulnerability ***
---------------------------------------------
Tenable Nessus was found to be impacted by an authenticated stored cross-site scripting (XSS) issue.
---------------------------------------------
https://www.tenable.com/security/tns-2017-01
*** HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution ***
---------------------------------------------
A potential security vulnerability has been identified in HPE Operations Orchestration. The vulnerability could be remotely exploited to allow remote code execution.
---------------------------------------------
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05361944
*** Google Nexus Qualcomm GPU Driver CVE-2016-8434 Privilege Escalation Vulnerability ***
---------------------------------------------
Google Nexus is prone to a privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges within the context of the kernel.
---------------------------------------------
http://www.securityfocus.com/bid/95257
*** Atlassian Confluence 5.9.12 Cross Site Scripting ***
---------------------------------------------
Topic: Atlassian Confluence 5.9.12 Cross Site Scripting Risk: Low Text: ==[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ] == Persisted Cross-Site Scripting (XSS) in Confluence J...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017010029
*** ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle ***
---------------------------------------------
Topic: ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle Risk: Medium Text:ShoreTel Mobility Client iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6562) Overview "The Mobility Clie...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017010028
*** Doubleclick for Publishers (DFP) - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-002 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-002Project: Doubleclick for Publishers (DFP) (third-party module)Version: 7.xDate: 2017-January-04Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:None/E:Exploit/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to to place advertisements on your site that are served by Googles DFP (Doubleclick for Publisher) service.The module has multiple Cross Site Scripting (XSS) vulnerabilities due to not sufficiently...
---------------------------------------------
https://www.drupal.org/node/2841114
*** Permissions by Term -- Critical - Multiple vulnerabilities - SA-CONTRIB-2017-001 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-001Project: Permissions by Term (third-party module)Version: 8.xDate: 2017-January-04Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypass, Information DisclosureDescriptionThe Permissions by Term module extends Drupal functionality by restricting access to single nodes via taxonomy terms. Taxonomy terms are part of the Drupal core functionality. Taxonomy term permissions can be coupled to specific...
---------------------------------------------
https://www.drupal.org/node/2841094
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in HTTP request processing affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8977) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995014
---------------------------------------------
*** IBM Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU Oct 2016 Includes Oracle Oct 2016 CPU affect Content Collector for Email ***
https://www-01.ibm.com/support/docview.wss?uid=swg21995468
---------------------------------------------
*** IBM Security Bulletin: vCenter password disclosure via application tracing in IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments:Data Protection for VMware (CVE-2016-6110) ***
http://www.ibm.com/support/docview.wss?uid=swg21996198
---------------------------------------------
*** IBM Security Bulletin:Vulnerabilities in Apache Tomcat and OpenSSL affect Rational BuildForge ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995528
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099526
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099528
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Common Reporting (TCR) 2016Q4 Security Updater : TCR is affected by multiple vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996032
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in DHCP affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099529
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in GNU C Library affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099524
---------------------------------------------
*** IBM Security Bulletin: Apache Xerces-C vulnerabilities affects IBM Cloud Manager with OpenStack (CVE-2016-4463) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024585
---------------------------------------------
Next End-of-Shift report: 2017-01-09
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 03-01-2017 18:00 − Mittwoch 04-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Technical details on the Fancy Bear Android malware (poprd30.apk) ***
---------------------------------------------
Background Recently, Crowdstrike has published details about a malicious Android APK file, named poprd30.apk or Попр-Д30.apk. It seems that the malware was created by the Fancy Bear group for tracking Ukrainian field ..
---------------------------------------------
http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-m…
*** Remote Code Execution in third party library swiftmailer ***
---------------------------------------------
https://typo3.org/news/article/remote-code-execution-in-third-party-library…
*** Real World FSociety Malware Is Giving Mr. Robot a Bad Name ***
---------------------------------------------
In the past few weeks, more or less talented malware authors have resorted to naming their newly launched threats using the "FSociety" brand, made famous by the Mr. Robot TV series.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/real-world-fsociety-malware-…
*** Microsoft to Add Bitcoin Support to Excel Later This Year ***
---------------------------------------------
https://www.bleepingcomputer.com/news/software/microsoft-to-add-bitcoin-sup…
*** Campaign Evolution: pseudo-Darkleech in 2016 ***
---------------------------------------------
Darkleech is long-running campaign that uses exploit kits (EKs) to deliver malware. First identified in 2012, this campaign has used different EKs to distribute various types of ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/12/unit42-campaign-evolutio…
*** The Download on the DNC Hack ***
---------------------------------------------
Over the past few weeks, Ive been inundated with questions from readers asking why I havent written much about two stories that have consumed the news media of late: The alleged ..
---------------------------------------------
https://krebsonsecurity.com/2017/01/the-download-on-the-dnc-hack/
*** l+f: Russische Hacker aus der postapokalyptischen Strahlenwüste ***
---------------------------------------------
https://heise.de/-3587018
*** Eindringling nimmt offenbar MongoDB-Datenbanken als Geisel ***
---------------------------------------------
Ein unbekannter Angreifer soll ungeschützte MongoDB-Datenbanken leeren und den Eigentümern eine Erpresser-Botschaft hinterlassen.
---------------------------------------------
https://heise.de/-3587479
*** Sicherheitslücke: Kaspersky schlampt bei TLS-Zertifikatsprüfung ***
---------------------------------------------
Die Antivirensoftware von Kaspersky liest bei TLS-Verbindungen mit und sorgt nebenbei dafür, dass die Zertifikatsprüfung ausgehebelt wird. Wieder einmal konnte Tavis Ormandy von Google damit zeigen, wie löchrig sogenannte Sicherheitssoftware ist.
---------------------------------------------
http://www.golem.de/news/sicherheitsluecke-kaspersky-schlampt-bei-tls-zerti…
*** Gefälschte Erste Bank/Sparkasse-Mail: Bestätigung erforderlich ***
---------------------------------------------
Mit einer gefälschten Erste Bank/Sparkasse-Nachricht wollen Kriminelle OnlineBanking-Zugangsdaten von Kund/innen stehlen. Damit sie das Ziel erreichen, behaupten sie in dem ..
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-erste-banksparkasse-…
*** Programmiersprachen: Sicheres NTP könnte von C auf Rust oder Go wechseln ***
---------------------------------------------
Mit NTPsec erstellt ein Team um den Open-Source-Pionier Eric S. Raymond eine sichere Implementierung für NTP. Das Team überlegt, sich komplett von dem C-Code zu trennen und stattdessen eine sichere Programmiersprache wie Rust oder Go zu verwenden.
---------------------------------------------
http://www.golem.de/news/programmiersprachen-sicheres-ntp-koennte-von-c-auf…
*** BlackBerry, Google und LG patchen unter anderem abermals kritische Stagefright-Lücke ***
---------------------------------------------
Bereits seit Juni 2015 kämpft Google gegen kritische Schwachstellen in Multimedia-Komponenten von Android. Der alleinige Empfang einer MMS kann ein Gerät schachmatt setzen. Nun liefern verschiedene Hersteller erneut Sicherheitsupdates.
---------------------------------------------
https://heise.de/-3587867
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 02-01-2017 18:00 − Dienstag 03-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Aus der Filterbubble #33c3 zurück in die Realität ***
---------------------------------------------
Der 33. Chaos Communication Congress war mein erster. Was mich am meisten beeindruckt hat. Und wie es ist, wieder im Alltag anzukommen.
---------------------------------------------
https://futurezone.at/myfuzo/blog/aus-der-filterbubble-33c3-zurueck-in-die-…
*** Mac Malware of 2016 ***
---------------------------------------------
Lets analyse the malware that appeared in 2016, discussing the infection vector, persistence mechanism, feature, and disinfection for each.
---------------------------------------------
https://objective-see.com/blog/blog_0x16.html
*** Website Malware Targets Mobile Platforms ***
---------------------------------------------
Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous possibility ..
---------------------------------------------
https://blog.sucuri.net/2017/01/website-malware-targets-mobile-platforms.htm
*** Android tops 2016 vuln list, with 523 bugs ***
---------------------------------------------
Google joins Microsoft, Apple, Adobe in top of the pops Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 – but as a vendor, Adobe still tops the list.
---------------------------------------------
www.theregister.co.uk/2017/01/03/android_tops_2016_vuln_list_with_523_bugs/
*** Lauri Love: Love gegen die Vereinigten Staaten von Amerika ***
---------------------------------------------
Der Anonymous-Aktivist und Hacker Lauri Love soll an die USA ausgeliefert werden. Dort drohen ihm wegen des unberechtigten Veränderns von Webseiten und Hacking fast 100 Jahre Haft. Wenn wir Lauri nicht retten können, können wir uns auch nicht selbst retten, warnen Aktivisten.
---------------------------------------------
http://www.golem.de/news/lauri-love-love-gegen-die-vereinigten-staaten-von-…
*** libpng-Entwickler schließen 21 Jahre alte Sicherheitslücke ***
---------------------------------------------
Praktisch alle Versionen der Programmbibliothek libpng sind verwundbar. Über eine Schwachstelle könnten Angreifer Systeme lahmlegen. Abgesicherte Versionen sind verfügbar.
---------------------------------------------
https://heise.de/-3585996
*** Top Secret -cleared SOCOM staff in 11GB Govt contractor breach ***
---------------------------------------------
Dismissed hacker calls US Govt buddy to nix exposed database A Pentagon subcontractor has exposed the names, locations, Social Security Numbers, and salaries of Military Special ..
---------------------------------------------
www.theregister.co.uk/2017/01/03/top_secret_cleared_socom_staff_in_11gb_gov…
*** Deprecation of Insecure Algorithms and Protocols in RHEL 6.9 ***
---------------------------------------------
Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2787271
*** Doch keine Spur nach Russland nach Angriff auf US-Stromversorger ***
---------------------------------------------
Ermittler fanden keine Indizien – Mitarbeiter hatte mit eigenem Laptop Mails aufgerufen
---------------------------------------------
http://derstandard.at/2000050193323
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 30-12-2016 18:00 − Montag 02-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Sundown Exploit Kit now leverages on the steganography ***
---------------------------------------------
A new variant of the Sundown exploit kit leverages on steganography to hide exploit code in harmless-looking image files. Security experts from Trend Micro have spotted a new version of the Sundown exploit kit .. ---------------------------------------------
http://securityaffairs.co/wordpress/54886/cyber-crime/sundown-exploit-kit-2…
*** Russische Cyberattacken gegen USA: Junge Hackerin als Mastermind verdächtigt ***
---------------------------------------------
Soll Geheimdienst unterstützt haben – Alisa Schewtschenko sieht sich als Sündenbock in Konflikt zwischen Obama und Putin
---------------------------------------------
http://derstandard.at/2000050064533
*** Grizzly Steppe: Russischer Schadcode bei US-Stromversorger gefunden ***
---------------------------------------------
Zum Glück war es kein Steuerungsrechner: Ein US-Elektrizitätsversorger hat in einem Computer Schadcode gefunden, der von Grizzly Steppe stammen könnte. Die US-Behörden wollen jetzt untersuchen, ob weitere Versorgungsunternehmen betroffen sind.
---------------------------------------------
http://www.golem.de/news/grizzly-steppe-russischer-schadcode-bei-us-stromve…
*** DSA-3750 libphp-phpmailer - security update ***
---------------------------------------------
Dawid Golunski discovered that PHPMailer, a popular library to sendemail from PHP applications, allowed a remote attacker to executecode if they were able to provide a crafted Sender address.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3750
*** Creepy Site Claims To Reveal Torrenting Histories ***
---------------------------------------------
Slashdot reader dryriver writes: The highly invasive and possibly Russian owned and operated website IKnowWhatYouDownload.com immediately shows [a] bittorent download history for ..
---------------------------------------------
https://yro.slashdot.org/story/16/12/31/0214203/creepy-site-claims-to-revea…
*** Zend Framework Input Validation Flaw in zend-mail Lets Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037539
*** Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1037538
*** E-Mail-Dienst Lavabit kehrt zur Trump-Angelobung zurück ***
---------------------------------------------
Der ehemalige E-Mail-Anbieter, den Edward Snowden nutzte, könnte ausgerechnet zur Trump-Inauguration zurückkommen.
---------------------------------------------
https://futurezone.at/digital-life/e-mail-dienst-lavabit-kehrt-zur-trump-an…
*** Nach stundenlangem Ausfall: Bankomatkassen wieder in Betrieb ***
---------------------------------------------
Technische Probleme der Schweizer Firma SIX Payment Service behoben – Bankomaten nicht betroffen
---------------------------------------------
http://derstandard.at/2000050083333
*** Firefox 52 more privacy oriented with a Tor protection mechanism ***
---------------------------------------------
Mozilla development team announced a new privacy protection mechanism that will come with Firefox 52, it aims to prevent websites from fingerprinting users. Mozilla announced the introduction of a new privacy protection ..
---------------------------------------------
http://securityaffairs.co/wordpress/54938/digital-id/firefox-52-privacy.html
*** Thunderbird: Mozilla schließt mit Sicherheitsupdate kritische Lücken ***
---------------------------------------------
In Thunderbird klaffen mehrere Sicherheitslücken, deren Bedrohungsgrad Mozilla mit 'kritisch' und 'hoch' einstuft. Eine abgesicherte Version ist verfügbar.
---------------------------------------------
https://heise.de/-3583472
*** Erpresser-Botschaft in Dauerschleife: Smart TV von LG mit Ransomware infiziert ***
---------------------------------------------
Bisher warnten Sicherheitsforscher nur davor, dass Erpressungs-Trojaner auch Smart TVs mit Android-Betriebssystem befallen könnten. Nun ist es offensichtlich zu einer ersten dokumentierten Infektion gekommen.
---------------------------------------------
https://heise.de/-3584043
*** l+f: Lesen statt Lösegeld ***
---------------------------------------------
Ein Erpressungs-Trojaner zwingt seine Opfer, sich in puncto Computer-Sicherheit weiterzubilden.
---------------------------------------------
https://heise.de/-3585353
*** Russische Hacker nutzten laut FBI für Angriffe auch Rechner in Wien ***
---------------------------------------------
Server des Vereins "Funkfeuer" findet sich auf von US-Behörden veröffentlichter Liste an Angriffscomputern
---------------------------------------------
http://derstandard.at/2000050143907
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 29-12-2016 18:00 − Freitag 30-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Session Stealer Script Used In OpenCart ***
---------------------------------------------
With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up an online storefront and sell your products. While the process to get the site up may be simple, there are .. ---------------------------------------------
https://blog.sucuri.net/2016/12/session-stealer-script-used-opencart.html
*** Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game ***
---------------------------------------------
In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/recent-spam-runs…
*** Grizzly Steppe: FBI nennt 900 IP-Adressen russischer Hackerangriffe ***
---------------------------------------------
Nach den Sanktionen folgen die Indikatoren: Die US-Regierung veröffentlicht ihre Analyse zu den angeblich russischen Hackerattacken auf weltweite Institutionen. Auch über IP-Adressen aus Deutschland sollen die Angriffe gelaufen sein.
---------------------------------------------
http://www.golem.de/news/grizzly-steppe-fbi-nennt-900-ip-adressen-russische…
*** Apples iMessage anfällig für manipulierte Kontaktdateien ***
---------------------------------------------
Eine manipulierte vCard, die aktuell per iMessage und MMS im Umlauf ist, kann die Nachrichten-App auf dem iPhone oder iPad des Empfängers zum Absturz bringen – und komplett lahmlegen. Es gibt aber einen Ausweg.
---------------------------------------------
https://heise.de/-3582980
*** Vuln: Lenovo Transition CVE-2016-8227 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95159
*** More on Protocol 47 denys ***
---------------------------------------------
Following up on yesterdays diary on an increase in Protocol 47 traffic. Thanks to everyone who sent the ISC PCAPs and more information. Current speculation is the Protocol 47 uptick is backscatter from a DDOS containing GRE traffic and using ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21867&rss
*** Cyber-Angriffe: Die schwierige Spurensuche ***
---------------------------------------------
Vorwürfe eher auf Basis eines Motivs denn auf Basis technischer Hinweise oder Beweise
---------------------------------------------
http://derstandard.at/2000050034274
*** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF ***
---------------------------------------------
SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5393.php
*** Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS ***
---------------------------------------------
SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the curUserName GET parameter in the appFirewallSummary.html script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php
*** Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass ***
---------------------------------------------
Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5390.php
*** Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities ***
---------------------------------------------
Dell SonicWALL GMS suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5389.php
*** Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection ***
---------------------------------------------
Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities. Input passed via the GET parameters searchBySonicwall, firstChangeOrderID, secondChangeOrderID and coDomainID is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5388.php
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 28-12-2016 18:00 − Donnerstag 29-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** 33C3: Türsprechanlagen sind des Hackers fette Beute ***
---------------------------------------------
Immer mehr Hersteller von Sprechanlagen für Firmen- und Privathäuser setzen zur Kommunikationsübertragung auf den Mobilfunk statt leitungsgebundene Technik. Hackern wird es damit möglich, Türen zu öffnen oder Premiumnummern anzuwählen.
---------------------------------------------
https://heise.de/-3582807
*** IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-8934) ***
---------------------------------------------
There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21995995
*** IBM Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM Security Network Active Bypass (CVE-2016-3706, CVE-2016-4429) ***
---------------------------------------------
GNU C library (glibc) vulnerabilities were found that affect IBM Security Network Active Bypass. CVE(s): CVE-2016-3706, CVE-2016-4429 Affected product(s) and affected version(s): IBM Security ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21996174
*** IBM Security Bulletin: Vulnerabilies (17 total), in Oracle Outside In Technology (OIT) affect FileNet Content Manager, and IBM Content Foundation ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21988553
*** IBM Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175) ***
---------------------------------------------
Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21987188
*** 33C3: Bitcoin-Automaten sind noch kein lohnendes Angriffsziel ***
---------------------------------------------
Sicherheitsexperten haben auf dem Hamburger Hackertreffen beklagt, dass bei klassischen Geldautomaten weiterhin große Sicherheitslücken bestehen. Bitcoin-Tauschmaschinen hingegen seien für Kriminelle noch uninteressant.
---------------------------------------------
https://heise.de/-3582875
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 27-12-2016 18:00 − Mittwoch 28-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Bugtraq: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539967
*** Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-…
*** Android Trojan Switcher Infects Routers via DNS Hijacking ***
---------------------------------------------
A new Android Trojan, Switcher, uses victims devices to infect WiFi routers and funnel users of the network to malicious sites.
---------------------------------------------
http://threatpost.com/android-trojan-switcher-infects-routers-via-dns-hijac…
*** Security Advisory - Input Validation Vulnerability in Huawei VRP Platform ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-…
*** 33C3: Bluetooth-Schlösser: Smart, aber nicht sicher ***
---------------------------------------------
App statt Schlüssel: Immer mehr Hersteller bieten Schlösser mit Cloud-Anbindung an. Doch Lockpicker können die teuren Geräte ohne große Probleme knacken.
---------------------------------------------
https://heise.de/-3582323
*** IT-Sicherheit im Jahr 2016: Der Nutzer ist nicht schuld ***
---------------------------------------------
Geht es um IT-Sicherheitsprobleme, wird gern über die Nutzer geschimpft. Und auch wenn viele Nutzer tatsächlich Fehler machen, liegt die Verantwortung für Sicherheitslücken, Botnetze und mangelnden Datenschutz meist bei anderen.
---------------------------------------------
http://www.golem.de/news/it-sicherheit-im-jahr-2016-der-nutzer-ist-nicht-sc…
*** Bugtraq: [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539968
*** Using Guzzle and PHPUnit for REST API Testing ***
---------------------------------------------
APIs are increasingly becoming the backbone of the modern internet - whether youre ordering ..
---------------------------------------------
https://blog.cloudflare.com/using-guzzle-and-phpunit-for-rest-api-testing/
*** Vuln: Multiple Samsung Devices OTP Service Remote Heap Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95134
*** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection (CVE-2016-6065) ***
---------------------------------------------
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. IBM Security Guardium Database Activity ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21995657
*** Hacker-Angriff auf OSZE in Wien: Daten gestohlen ***
---------------------------------------------
Die OSZE mit Sitz in Wien wurde Anfang November Ziel einer Hackerattacke. Daten und die Integrität des Netzwerkes der OSZE waren gefährdet, sagte eine Sprecherin.
---------------------------------------------
https://futurezone.at/netzpolitik/hacker-angriff-auf-osze-in-wien-daten-ges…
*** Reverse Engineering: Sicherheitsforscher öffnen Threema-Blackbox ***
---------------------------------------------
Zwei Sicherheitsforscher haben auf dem 33C3 einen genauen Blick in die innereien des Messengers Threema geworfen. Ihre Ergebnisse sind bei Github dokumentiert - und sollen sich für die Entwicklung von Bots eignen.
---------------------------------------------
http://www.golem.de/news/reverse-engineering-sicherheitsforscher-oeffnen-th…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 23-12-2016 18:00 − Dienstag 27-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** NetApp Snap Creator Framework Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037530
*** BMC Remedy Action Request System Password Reset Flaw Lets Remote Users Modify Passwords on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037529
*** Netgear-Router N300 mit massiver Sicherheitslücke ***
---------------------------------------------
Netgears Router N300 (Modell WNR2000) weist eine Schwachstelle auf, über die Angreifer Zugriff auf die Admin-Funktionen des Geräts erlangen können. Ein ..
---------------------------------------------
http://derstandard.at/2000049819772
*** [local] - OpenSSH < 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation ***
---------------------------------------------
This issue affects OpenSSH if privilege separation is disabled (config option UsePrivilegeSeparation=no). While privilege separation is enabled by default, it ..
---------------------------------------------
https://www.exploit-db.com/exploits/40962/
*** ZyXEL and Netgear Fail to Patch Seven Security Flaws Affecting Their Routers ***
---------------------------------------------
Router manufacturers such as Netgear and ZyXEL have failed to address seven security flaws reported ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-pa…
*** DFN-CERT-2016-2141/">Exim: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Eskalation von Privilegien ***
---------------------------------------------
Ein entfernter, nicht authentifizierter Angreifer kann sensitive Informationen ausspähen und möglicherweise weitere Angriffe ausführen, wenn Exim unter bestimmten Bedingungen kompiliert wurde und ausgeführt wird. Dazu muss ..
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2141/
*** 33C3: CCC-Kongress beginnt in Hamburg ***
---------------------------------------------
Unter dem Motto "Works for me" hat der Kongress des Chaos Computer Clubs in Hamburg begonnen. Vier Tage lang beschäftigen sich die 12.000 Teilnehmer mit Hacks, Politik und alternativen Lebensentwürfen.
---------------------------------------------
https://heise.de/-3582149
*** Vuln: PyCrypto cryptmsg.py Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95122
*** IBM Security Bulletin: Vulnerabilities in Bind affect IBM SmartCloud Entry (CVE-2016-2776 CVE-2016-2848 ) ***
---------------------------------------------
IBM SmartCloud Entry is vulnerable to bind vulnerabilities. Remote attackers could exploit the vulnerabilities to trigger an assertion failures and make named ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1024649
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 22-12-2016 18:00 − Freitag 23-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Litauen entdeckt russische Spionage-Software auf Regierungsrechnern ***
---------------------------------------------
Schadsoftware wurde offenbar mittels infizierter USB-Sticks auf die Computer eingebracht
---------------------------------------------
http://derstandard.at/2000049749836
*** So somebody is throwing HTML at your sshd. What to do? ***
---------------------------------------------
Yes, its exactly as wrong as it sounds. Heres a distraction with bizarre twists for the true log file junkies among you. Happy reading for the holidays!As will probably not surprise ..
---------------------------------------------
http://bsdly.blogspot.com/2016/12/so-somebody-is-throwing-html-at-your.html
*** Cerber Ransomware Doesnt Delete Shadow Volume Copies Anymore, Prioritizes Office Docs ***
---------------------------------------------
Recent versions of the Cerber ransomware are behaving somewhat different from older variants, with the ransomware ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cerber-ransomware-doesnt-del…
*** Before You Pay that Ransomware Demand… ***
---------------------------------------------
A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to whacked ..
---------------------------------------------
https://krebsonsecurity.com/2016/12/before-you-pay-that-ransomware-demand/
*** Steganalysis, the Counterpart of Steganography ***
---------------------------------------------
In my last blog post I discussed the art of embedding secret messages in any file so that only the sender and the receiver ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Steganalysis,-the-Count…
*** New Guide to Fixing Google Blacklist Warnings ***
---------------------------------------------
One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped with a ..
---------------------------------------------
https://blog.sucuri.net/2016/12/guide-to-fix-site-warnings.html
*** Fidelix FX-20 Series Controllers Path Traversal Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a path traversal vulnerability in Fidelix FX-20 series controllers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-357-01
*** WAGO Ethernet Web-based Management Authentication Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authentication bypass vulnerability in WAGO’s Ethernet Web-based Management products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02
*** Your password expiry policy may have reached its expiry date ***
---------------------------------------------
In cyber security as much as anywhere else, its important to use the right tools for the job at hand. However, sometimes we can get a bit too attached to particular tools, ..
---------------------------------------------
https://www.ncsc.gov.uk/blog-post/your-password-expiry-policy-may-have-reac…
*** As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify ***
---------------------------------------------
Bitcoin price surge reverberates through cybercriminal landscape, as cyber-criminals ramp up phishing attacks ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/as-bitcoin-price-surges-phis…
*** Using Monitor Resolution as Obfuscation Technique ***
---------------------------------------------
A quick blog post about a malicious VBScript macro that I analysed. Bad guys have always plenty of ..
---------------------------------------------
https://blog.rootshell.be/2016/12/23/using-monitor-resolution-obfuscation-t…
*** Keine Belege für geplante russische Cyberangriffe auf die Bundestagswahl ***
---------------------------------------------
http://derstandard.at/2000049777463
*** Drastische Warnungen vor dem "Internet der Dildos" ***
---------------------------------------------
Neue Gruppe will auf Gefahren durch smarte Sexspielzeuge aufmerksam machen
---------------------------------------------
http://derstandard.at/2000049785388
*** Alle Jahre wieder: Netgear-Router N300 / WNR2000 angreifbar ***
---------------------------------------------
Eine Zero-Day-Lücke plagt mal wieder Router von Netgear. Das verwundbare Modell ist in der Vergangenheit auch schon Opfer gravierender Lücken geworden.
---------------------------------------------
https://heise.de/-3581275
*** Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware ***
---------------------------------------------
A new in-development variant of the Koolova Ransomware has been discovered that will decrypt your ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-…
Aufgrund des Feiertages am Montag, den 26.12.2016, erscheint der nächste End-of-Shift-Report erst am Dienstag, den 27.12.2016
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 21-12-2016 18:00 − Donnerstag 22-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** MS16-DEC - Microsoft Security Bulletin Summary for December 2016 - Version: 1.2 ***
---------------------------------------------
V1.2 (December21, 2016): The December 13, 2016, Security and Quality Rollups updates 3210137 and 3210138 contain a known issue that affects the .NET Framework 4.5.2 running on Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. The issue was also present in the November 15, 2016, Preview of Quality rollup updates that were superseded by the December 13, 2016 Rollup updates. The issue causes applications that connect to an instance of Microsoft SQL Server on the same computer to generate the following error message: “provider: Shared Memory Provider, error: 15 - Function not supported”
For more information please refer to Knowledge Based Article 3214106
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-DEC
*** NIST Asks Public For Help With Quantum-Proof Cryptography ***
---------------------------------------------
chicksdaddy quotes a report from The Security Ledger: With functional, quantum computers on the (distant?) horizon, The National Institute of Standards and Technology (NIST) is asking the public for help heading off what it calls "a looming threat to information security:" powerful quantum computers capable of breaking even the strongest encryption codes used to protect the privacy of digital information. In a statement Tuesday, NIST asked the public to submit ideas for...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_VC9qbMlmm8/nist-asks-publi…
*** HTTPS-Zwang für Apps: Apple verlängert Deadline ***
---------------------------------------------
Eigentlich sollten iPhone- und iPad-Apps ab Jahresende nicht mehr über ungesicherte HTTP-Verbindungen kommunizieren, nun hat Apple zusätzliche Zeit für die Umstellung eingeräumt.
---------------------------------------------
https://heise.de/-3579891
*** vSphere Data Protection: VMware entfernt hart-codierten Root-Key ***
---------------------------------------------
Angreifer sollen die Backup- und Recovery-Lösung für virtuelle Maschinen mit vergleichsweise wenig Aufwand übernehmen können. Sicherheitspatches stehen zum Download bereit.
---------------------------------------------
https://heise.de/-3579872
*** Security Alert: Malicious Script Injections Spread Cerber Ransomware, Make Use of Nemucod Downloader ***
---------------------------------------------
This ongoing ransomware campaign packs a big punch against its victims, aiming for a high success rate in terms of infected systems. Using a malware cocktail to drive infection rates The cybercriminals behind the campaign are compromising legitimate websites by injecting malicious scripts. The injects then redirect the victims' Internet traffic to a Cerber gateway...
---------------------------------------------
https://heimdalsecurity.com/blog/security-alert-malicious-script-injections…
*** Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units ***
---------------------------------------------
In June CrowdStrike identified and attributed a series of targeted intrusions at the Democratic National Committee (DNC), and other political organizations that utilized a well known implant commonly called X-Agent. X-Agent is a cross platform remote access toolkit, variants have been identified for various Windows operating systems, Apple's iOS, and likely the MacOS. Also known as Sofacy, X-Agent has been tracked by the security community for almost a decade, CrowdStrike associates the...
---------------------------------------------
https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian…
*** Writing Burp Extensions (Shodan Scanner) ***
---------------------------------------------
In this article, we will have an overview of writing Burp extensions. At the end of the post, we will have an extension that will take any HTTP request, determine the IP address of domain and get specific information using Shodan API. I have divided the article in the following hierarchy so that you can...
---------------------------------------------
http://resources.infosecinstitute.com/writing-burp-extensions-shodan-scanne…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 20-12-2016 18:00 − Mittwoch 21-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** PrestaShop Attack Steals Login Credentials ***
---------------------------------------------
Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources or gain SEO power, and in others they are seeking access to sensitive data, also known as data exfiltration. The ..
---------------------------------------------
https://blog.sucuri.net/2016/12/prestashop-attack-steals-login-credentials.…
*** Data Center Physical Security ***
---------------------------------------------
A data center is the epicenter of any online infrastructure. A data center’s size can vary widely, depending on an organization’s needs. Broadly speaking, a ..
---------------------------------------------
http://resources.infosecinstitute.com/data-center-physical-security/
*** DSA-3741 tor - security update ***
---------------------------------------------
It was discovered that Tor, a connection-based low-latency anonymouscommunication system, ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3741
*** Kaspersky updates RannohDecryptor to decrypt CryptXXXs Crypt, Cryp1, and Crypz Extensions ***
---------------------------------------------
If you are a CryptXXX Ransomware victim who didnt pay the ransom and instead decided to store their encrypted files and ransom notes for future fixes then you ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/kaspersky-updates-rannohdecr…
*** 33c3-Programm: Was vom Hacker-Kongress zu erwarten ist ***
---------------------------------------------
Von 27. bis 30. Dezember findet in Hamburg zum 33. Mal das jährliche Hackertreffen des Chaos Computer Club (CCC) statt. Fahrplan und Wiki geben eine erste Programmübersicht.
---------------------------------------------
https://futurezone.at/netzpolitik/33c3-programm-was-vom-hacker-kongress-zu-…
*** Netgear-Sicherheitslücke: Updates für vier betroffene Router fertig ***
---------------------------------------------
Für die Router R6250, R6400, R7000 und R8000 stehen ab sofort Firmware-Updates zur Verfügung. Die Installation der Updates wird dringend empfohlen. Für weitere sieben Router mit Sicherheitslücke steht bisher nur die Beta-Version zum Download bereit.
---------------------------------------------
https://heise.de/-3578415
*** Antivirensoftware: Die Schlangenöl-Branche ***
---------------------------------------------
Antivirenprogramme gelten Nutzern und Systemadministratoren als unverzichtbar. Doch viele IT-Sicherheitsexperten sind extrem skeptisch. Antivirensoftware ist oft selbst voller Sicherheitslücken - und hat sehr grundsätzliche Grenzen.
---------------------------------------------
http://www.golem.de/news/antivirensoftware-die-schlangenoel-branche-1612-12…
*** Panasonic Plays Down Security Bugs Found in Airplane In-Flight Entertainment Systems ***
---------------------------------------------
Security firm IOActive published research yesterday detailing security flaws in ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/panasonic-plays-down-securit…
*** How Skype fixes security vulnerabilities ***
---------------------------------------------
This post describes my fruitless effort to convince Microsoft employees that their service is vulnerable, and the humiliation one has to go through should one’s account be blocked by a hacker. This is a story of ignorance, pain and despair.
---------------------------------------------
https://hub.zhovner.com/geek/how-skype-fixes-security-vulnerabilities/
*** Beliebte Passwörter: "Arschloch" unter den Top Ten ***
---------------------------------------------
http://derstandard.at/2000049660283
*** Berlin-Anschlag: DDOS-Angriff auf Hinweisportal ***
---------------------------------------------
http://derstandard.at/2000049672324
*** Linux/Rakos, the new Linux malware threatening devices and servers ***
---------------------------------------------
A new Linux malware, dubbed Linux/Rakos is threatening devices and servers. The malware searches for victims via SSH scan. A new Linux malware, dubbed ..
---------------------------------------------
http://securityaffairs.co/wordpress/54603/malware/linuxrakos-malware.html
*** XSA-203 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-203.html
*** XSA-202 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-202.html
*** Auswertung: "Hallo" ist Deutschlands meistgenutztes Passwort ***
---------------------------------------------
Eine Auswertung von Passwörtern aus frei zugänglichen Daten-Leaks hat ergeben, dass die meistgenutzten Passwörter in Deutschland alles andere als sicher sind. Nach "hallo" finden sich auch die Klassiker "passwort" und "passwort1" in der Liste.
---------------------------------------------
http://www.golem.de/news/auswertung-hallo-ist-deutschlands-meistgenutztes-p…
*** Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability ***
---------------------------------------------
A vulnerability in the Docker Engine configuration of Cisco CloudCenterOrchestrator (CCO; formely CliQr) could allow an unauthenticated, remote ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 19-12-2016 18:00 − Dienstag 20-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** OpenSSH verabschiedet sich von SSHv1 ***
---------------------------------------------
Die gerade veröffentlichte Version OpenSSH 7.4 entfernt die Unterstützung für das veraltete Protokoll SSHv1 auf Server-Seite. Im August soll es ganz beerdigt werden. Darüber hinaus gibt es auch ein paar Bug-Fixes.
---------------------------------------------
https://heise.de/-3576071
*** Adobe Releases Flash Player 24 for Linux Four Years After the Last Major Update ***
---------------------------------------------
Adobe released today Flash Player 24 for Linux, after previously abandoning the application without explanation in 2012. Flash Player for Linux is now on par with Windows and ..
---------------------------------------------
https://www.bleepingcomputer.com/news/software/adobe-releases-flash-player-…
*** ShadowBrokers Dump Came from Internal Code Repository, Insider ***
---------------------------------------------
Researchers at Flashpoint said their analysis of the latest ShadowBrokers dump of NSA tools leads them to believe an insider with access to a code repository stole the data.
---------------------------------------------
http://threatpost.com/shadowbrokers-dump-came-from-internal-code-repository…
*** Raiding the Piggy Bank: Webshell Secrets Revealed ***
---------------------------------------------
Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Raiding-the-Piggy-Bank-…
*** Unrestricted Backend Login Backdoor on OpenCart ***
---------------------------------------------
>From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. We call them backdoors. Backdoors can be done in different ways, either by adding fake admin users to the site, or ..
---------------------------------------------
https://blog.sucuri.net/2016/12/unrestricted-backend-login.html
*** "How do you say Ground Hog Day in Ukrainian?" ***
---------------------------------------------
http://ics.sans.org/blog/2016/12/20/how-do-you-say-ground-hog-day-in-ukrain…
*** XSA-204 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-204.html
*** Ubuntu: Schwerer Fehler erlaubt Einschmuggeln von Schadcode ***
---------------------------------------------
Crash-Reporter erwies sich als unbeabsichtigtes Einfallstor – Canonical bereinigt Bug mit Update
---------------------------------------------
http://derstandard.at/2000049548961
*** Krypto-Messenger Signal in Ägypten blockiert ***
---------------------------------------------
In Ägypten wird offenbar seit dem Wochenende Signal blockiert. Der Betreiber des Krypto-Messengers ..
---------------------------------------------
https://heise.de/-3576578
*** Nagios Core ist angreifbar: Sicherheitslücken in Server-Überwachungssoftware ***
---------------------------------------------
Nagios Core, eine Software zur Server-Überwachung, weist derzeit zwei kritische Sicherheitslücken auf. Angreifer können durch sie die absolute Systemkontrolle erhalten. Die aktuelle Version 4.2.4 schließt die Lücken.
---------------------------------------------
https://heise.de/-3576359
*** Project Wycheproof: Krypto-Implementierung auf Sicherheit abklopfen ***
---------------------------------------------
Von AES über ECDH bis RSA: Admins können mit Googles Project Wycheproof eine Sammlung von Tests auf ihre Server loslassen, um die Sicherheit der Konfiguration von Krpyto-Funktionen zu testen.
---------------------------------------------
https://heise.de/-3576686
*** Ethereum Cryptocurrency Forum Suffers Data Breach ***
---------------------------------------------
Administrators of the Ethereum Project have announced today a data breach that affected over 16,500 users of the platforms community forums. The breach took place ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ethereum-cryptocurrency-foru…
*** Türkei blockiert wohl mit Deep Packet Inspection Zugang zu Tor ***
---------------------------------------------
Türkische Provider blockieren offenbar seit dem Wochenende den direkten Zugang zum Anonymisierungsdienst Tor. Um die Verbindungsversuche zu identifizieren, kommt offenbar Deep Packet Inspection zum Einsatz.
---------------------------------------------
https://heise.de/-3577109
*** Alice: A Lightweight, Compact, No-Nonsense ATM Malware ***
---------------------------------------------
Trend Micro has discovered a new family of ATM malware called Alice, which is the most stripped down ATM malware family we have ever encountered. Unlike other ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/alice-lightweigh…
*** Offizielles Forum der Krypto-Währung Ethereum gehackt ***
---------------------------------------------
Unbekannte Angreifer haben Daten von rund 16.500 Nutzern abgezogen. Darunter finden sich auch Passwörter, die aber zum Großteil mit einem als sicher geltenden Verfahren geschützt sind.
---------------------------------------------
https://heise.de/-3577111
*** Op-ed: Why I’m not giving up on PGP ***
---------------------------------------------
http://arstechnica.com/information-technology/2016/12/signal-does-not-repla…
*** Gefälschte card complete-Mail: Ihre Karte wurde gesperrt! ***
---------------------------------------------
Kriminelle versenden eine gefälschte card complete-Nachricht. Darin behaupten sie, dass die Bank die Karte gesperrt habe. Kund/innen sollen sie deshalb ..
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-card-complete-mail-i…
*** VMSA-2016-0023 ***
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0023.html
*** Sicherheitslücke bei Routern: Netgear liefert erste finale Firmware-Updates ***
---------------------------------------------
Nach der schwerwiegenden Sicherheitslücke stellt Netgear erste Updates zur Verfügung. Für sieben betroffene Router liegen weiterhin nur Beta-Versionen vor.
---------------------------------------------
http://www.golem.de/news/sicherheitsluecke-bei-routern-netgear-liefert-erst…
*** Report: $3-5M in Ad Fraud Daily from ‘Methbot’ ***
---------------------------------------------
New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video ..
---------------------------------------------
https://krebsonsecurity.com/2016/12/report-3-5m-in-ad-fraud-daily-from-meth…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 16-12-2016 18:00 − Montag 19-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Vuln: Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94947
*** Blocking Powershell Connection via Windows Firewall. ***
---------------------------------------------
In my last post, I mapped controls to stop a malicious doc calling out via Powershell. Im now going to cover how using the Windows firewall can stop the attack ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21829
*** The banker that encrypted files ***
---------------------------------------------
Many mobile bankers can block a device in order to extort money from its user. But we have discovered a modification of the mobile banking Trojan Trojan-Banker.AndroidOS.Faketoken that went even further – it can encrypt user data. In addition to that, this modification is attacking more than 2,000 financial apps around the world.
---------------------------------------------
http://securelist.com/blog/research/76913/the-banker-that-encrypted-files/
*** IBM Security Bulletin: Code execution vulnerability in IBM MessageSight (CVE-2016-5983) ***
---------------------------------------------
There is a potential code execution vulnerability in WebSphere Application Server Liberty Profile ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21995510
*** IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server ***
---------------------------------------------
The following security issues have been identified in WebSphere Application Server ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21995683
*** IBM Security Bulletin: Multiple vulnerabilities in IBM WebSphere affect IBM Control Center (CVE-2016-5983, CVE-2016-2923, CVE-2016-3092) ***
---------------------------------------------
IBM WebSphere Application Server is shipped as a component of IBM Control Center. Multiple ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21995686
*** IBM Security Bulletin: Reflected XXS vulnerability in IBM Campaign (CVE-2016-0265) ***
---------------------------------------------
Reflected cross-site scripting vulnerability affecting IBM Campaign has been addressed. CVE(s): CVE-2016-0265 ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21986033
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 15-12-2016 18:00 − Freitag 16-12-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** My Yahoo Account Was Hacked! Now What? ***
---------------------------------------------
Many readers are asking what they should be doing in response to Yahoos disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q&A format.
---------------------------------------------
https://krebsonsecurity.com/2016/12/my-yahoo-account-was-hacked-now-what/
*** 0-days hitting Fedora and Ubuntu open desktops to a world of hurt ***
---------------------------------------------
If your desktop runs a mainstream release of Linux, chances are youre vulnerable.
---------------------------------------------
http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-h…
*** One, if by email, and two, if by EK: The Cerbers are coming!, (Fri, Dec 16th) ***
---------------------------------------------
Introduction One, if by land, and two, if by sea is a phrase used by American poet Henry Wadsworth Longfellow in his poem Paul Reveres Ride first published in 1861. Longfellows poem tells a somewhat fictionalized tale of Paul Revere in 1775 during the American revolution. If British troops came to attack by land, Paul would hang one lantern in a church tower as a signal light. If British troops came by sea, Paul would hang two lanterns. Much like the British arriving by land or by sea, Cerber
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21823&rss
*** Phishing: "Es gibt immer noch genügend Opfer" ***
---------------------------------------------
Olaf Schwarz, Information Security Officer bei der Direktbank ING-DiBa Austria, über Phishing und andere Betrugsmethoden bei Bankgeschäften im Internet.
---------------------------------------------
https://futurezone.at/digital-life/phishing-es-gibt-immer-noch-genuegend-op…
*** Hackerangriff auf Thyssenkrupp: Winnti spioniert deutsche Wirtschaft aus ***
---------------------------------------------
Der Angriff auf Thyssenkrupp soll auf das Konto der Hackergruppe Winnti gehen, die früher Gaming-Plattformen attackiert hat. Weitere deutsche Firmen sollen betroffen sein.
---------------------------------------------
http://www.golem.de/news/hackerangriff-auf-thyssenkrupp-winnti-spioniert-de…
*** Microsoft to ditch Flash - sort of ***
---------------------------------------------
Edge is getting more granular Flash controls, but that means you wont have to have it on for all sites just so its on for one.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/12/16/microsoft-to-ditch-flash-sort-o…
*** Mac-Passwort lässt sich über Thunderbolt auslesen ***
---------------------------------------------
Mit Hardware von der Stange kann ein Angreifer in rund 30 Sekunden das im Klartext vorliegende Passwort abgreifen und so Apples Festplattenverschlüsselung FileVault überwinden.
---------------------------------------------
https://heise.de/-3573385
*** Linux-Sicherheit: Ubuntu-Bug ermöglicht das Ausführen von Schadcode ***
---------------------------------------------
Ein schwerer Fehler in Ubuntus Crash-Handler Apport ermöglicht es Angreifern, auf einem Zielrechner beliebigen Code aus der Ferne auszuführen.
---------------------------------------------
http://www.golem.de/news/linux-sicherheit-ubuntu-bug-ermoeglicht-das-ausfue…
*** Smart Airports: How to protect airport passengers from cyber disruptions ***
---------------------------------------------
ENISA publishes a study on "Securing smart airports" providing airport decision makers and security personnel a concrete guide on preventing cyber-attacks and disruptions.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/smart-airports-how-to-protect-a…
*** Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161216-…
*** SSA-856492 (Last Update 2016-12-16): Limited Entropy in PRNG of Desigo PX Web Modules ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492…
*** Bugtraq: [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539934
*** DFN-CERT-2016-2081: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2081/
*** Security Advisory: TMM vulnerability CVE-2016-9247 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/33/sol33500120.html?…
*** Security Advisory: BIG-IP TMM iRules vulnerability CVE-2016-5024 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/92/sol92859602.html?…
*** Sentinel 8.0.0 P1 (Sentinel 8.0.0.1) Build 3404 ***
---------------------------------------------
Abstract: Sentinel 8.0.0. upgrade patch for Sentinel 7 and 8Document ID: 5264730Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz (65.02 MB)sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz.sha256 (117 bytes)sentinel_server-8.0.0.1-3404.x86_64.tar.gz (2.09 GB)sentinel_server-8.0.0.1-3404.x86_64.tar.gz.sha256 (109 bytes)Products:Sentinel 7SentinelSentinel 7.3Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4Sentinel 7.3.3Sentinel
---------------------------------------------
https://download.novell.com/Download?buildid=3iJxPcG2H9M~
*** Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Fatek Automation's PLC WinProladder application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01
*** OmniMetrix OmniView Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in OmniMetrix's OmniView web application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02
*** Mutiple SONY Videoconference Systems do not properly perform authentication ***
---------------------------------------------
Mutiple SONY Videoconference Systems do not properly perform authentication.
---------------------------------------------
http://jvn.jp/en/jp/JVN42070907/
*** ZDI-16-670: Avira Free Antivirus ssmdrv Kernel Driver Memory Corruption Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to escalate privileges on vulnerable installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-670/
*** ZDI: Autodesk Design Review Remote Code Execution Vulnerabilities ***
---------------------------------------------
*** ZDI-16-669: Autodesk Design Review JFIF Buffer Overflow Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-669/
---------------------------------------------
*** ZDI-16-668: Autodesk Design Review PNG Use-After-Free Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-668/
---------------------------------------------
*** ZDI-16-667: Autodesk Design Review BMP Buffer Overflow Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-667/
---------------------------------------------
*** ZDI-16-666: Autodesk Design Review FLI Buffer Overflow Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-666/
---------------------------------------------
*** ZDI-16-665: Autodesk Design Review GIF LZW Out-Of-Bounds Indexing Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-665/
---------------------------------------------
*** ZDI-16-664: Autodesk Design Review JPEG DHT Out-Of-Bounds Indexing Remote Code Execution Vulnerability ***
http://www.zerodayinitiative.com/advisories/ZDI-16-664/
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM StoredIQ (CVE-2016-2177, CVE-2016-2178, CVE-2016-2180) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994870
---------------------------------------------
*** IBM Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher affects Communications Server for Data Center Deployment, Communications Server for AIX, Linux, Linux on System z, and Windows (CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg21995057
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993842
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2016-3485 CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21990635
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024669
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 14-12-2016 18:00 − Donnerstag 15-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** No More Ransom Project Expands with 34 New Partners, 32 New Free Decryption Tools ***
---------------------------------------------
The "No More Ransom" project, set up in July by Intel Security, Kaspersky Lab, Europol, and the Dutch National police to help victims of ransomware infections, has expanded today with 34 new partners, and 32 new decryptors that can help ransomware victims unlock their files for free. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/no-more-ransom-project-expan…
*** Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe ***
---------------------------------------------
Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-p…
*** Yahoo muss erneut Massenhack beichten: Eine Milliarde Opfer ***
---------------------------------------------
Im September hatte Yahoo einen Hack von über einer halben Milliarde Nutzerkonten bekanntgegeben. Den Rekord hat Yahoo nun gebrochen. Diesmal geht es um über eine Milliarde Konten. Dazu kommen gezielte Attacken mittels Cookies.
---------------------------------------------
https://heise.de/-3570674
*** Mobile Ransomware: How to Protect Against It ***
---------------------------------------------
In our previous post, we looked at how malware can lock devices, as well as the scare tactics used to convince victims to pay the ransom. Now that we know what bad guys can do, well discuss the detection and mitigation techniques that security vendors can use to stop them. By sharing these details with other researchers, we hope to improve the industrys collective knowledge on mobile ransomware mitigation.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XaGWjnUqHoY/
*** DefCamp Romania 2016 Videos and Slides ***
---------------------------------------------
November 10-11, 2016, Bucharest, Romania
---------------------------------------------
https://def.camp/archives/2016/
*** The Kings in Your Castle, Pt #5 ***
---------------------------------------------
The last part in the article series about analyzing modern APTs deals with naming and attribution of APTs. This is far less trivial than it sounds. Analysts are often facing the same enemy all over again without realizing it.
---------------------------------------------
https://blog.gdatasoftware.com/2016/12/29379-the-kings-in-your-castle-pt-5
*** Sicherheitslücken: Updates auch für ältere macOS-Versionen ***
---------------------------------------------
Neben den in macOS Sierra und dem Browser Safari gestopften Schwachstellen hat Apple auch Sicherheits-Updates für OS X El Capitan und Yosemite veröffentlicht. Diese beheben eine kritische Schwachstelle.
---------------------------------------------
https://heise.de/-3572108
*** Ask Sucuri: How to Stop Brute Force Attacks? ***
---------------------------------------------
Again, there is no mystery to this: Enforce a strong password for all the users and a brute force attack will not succeed. The underlying problem, however, is a bit more complicated
---------------------------------------------
https://blog.sucuri.net/2016/12/ask-sucuri-how-to-stop-brute-force-attacks.…
*** A Backdoor in Skype for Mac OS X ***
---------------------------------------------
Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which provides an API to local programs/plugins executing on the local machine. The API is formally known as the Desktop API (previously known as the Skype...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-…
*** 5 Best Password Auditing Tools ***
---------------------------------------------
A single weak password exposes your entire network to an external threat. Password hacking is one of the most critical and commonly exploited network security threats. In many ways, passwords should be viewed as your first line of defense where protecting your company's data is concerned. The huge number of data breaches occurs because someone...
---------------------------------------------
http://resources.infosecinstitute.com/5-best-password-auditing-tools/
*** DFN-CERT-2016-2040: Netgear Router: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes mit Administratorrechten ***
---------------------------------------------
Version 3 (2016-12-15 15:42)
Der Hersteller aktualisiert den referenzierten Sicherheitshinweis und bestätigt auch die Verwundbarkeit von DSL-Modems mit den Modellnummern D6220 und D6400. Für alle verwundbaren WLAN- und DSL-Router stehen mittlerweile Firmwareupdates im Beta-Status als temporäre Lösung zur Verfügung. Netgear arbeitet weiter an einer Produktionsversion der Firmware für alle betroffenen Geräte.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2040/
*** Remote shell execution vulnerability affects Good Enterprise Mobility Server (BSRT-2016-008) ***
---------------------------------------------
This advisory addresses a remote shell execution vulnerability that has been discovered in Good Enterprise Mobility Server (GEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited by the requirement that a potential attacker possess access to the internal network and by the functionality of the Karaf command shell.
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?articleNumber=000038814
*** Bugtraq: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539925
*** F5 Security Advisory: Kerberos vulnerability CVE-2014-4343 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15553.htm…
*** Sentinel 7.4 SP4 (Sentinel 7.4.4.0) Build 2904 ***
---------------------------------------------
Abstract: Sentinel 7.4.3 upgrade for Sentinel 7.4Document ID: 5264470Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.4.4.0-2904.x86_64.tar.gz (1.74 GB)sentinel_server-7.4.4.0-2904.x86_64.tar.gz.sha256 (109 bytes)Products:SentinelSentinel 7.4.4Sentinel 7.XSentinel 7.2Sentinel 7.4Sentinel 7.3Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4.1Sentinel 7.4.2Sentinel 7.3.3Sentinel 7.4.3Sentinel 7.3.4Superceded Patches:Sentinel 7.4 SP3
---------------------------------------------
https://download.novell.com/Download?buildid=RaGN-vIdupQ~
*** Security Advisory - Stack Overflow Vulnerability in Drive of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161215-…
*** SAP ***
---------------------------------------------
*** Vuln: SAP Mobile Defense & Security Remote Authorization Bypass Vulnerability ***
http://www.securityfocus.com/bid/94902
---------------------------------------------
*** Vuln: SAP HANA Cockpit Cross Site Scripting Vulnerability ***
http://www.securityfocus.com/bid/94897
---------------------------------------------
*** Vuln: SAP HANA Remote Authorization Bypass Vulnerability ***
http://www.securityfocus.com/bid/94898
---------------------------------------------
*** Vuln: SAP HANA XS Classic Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94896
---------------------------------------------
*** Vuln: SAP HANA Cockpit Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94910
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances allow web pages to be stored locally (CVE-2016-3024) ***
http://www.ibm.com/support/docview.wss?uid=swg21995340
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3021) ***
http://www.ibm.com/support/docview.wss?uid=swg21995436
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3023) ***
http://www.ibm.com/support/docview.wss?uid=swg21995348
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to incorrect permission assignment (CVE-2016-3022) ***
http://www.ibm.com/support/docview.wss?uid=swg21995360
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by cross-site scripting vulnerabilities (CVE-2016-3018) ***
http://www.ibm.com/support/docview.wss?uid=swg21995347
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to misconfiguration (CVE-2016-3017) ***
http://www.ibm.com/support/docview.wss?uid=swg21995519
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability related to code integrity checking (CVE-2016-3016) ***
http://www.ibm.com/support/docview.wss?uid=swg21995518
---------------------------------------------
*** IBM Security Bulletin: IBM Notes is affected with Open Source Apache Struts Vulnerabilities (CVE-2016-1181, CVE-2016-1182) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21988182
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989337
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3627) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991909
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995989
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSLaffect IBM WebSphere MQ V6.0 on OpenVMS Alpha and Itanium platforms ( CVE-2016-2183 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21995922
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-6316, CVE-2016-6317 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991913
---------------------------------------------
*** IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033) ***
http://www.ibm.com/support/docview.wss?uid=swg21995545
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991682
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-3485, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991910
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an SQL Injection vulnerability (CVE-2016-3046) ***
http://www.ibm.com/support/docview.wss?uid=swg21995527
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information disclosure vulnerability (CVE-2016-3045) ***
http://www.ibm.com/support/docview.wss?uid=swg21995435
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3043) ***
http://www.ibm.com/support/docview.wss?uid=swg21995446
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4483) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991911
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 13-12-2016 18:00 − Mittwoch 14-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Facebook helps companies detect rogue SSL certificates for domains ***
---------------------------------------------
Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best,...
---------------------------------------------
http://www.cio.com/article/3149737/security/facebook-helps-companies-detect…
*** MS16-DEC - Microsoft Security Bulletin Summary for December 2016 - Version: 1.0 ***
---------------------------------------------
This bulletin summary lists security bulletins released for December 2016.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-DEC
*** Patchday: Kritische Lücken in Edge, Windows & Co. ***
---------------------------------------------
Microsoft veröffentlicht im Dezember insgesamt zwölf Sicherheitsupdates. Im schlimmsten Fall können Angreifer Computer von Opfern durch den bloßen Aufruf einer manipulierten Webseite kapern.
---------------------------------------------
https://heise.de/-3569916
*** MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking ***
---------------------------------------------
In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we continue taking down unwanted software, the pesky threats that force onto our computers things that we neither want nor need. BrowserModifier:Win32/Clodaconas, for instance, displays ads when you're browsing the internet. It modifies search results pages so that you see unsolicited ads related to your...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/12/13/msrt-december-2016-addr…
*** "Statistisch gesehen": Verschlüsselungstrojaner - ein Millionengeschäft ***
---------------------------------------------
Petya, Goldeneye - diese und andere Erpressungstrojaner haben weltweit viele Nutzer zur Kasse gebeten. Die Zahlungsmoral hängt nicht zuletzt von Empfehlungen der Behörden ab. Wie viel bisher wo gezahlt wurde, zeigt ein neues...
---------------------------------------------
https://heise.de/-3569888
*** Malvertising Campaign Infects Your Router Instead of Your Browser ***
---------------------------------------------
Malicious ads are serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting. Discovered by security researchers from US security firm Proofpoint, this malvertising campaign is powered by a new exploit kit called DNSChanger EK. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/malvertising-campaign-infect…
*** Modbus Stager: Using PLCs as a payload/shellcode distribution system ***
---------------------------------------------
This weekend I have been playing around with Modbus and I have developed a stager in assembly to retrieve a payload from the holding registers of a PLC. Since there are tons of PLCs exposed to the Internet, I thought whether it would be possible to take advantage of the processing and memory provided by them to store certain payload so that it can be recovered later (from the stager).
---------------------------------------------
http://www.shelliscoming.com/2016/12/modbus-stager-using-plcs-as.html
*** UAC Bypass in JScript Dropper ***
---------------------------------------------
What makes this sample different? After the classic execution of the PE files, it tries to bypass the Windows UAC using a "feature" present in eventvwr.exe. This system tool runs as a high integrity process and uses HKCU / HKCR registry hives to start mmc.exe which opens finally eventvwr.msc.
---------------------------------------------
https://isc.sans.edu/diary/UAC+Bypass+in+JScript+Dropper/21813
*** Sophos schließt Dirty-Cow-Lücke in Sicherheitspaket UTM ***
---------------------------------------------
Die Unified-Thread-Management-Lüsung von Sophos bekommt Sicherheitsupdates, die mehrere Schwachstellen schließen.
---------------------------------------------
https://heise.de/-3570179
*** Electronic Safe Lock Analysis: Part 2 ***
---------------------------------------------
After performing an initial tear-down, we were able to map out the device's behaviors and attack surface. We then narrowed our efforts on analyzing the device's BLE wireless communication. The Prologic B01's main feature is that it can be unlocked by a mobile Android or iOS device over BLE. The end result was a fully-automated attack that allows us to remotely compromise any Prologic B01 lock up to 100 yards away.
---------------------------------------------
http://www.somersetrecon.com/blog/2016/10/14/electronic-safe-lock-analysis-…
*** Microsoft Fixes Windows 10 Issue That Knocked People off the Internet ***
---------------------------------------------
Microsft has released KB3206632, a Windows update that fixes an issue introduced in an earlier update that crashed the CDPSVC service and prevented some users from receiving IP address information via the DCHP protocol, used by both home and enterprise-grade routers to connect users to the Internet. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-…
*** Xen Security Advisory 200 (CVE-2016-9932) - x86 CMPXCHG8B emulation fails to ignore operand size override ***
---------------------------------------------
Impact: A malicious unprivileged guest may be able to obtain sensitive information from the host.
---------------------------------------------
http://seclists.org/oss-sec/2016/q4/662
*** PHP: imagefilltoborder stackoverflow on truecolor images (CVE 2016-9933) ***
---------------------------------------------
Invalid color causes stack exhaustion by recursive call to function gdImageFillToBorder when the image used is truecolor. This was tested on a 64 bits platform.
---------------------------------------------
https://bugs.php.net/bug.php?id=72696
*** Joomla! Security Announcements ***
---------------------------------------------
*** [20161203] - Core - Information Disclosure ***
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/EY3UcBwQtzI/666-20161203-c…
---------------------------------------------
*** [20161202] - Core - Shell Upload ***
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/fI7Ty93n-Rk/665-20161202-c…
---------------------------------------------
*** [20161201] - Core - Elevated Privileges ***
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/OjvlaBoXTCU/664-20161201-c…
---------------------------------------------
*** [20161204] - Misc. Security Hardening ***
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/jYB3ItEGbWQ/667-20161204-m…
---------------------------------------------
*** Novell Patches ***
---------------------------------------------
*** Filr 2.0 - Security Update 3 ***
https://download.novell.com/Download?buildid=Am-_TGOll0g~
---------------------------------------------
*** Filr 3.0 - Security Update 1 ***
https://download.novell.com/Download?buildid=Qct0ao9jRAI~
---------------------------------------------
*** IDM 4.5 Delimited Text Driver 4.0.2.0 ***
https://download.novell.com/Download?buildid=hX_xlukrkNY~
---------------------------------------------
*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in Wi-FI Driver of Huawei Smart Phone ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-…
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Huawei Firewall ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-…
---------------------------------------------
*** Security Advisory - E-mail Information Leak Vulnerability in Android System ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-…
---------------------------------------------
*** Security Advisory - Memory Leak Vulnerability in Some Huawei Products ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-…
---------------------------------------------
*** ICS-CERT Advisories ***
---------------------------------------------
*** Visonic PowerLink2 Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01
---------------------------------------------
*** Moxa DACenter Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02
---------------------------------------------
*** Delta Electronics WPLSoft, ISPSoft, and PMSoft Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03
---------------------------------------------
*** Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX Vulnerability ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04
---------------------------------------------
*** Siemens S7-300/400 PLC Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect Content Collector for IBM Connections ***
https://www-01.ibm.com/support/docview.wss?uid=swg21988356
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Asset analyzer. (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995883
---------------------------------------------
*** IBM Security Bulletin: Sweet32 Birthday attacks on 64-bit block ciphers in TLS affect Content Manager for z/OS (CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995455
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in BIND affects IBM Netezza Host Management ***
http://www.ibm.com/support/docview.wss?uid=swg21994505
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009647
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified. ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009554
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ***
http://www.ibm.com/support/docview.wss?uid=swg21995129
---------------------------------------------
*** IBM Security Bulletin: Password disclosure vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware vSphere GUI (CVE-2016-6034) ***
http://www.ibm.com/support/docview.wss?uid=swg21995544
---------------------------------------------
*** IBM Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-5986 ***
http://www.ibm.com/support/docview.wss?uid=swg21995745
---------------------------------------------
*** IBM Security Bulletin: Potential Information Disclosure in WebSphere Application Server ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991469
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center (CVE-2016-8941, CVE-2016-8942, CVE-2016-8943) ***
http://www.ibm.com/support/docview.wss?uid=swg21995128
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 12-12-2016 18:00 − Dienstag 13-12-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** (Adobe) Security Bulletins Posted ***
---------------------------------------------
- Adobe Animate (APSB16-38)
- Adobe Flash Player (APSB16-39)
- Adobe Experience Manager Forms (APSB6-40)
- Adobe DNG Converter (APSB16-41)
- Adobe Experience Manager (APSB16-42)
- Adobe InDesign (APSB16-43)
- Adobe ColdFusion Builder (APSB16-44)
- Adobe Digital Editions (APSB16-45)
- Adobe RoboHelp (APSB16-46)
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1426
*** The importance of cryptography for the digital society ***
---------------------------------------------
Following the Council meeting on 8th and 9th December 2016 in Brussels, ENISA's paper gives an overview into aspects around the current debate on encryption, while highlighting the Agency's key messages and views on the topic.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/the-importance-of-cryptography-…
*** Vuln: PHP ext/wddx/wddx.c Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94846
*** Vuln: PHP ext/standard/var.c Incomplete Fix Use After Free Remote Code Execution Vulnerability ***
---------------------------------------------
Use After Free in PHP7 unserialize()
---------------------------------------------
http://www.securityfocus.com/bid/94849
*** Unrestricted Backend Login Backdoor Method Seen in OpenCart ***
---------------------------------------------
>From the attacker's perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malware and perform different kinds of malicious activities. One of the ways attackers try to secure their access is by adding admin users, or pieces of malicious code throughout the site. This allows them to regain access easily, if needed. However, we recently found a unique way to achieve this kind of breach in OpenCart version 1.5.6.4.
---------------------------------------------
https://blog.sucuri.net/2016/12/unrestricted-backend-login.html
*** State of the Web 2016: Jede zweite Website ist ein Sicherheitsrisiko ***
---------------------------------------------
Schwachstellen im Internet werden immer mehr, stellt Menlo Security in seinem Bericht über den "State of the Web" fest. Eine wichtige Rolle spielt das Nachladen externer Inhalte über Werbe-Netzwerke und Content Delivery Networks.
---------------------------------------------
https://heise.de/-3569114
*** Netgear-Lücke dramatischer als angenommen, erste Sicherheits-Updates ***
---------------------------------------------
Die hochkritische Lücke im Web-Interface betrifft deutlich mehr Netgear-Router als bislang angenommen. Für eine Handvoll Gerät hat der Hersteller inzwischen eine Beta-Firmware herausgegeben, die das Problem löst.
---------------------------------------------
https://heise.de/-3569299
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995588
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU Oct 2016 Includes Oracle Oct 2016 CPU affect Content Collector for File Systems ***
https://www-01.ibm.com/support/docview.wss?uid=swg21995474
---------------------------------------------
*** IBM Security Bulletin: Vulnerability CVE-2016-7099 and CVE-2016-5325 in Node.js affects IBM i ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021765
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Enterprise Content Management System Monitor (CVE-2016-6304, CVE-2016-2177) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995038
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Enterprise Content Management System Monitor (CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995042
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Samba, BIND and Libreswan affect IBM Netezza Host Management ***
http://www.ibm.com/support/docview.wss?uid=swg21994231
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload affect IBM Enterprise Content Management System Monitor (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995043
---------------------------------------------
*** IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On ***
http://www.ibm.com/support/docview.wss?uid=swg21994534
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL and PHP affect IBM Tealeaf Customer Experience (CVE-2016-2107, CVE-2016-6290, CVE-2016-7125) ***
http://www.ibm.com/support/docview.wss?uid=swg21992307
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and IBM Java Runtime affect IBM Tealeaf Customer Experience (CVE-2016-0378, CVE-2016-3485, CVE-2016-5986) ***
http://www.ibm.com/support/docview.wss?uid=swg21994537
---------------------------------------------